]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_ap_wps.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: WPS PBC session overlap detection with single BSSID selected
[thirdparty/hostap.git] / tests / hwsim / test_ap_wps.py
1 # WPS tests
2 # Copyright (c) 2013-2017, Jouni Malinen <j@w1.fi>
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 from remotehost import remote_compatible
8 from tshark import run_tshark
9 import base64
10 import binascii
11 from Crypto.Cipher import AES
12 import hashlib
13 import hmac
14 import os
15 import time
16 import sys
17 import stat
18 import subprocess
19 import logging
20 logger = logging.getLogger()
21 import re
22 import socket
23 import struct
24 try:
25 from http.client import HTTPConnection
26 from urllib.request import urlopen
27 from urllib.parse import urlparse, urljoin
28 from urllib.error import HTTPError
29 from io import StringIO
30 from socketserver import StreamRequestHandler, TCPServer
31 except ImportError:
32 from httplib import HTTPConnection
33 from urllib import urlopen
34 from urlparse import urlparse, urljoin
35 from urllib2 import build_opener, ProxyHandler, HTTPError
36 from StringIO import StringIO
37 from SocketServer import StreamRequestHandler, TCPServer
38 import urllib
39 import xml.etree.ElementTree as ET
40
41 import hwsim_utils
42 import hostapd
43 from wpasupplicant import WpaSupplicant
44 from utils import HwsimSkip, alloc_fail, fail_test, skip_with_fips
45 from utils import wait_fail_trigger, clear_regdom
46 from test_ap_eap import int_eap_server_params
47 from test_sae import check_sae_capab
48
49 def wps_start_ap(apdev, ssid="test-wps-conf"):
50 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
51 "wpa_passphrase": "12345678", "wpa": "2",
52 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
53 return hostapd.add_ap(apdev, params)
54
55 @remote_compatible
56 def test_ap_wps_init(dev, apdev):
57 """Initial AP configuration with first WPS Enrollee"""
58 ssid = "test-wps"
59 hapd = hostapd.add_ap(apdev[0],
60 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
61 logger.info("WPS provisioning step")
62 hapd.request("WPS_PBC")
63 if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
64 raise Exception("PBC status not shown correctly")
65
66 id = dev[0].add_network()
67 dev[0].set_network_quoted(id, "ssid", "home")
68 dev[0].set_network_quoted(id, "psk", "12345678")
69 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
70
71 id = dev[0].add_network()
72 dev[0].set_network_quoted(id, "ssid", "home2")
73 dev[0].set_network(id, "bssid", "00:11:22:33:44:55")
74 dev[0].set_network(id, "key_mgmt", "NONE")
75 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
76
77 dev[0].request("WPS_PBC")
78 dev[0].wait_connected(timeout=30)
79 status = dev[0].get_status()
80 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
81 raise Exception("Not fully connected")
82 if status['ssid'] != ssid:
83 raise Exception("Unexpected SSID")
84 if status['pairwise_cipher'] != 'CCMP':
85 raise Exception("Unexpected encryption configuration")
86 if status['key_mgmt'] != 'WPA2-PSK':
87 raise Exception("Unexpected key_mgmt")
88
89 status = hapd.request("WPS_GET_STATUS")
90 if "PBC Status: Disabled" not in status:
91 raise Exception("PBC status not shown correctly")
92 if "Last WPS result: Success" not in status:
93 raise Exception("Last WPS result not shown correctly")
94 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
95 raise Exception("Peer address not shown correctly")
96 conf = hapd.request("GET_CONFIG")
97 if "wps_state=configured" not in conf:
98 raise Exception("AP not in WPS configured state")
99 if "wpa=3" not in conf:
100 raise Exception("AP not in WPA+WPA2 configuration")
101 if "rsn_pairwise_cipher=CCMP TKIP" not in conf:
102 raise Exception("Unexpected rsn_pairwise_cipher")
103 if "wpa_pairwise_cipher=CCMP TKIP" not in conf:
104 raise Exception("Unexpected wpa_pairwise_cipher")
105 if "group_cipher=TKIP" not in conf:
106 raise Exception("Unexpected group_cipher")
107
108 if len(dev[0].list_networks()) != 3:
109 raise Exception("Unexpected number of network blocks")
110
111 def test_ap_wps_init_2ap_pbc(dev, apdev):
112 """Initial two-radio AP configuration with first WPS PBC Enrollee"""
113 ssid = "test-wps"
114 params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
115 hapd = hostapd.add_ap(apdev[0], params)
116 hostapd.add_ap(apdev[1], params)
117 logger.info("WPS provisioning step")
118 hapd.request("WPS_PBC")
119 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
120 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
121 bss = dev[0].get_bss(apdev[0]['bssid'])
122 if "[WPS-PBC]" not in bss['flags']:
123 raise Exception("WPS-PBC flag missing from AP1")
124 bss = dev[0].get_bss(apdev[1]['bssid'])
125 if "[WPS-PBC]" not in bss['flags']:
126 raise Exception("WPS-PBC flag missing from AP2")
127 dev[0].dump_monitor()
128 dev[0].request("SET wps_cred_processing 2")
129 dev[0].request("WPS_PBC")
130 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=30)
131 dev[0].request("SET wps_cred_processing 0")
132 if ev is None:
133 raise Exception("WPS cred event not seen")
134 if "100e" not in ev:
135 raise Exception("WPS attributes not included in the cred event")
136 dev[0].wait_connected(timeout=30)
137
138 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
139 dev[1].scan_for_bss(apdev[1]['bssid'], freq="2412")
140 bss = dev[1].get_bss(apdev[0]['bssid'])
141 if "[WPS-PBC]" in bss['flags']:
142 raise Exception("WPS-PBC flag not cleared from AP1")
143 bss = dev[1].get_bss(apdev[1]['bssid'])
144 if "[WPS-PBC]" in bss['flags']:
145 raise Exception("WPS-PBC flag not cleared from AP2")
146
147 def test_ap_wps_init_2ap_pin(dev, apdev):
148 """Initial two-radio AP configuration with first WPS PIN Enrollee"""
149 ssid = "test-wps"
150 params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
151 hapd = hostapd.add_ap(apdev[0], params)
152 hostapd.add_ap(apdev[1], params)
153 logger.info("WPS provisioning step")
154 pin = dev[0].wps_read_pin()
155 hapd.request("WPS_PIN any " + pin)
156 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
157 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
158 bss = dev[0].get_bss(apdev[0]['bssid'])
159 if "[WPS-AUTH]" not in bss['flags']:
160 raise Exception("WPS-AUTH flag missing from AP1")
161 bss = dev[0].get_bss(apdev[1]['bssid'])
162 if "[WPS-AUTH]" not in bss['flags']:
163 raise Exception("WPS-AUTH flag missing from AP2")
164 dev[0].dump_monitor()
165 dev[0].request("WPS_PIN any " + pin)
166 dev[0].wait_connected(timeout=30)
167
168 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
169 dev[1].scan_for_bss(apdev[1]['bssid'], freq="2412")
170 bss = dev[1].get_bss(apdev[0]['bssid'])
171 if "[WPS-AUTH]" in bss['flags']:
172 raise Exception("WPS-AUTH flag not cleared from AP1")
173 bss = dev[1].get_bss(apdev[1]['bssid'])
174 if "[WPS-AUTH]" in bss['flags']:
175 raise Exception("WPS-AUTH flag not cleared from AP2")
176
177 @remote_compatible
178 def test_ap_wps_init_through_wps_config(dev, apdev):
179 """Initial AP configuration using wps_config command"""
180 ssid = "test-wps-init-config"
181 hapd = hostapd.add_ap(apdev[0],
182 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
183 if "FAIL" in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"12345678").decode()):
184 raise Exception("WPS_CONFIG command failed")
185 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
186 if ev is None:
187 raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
188 # It takes some time for the AP to update Beacon and Probe Response frames,
189 # so wait here before requesting the scan to be started to avoid adding
190 # extra five second wait to the test due to fetching obsolete scan results.
191 hapd.ping()
192 time.sleep(0.2)
193 dev[0].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
194 pairwise="CCMP", group="CCMP")
195
196 if "FAIL" not in hapd.request("WPS_CONFIG foo"):
197 raise Exception("Invalid WPS_CONFIG accepted")
198
199 @remote_compatible
200 def test_ap_wps_init_through_wps_config_2(dev, apdev):
201 """AP configuration using wps_config and wps_cred_processing=2"""
202 ssid = "test-wps-init-config"
203 hapd = hostapd.add_ap(apdev[0],
204 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
205 "wps_cred_processing": "2"})
206 if "FAIL" in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"12345678").decode()):
207 raise Exception("WPS_CONFIG command failed")
208 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
209 if ev is None:
210 raise Exception("Timeout on WPS-NEW-AP-SETTINGS events")
211 if "100e" not in ev:
212 raise Exception("WPS-NEW-AP-SETTINGS did not include Credential")
213
214 @remote_compatible
215 def test_ap_wps_invalid_wps_config_passphrase(dev, apdev):
216 """AP configuration using wps_config command with invalid passphrase"""
217 ssid = "test-wps-init-config"
218 hapd = hostapd.add_ap(apdev[0],
219 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
220 if "FAIL" not in hapd.request("WPS_CONFIG " + binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(b"1234567").decode()):
221 raise Exception("Invalid WPS_CONFIG command accepted")
222
223 def test_ap_wps_conf(dev, apdev):
224 """WPS PBC provisioning with configured AP"""
225 ssid = "test-wps-conf"
226 hapd = hostapd.add_ap(apdev[0],
227 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
228 "wpa_passphrase": "12345678", "wpa": "2",
229 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
230 logger.info("WPS provisioning step")
231 hapd.request("WPS_PBC")
232 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
233 dev[0].dump_monitor()
234 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
235 dev[0].wait_connected(timeout=30)
236 status = dev[0].get_status()
237 if status['wpa_state'] != 'COMPLETED':
238 raise Exception("Not fully connected")
239 if status['bssid'] != apdev[0]['bssid']:
240 raise Exception("Unexpected BSSID")
241 if status['ssid'] != ssid:
242 raise Exception("Unexpected SSID")
243 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
244 raise Exception("Unexpected encryption configuration")
245 if status['key_mgmt'] != 'WPA2-PSK':
246 raise Exception("Unexpected key_mgmt")
247
248 sta = hapd.get_sta(dev[0].p2p_interface_addr())
249 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
250 raise Exception("Device name not available in STA command")
251
252 def test_ap_wps_conf_5ghz(dev, apdev):
253 """WPS PBC provisioning with configured AP on 5 GHz band"""
254 try:
255 hapd = None
256 ssid = "test-wps-conf"
257 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
258 "wpa_passphrase": "12345678", "wpa": "2",
259 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
260 "country_code": "FI", "hw_mode": "a", "channel": "36"}
261 hapd = hostapd.add_ap(apdev[0], params)
262 logger.info("WPS provisioning step")
263 hapd.request("WPS_PBC")
264 dev[0].scan_for_bss(apdev[0]['bssid'], freq="5180")
265 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
266 dev[0].wait_connected(timeout=30)
267
268 sta = hapd.get_sta(dev[0].p2p_interface_addr())
269 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
270 raise Exception("Device name not available in STA command")
271 finally:
272 dev[0].request("DISCONNECT")
273 clear_regdom(hapd, dev)
274
275 def test_ap_wps_conf_chan14(dev, apdev):
276 """WPS PBC provisioning with configured AP on channel 14"""
277 try:
278 hapd = None
279 ssid = "test-wps-conf"
280 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
281 "wpa_passphrase": "12345678", "wpa": "2",
282 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
283 "country_code": "JP", "hw_mode": "b", "channel": "14"}
284 hapd = hostapd.add_ap(apdev[0], params)
285 logger.info("WPS provisioning step")
286 hapd.request("WPS_PBC")
287 dev[0].request("WPS_PBC")
288 dev[0].wait_connected(timeout=30)
289
290 sta = hapd.get_sta(dev[0].p2p_interface_addr())
291 if 'wpsDeviceName' not in sta or sta['wpsDeviceName'] != "Device A":
292 raise Exception("Device name not available in STA command")
293 finally:
294 dev[0].request("DISCONNECT")
295 clear_regdom(hapd, dev)
296
297 @remote_compatible
298 def test_ap_wps_twice(dev, apdev):
299 """WPS provisioning with twice to change passphrase"""
300 ssid = "test-wps-twice"
301 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
302 "wpa_passphrase": "12345678", "wpa": "2",
303 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
304 hapd = hostapd.add_ap(apdev[0], params)
305 logger.info("WPS provisioning step")
306 hapd.request("WPS_PBC")
307 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
308 dev[0].dump_monitor()
309 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
310 dev[0].wait_connected(timeout=30)
311 dev[0].request("DISCONNECT")
312
313 logger.info("Restart AP with different passphrase and re-run WPS")
314 hostapd.remove_bss(apdev[0])
315 params['wpa_passphrase'] = 'another passphrase'
316 hapd = hostapd.add_ap(apdev[0], params)
317 logger.info("WPS provisioning step")
318 hapd.request("WPS_PBC")
319 dev[0].dump_monitor()
320 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
321 dev[0].wait_connected(timeout=30)
322 networks = dev[0].list_networks()
323 if len(networks) > 1:
324 raise Exception("Unexpected duplicated network block present")
325
326 @remote_compatible
327 def test_ap_wps_incorrect_pin(dev, apdev):
328 """WPS PIN provisioning with incorrect PIN"""
329 ssid = "test-wps-incorrect-pin"
330 hapd = hostapd.add_ap(apdev[0],
331 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
332 "wpa_passphrase": "12345678", "wpa": "2",
333 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
334
335 logger.info("WPS provisioning attempt 1")
336 hapd.request("WPS_PIN any 12345670")
337 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
338 dev[0].dump_monitor()
339 dev[0].request("WPS_PIN %s 55554444" % apdev[0]['bssid'])
340 ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
341 if ev is None:
342 raise Exception("WPS operation timed out")
343 if "config_error=18" not in ev:
344 raise Exception("Incorrect config_error reported")
345 if "msg=8" not in ev:
346 raise Exception("PIN error detected on incorrect message")
347 dev[0].wait_disconnected(timeout=10)
348 dev[0].request("WPS_CANCEL")
349 # if a scan was in progress, wait for it to complete before trying WPS again
350 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
351
352 status = hapd.request("WPS_GET_STATUS")
353 if "Last WPS result: Failed" not in status:
354 raise Exception("WPS failure result not shown correctly")
355
356 logger.info("WPS provisioning attempt 2")
357 hapd.request("WPS_PIN any 12345670")
358 dev[0].dump_monitor()
359 dev[0].request("WPS_PIN %s 12344444" % apdev[0]['bssid'])
360 ev = dev[0].wait_event(["WPS-FAIL"], timeout=30)
361 if ev is None:
362 raise Exception("WPS operation timed out")
363 if "config_error=18" not in ev:
364 raise Exception("Incorrect config_error reported")
365 if "msg=10" not in ev:
366 raise Exception("PIN error detected on incorrect message")
367 dev[0].wait_disconnected(timeout=10)
368
369 @remote_compatible
370 def test_ap_wps_conf_pin(dev, apdev):
371 """WPS PIN provisioning with configured AP"""
372 ssid = "test-wps-conf-pin"
373 hapd = hostapd.add_ap(apdev[0],
374 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
375 "wpa_passphrase": "12345678", "wpa": "2",
376 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
377 logger.info("WPS provisioning step")
378 pin = dev[0].wps_read_pin()
379 hapd.request("WPS_PIN any " + pin)
380 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
381 dev[0].dump_monitor()
382 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
383 dev[0].wait_connected(timeout=30)
384 status = dev[0].get_status()
385 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
386 raise Exception("Not fully connected")
387 if status['ssid'] != ssid:
388 raise Exception("Unexpected SSID")
389 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
390 raise Exception("Unexpected encryption configuration")
391 if status['key_mgmt'] != 'WPA2-PSK':
392 raise Exception("Unexpected key_mgmt")
393
394 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
395 bss = dev[1].get_bss(apdev[0]['bssid'])
396 if "[WPS-AUTH]" in bss['flags']:
397 raise Exception("WPS-AUTH flag not cleared")
398 logger.info("Try to connect from another station using the same PIN")
399 pin = dev[1].request("WPS_PIN " + apdev[0]['bssid'])
400 ev = dev[1].wait_event(["WPS-M2D", "CTRL-EVENT-CONNECTED"], timeout=30)
401 if ev is None:
402 raise Exception("Operation timed out")
403 if "WPS-M2D" not in ev:
404 raise Exception("Unexpected WPS operation started")
405 hapd.request("WPS_PIN any " + pin)
406 dev[1].wait_connected(timeout=30)
407
408 def test_ap_wps_conf_pin_mixed_mode(dev, apdev):
409 """WPS PIN provisioning with configured AP (WPA+WPA2)"""
410 ssid = "test-wps-conf-pin-mixed"
411 hapd = hostapd.add_ap(apdev[0],
412 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
413 "wpa_passphrase": "12345678", "wpa": "3",
414 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
415 "wpa_pairwise": "TKIP"})
416
417 logger.info("WPS provisioning step")
418 pin = dev[0].wps_read_pin()
419 hapd.request("WPS_PIN any " + pin)
420 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
421 dev[0].dump_monitor()
422 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
423 dev[0].wait_connected(timeout=30)
424 status = dev[0].get_status()
425 dev[0].request("REMOVE_NETWORK all")
426 dev[0].wait_disconnected()
427 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP' or status['key_mgmt'] != 'WPA2-PSK':
428 raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status['pairwise_cipher'], status['group_cipher'], status['key_mgmt']))
429
430 logger.info("WPS provisioning step (auth_types=0x1b)")
431 if "OK" not in dev[0].request("SET wps_force_auth_types 0x1b"):
432 raise Exception("Failed to set wps_force_auth_types 0x1b")
433 pin = dev[0].wps_read_pin()
434 hapd.request("WPS_PIN any " + pin)
435 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
436 dev[0].dump_monitor()
437 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
438 dev[0].wait_connected(timeout=30)
439 status = dev[0].get_status()
440 dev[0].request("REMOVE_NETWORK all")
441 dev[0].wait_disconnected()
442 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP' or status['key_mgmt'] != 'WPA2-PSK':
443 raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status['pairwise_cipher'], status['group_cipher'], status['key_mgmt']))
444
445 logger.info("WPS provisioning step (auth_types=0 encr_types=0)")
446 if "OK" not in dev[0].request("SET wps_force_auth_types 0"):
447 raise Exception("Failed to set wps_force_auth_types 0")
448 if "OK" not in dev[0].request("SET wps_force_encr_types 0"):
449 raise Exception("Failed to set wps_force_encr_types 0")
450 pin = dev[0].wps_read_pin()
451 hapd.request("WPS_PIN any " + pin)
452 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
453 dev[0].dump_monitor()
454 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
455 dev[0].wait_connected(timeout=30)
456 status = dev[0].get_status()
457 dev[0].request("REMOVE_NETWORK all")
458 dev[0].wait_disconnected()
459 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP' or status['key_mgmt'] != 'WPA2-PSK':
460 raise Exception("Unexpected encryption/key_mgmt configuration: pairwise=%s group=%s key_mgmt=%s" % (status['pairwise_cipher'], status['group_cipher'], status['key_mgmt']))
461
462 dev[0].request("SET wps_force_auth_types ")
463 dev[0].request("SET wps_force_encr_types ")
464
465 @remote_compatible
466 def test_ap_wps_conf_pin_v1(dev, apdev):
467 """WPS PIN provisioning with configured WPS v1.0 AP"""
468 ssid = "test-wps-conf-pin-v1"
469 hapd = hostapd.add_ap(apdev[0],
470 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
471 "wpa_passphrase": "12345678", "wpa": "2",
472 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
473 logger.info("WPS provisioning step")
474 pin = dev[0].wps_read_pin()
475 hapd.request("SET wps_version_number 0x10")
476 hapd.request("WPS_PIN any " + pin)
477 found = False
478 for i in range(0, 10):
479 dev[0].scan(freq="2412")
480 if "[WPS-PIN]" in dev[0].request("SCAN_RESULTS"):
481 found = True
482 break
483 if not found:
484 hapd.request("SET wps_version_number 0x20")
485 raise Exception("WPS-PIN flag not seen in scan results")
486 dev[0].dump_monitor()
487 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
488 dev[0].wait_connected(timeout=30)
489 hapd.request("SET wps_version_number 0x20")
490
491 @remote_compatible
492 def test_ap_wps_conf_pin_2sta(dev, apdev):
493 """Two stations trying to use WPS PIN at the same time"""
494 ssid = "test-wps-conf-pin2"
495 hapd = hostapd.add_ap(apdev[0],
496 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
497 "wpa_passphrase": "12345678", "wpa": "2",
498 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
499 logger.info("WPS provisioning step")
500 pin = "12345670"
501 pin2 = "55554444"
502 hapd.request("WPS_PIN " + dev[0].get_status_field("uuid") + " " + pin)
503 hapd.request("WPS_PIN " + dev[1].get_status_field("uuid") + " " + pin)
504 dev[0].dump_monitor()
505 dev[1].dump_monitor()
506 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
507 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
508 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
509 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
510 dev[0].wait_connected(timeout=30)
511 dev[1].wait_connected(timeout=30)
512
513 @remote_compatible
514 def test_ap_wps_conf_pin_timeout(dev, apdev):
515 """WPS PIN provisioning with configured AP timing out PIN"""
516 ssid = "test-wps-conf-pin"
517 hapd = hostapd.add_ap(apdev[0],
518 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
519 "wpa_passphrase": "12345678", "wpa": "2",
520 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
521 addr = dev[0].p2p_interface_addr()
522 pin = dev[0].wps_read_pin()
523 if "FAIL" not in hapd.request("WPS_PIN "):
524 raise Exception("Unexpected success on invalid WPS_PIN")
525 hapd.request("WPS_PIN any " + pin + " 1")
526 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
527 time.sleep(1.1)
528 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
529 ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=20)
530 if ev is None:
531 raise Exception("WPS-PIN-NEEDED event timed out")
532 ev = dev[0].wait_event(["WPS-M2D"])
533 if ev is None:
534 raise Exception("M2D not reported")
535 dev[0].request("WPS_CANCEL")
536
537 hapd.request("WPS_PIN any " + pin + " 20 " + addr)
538 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
539 dev[0].wait_connected(timeout=30)
540
541 def test_ap_wps_reg_connect(dev, apdev):
542 """WPS registrar using AP PIN to connect"""
543 ssid = "test-wps-reg-ap-pin"
544 appin = "12345670"
545 hostapd.add_ap(apdev[0],
546 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
547 "wpa_passphrase": "12345678", "wpa": "2",
548 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
549 "ap_pin": appin})
550 logger.info("WPS provisioning step")
551 dev[0].dump_monitor()
552 dev[0].flush_scan_cache()
553 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
554 dev[0].wps_reg(apdev[0]['bssid'], appin)
555 status = dev[0].get_status()
556 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
557 raise Exception("Not fully connected")
558 if status['ssid'] != ssid:
559 raise Exception("Unexpected SSID")
560 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
561 raise Exception("Unexpected encryption configuration")
562 if status['key_mgmt'] != 'WPA2-PSK':
563 raise Exception("Unexpected key_mgmt")
564
565 def test_ap_wps_reg_connect_zero_len_ap_pin(dev, apdev):
566 """hostapd with zero length ap_pin parameter"""
567 ssid = "test-wps-reg-ap-pin"
568 appin = ""
569 hostapd.add_ap(apdev[0],
570 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
571 "wpa_passphrase": "12345678", "wpa": "2",
572 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
573 "ap_pin": appin})
574 logger.info("WPS provisioning step")
575 dev[0].dump_monitor()
576 dev[0].flush_scan_cache()
577 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
578 dev[0].wps_reg(apdev[0]['bssid'], appin, no_wait=True)
579 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
580 if ev is None:
581 raise Exception("No WPS-FAIL reported")
582 if "msg=5 config_error=15" not in ev:
583 raise Exception("Unexpected WPS-FAIL: " + ev)
584
585 def test_ap_wps_reg_connect_mixed_mode(dev, apdev):
586 """WPS registrar using AP PIN to connect (WPA+WPA2)"""
587 ssid = "test-wps-reg-ap-pin"
588 appin = "12345670"
589 hostapd.add_ap(apdev[0],
590 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
591 "wpa_passphrase": "12345678", "wpa": "3",
592 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
593 "wpa_pairwise": "TKIP", "ap_pin": appin})
594 dev[0].flush_scan_cache()
595 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
596 dev[0].wps_reg(apdev[0]['bssid'], appin)
597 status = dev[0].get_status()
598 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
599 raise Exception("Not fully connected")
600 if status['ssid'] != ssid:
601 raise Exception("Unexpected SSID")
602 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
603 raise Exception("Unexpected encryption configuration")
604 if status['key_mgmt'] != 'WPA2-PSK':
605 raise Exception("Unexpected key_mgmt")
606
607 def test_ap_wps_reg_override_ap_settings(dev, apdev):
608 """WPS registrar and ap_settings override"""
609 ap_settings = "/tmp/ap_wps_reg_override_ap_settings"
610 try:
611 os.remove(ap_settings)
612 except:
613 pass
614 # Override AP Settings with values that point to another AP
615 data = build_wsc_attr(ATTR_NETWORK_INDEX, b'\x01')
616 data += build_wsc_attr(ATTR_SSID, b"test")
617 data += build_wsc_attr(ATTR_AUTH_TYPE, b'\x00\x01')
618 data += build_wsc_attr(ATTR_ENCR_TYPE, b'\x00\x01')
619 data += build_wsc_attr(ATTR_NETWORK_KEY, b'')
620 data += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[1]['bssid'].replace(':', '')))
621 with open(ap_settings, "wb") as f:
622 f.write(data)
623 ssid = "test-wps-reg-ap-pin"
624 appin = "12345670"
625 hostapd.add_ap(apdev[0],
626 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
627 "wpa_passphrase": "12345678", "wpa": "2",
628 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
629 "ap_pin": appin, "ap_settings": ap_settings})
630 hapd2 = hostapd.add_ap(apdev[1], {"ssid": "test"})
631 dev[0].flush_scan_cache()
632 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
633 dev[0].scan_for_bss(apdev[1]['bssid'], freq=2412)
634 dev[0].wps_reg(apdev[0]['bssid'], appin)
635 ev = hapd2.wait_event(['AP-STA-CONNECTED'], timeout=10)
636 os.remove(ap_settings)
637 if ev is None:
638 raise Exception("No connection with the other AP")
639
640 def check_wps_reg_failure(dev, ap, appin):
641 dev.request("WPS_REG " + ap['bssid'] + " " + appin)
642 ev = dev.wait_event(["WPS-SUCCESS", "WPS-FAIL"], timeout=15)
643 if ev is None:
644 raise Exception("WPS operation timed out")
645 if "WPS-SUCCESS" in ev:
646 raise Exception("WPS operation succeeded unexpectedly")
647 if "config_error=15" not in ev:
648 raise Exception("WPS setup locked state was not reported correctly")
649
650 def test_ap_wps_random_ap_pin(dev, apdev):
651 """WPS registrar using random AP PIN"""
652 ssid = "test-wps-reg-random-ap-pin"
653 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
654 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
655 "wpa_passphrase": "12345678", "wpa": "2",
656 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
657 "device_name": "Wireless AP", "manufacturer": "Company",
658 "model_name": "WAP", "model_number": "123",
659 "serial_number": "12345", "device_type": "6-0050F204-1",
660 "os_version": "01020300",
661 "config_methods": "label push_button",
662 "uuid": ap_uuid, "upnp_iface": "lo"}
663 hapd = hostapd.add_ap(apdev[0], params)
664 appin = hapd.request("WPS_AP_PIN random")
665 if "FAIL" in appin:
666 raise Exception("Could not generate random AP PIN")
667 if appin not in hapd.request("WPS_AP_PIN get"):
668 raise Exception("Could not fetch current AP PIN")
669 logger.info("WPS provisioning step")
670 dev[0].flush_scan_cache()
671 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
672 dev[0].wps_reg(apdev[0]['bssid'], appin)
673
674 hapd.request("WPS_AP_PIN disable")
675 logger.info("WPS provisioning step with AP PIN disabled")
676 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
677 check_wps_reg_failure(dev[1], apdev[0], appin)
678
679 logger.info("WPS provisioning step with AP PIN reset")
680 appin = "12345670"
681 hapd.request("WPS_AP_PIN set " + appin)
682 dev[1].wps_reg(apdev[0]['bssid'], appin)
683 dev[0].request("REMOVE_NETWORK all")
684 dev[1].request("REMOVE_NETWORK all")
685 dev[0].wait_disconnected(timeout=10)
686 dev[1].wait_disconnected(timeout=10)
687
688 logger.info("WPS provisioning step after AP PIN timeout")
689 hapd.request("WPS_AP_PIN disable")
690 appin = hapd.request("WPS_AP_PIN random 1")
691 time.sleep(1.1)
692 if "FAIL" not in hapd.request("WPS_AP_PIN get"):
693 raise Exception("AP PIN unexpectedly still enabled")
694 check_wps_reg_failure(dev[0], apdev[0], appin)
695
696 logger.info("WPS provisioning step after AP PIN timeout(2)")
697 hapd.request("WPS_AP_PIN disable")
698 appin = "12345670"
699 hapd.request("WPS_AP_PIN set " + appin + " 1")
700 time.sleep(1.1)
701 if "FAIL" not in hapd.request("WPS_AP_PIN get"):
702 raise Exception("AP PIN unexpectedly still enabled")
703 check_wps_reg_failure(dev[1], apdev[0], appin)
704
705 with fail_test(hapd, 1, "os_get_random;wps_generate_pin"):
706 hapd.request("WPS_AP_PIN random 1")
707 hapd.request("WPS_AP_PIN disable")
708
709 with alloc_fail(hapd, 1, "upnp_wps_set_ap_pin"):
710 hapd.request("WPS_AP_PIN set 12345670")
711 hapd.request("WPS_AP_PIN disable")
712
713 if "FAIL" not in hapd.request("WPS_AP_PIN set"):
714 raise Exception("Invalid WPS_AP_PIN accepted")
715 if "FAIL" not in hapd.request("WPS_AP_PIN foo"):
716 raise Exception("Invalid WPS_AP_PIN accepted")
717
718 def test_ap_wps_reg_config(dev, apdev):
719 """WPS registrar configuring an AP using AP PIN"""
720 ssid = "test-wps-init-ap-pin"
721 appin = "12345670"
722 hostapd.add_ap(apdev[0],
723 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
724 "ap_pin": appin})
725 logger.info("WPS configuration step")
726 dev[0].flush_scan_cache()
727 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
728 dev[0].dump_monitor()
729 new_ssid = "wps-new-ssid"
730 new_passphrase = "1234567890"
731 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
732 new_passphrase)
733 status = dev[0].get_status()
734 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
735 raise Exception("Not fully connected")
736 if status['ssid'] != new_ssid:
737 raise Exception("Unexpected SSID")
738 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
739 raise Exception("Unexpected encryption configuration")
740 if status['key_mgmt'] != 'WPA2-PSK':
741 raise Exception("Unexpected key_mgmt")
742
743 logger.info("Re-configure back to open")
744 dev[0].request("REMOVE_NETWORK all")
745 dev[0].flush_scan_cache()
746 dev[0].dump_monitor()
747 dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-open", "OPEN", "NONE", "")
748 status = dev[0].get_status()
749 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
750 raise Exception("Not fully connected")
751 if status['ssid'] != "wps-open":
752 raise Exception("Unexpected SSID")
753 if status['key_mgmt'] != 'NONE':
754 raise Exception("Unexpected key_mgmt")
755
756 def test_ap_wps_reg_config_ext_processing(dev, apdev):
757 """WPS registrar configuring an AP with external config processing"""
758 ssid = "test-wps-init-ap-pin"
759 appin = "12345670"
760 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
761 "wps_cred_processing": "1", "ap_pin": appin}
762 hapd = hostapd.add_ap(apdev[0], params)
763 dev[0].flush_scan_cache()
764 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
765 new_ssid = "wps-new-ssid"
766 new_passphrase = "1234567890"
767 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
768 new_passphrase, no_wait=True)
769 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
770 if ev is None:
771 raise Exception("WPS registrar operation timed out")
772 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=15)
773 if ev is None:
774 raise Exception("WPS configuration timed out")
775 if "1026" not in ev:
776 raise Exception("AP Settings missing from event")
777 hapd.request("SET wps_cred_processing 0")
778 if "FAIL" in hapd.request("WPS_CONFIG " + binascii.hexlify(new_ssid.encode()).decode() + " WPA2PSK CCMP " + binascii.hexlify(new_passphrase.encode()).decode()):
779 raise Exception("WPS_CONFIG command failed")
780 dev[0].wait_connected(timeout=15)
781
782 def test_ap_wps_reg_config_tkip(dev, apdev):
783 """WPS registrar configuring AP to use TKIP and AP upgrading to TKIP+CCMP"""
784 skip_with_fips(dev[0])
785 ssid = "test-wps-init-ap"
786 appin = "12345670"
787 hostapd.add_ap(apdev[0],
788 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
789 "ap_pin": appin})
790 logger.info("WPS configuration step")
791 dev[0].flush_scan_cache()
792 dev[0].request("SET wps_version_number 0x10")
793 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
794 dev[0].dump_monitor()
795 new_ssid = "wps-new-ssid-with-tkip"
796 new_passphrase = "1234567890"
797 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPAPSK", "TKIP",
798 new_passphrase)
799 logger.info("Re-connect to verify WPA2 mixed mode")
800 dev[0].request("DISCONNECT")
801 id = 0
802 dev[0].set_network(id, "pairwise", "CCMP")
803 dev[0].set_network(id, "proto", "RSN")
804 dev[0].connect_network(id)
805 status = dev[0].get_status()
806 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
807 raise Exception("Not fully connected: wpa_state={} bssid={}".format(status['wpa_state'], status['bssid']))
808 if status['ssid'] != new_ssid:
809 raise Exception("Unexpected SSID")
810 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
811 raise Exception("Unexpected encryption configuration")
812 if status['key_mgmt'] != 'WPA2-PSK':
813 raise Exception("Unexpected key_mgmt")
814
815 def test_ap_wps_setup_locked(dev, apdev):
816 """WPS registrar locking up AP setup on AP PIN failures"""
817 ssid = "test-wps-incorrect-ap-pin"
818 appin = "12345670"
819 hapd = hostapd.add_ap(apdev[0],
820 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
821 "wpa_passphrase": "12345678", "wpa": "2",
822 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
823 "ap_pin": appin})
824 new_ssid = "wps-new-ssid-test"
825 new_passphrase = "1234567890"
826
827 dev[0].flush_scan_cache()
828 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
829 ap_setup_locked = False
830 for pin in ["55554444", "1234", "12345678", "00000000", "11111111"]:
831 dev[0].dump_monitor()
832 logger.info("Try incorrect AP PIN - attempt " + pin)
833 dev[0].wps_reg(apdev[0]['bssid'], pin, new_ssid, "WPA2PSK",
834 "CCMP", new_passphrase, no_wait=True)
835 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
836 if ev is None:
837 raise Exception("Timeout on receiving WPS operation failure event")
838 if "CTRL-EVENT-CONNECTED" in ev:
839 raise Exception("Unexpected connection")
840 if "config_error=15" in ev:
841 logger.info("AP Setup Locked")
842 ap_setup_locked = True
843 elif "config_error=18" not in ev:
844 raise Exception("config_error=18 not reported")
845 dev[0].wait_disconnected(timeout=10)
846 time.sleep(0.1)
847 if not ap_setup_locked:
848 raise Exception("AP setup was not locked")
849 dev[0].request("WPS_CANCEL")
850 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412, force_scan=True,
851 only_new=True)
852 bss = dev[0].get_bss(apdev[0]['bssid'])
853 if 'wps_ap_setup_locked' not in bss or bss['wps_ap_setup_locked'] != '1':
854 logger.info("BSS: " + str(bss))
855 raise Exception("AP Setup Locked not indicated in scan results")
856
857 status = hapd.request("WPS_GET_STATUS")
858 if "Last WPS result: Failed" not in status:
859 raise Exception("WPS failure result not shown correctly")
860 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
861 raise Exception("Peer address not shown correctly")
862
863 time.sleep(0.5)
864 dev[0].dump_monitor()
865 logger.info("WPS provisioning step")
866 pin = dev[0].wps_read_pin()
867 hapd.request("WPS_PIN any " + pin)
868 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
869 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=30)
870 if ev is None:
871 raise Exception("WPS success was not reported")
872 dev[0].wait_connected(timeout=30)
873
874 appin = hapd.request("WPS_AP_PIN random")
875 if "FAIL" in appin:
876 raise Exception("Could not generate random AP PIN")
877 ev = hapd.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout=10)
878 if ev is None:
879 raise Exception("Failed to unlock AP PIN")
880
881 def test_ap_wps_setup_locked_timeout(dev, apdev):
882 """WPS re-enabling AP PIN after timeout"""
883 ssid = "test-wps-incorrect-ap-pin"
884 appin = "12345670"
885 hapd = hostapd.add_ap(apdev[0],
886 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
887 "wpa_passphrase": "12345678", "wpa": "2",
888 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
889 "ap_pin": appin})
890 new_ssid = "wps-new-ssid-test"
891 new_passphrase = "1234567890"
892
893 dev[0].flush_scan_cache()
894 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
895 ap_setup_locked = False
896 for pin in ["55554444", "1234", "12345678", "00000000", "11111111"]:
897 dev[0].dump_monitor()
898 logger.info("Try incorrect AP PIN - attempt " + pin)
899 dev[0].wps_reg(apdev[0]['bssid'], pin, new_ssid, "WPA2PSK",
900 "CCMP", new_passphrase, no_wait=True)
901 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"], timeout=15)
902 if ev is None:
903 raise Exception("Timeout on receiving WPS operation failure event")
904 if "CTRL-EVENT-CONNECTED" in ev:
905 raise Exception("Unexpected connection")
906 if "config_error=15" in ev:
907 logger.info("AP Setup Locked")
908 ap_setup_locked = True
909 break
910 elif "config_error=18" not in ev:
911 raise Exception("config_error=18 not reported")
912 dev[0].wait_disconnected(timeout=10)
913 time.sleep(0.1)
914 if not ap_setup_locked:
915 raise Exception("AP setup was not locked")
916 ev = hapd.wait_event(["WPS-AP-SETUP-UNLOCKED"], timeout=80)
917 if ev is None:
918 raise Exception("AP PIN did not get unlocked on 60 second timeout")
919
920 def test_ap_wps_setup_locked_2(dev, apdev):
921 """WPS AP configured for special ap_setup_locked=2 mode"""
922 ssid = "test-wps-ap-pin"
923 appin = "12345670"
924 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
925 "wpa_passphrase": "12345678", "wpa": "2",
926 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
927 "ap_pin": appin, "ap_setup_locked": "2"}
928 hapd = hostapd.add_ap(apdev[0], params)
929 new_ssid = "wps-new-ssid-test"
930 new_passphrase = "1234567890"
931
932 dev[0].flush_scan_cache()
933 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
934 dev[0].wps_reg(apdev[0]['bssid'], appin)
935 dev[0].request("REMOVE_NETWORK all")
936 dev[0].wait_disconnected()
937
938 hapd.dump_monitor()
939 dev[0].dump_monitor()
940 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK",
941 "CCMP", new_passphrase, no_wait=True)
942
943 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
944 if ev is None:
945 raise Exception("hostapd did not report WPS failure")
946 if "msg=12 config_error=15" not in ev:
947 raise Exception("Unexpected failure reason (AP): " + ev)
948
949 ev = dev[0].wait_event(["WPS-FAIL", "CTRL-EVENT-CONNECTED"])
950 if ev is None:
951 raise Exception("Timeout on receiving WPS operation failure event")
952 if "CTRL-EVENT-CONNECTED" in ev:
953 raise Exception("Unexpected connection")
954 if "config_error=15" not in ev:
955 raise Exception("Unexpected failure reason (STA): " + ev)
956 dev[0].request("WPS_CANCEL")
957 dev[0].wait_disconnected()
958
959 def setup_ap_wps_pbc_overlap_2ap(apdev):
960 params = {"ssid": "wps1", "eap_server": "1", "wps_state": "2",
961 "wpa_passphrase": "12345678", "wpa": "2",
962 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
963 "wps_independent": "1"}
964 hapd = hostapd.add_ap(apdev[0], params)
965 params = {"ssid": "wps2", "eap_server": "1", "wps_state": "2",
966 "wpa_passphrase": "123456789", "wpa": "2",
967 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
968 "wps_independent": "1"}
969 hapd2 = hostapd.add_ap(apdev[1], params)
970 hapd.request("WPS_PBC")
971 hapd2.request("WPS_PBC")
972 return hapd, hapd2
973
974 @remote_compatible
975 def test_ap_wps_pbc_overlap_2ap(dev, apdev):
976 """WPS PBC session overlap with two active APs"""
977 hapd, hapd2 = setup_ap_wps_pbc_overlap_2ap(apdev)
978 logger.info("WPS provisioning step")
979 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
980 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
981 dev[0].request("WPS_PBC")
982 ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED"], timeout=15)
983 hapd.request("DISABLE")
984 hapd2.request("DISABLE")
985 dev[0].flush_scan_cache()
986 if ev is None:
987 raise Exception("PBC session overlap not detected")
988
989 @remote_compatible
990 def test_ap_wps_pbc_overlap_2ap_specific_bssid(dev, apdev):
991 """WPS PBC session overlap with two active APs (specific BSSID selected)"""
992 hapd, hapd2 = setup_ap_wps_pbc_overlap_2ap(apdev)
993 logger.info("WPS provisioning step")
994 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
995 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
996 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
997 ev = dev[0].wait_event(["WPS-OVERLAP-DETECTED",
998 "CTRL-EVENT-CONNECTED"], timeout=15)
999 dev[0].request("DISCONNECT")
1000 hapd.request("DISABLE")
1001 hapd2.request("DISABLE")
1002 dev[0].flush_scan_cache()
1003 if ev is None:
1004 raise Exception("PBC session overlap result not reported")
1005 if "CTRL-EVENT-CONNECTED" not in ev:
1006 raise Exception("Connection did not complete")
1007
1008 @remote_compatible
1009 def test_ap_wps_pbc_overlap_2sta(dev, apdev):
1010 """WPS PBC session overlap with two active STAs"""
1011 ssid = "test-wps-pbc-overlap"
1012 hapd = hostapd.add_ap(apdev[0],
1013 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1014 "wpa_passphrase": "12345678", "wpa": "2",
1015 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
1016 logger.info("WPS provisioning step")
1017 hapd.request("WPS_PBC")
1018 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
1019 dev[0].dump_monitor()
1020 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
1021 dev[1].dump_monitor()
1022 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
1023 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
1024 ev = dev[0].wait_event(["WPS-M2D"], timeout=15)
1025 if ev is None:
1026 raise Exception("PBC session overlap not detected (dev0)")
1027 if "config_error=12" not in ev:
1028 raise Exception("PBC session overlap not correctly reported (dev0)")
1029 dev[0].request("WPS_CANCEL")
1030 dev[0].request("DISCONNECT")
1031 ev = dev[1].wait_event(["WPS-M2D"], timeout=15)
1032 if ev is None:
1033 raise Exception("PBC session overlap not detected (dev1)")
1034 if "config_error=12" not in ev:
1035 raise Exception("PBC session overlap not correctly reported (dev1)")
1036 dev[1].request("WPS_CANCEL")
1037 dev[1].request("DISCONNECT")
1038 hapd.request("WPS_CANCEL")
1039 ret = hapd.request("WPS_PBC")
1040 if "FAIL" not in ret:
1041 raise Exception("PBC mode allowed to be started while PBC overlap still active")
1042 hapd.request("DISABLE")
1043 dev[0].flush_scan_cache()
1044 dev[1].flush_scan_cache()
1045
1046 @remote_compatible
1047 def test_ap_wps_cancel(dev, apdev):
1048 """WPS AP cancelling enabled config method"""
1049 ssid = "test-wps-ap-cancel"
1050 hapd = hostapd.add_ap(apdev[0],
1051 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1052 "wpa_passphrase": "12345678", "wpa": "2",
1053 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
1054 bssid = apdev[0]['bssid']
1055
1056 logger.info("Verify PBC enable/cancel")
1057 hapd.request("WPS_PBC")
1058 dev[0].scan(freq="2412")
1059 dev[0].scan(freq="2412")
1060 bss = dev[0].get_bss(apdev[0]['bssid'])
1061 if "[WPS-PBC]" not in bss['flags']:
1062 raise Exception("WPS-PBC flag missing")
1063 if "FAIL" in hapd.request("WPS_CANCEL"):
1064 raise Exception("WPS_CANCEL failed")
1065 dev[0].scan(freq="2412")
1066 dev[0].scan(freq="2412")
1067 bss = dev[0].get_bss(apdev[0]['bssid'])
1068 if "[WPS-PBC]" in bss['flags']:
1069 raise Exception("WPS-PBC flag not cleared")
1070
1071 logger.info("Verify PIN enable/cancel")
1072 hapd.request("WPS_PIN any 12345670")
1073 dev[0].scan(freq="2412")
1074 dev[0].scan(freq="2412")
1075 bss = dev[0].get_bss(apdev[0]['bssid'])
1076 if "[WPS-AUTH]" not in bss['flags']:
1077 raise Exception("WPS-AUTH flag missing")
1078 if "FAIL" in hapd.request("WPS_CANCEL"):
1079 raise Exception("WPS_CANCEL failed")
1080 dev[0].scan(freq="2412")
1081 dev[0].scan(freq="2412")
1082 bss = dev[0].get_bss(apdev[0]['bssid'])
1083 if "[WPS-AUTH]" in bss['flags']:
1084 raise Exception("WPS-AUTH flag not cleared")
1085
1086 def test_ap_wps_er_add_enrollee(dev, apdev):
1087 """WPS ER configuring AP and adding a new enrollee using PIN"""
1088 try:
1089 _test_ap_wps_er_add_enrollee(dev, apdev)
1090 finally:
1091 dev[0].request("WPS_ER_STOP")
1092
1093 def _test_ap_wps_er_add_enrollee(dev, apdev):
1094 ssid = "wps-er-add-enrollee"
1095 ap_pin = "12345670"
1096 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1097 hostapd.add_ap(apdev[0],
1098 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
1099 "device_name": "Wireless AP", "manufacturer": "Company",
1100 "model_name": "WAP", "model_number": "123",
1101 "serial_number": "12345", "device_type": "6-0050F204-1",
1102 "os_version": "01020300",
1103 'friendly_name': "WPS AP - <>&'\" - TEST",
1104 "config_methods": "label push_button",
1105 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1106 logger.info("WPS configuration step")
1107 new_passphrase = "1234567890"
1108 dev[0].dump_monitor()
1109 dev[0].flush_scan_cache()
1110 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1111 dev[0].wps_reg(apdev[0]['bssid'], ap_pin, ssid, "WPA2PSK", "CCMP",
1112 new_passphrase)
1113 status = dev[0].get_status()
1114 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
1115 raise Exception("Not fully connected")
1116 if status['ssid'] != ssid:
1117 raise Exception("Unexpected SSID")
1118 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'CCMP':
1119 raise Exception("Unexpected encryption configuration")
1120 if status['key_mgmt'] != 'WPA2-PSK':
1121 raise Exception("Unexpected key_mgmt")
1122
1123 logger.info("Start ER")
1124 dev[0].request("WPS_ER_START ifname=lo")
1125 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1126 if ev is None:
1127 raise Exception("AP discovery timed out")
1128 if ap_uuid not in ev:
1129 raise Exception("Expected AP UUID not found")
1130 if "|WPS AP - &lt;&gt;&amp;&apos;&quot; - TEST|Company|" not in ev:
1131 raise Exception("Expected friendly name not found")
1132
1133 logger.info("Learn AP configuration through UPnP")
1134 dev[0].dump_monitor()
1135 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1136 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1137 if ev is None:
1138 raise Exception("AP learn timed out")
1139 if ap_uuid not in ev:
1140 raise Exception("Expected AP UUID not in settings")
1141 if "ssid=" + ssid not in ev:
1142 raise Exception("Expected SSID not in settings")
1143 if "key=" + new_passphrase not in ev:
1144 raise Exception("Expected passphrase not in settings")
1145 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1146 if ev is None:
1147 raise Exception("WPS-FAIL after AP learn timed out")
1148 time.sleep(0.1)
1149
1150 logger.info("Add Enrollee using ER")
1151 pin = dev[1].wps_read_pin()
1152 dev[0].dump_monitor()
1153 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
1154 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1155 dev[1].dump_monitor()
1156 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1157 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
1158 if ev is None:
1159 raise Exception("Enrollee did not report success")
1160 dev[1].wait_connected(timeout=15)
1161 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1162 if ev is None:
1163 raise Exception("WPS ER did not report success")
1164 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
1165
1166 logger.info("Add a specific Enrollee using ER")
1167 pin = dev[2].wps_read_pin()
1168 addr2 = dev[2].p2p_interface_addr()
1169 dev[0].dump_monitor()
1170 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
1171 dev[2].dump_monitor()
1172 dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1173 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
1174 if ev is None:
1175 raise Exception("Enrollee not seen")
1176 if addr2 not in ev:
1177 raise Exception("Unexpected Enrollee MAC address")
1178 dev[0].request("WPS_ER_PIN " + addr2 + " " + pin + " " + addr2)
1179 dev[2].wait_connected(timeout=30)
1180 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1181 if ev is None:
1182 raise Exception("WPS ER did not report success")
1183
1184 logger.info("Verify registrar selection behavior")
1185 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
1186 dev[1].request("DISCONNECT")
1187 dev[1].wait_disconnected(timeout=10)
1188 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
1189 dev[1].scan(freq="2412")
1190 bss = dev[1].get_bss(apdev[0]['bssid'])
1191 if "[WPS-AUTH]" not in bss['flags']:
1192 # It is possible for scan to miss an update especially when running
1193 # tests under load with multiple VMs, so allow another attempt.
1194 dev[1].scan(freq="2412")
1195 bss = dev[1].get_bss(apdev[0]['bssid'])
1196 if "[WPS-AUTH]" not in bss['flags']:
1197 raise Exception("WPS-AUTH flag missing")
1198
1199 logger.info("Stop ER")
1200 dev[0].dump_monitor()
1201 dev[0].request("WPS_ER_STOP")
1202 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"])
1203 if ev is None:
1204 raise Exception("WPS ER unsubscription timed out")
1205 # It takes some time for the UPnP UNSUBSCRIBE command to go through, so wait
1206 # a bit before verifying that the scan results have changed.
1207 time.sleep(0.2)
1208
1209 for i in range(0, 10):
1210 dev[1].request("BSS_FLUSH 0")
1211 dev[1].scan(freq="2412", only_new=True)
1212 bss = dev[1].get_bss(apdev[0]['bssid'])
1213 if bss and 'flags' in bss and "[WPS-AUTH]" not in bss['flags']:
1214 break
1215 logger.debug("WPS-AUTH flag was still in place - wait a bit longer")
1216 time.sleep(0.1)
1217 if "[WPS-AUTH]" in bss['flags']:
1218 raise Exception("WPS-AUTH flag not removed")
1219
1220 def test_ap_wps_er_add_enrollee_uuid(dev, apdev):
1221 """WPS ER adding a new enrollee identified by UUID"""
1222 try:
1223 _test_ap_wps_er_add_enrollee_uuid(dev, apdev)
1224 finally:
1225 dev[0].request("WPS_ER_STOP")
1226
1227 def _test_ap_wps_er_add_enrollee_uuid(dev, apdev):
1228 ssid = "wps-er-add-enrollee"
1229 ap_pin = "12345670"
1230 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1231 hostapd.add_ap(apdev[0],
1232 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1233 "wpa_passphrase": "12345678", "wpa": "2",
1234 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1235 "device_name": "Wireless AP", "manufacturer": "Company",
1236 "model_name": "WAP", "model_number": "123",
1237 "serial_number": "12345", "device_type": "6-0050F204-1",
1238 "os_version": "01020300",
1239 "config_methods": "label push_button",
1240 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1241 logger.info("WPS configuration step")
1242 dev[0].flush_scan_cache()
1243 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1244 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1245
1246 logger.info("Start ER")
1247 dev[0].request("WPS_ER_START ifname=lo")
1248 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1249 if ev is None:
1250 raise Exception("AP discovery timed out")
1251 if ap_uuid not in ev:
1252 raise Exception("Expected AP UUID not found")
1253
1254 logger.info("Learn AP configuration through UPnP")
1255 dev[0].dump_monitor()
1256 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1257 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1258 if ev is None:
1259 raise Exception("AP learn timed out")
1260 if ap_uuid not in ev:
1261 raise Exception("Expected AP UUID not in settings")
1262 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1263 if ev is None:
1264 raise Exception("WPS-FAIL after AP learn timed out")
1265 time.sleep(0.1)
1266
1267 logger.info("Add a specific Enrollee using ER (PBC/UUID)")
1268 addr1 = dev[1].p2p_interface_addr()
1269 dev[0].dump_monitor()
1270 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1271 dev[1].dump_monitor()
1272 dev[1].request("WPS_PBC %s" % apdev[0]['bssid'])
1273 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
1274 if ev is None:
1275 raise Exception("Enrollee not seen")
1276 if addr1 not in ev:
1277 raise Exception("Unexpected Enrollee MAC address")
1278 uuid = ev.split(' ')[1]
1279 dev[0].request("WPS_ER_PBC " + uuid)
1280 dev[1].wait_connected(timeout=30)
1281 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1282 if ev is None:
1283 raise Exception("WPS ER did not report success")
1284
1285 logger.info("Add a specific Enrollee using ER (PIN/UUID)")
1286 pin = dev[2].wps_read_pin()
1287 addr2 = dev[2].p2p_interface_addr()
1288 dev[0].dump_monitor()
1289 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
1290 dev[2].dump_monitor()
1291 dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1292 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
1293 if ev is None:
1294 raise Exception("Enrollee not seen")
1295 if addr2 not in ev:
1296 raise Exception("Unexpected Enrollee MAC address")
1297 uuid = ev.split(' ')[1]
1298 dev[0].request("WPS_ER_PIN " + uuid + " " + pin)
1299 dev[2].wait_connected(timeout=30)
1300 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1301 if ev is None:
1302 raise Exception("WPS ER did not report success")
1303
1304 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-REMOVE"], timeout=15)
1305 if ev is None:
1306 raise Exception("No Enrollee STA entry timeout seen")
1307
1308 logger.info("Stop ER")
1309 dev[0].dump_monitor()
1310 dev[0].request("WPS_ER_STOP")
1311
1312 def test_ap_wps_er_multi_add_enrollee(dev, apdev):
1313 """Multiple WPS ERs adding a new enrollee using PIN"""
1314 try:
1315 _test_ap_wps_er_multi_add_enrollee(dev, apdev)
1316 finally:
1317 for i in range(2):
1318 dev[i].request("WPS_ER_STOP")
1319
1320 def _test_ap_wps_er_multi_add_enrollee(dev, apdev):
1321 ssid = "wps-er-add-enrollee"
1322 ap_pin = "12345670"
1323 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1324 hostapd.add_ap(apdev[0],
1325 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1326 "wpa_passphrase": "12345678", "wpa": "2",
1327 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1328 "device_name": "Wireless AP", "manufacturer": "Company",
1329 "model_name": "WAP", "model_number": "123",
1330 "serial_number": "12345", "device_type": "6-0050F204-1",
1331 "os_version": "01020300",
1332 'friendly_name': "WPS AP",
1333 "config_methods": "label push_button",
1334 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1335
1336 for i in range(2):
1337 dev[i].flush_scan_cache()
1338 dev[i].scan_for_bss(apdev[0]['bssid'], freq=2412)
1339 dev[i].wps_reg(apdev[0]['bssid'], ap_pin)
1340 for i in range(2):
1341 dev[i].request("WPS_ER_START ifname=lo")
1342 for i in range(2):
1343 ev = dev[i].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1344 if ev is None:
1345 raise Exception("AP discovery timed out")
1346 dev[i].dump_monitor()
1347 for i in range(2):
1348 dev[i].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1349 for i in range(2):
1350 ev = dev[i].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1351 if ev is None:
1352 raise Exception("AP learn timed out")
1353 ev = dev[i].wait_event(["WPS-FAIL"], timeout=15)
1354 if ev is None:
1355 raise Exception("WPS-FAIL after AP learn timed out")
1356
1357 time.sleep(0.1)
1358
1359 pin = dev[2].wps_read_pin()
1360 addr = dev[2].own_addr()
1361 dev[0].dump_monitor()
1362 dev[0].request("WPS_ER_PIN any " + pin + " " + addr)
1363 dev[1].dump_monitor()
1364 dev[1].request("WPS_ER_PIN any " + pin + " " + addr)
1365
1366 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
1367 dev[2].dump_monitor()
1368 dev[2].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1369 ev = dev[2].wait_event(["WPS-SUCCESS"], timeout=30)
1370 if ev is None:
1371 raise Exception("Enrollee did not report success")
1372 dev[2].wait_connected(timeout=15)
1373
1374 def test_ap_wps_er_add_enrollee_pbc(dev, apdev):
1375 """WPS ER connected to AP and adding a new enrollee using PBC"""
1376 try:
1377 _test_ap_wps_er_add_enrollee_pbc(dev, apdev)
1378 finally:
1379 dev[0].request("WPS_ER_STOP")
1380
1381 def _test_ap_wps_er_add_enrollee_pbc(dev, apdev):
1382 ssid = "wps-er-add-enrollee-pbc"
1383 ap_pin = "12345670"
1384 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1385 hostapd.add_ap(apdev[0],
1386 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1387 "wpa_passphrase": "12345678", "wpa": "2",
1388 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1389 "device_name": "Wireless AP", "manufacturer": "Company",
1390 "model_name": "WAP", "model_number": "123",
1391 "serial_number": "12345", "device_type": "6-0050F204-1",
1392 "os_version": "01020300",
1393 "config_methods": "label push_button",
1394 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1395 logger.info("Learn AP configuration")
1396 dev[0].flush_scan_cache()
1397 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1398 dev[0].dump_monitor()
1399 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1400 status = dev[0].get_status()
1401 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
1402 raise Exception("Not fully connected")
1403
1404 logger.info("Start ER")
1405 dev[0].request("WPS_ER_START ifname=lo")
1406 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1407 if ev is None:
1408 raise Exception("AP discovery timed out")
1409 if ap_uuid not in ev:
1410 raise Exception("Expected AP UUID not found")
1411
1412 enrollee = dev[1].p2p_interface_addr()
1413
1414 if "FAIL-UNKNOWN-UUID" not in dev[0].request("WPS_ER_PBC " + enrollee):
1415 raise Exception("Unknown UUID not reported")
1416
1417 logger.info("Add Enrollee using ER and PBC")
1418 dev[0].dump_monitor()
1419 dev[1].dump_monitor()
1420 dev[1].request("WPS_PBC")
1421
1422 for i in range(0, 2):
1423 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
1424 if ev is None:
1425 raise Exception("Enrollee discovery timed out")
1426 if enrollee in ev:
1427 break
1428 if i == 1:
1429 raise Exception("Expected Enrollee not found")
1430 if "FAIL-NO-AP-SETTINGS" not in dev[0].request("WPS_ER_PBC " + enrollee):
1431 raise Exception("Unknown UUID not reported")
1432 logger.info("Use learned network configuration on ER")
1433 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
1434 if "OK" not in dev[0].request("WPS_ER_PBC " + enrollee):
1435 raise Exception("WPS_ER_PBC failed")
1436
1437 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=15)
1438 if ev is None:
1439 raise Exception("Enrollee did not report success")
1440 dev[1].wait_connected(timeout=15)
1441 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1442 if ev is None:
1443 raise Exception("WPS ER did not report success")
1444 hwsim_utils.test_connectivity_sta(dev[0], dev[1])
1445
1446 def test_ap_wps_er_pbc_overlap(dev, apdev):
1447 """WPS ER connected to AP and PBC session overlap"""
1448 try:
1449 _test_ap_wps_er_pbc_overlap(dev, apdev)
1450 finally:
1451 dev[0].request("WPS_ER_STOP")
1452
1453 def _test_ap_wps_er_pbc_overlap(dev, apdev):
1454 ssid = "wps-er-add-enrollee-pbc"
1455 ap_pin = "12345670"
1456 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1457 hostapd.add_ap(apdev[0],
1458 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1459 "wpa_passphrase": "12345678", "wpa": "2",
1460 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1461 "device_name": "Wireless AP", "manufacturer": "Company",
1462 "model_name": "WAP", "model_number": "123",
1463 "serial_number": "12345", "device_type": "6-0050F204-1",
1464 "os_version": "01020300",
1465 "config_methods": "label push_button",
1466 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1467 dev[0].flush_scan_cache()
1468 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1469 dev[0].dump_monitor()
1470 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1471
1472 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412")
1473 dev[2].scan_for_bss(apdev[0]['bssid'], freq="2412")
1474 # avoid leaving dev 1 or 2 as the last Probe Request to the AP
1475 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412, force_scan=True)
1476
1477 dev[0].dump_monitor()
1478 dev[0].request("WPS_ER_START ifname=lo")
1479
1480 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1481 if ev is None:
1482 raise Exception("AP discovery timed out")
1483 if ap_uuid not in ev:
1484 raise Exception("Expected AP UUID not found")
1485
1486 # verify BSSID selection of the AP instead of UUID
1487 if "FAIL" in dev[0].request("WPS_ER_SET_CONFIG " + apdev[0]['bssid'] + " 0"):
1488 raise Exception("Could not select AP based on BSSID")
1489
1490 dev[0].dump_monitor()
1491 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
1492 dev[2].request("WPS_PBC " + apdev[0]['bssid'])
1493 ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
1494 if ev is None:
1495 raise Exception("PBC scan failed")
1496 ev = dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
1497 if ev is None:
1498 raise Exception("PBC scan failed")
1499 found1 = False
1500 found2 = False
1501 addr1 = dev[1].own_addr()
1502 addr2 = dev[2].own_addr()
1503 for i in range(3):
1504 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
1505 if ev is None:
1506 raise Exception("Enrollee discovery timed out")
1507 if addr1 in ev:
1508 found1 = True
1509 if found2:
1510 break
1511 if addr2 in ev:
1512 found2 = True
1513 if found1:
1514 break
1515 if dev[0].request("WPS_ER_PBC " + ap_uuid) != "FAIL-PBC-OVERLAP\n":
1516 raise Exception("PBC overlap not reported")
1517 dev[1].request("WPS_CANCEL")
1518 dev[2].request("WPS_CANCEL")
1519 if dev[0].request("WPS_ER_PBC foo") != "FAIL\n":
1520 raise Exception("Invalid WPS_ER_PBC accepted")
1521
1522 def test_ap_wps_er_v10_add_enrollee_pin(dev, apdev):
1523 """WPS v1.0 ER connected to AP and adding a new enrollee using PIN"""
1524 try:
1525 _test_ap_wps_er_v10_add_enrollee_pin(dev, apdev)
1526 finally:
1527 dev[0].request("WPS_ER_STOP")
1528
1529 def _test_ap_wps_er_v10_add_enrollee_pin(dev, apdev):
1530 ssid = "wps-er-add-enrollee-pbc"
1531 ap_pin = "12345670"
1532 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1533 hostapd.add_ap(apdev[0],
1534 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1535 "wpa_passphrase": "12345678", "wpa": "2",
1536 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1537 "device_name": "Wireless AP", "manufacturer": "Company",
1538 "model_name": "WAP", "model_number": "123",
1539 "serial_number": "12345", "device_type": "6-0050F204-1",
1540 "os_version": "01020300",
1541 "config_methods": "label push_button",
1542 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1543 logger.info("Learn AP configuration")
1544 dev[0].request("SET wps_version_number 0x10")
1545 dev[0].flush_scan_cache()
1546 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1547 dev[0].dump_monitor()
1548 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1549 status = dev[0].get_status()
1550 if status['wpa_state'] != 'COMPLETED' or status['bssid'] != apdev[0]['bssid']:
1551 raise Exception("Not fully connected")
1552
1553 logger.info("Start ER")
1554 dev[0].request("WPS_ER_START ifname=lo")
1555 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1556 if ev is None:
1557 raise Exception("AP discovery timed out")
1558 if ap_uuid not in ev:
1559 raise Exception("Expected AP UUID not found")
1560
1561 logger.info("Use learned network configuration on ER")
1562 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
1563
1564 logger.info("Add Enrollee using ER and PIN")
1565 enrollee = dev[1].p2p_interface_addr()
1566 pin = dev[1].wps_read_pin()
1567 dev[0].dump_monitor()
1568 dev[0].request("WPS_ER_PIN any " + pin + " " + enrollee)
1569 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1570 dev[1].dump_monitor()
1571 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1572 dev[1].wait_connected(timeout=30)
1573 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1574 if ev is None:
1575 raise Exception("WPS ER did not report success")
1576
1577 @remote_compatible
1578 def test_ap_wps_er_config_ap(dev, apdev):
1579 """WPS ER configuring AP over UPnP"""
1580 try:
1581 _test_ap_wps_er_config_ap(dev, apdev)
1582 finally:
1583 dev[0].request("WPS_ER_STOP")
1584
1585 def _test_ap_wps_er_config_ap(dev, apdev):
1586 ssid = "wps-er-ap-config"
1587 ap_pin = "12345670"
1588 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1589 hostapd.add_ap(apdev[0],
1590 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1591 "wpa_passphrase": "12345678", "wpa": "2",
1592 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1593 "device_name": "Wireless AP", "manufacturer": "Company",
1594 "model_name": "WAP", "model_number": "123",
1595 "serial_number": "12345", "device_type": "6-0050F204-1",
1596 "os_version": "01020300",
1597 "config_methods": "label push_button",
1598 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
1599
1600 logger.info("Connect ER to the AP")
1601 dev[0].connect(ssid, psk="12345678", scan_freq="2412")
1602
1603 logger.info("WPS configuration step")
1604 dev[0].request("WPS_ER_START ifname=lo")
1605 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1606 if ev is None:
1607 raise Exception("AP discovery timed out")
1608 if ap_uuid not in ev:
1609 raise Exception("Expected AP UUID not found")
1610 new_passphrase = "1234567890"
1611 dev[0].request("WPS_ER_CONFIG " + apdev[0]['bssid'] + " " + ap_pin + " " +
1612 binascii.hexlify(ssid.encode()).decode() + " WPA2PSK CCMP " +
1613 binascii.hexlify(new_passphrase.encode()).decode())
1614 ev = dev[0].wait_event(["WPS-SUCCESS"])
1615 if ev is None:
1616 raise Exception("WPS ER configuration operation timed out")
1617 dev[0].wait_disconnected(timeout=10)
1618 dev[0].connect(ssid, psk="1234567890", scan_freq="2412")
1619
1620 logger.info("WPS ER restart")
1621 dev[0].request("WPS_ER_START")
1622 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1623 if ev is None:
1624 raise Exception("AP discovery timed out on ER restart")
1625 if ap_uuid not in ev:
1626 raise Exception("Expected AP UUID not found on ER restart")
1627 if "OK" not in dev[0].request("WPS_ER_STOP"):
1628 raise Exception("WPS_ER_STOP failed")
1629 if "OK" not in dev[0].request("WPS_ER_STOP"):
1630 raise Exception("WPS_ER_STOP failed")
1631
1632 @remote_compatible
1633 def test_ap_wps_er_cache_ap_settings(dev, apdev):
1634 """WPS ER caching AP settings"""
1635 try:
1636 _test_ap_wps_er_cache_ap_settings(dev, apdev)
1637 finally:
1638 dev[0].request("WPS_ER_STOP")
1639
1640 def _test_ap_wps_er_cache_ap_settings(dev, apdev):
1641 ssid = "wps-er-add-enrollee"
1642 ap_pin = "12345670"
1643 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1644 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1645 "wpa_passphrase": "12345678", "wpa": "2",
1646 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1647 "device_name": "Wireless AP", "manufacturer": "Company",
1648 "model_name": "WAP", "model_number": "123",
1649 "serial_number": "12345", "device_type": "6-0050F204-1",
1650 "os_version": "01020300",
1651 "config_methods": "label push_button",
1652 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1653 hapd = hostapd.add_ap(apdev[0], params)
1654 dev[0].flush_scan_cache()
1655 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1656 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1657 id = int(dev[0].list_networks()[0]['id'])
1658 dev[0].set_network(id, "scan_freq", "2412")
1659
1660 dev[0].request("WPS_ER_START ifname=lo")
1661 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1662 if ev is None:
1663 raise Exception("AP discovery timed out")
1664 if ap_uuid not in ev:
1665 raise Exception("Expected AP UUID not found")
1666
1667 dev[0].dump_monitor()
1668 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1669 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1670 if ev is None:
1671 raise Exception("AP learn timed out")
1672 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1673 if ev is None:
1674 raise Exception("WPS-FAIL after AP learn timed out")
1675 time.sleep(0.1)
1676
1677 hapd.disable()
1678
1679 for i in range(2):
1680 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE", "CTRL-EVENT-DISCONNECTED"],
1681 timeout=15)
1682 if ev is None:
1683 raise Exception("AP removal or disconnection timed out")
1684
1685 hapd = hostapd.add_ap(apdev[0], params)
1686 for i in range(2):
1687 ev = dev[0].wait_event(["WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED"],
1688 timeout=15)
1689 if ev is None:
1690 raise Exception("AP discovery or connection timed out")
1691
1692 pin = dev[1].wps_read_pin()
1693 dev[0].dump_monitor()
1694 dev[0].request("WPS_ER_PIN any " + pin + " " + dev[1].p2p_interface_addr())
1695
1696 time.sleep(0.2)
1697
1698 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
1699 dev[1].dump_monitor()
1700 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
1701 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
1702 if ev is None:
1703 raise Exception("Enrollee did not report success")
1704 dev[1].wait_connected(timeout=15)
1705 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
1706 if ev is None:
1707 raise Exception("WPS ER did not report success")
1708
1709 dev[0].dump_monitor()
1710 dev[0].request("WPS_ER_STOP")
1711
1712 def test_ap_wps_er_cache_ap_settings_oom(dev, apdev):
1713 """WPS ER caching AP settings (OOM)"""
1714 try:
1715 _test_ap_wps_er_cache_ap_settings_oom(dev, apdev)
1716 finally:
1717 dev[0].request("WPS_ER_STOP")
1718
1719 def _test_ap_wps_er_cache_ap_settings_oom(dev, apdev):
1720 ssid = "wps-er-add-enrollee"
1721 ap_pin = "12345670"
1722 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1723 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1724 "wpa_passphrase": "12345678", "wpa": "2",
1725 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1726 "device_name": "Wireless AP", "manufacturer": "Company",
1727 "model_name": "WAP", "model_number": "123",
1728 "serial_number": "12345", "device_type": "6-0050F204-1",
1729 "os_version": "01020300",
1730 "config_methods": "label push_button",
1731 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1732 hapd = hostapd.add_ap(apdev[0], params)
1733 dev[0].flush_scan_cache()
1734 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1735 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1736 id = int(dev[0].list_networks()[0]['id'])
1737 dev[0].set_network(id, "scan_freq", "2412")
1738
1739 dev[0].request("WPS_ER_START ifname=lo")
1740 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1741 if ev is None:
1742 raise Exception("AP discovery timed out")
1743 if ap_uuid not in ev:
1744 raise Exception("Expected AP UUID not found")
1745
1746 dev[0].dump_monitor()
1747 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1748 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1749 if ev is None:
1750 raise Exception("AP learn timed out")
1751 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1752 if ev is None:
1753 raise Exception("WPS-FAIL after AP learn timed out")
1754 time.sleep(0.1)
1755
1756 with alloc_fail(dev[0], 1, "=wps_er_ap_use_cached_settings"):
1757 hapd.disable()
1758
1759 for i in range(2):
1760 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE",
1761 "CTRL-EVENT-DISCONNECTED"],
1762 timeout=15)
1763 if ev is None:
1764 raise Exception("AP removal or disconnection timed out")
1765
1766 hapd = hostapd.add_ap(apdev[0], params)
1767 for i in range(2):
1768 ev = dev[0].wait_event(["WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED"],
1769 timeout=15)
1770 if ev is None:
1771 raise Exception("AP discovery or connection timed out")
1772
1773 dev[0].request("WPS_ER_STOP")
1774
1775 def test_ap_wps_er_cache_ap_settings_oom2(dev, apdev):
1776 """WPS ER caching AP settings (OOM 2)"""
1777 try:
1778 _test_ap_wps_er_cache_ap_settings_oom2(dev, apdev)
1779 finally:
1780 dev[0].request("WPS_ER_STOP")
1781
1782 def _test_ap_wps_er_cache_ap_settings_oom2(dev, apdev):
1783 ssid = "wps-er-add-enrollee"
1784 ap_pin = "12345670"
1785 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1786 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1787 "wpa_passphrase": "12345678", "wpa": "2",
1788 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1789 "device_name": "Wireless AP", "manufacturer": "Company",
1790 "model_name": "WAP", "model_number": "123",
1791 "serial_number": "12345", "device_type": "6-0050F204-1",
1792 "os_version": "01020300",
1793 "config_methods": "label push_button",
1794 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1795 hapd = hostapd.add_ap(apdev[0], params)
1796 dev[0].flush_scan_cache()
1797 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1798 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1799 id = int(dev[0].list_networks()[0]['id'])
1800 dev[0].set_network(id, "scan_freq", "2412")
1801
1802 dev[0].request("WPS_ER_START ifname=lo")
1803 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
1804 if ev is None:
1805 raise Exception("AP discovery timed out")
1806 if ap_uuid not in ev:
1807 raise Exception("Expected AP UUID not found")
1808
1809 dev[0].dump_monitor()
1810 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1811 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1812 if ev is None:
1813 raise Exception("AP learn timed out")
1814 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1815 if ev is None:
1816 raise Exception("WPS-FAIL after AP learn timed out")
1817 time.sleep(0.1)
1818
1819 with alloc_fail(dev[0], 1, "=wps_er_ap_cache_settings"):
1820 hapd.disable()
1821
1822 for i in range(2):
1823 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE",
1824 "CTRL-EVENT-DISCONNECTED"],
1825 timeout=15)
1826 if ev is None:
1827 raise Exception("AP removal or disconnection timed out")
1828
1829 hapd = hostapd.add_ap(apdev[0], params)
1830 for i in range(2):
1831 ev = dev[0].wait_event(["WPS-ER-AP-ADD", "CTRL-EVENT-CONNECTED"],
1832 timeout=15)
1833 if ev is None:
1834 raise Exception("AP discovery or connection timed out")
1835
1836 dev[0].request("WPS_ER_STOP")
1837
1838 def test_ap_wps_er_subscribe_oom(dev, apdev):
1839 """WPS ER subscribe OOM"""
1840 try:
1841 _test_ap_wps_er_subscribe_oom(dev, apdev)
1842 finally:
1843 dev[0].request("WPS_ER_STOP")
1844
1845 def _test_ap_wps_er_subscribe_oom(dev, apdev):
1846 ssid = "wps-er-add-enrollee"
1847 ap_pin = "12345670"
1848 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1849 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1850 "wpa_passphrase": "12345678", "wpa": "2",
1851 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1852 "device_name": "Wireless AP", "manufacturer": "Company",
1853 "model_name": "WAP", "model_number": "123",
1854 "serial_number": "12345", "device_type": "6-0050F204-1",
1855 "os_version": "01020300",
1856 "config_methods": "label push_button",
1857 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1858 hapd = hostapd.add_ap(apdev[0], params)
1859 dev[0].flush_scan_cache()
1860 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1861 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1862 id = int(dev[0].list_networks()[0]['id'])
1863 dev[0].set_network(id, "scan_freq", "2412")
1864
1865 with alloc_fail(dev[0], 1, "http_client_addr;wps_er_subscribe"):
1866 dev[0].request("WPS_ER_START ifname=lo")
1867 for i in range(50):
1868 res = dev[0].request("GET_ALLOC_FAIL")
1869 if res.startswith("0:"):
1870 break
1871 time.sleep(0.1)
1872 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=0)
1873 if ev:
1874 raise Exception("Unexpected AP discovery during OOM")
1875
1876 dev[0].request("WPS_ER_STOP")
1877
1878 def test_ap_wps_er_set_sel_reg_oom(dev, apdev):
1879 """WPS ER SetSelectedRegistrar OOM"""
1880 try:
1881 _test_ap_wps_er_set_sel_reg_oom(dev, apdev)
1882 finally:
1883 dev[0].request("WPS_ER_STOP")
1884
1885 def _test_ap_wps_er_set_sel_reg_oom(dev, apdev):
1886 ssid = "wps-er-add-enrollee"
1887 ap_pin = "12345670"
1888 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1889 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1890 "wpa_passphrase": "12345678", "wpa": "2",
1891 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1892 "device_name": "Wireless AP", "manufacturer": "Company",
1893 "model_name": "WAP", "model_number": "123",
1894 "serial_number": "12345", "device_type": "6-0050F204-1",
1895 "os_version": "01020300",
1896 "config_methods": "label push_button",
1897 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1898 hapd = hostapd.add_ap(apdev[0], params)
1899 dev[0].flush_scan_cache()
1900 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1901 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1902
1903 dev[0].request("WPS_ER_START ifname=lo")
1904 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
1905 if ev is None:
1906 raise Exception("AP not discovered")
1907
1908 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1909 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
1910 if ev is None:
1911 raise Exception("AP learn timed out")
1912 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
1913 if ev is None:
1914 raise Exception("WPS-FAIL timed out")
1915 time.sleep(0.1)
1916
1917 for func in ["http_client_url_parse;wps_er_send_set_sel_reg",
1918 "wps_er_soap_hdr;wps_er_send_set_sel_reg",
1919 "http_client_addr;wps_er_send_set_sel_reg",
1920 "wpabuf_alloc;wps_er_set_sel_reg"]:
1921 with alloc_fail(dev[0], 1, func):
1922 if "OK" not in dev[0].request("WPS_ER_PBC " + ap_uuid):
1923 raise Exception("WPS_ER_PBC failed")
1924 ev = dev[0].wait_event(["WPS-PBC-ACTIVE"], timeout=3)
1925 if ev is None:
1926 raise Exception("WPS-PBC-ACTIVE not seen")
1927
1928 dev[0].request("WPS_ER_STOP")
1929
1930 @remote_compatible
1931 def test_ap_wps_er_learn_oom(dev, apdev):
1932 """WPS ER learn OOM"""
1933 try:
1934 _test_ap_wps_er_learn_oom(dev, apdev)
1935 finally:
1936 dev[0].request("WPS_ER_STOP")
1937
1938 def _test_ap_wps_er_learn_oom(dev, apdev):
1939 ssid = "wps-er-add-enrollee"
1940 ap_pin = "12345670"
1941 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
1942 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1943 "wpa_passphrase": "12345678", "wpa": "2",
1944 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1945 "device_name": "Wireless AP", "manufacturer": "Company",
1946 "model_name": "WAP", "model_number": "123",
1947 "serial_number": "12345", "device_type": "6-0050F204-1",
1948 "os_version": "01020300",
1949 "config_methods": "label push_button",
1950 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
1951 hapd = hostapd.add_ap(apdev[0], params)
1952 dev[0].flush_scan_cache()
1953 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1954 dev[0].wps_reg(apdev[0]['bssid'], ap_pin)
1955
1956 dev[0].request("WPS_ER_START ifname=lo")
1957 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
1958 if ev is None:
1959 raise Exception("AP not discovered")
1960
1961 for func in ["wps_er_http_put_message_cb",
1962 "xml_get_base64_item;wps_er_http_put_message_cb",
1963 "http_client_url_parse;wps_er_ap_put_message",
1964 "wps_er_soap_hdr;wps_er_ap_put_message",
1965 "http_client_addr;wps_er_ap_put_message"]:
1966 with alloc_fail(dev[0], 1, func):
1967 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1968 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=1)
1969 if ev is not None:
1970 raise Exception("AP learn succeeded during OOM")
1971
1972 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
1973 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=10)
1974 if ev is None:
1975 raise Exception("AP learn did not succeed")
1976
1977 if "FAIL" not in dev[0].request("WPS_ER_LEARN 00000000-9e5c-4e73-bd82-f89cbcd10d7e " + ap_pin):
1978 raise Exception("WPS_ER_LEARN for unknown AP accepted")
1979
1980 dev[0].request("WPS_ER_STOP")
1981
1982 def test_ap_wps_fragmentation(dev, apdev):
1983 """WPS with fragmentation in EAP-WSC and mixed mode WPA+WPA2"""
1984 ssid = "test-wps-fragmentation"
1985 appin = "12345670"
1986 hapd = hostapd.add_ap(apdev[0],
1987 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
1988 "wpa_passphrase": "12345678", "wpa": "3",
1989 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
1990 "wpa_pairwise": "TKIP", "ap_pin": appin,
1991 "fragment_size": "50"})
1992 logger.info("WPS provisioning step (PBC)")
1993 hapd.request("WPS_PBC")
1994 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
1995 dev[0].dump_monitor()
1996 dev[0].request("SET wps_fragment_size 50")
1997 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
1998 dev[0].wait_connected(timeout=30)
1999 status = dev[0].get_status()
2000 if status['wpa_state'] != 'COMPLETED':
2001 raise Exception("Not fully connected")
2002 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
2003 raise Exception("Unexpected encryption configuration")
2004 if status['key_mgmt'] != 'WPA2-PSK':
2005 raise Exception("Unexpected key_mgmt")
2006
2007 logger.info("WPS provisioning step (PIN)")
2008 pin = dev[1].wps_read_pin()
2009 hapd.request("WPS_PIN any " + pin)
2010 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
2011 dev[1].request("SET wps_fragment_size 50")
2012 dev[1].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
2013 dev[1].wait_connected(timeout=30)
2014 status = dev[1].get_status()
2015 if status['wpa_state'] != 'COMPLETED':
2016 raise Exception("Not fully connected")
2017 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
2018 raise Exception("Unexpected encryption configuration")
2019 if status['key_mgmt'] != 'WPA2-PSK':
2020 raise Exception("Unexpected key_mgmt")
2021
2022 logger.info("WPS connection as registrar")
2023 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
2024 dev[2].request("SET wps_fragment_size 50")
2025 dev[2].wps_reg(apdev[0]['bssid'], appin)
2026 status = dev[2].get_status()
2027 if status['wpa_state'] != 'COMPLETED':
2028 raise Exception("Not fully connected")
2029 if status['pairwise_cipher'] != 'CCMP' or status['group_cipher'] != 'TKIP':
2030 raise Exception("Unexpected encryption configuration")
2031 if status['key_mgmt'] != 'WPA2-PSK':
2032 raise Exception("Unexpected key_mgmt")
2033
2034 @remote_compatible
2035 def test_ap_wps_new_version_sta(dev, apdev):
2036 """WPS compatibility with new version number on the station"""
2037 ssid = "test-wps-ver"
2038 hapd = hostapd.add_ap(apdev[0],
2039 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2040 "wpa_passphrase": "12345678", "wpa": "2",
2041 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2042 logger.info("WPS provisioning step")
2043 hapd.request("WPS_PBC")
2044 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2045 dev[0].dump_monitor()
2046 dev[0].request("SET wps_version_number 0x43")
2047 dev[0].request("SET wps_vendor_ext_m1 000137100100020001")
2048 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2049 dev[0].wait_connected(timeout=30)
2050
2051 @remote_compatible
2052 def test_ap_wps_new_version_ap(dev, apdev):
2053 """WPS compatibility with new version number on the AP"""
2054 ssid = "test-wps-ver"
2055 hapd = hostapd.add_ap(apdev[0],
2056 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2057 "wpa_passphrase": "12345678", "wpa": "2",
2058 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2059 logger.info("WPS provisioning step")
2060 if "FAIL" in hapd.request("SET wps_version_number 0x43"):
2061 raise Exception("Failed to enable test functionality")
2062 hapd.request("WPS_PBC")
2063 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2064 dev[0].dump_monitor()
2065 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2066 dev[0].wait_connected(timeout=30)
2067 hapd.request("SET wps_version_number 0x20")
2068
2069 @remote_compatible
2070 def test_ap_wps_check_pin(dev, apdev):
2071 """Verify PIN checking through control interface"""
2072 hapd = hostapd.add_ap(apdev[0],
2073 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2074 "wpa_passphrase": "12345678", "wpa": "2",
2075 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2076 for t in [("12345670", "12345670"),
2077 ("12345678", "FAIL-CHECKSUM"),
2078 ("12345", "FAIL"),
2079 ("123456789", "FAIL"),
2080 ("1234-5670", "12345670"),
2081 ("1234 5670", "12345670"),
2082 ("1-2.3:4 5670", "12345670")]:
2083 res = hapd.request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
2084 res2 = dev[0].request("WPS_CHECK_PIN " + t[0]).rstrip('\n')
2085 if res != res2:
2086 raise Exception("Unexpected difference in WPS_CHECK_PIN responses")
2087 if res != t[1]:
2088 raise Exception("Incorrect WPS_CHECK_PIN response {} (expected {})".format(res, t[1]))
2089
2090 if "FAIL" not in hapd.request("WPS_CHECK_PIN 12345"):
2091 raise Exception("Unexpected WPS_CHECK_PIN success")
2092 if "FAIL" not in hapd.request("WPS_CHECK_PIN 123456789"):
2093 raise Exception("Unexpected WPS_CHECK_PIN success")
2094
2095 for i in range(0, 10):
2096 pin = dev[0].request("WPS_PIN get")
2097 rpin = dev[0].request("WPS_CHECK_PIN " + pin).rstrip('\n')
2098 if pin != rpin:
2099 raise Exception("Random PIN validation failed for " + pin)
2100
2101 def test_ap_wps_pin_get_failure(dev, apdev):
2102 """PIN generation failure"""
2103 with fail_test(dev[0], 1,
2104 "os_get_random;wpa_supplicant_ctrl_iface_wps_pin"):
2105 if "FAIL" not in dev[0].request("WPS_PIN get"):
2106 raise Exception("WPS_PIN did not report failure")
2107
2108 def test_ap_wps_wep_config(dev, apdev):
2109 """WPS 2.0 AP rejecting WEP configuration"""
2110 ssid = "test-wps-config"
2111 appin = "12345670"
2112 hapd = hostapd.add_ap(apdev[0],
2113 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2114 "ap_pin": appin})
2115 dev[0].flush_scan_cache()
2116 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2117 dev[0].wps_reg(apdev[0]['bssid'], appin, "wps-new-ssid-wep", "OPEN", "WEP",
2118 "hello", no_wait=True)
2119 ev = hapd.wait_event(["WPS-FAIL"], timeout=15)
2120 if ev is None:
2121 raise Exception("WPS-FAIL timed out")
2122 if "reason=2" not in ev:
2123 raise Exception("Unexpected reason code in WPS-FAIL")
2124 status = hapd.request("WPS_GET_STATUS")
2125 if "Last WPS result: Failed" not in status:
2126 raise Exception("WPS failure result not shown correctly")
2127 if "Failure Reason: WEP Prohibited" not in status:
2128 raise Exception("Failure reason not reported correctly")
2129 if "Peer Address: " + dev[0].p2p_interface_addr() not in status:
2130 raise Exception("Peer address not shown correctly")
2131
2132 def test_ap_wps_wep_enroll(dev, apdev):
2133 """WPS 2.0 STA rejecting WEP configuration"""
2134 ssid = "test-wps-wep"
2135 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2136 "skip_cred_build": "1", "extra_cred": "wps-wep-cred"}
2137 hapd = hostapd.add_ap(apdev[0], params)
2138 hapd.request("WPS_PBC")
2139 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2140 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2141 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
2142 if ev is None:
2143 raise Exception("WPS-FAIL event timed out")
2144 if "msg=12" not in ev or "reason=2 (WEP Prohibited)" not in ev:
2145 raise Exception("Unexpected WPS-FAIL event: " + ev)
2146
2147 @remote_compatible
2148 def test_ap_wps_ie_fragmentation(dev, apdev):
2149 """WPS AP using fragmented WPS IE"""
2150 ssid = "test-wps-ie-fragmentation"
2151 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2152 "wpa_passphrase": "12345678", "wpa": "2",
2153 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
2154 "device_name": "1234567890abcdef1234567890abcdef",
2155 "manufacturer": "1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef",
2156 "model_name": "1234567890abcdef1234567890abcdef",
2157 "model_number": "1234567890abcdef1234567890abcdef",
2158 "serial_number": "1234567890abcdef1234567890abcdef"}
2159 hapd = hostapd.add_ap(apdev[0], params)
2160 hapd.request("WPS_PBC")
2161 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2162 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2163 dev[0].wait_connected(timeout=30)
2164 bss = dev[0].get_bss(apdev[0]['bssid'])
2165 if "wps_device_name" not in bss or bss['wps_device_name'] != "1234567890abcdef1234567890abcdef":
2166 logger.info("Device Name not received correctly")
2167 logger.info(bss)
2168 # This can fail if Probe Response frame is missed and Beacon frame was
2169 # used to fill in the BSS entry. This can happen, e.g., during heavy
2170 # load every now and then and is not really an error, so try to
2171 # workaround by runnign another scan.
2172 dev[0].scan(freq="2412", only_new=True)
2173 bss = dev[0].get_bss(apdev[0]['bssid'])
2174 if not bss or "wps_device_name" not in bss or bss['wps_device_name'] != "1234567890abcdef1234567890abcdef":
2175 logger.info(bss)
2176 raise Exception("Device Name not received correctly")
2177 if len(re.findall("dd..0050f204", bss['ie'])) != 2:
2178 raise Exception("Unexpected number of WPS IEs")
2179
2180 def get_psk(pskfile):
2181 psks = {}
2182 with open(pskfile, "r") as f:
2183 lines = f.read().splitlines()
2184 for l in lines:
2185 if l == "# WPA PSKs":
2186 continue
2187 vals = l.split(' ')
2188 if len(vals) != 3 or vals[0] != "wps=1":
2189 continue
2190 addr = vals[1]
2191 psk = vals[2]
2192 psks[addr] = psk
2193 return psks
2194
2195 def test_ap_wps_per_station_psk(dev, apdev):
2196 """WPS PBC provisioning with per-station PSK"""
2197 addr0 = dev[0].own_addr()
2198 addr1 = dev[1].own_addr()
2199 addr2 = dev[2].own_addr()
2200 ssid = "wps"
2201 appin = "12345670"
2202 pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
2203 try:
2204 os.remove(pskfile)
2205 except:
2206 pass
2207
2208 hapd = None
2209 try:
2210 with open(pskfile, "w") as f:
2211 f.write("# WPA PSKs\n")
2212
2213 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2214 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
2215 "rsn_pairwise": "CCMP", "ap_pin": appin,
2216 "wpa_psk_file": pskfile}
2217 hapd = hostapd.add_ap(apdev[0], params)
2218
2219 logger.info("First enrollee")
2220 hapd.request("WPS_PBC")
2221 dev[0].flush_scan_cache()
2222 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2223 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2224 dev[0].wait_connected(timeout=30)
2225
2226 logger.info("Second enrollee")
2227 hapd.request("WPS_PBC")
2228 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
2229 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
2230 dev[1].wait_connected(timeout=30)
2231
2232 logger.info("External registrar")
2233 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
2234 dev[2].wps_reg(apdev[0]['bssid'], appin)
2235
2236 logger.info("Verifying PSK results")
2237 psks = get_psk(pskfile)
2238 if addr0 not in psks:
2239 raise Exception("No PSK recorded for sta0")
2240 if addr1 not in psks:
2241 raise Exception("No PSK recorded for sta1")
2242 if addr2 not in psks:
2243 raise Exception("No PSK recorded for sta2")
2244 if psks[addr0] == psks[addr1]:
2245 raise Exception("Same PSK recorded for sta0 and sta1")
2246 if psks[addr0] == psks[addr2]:
2247 raise Exception("Same PSK recorded for sta0 and sta2")
2248 if psks[addr1] == psks[addr2]:
2249 raise Exception("Same PSK recorded for sta1 and sta2")
2250
2251 dev[0].request("REMOVE_NETWORK all")
2252 logger.info("Second external registrar")
2253 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2254 dev[0].wps_reg(apdev[0]['bssid'], appin)
2255 psks2 = get_psk(pskfile)
2256 if addr0 not in psks2:
2257 raise Exception("No PSK recorded for sta0(reg)")
2258 if psks[addr0] == psks2[addr0]:
2259 raise Exception("Same PSK recorded for sta0(enrollee) and sta0(reg)")
2260 finally:
2261 os.remove(pskfile)
2262 if hapd:
2263 dev[0].request("DISCONNECT")
2264 dev[1].request("DISCONNECT")
2265 dev[2].request("DISCONNECT")
2266 hapd.disable()
2267 dev[0].flush_scan_cache()
2268 dev[1].flush_scan_cache()
2269 dev[2].flush_scan_cache()
2270
2271 def test_ap_wps_per_station_psk_preset(dev, apdev):
2272 """WPS PIN provisioning with per-station PSK preset"""
2273 addr0 = dev[0].own_addr()
2274 addr1 = dev[1].own_addr()
2275 addr2 = dev[2].own_addr()
2276 ssid = "wps"
2277 appin = "12345670"
2278 pskfile = "/tmp/ap_wps_per_enrollee_psk_preset.psk_file"
2279 try:
2280 os.remove(pskfile)
2281 except:
2282 pass
2283
2284 hapd = None
2285 try:
2286 with open(pskfile, "w") as f:
2287 f.write("# WPA PSKs\n")
2288 f.write("wps=1 " + addr0 + " preset-passphrase-0\n")
2289 f.write("wps=1 " + addr2 + " preset-passphrase-2\n")
2290
2291 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2292 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
2293 "rsn_pairwise": "CCMP", "ap_pin": appin,
2294 "wpa_psk_file": pskfile}
2295 hapd = hostapd.add_ap(apdev[0], params)
2296 bssid = hapd.own_addr()
2297
2298 logger.info("First enrollee")
2299 pin = dev[0].wps_read_pin()
2300 hapd.request("WPS_PIN any " + pin)
2301 dev[0].scan_for_bss(bssid, freq=2412)
2302 dev[0].request("WPS_PIN %s %s" % (bssid, pin))
2303 dev[0].wait_connected(timeout=30)
2304
2305 logger.info("Second enrollee")
2306 pin = dev[1].wps_read_pin()
2307 hapd.request("WPS_PIN any " + pin)
2308 dev[1].scan_for_bss(bssid, freq=2412)
2309 dev[1].request("WPS_PIN %s %s" % (bssid, pin))
2310 dev[1].wait_connected(timeout=30)
2311
2312 logger.info("External registrar")
2313 dev[2].scan_for_bss(bssid, freq=2412)
2314 dev[2].wps_reg(bssid, appin)
2315
2316 logger.info("Verifying PSK results")
2317 psks = get_psk(pskfile)
2318 if addr0 not in psks:
2319 raise Exception("No PSK recorded for sta0")
2320 if addr1 not in psks:
2321 raise Exception("No PSK recorded for sta1")
2322 if addr2 not in psks:
2323 raise Exception("No PSK recorded for sta2")
2324 logger.info("PSK[0]: " + psks[addr0])
2325 logger.info("PSK[1]: " + psks[addr1])
2326 logger.info("PSK[2]: " + psks[addr2])
2327 if psks[addr0] == psks[addr1]:
2328 raise Exception("Same PSK recorded for sta0 and sta1")
2329 if psks[addr0] == psks[addr2]:
2330 raise Exception("Same PSK recorded for sta0 and sta2")
2331 if psks[addr1] == psks[addr2]:
2332 raise Exception("Same PSK recorded for sta1 and sta2")
2333 pmk0 = hapd.request("GET_PMK " + addr0)
2334 pmk1 = hapd.request("GET_PMK " + addr1)
2335 pmk2 = hapd.request("GET_PMK " + addr2)
2336 logger.info("PMK[0]: " + pmk0)
2337 logger.info("PMK[1]: " + pmk1)
2338 logger.info("PMK[2]: " + pmk2)
2339 if pmk0 != "565faec21ff04702d9d17c464e1301efd36c8a3ea46bb866b4bec7fed4384579":
2340 raise Exception("PSK[0] mismatch")
2341 if psks[addr1] != pmk1:
2342 raise Exception("PSK[1] mismatch")
2343 if psks[addr2] != pmk2:
2344 raise Exception("PSK[2] mismatch")
2345
2346 dev[0].request("REMOVE_NETWORK all")
2347 dev[0].wait_disconnected()
2348 dev[0].dump_monitor()
2349 logger.info("First enrollee again")
2350 pin = dev[0].wps_read_pin()
2351 hapd.request("WPS_PIN any " + pin)
2352 dev[0].scan_for_bss(bssid, freq=2412)
2353 dev[0].request("WPS_PIN %s %s" % (bssid, pin))
2354 dev[0].wait_connected(timeout=30)
2355 psks2 = get_psk(pskfile)
2356 if addr0 not in psks2:
2357 raise Exception("No PSK recorded for sta0 (2)")
2358 if psks[addr0] != psks2[addr0]:
2359 raise Exception("Different PSK recorded for sta0(enrollee) and sta0(enrollee 2)")
2360 finally:
2361 os.remove(pskfile)
2362
2363 def test_ap_wps_per_station_psk_failure(dev, apdev):
2364 """WPS PBC provisioning with per-station PSK (file not writable)"""
2365 addr0 = dev[0].p2p_dev_addr()
2366 addr1 = dev[1].p2p_dev_addr()
2367 addr2 = dev[2].p2p_dev_addr()
2368 ssid = "wps"
2369 appin = "12345670"
2370 pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
2371 try:
2372 os.remove(pskfile)
2373 except:
2374 pass
2375
2376 hapd = None
2377 try:
2378 with open(pskfile, "w") as f:
2379 f.write("# WPA PSKs\n")
2380
2381 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2382 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
2383 "rsn_pairwise": "CCMP", "ap_pin": appin,
2384 "wpa_psk_file": pskfile}
2385 hapd = hostapd.add_ap(apdev[0], params)
2386 if "FAIL" in hapd.request("SET wpa_psk_file /tmp/does/not/exists/ap_wps_per_enrollee_psk_failure.psk_file"):
2387 raise Exception("Failed to set wpa_psk_file")
2388
2389 logger.info("First enrollee")
2390 hapd.request("WPS_PBC")
2391 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
2392 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2393 dev[0].wait_connected(timeout=30)
2394
2395 logger.info("Second enrollee")
2396 hapd.request("WPS_PBC")
2397 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
2398 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
2399 dev[1].wait_connected(timeout=30)
2400
2401 logger.info("External registrar")
2402 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
2403 dev[2].wps_reg(apdev[0]['bssid'], appin)
2404
2405 logger.info("Verifying PSK results")
2406 psks = get_psk(pskfile)
2407 if len(psks) > 0:
2408 raise Exception("PSK recorded unexpectedly")
2409 finally:
2410 if hapd:
2411 for i in range(3):
2412 dev[i].request("DISCONNECT")
2413 hapd.disable()
2414 for i in range(3):
2415 dev[i].flush_scan_cache()
2416 os.remove(pskfile)
2417
2418 def test_ap_wps_pin_request_file(dev, apdev):
2419 """WPS PIN provisioning with configured AP"""
2420 ssid = "wps"
2421 pinfile = "/tmp/ap_wps_pin_request_file.log"
2422 if os.path.exists(pinfile):
2423 os.remove(pinfile)
2424 hapd = hostapd.add_ap(apdev[0],
2425 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2426 "wps_pin_requests": pinfile,
2427 "wpa_passphrase": "12345678", "wpa": "2",
2428 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2429 uuid = dev[0].get_status_field("uuid")
2430 pin = dev[0].wps_read_pin()
2431 try:
2432 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2433 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
2434 ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=15)
2435 if ev is None:
2436 raise Exception("PIN needed event not shown")
2437 if uuid not in ev:
2438 raise Exception("UUID mismatch")
2439 dev[0].request("WPS_CANCEL")
2440 success = False
2441 with open(pinfile, "r") as f:
2442 lines = f.readlines()
2443 for l in lines:
2444 if uuid in l:
2445 success = True
2446 break
2447 if not success:
2448 raise Exception("PIN request entry not in the log file")
2449 finally:
2450 try:
2451 os.remove(pinfile)
2452 except:
2453 pass
2454
2455 def test_ap_wps_auto_setup_with_config_file(dev, apdev):
2456 """WPS auto-setup with configuration file"""
2457 conffile = "/tmp/ap_wps_auto_setup_with_config_file.conf"
2458 ifname = apdev[0]['ifname']
2459 try:
2460 with open(conffile, "w") as f:
2461 f.write("driver=nl80211\n")
2462 f.write("hw_mode=g\n")
2463 f.write("channel=1\n")
2464 f.write("ieee80211n=1\n")
2465 f.write("interface=%s\n" % ifname)
2466 f.write("ctrl_interface=/var/run/hostapd\n")
2467 f.write("ssid=wps\n")
2468 f.write("eap_server=1\n")
2469 f.write("wps_state=1\n")
2470 hapd = hostapd.add_bss(apdev[0], ifname, conffile)
2471 hapd.request("WPS_PBC")
2472 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
2473 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
2474 dev[0].wait_connected(timeout=30)
2475 with open(conffile, "r") as f:
2476 lines = f.read().splitlines()
2477 vals = dict()
2478 for l in lines:
2479 try:
2480 [name, value] = l.split('=', 1)
2481 vals[name] = value
2482 except ValueError as e:
2483 if "# WPS configuration" in l:
2484 pass
2485 else:
2486 raise Exception("Unexpected configuration line: " + l)
2487 if vals['ieee80211n'] != '1' or vals['wps_state'] != '2' or "WPA-PSK" not in vals['wpa_key_mgmt']:
2488 raise Exception("Incorrect configuration: " + str(vals))
2489 finally:
2490 try:
2491 os.remove(conffile)
2492 except:
2493 pass
2494
2495 def test_ap_wps_pbc_timeout(dev, apdev, params):
2496 """wpa_supplicant PBC walk time and WPS ER SelReg timeout [long]"""
2497 if not params['long']:
2498 raise HwsimSkip("Skip test case with long duration due to --long not specified")
2499 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2500 hapd = add_ssdp_ap(apdev[0], ap_uuid)
2501
2502 location = ssdp_get_location(ap_uuid)
2503 urls = upnp_get_urls(location)
2504 eventurl = urlparse(urls['event_sub_url'])
2505 ctrlurl = urlparse(urls['control_url'])
2506
2507 url = urlparse(location)
2508 conn = HTTPConnection(url.netloc)
2509
2510 class WPSERHTTPServer(StreamRequestHandler):
2511 def handle(self):
2512 data = self.rfile.readline().strip()
2513 logger.debug(data)
2514 self.wfile.write(gen_wps_event())
2515
2516 server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
2517 server.timeout = 1
2518
2519 headers = {"callback": '<http://127.0.0.1:12345/event>',
2520 "NT": "upnp:event",
2521 "timeout": "Second-1234"}
2522 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
2523 resp = conn.getresponse()
2524 if resp.status != 200:
2525 raise Exception("Unexpected HTTP response: %d" % resp.status)
2526 sid = resp.getheader("sid")
2527 logger.debug("Subscription SID " + sid)
2528
2529 msg = '''<?xml version="1.0"?>
2530 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
2531 <s:Body>
2532 <u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
2533 <NewMessage>EEoAARAQQQABARASAAIAABBTAAIxSBBJAA4ANyoAASABBv///////xBIABA2LbR7pTpRkYj7
2534 VFi5hrLk
2535 </NewMessage>
2536 </u:SetSelectedRegistrar>
2537 </s:Body>
2538 </s:Envelope>'''
2539 headers = {"Content-type": 'text/xml; charset="utf-8"'}
2540 headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
2541 conn.request("POST", ctrlurl.path, msg, headers)
2542 resp = conn.getresponse()
2543 if resp.status != 200:
2544 raise Exception("Unexpected HTTP response: %d" % resp.status)
2545
2546 server.handle_request()
2547
2548 logger.info("Start WPS_PBC and wait for PBC walk time expiration")
2549 if "OK" not in dev[0].request("WPS_PBC"):
2550 raise Exception("WPS_PBC failed")
2551
2552 start = os.times()[4]
2553
2554 server.handle_request()
2555 dev[1].request("BSS_FLUSH 0")
2556 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True,
2557 only_new=True)
2558 bss = dev[1].get_bss(apdev[0]['bssid'])
2559 logger.debug("BSS: " + str(bss))
2560 if '[WPS-AUTH]' not in bss['flags']:
2561 raise Exception("WPS not indicated authorized")
2562
2563 server.handle_request()
2564
2565 wps_timeout_seen = False
2566
2567 while True:
2568 hapd.dump_monitor()
2569 dev[1].dump_monitor()
2570 if not wps_timeout_seen:
2571 ev = dev[0].wait_event(["WPS-TIMEOUT"], timeout=0)
2572 if ev is not None:
2573 logger.info("PBC timeout seen")
2574 wps_timeout_seen = True
2575 else:
2576 dev[0].dump_monitor()
2577 now = os.times()[4]
2578 if now - start > 130:
2579 raise Exception("Selected registration information not removed")
2580 dev[1].request("BSS_FLUSH 0")
2581 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True,
2582 only_new=True)
2583 bss = dev[1].get_bss(apdev[0]['bssid'])
2584 logger.debug("BSS: " + str(bss))
2585 if '[WPS-AUTH]' not in bss['flags']:
2586 break
2587 server.handle_request()
2588
2589 server.server_close()
2590
2591 if wps_timeout_seen:
2592 return
2593
2594 now = os.times()[4]
2595 if now < start + 150:
2596 dur = start + 150 - now
2597 else:
2598 dur = 1
2599 logger.info("Continue waiting for PBC timeout (%d sec)" % dur)
2600 ev = dev[0].wait_event(["WPS-TIMEOUT"], timeout=dur)
2601 if ev is None:
2602 raise Exception("WPS-TIMEOUT not reported")
2603
2604 def add_ssdp_ap(ap, ap_uuid):
2605 ssid = "wps-ssdp"
2606 ap_pin = "12345670"
2607 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
2608 "wpa_passphrase": "12345678", "wpa": "2",
2609 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
2610 "device_name": "Wireless AP", "manufacturer": "Company",
2611 "model_name": "WAP", "model_number": "123",
2612 "serial_number": "12345", "device_type": "6-0050F204-1",
2613 "os_version": "01020300",
2614 "config_methods": "label push_button",
2615 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo",
2616 "friendly_name": "WPS Access Point",
2617 "manufacturer_url": "http://www.example.com/",
2618 "model_description": "Wireless Access Point",
2619 "model_url": "http://www.example.com/model/",
2620 "upc": "123456789012"}
2621 return hostapd.add_ap(ap, params)
2622
2623 def ssdp_send(msg, no_recv=False):
2624 socket.setdefaulttimeout(1)
2625 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2626 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2627 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2628 sock.bind(("127.0.0.1", 0))
2629 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2630 if no_recv:
2631 return None
2632 return sock.recv(1000).decode()
2633
2634 def ssdp_send_msearch(st, no_recv=False):
2635 msg = '\r\n'.join([
2636 'M-SEARCH * HTTP/1.1',
2637 'HOST: 239.255.255.250:1900',
2638 'MX: 1',
2639 'MAN: "ssdp:discover"',
2640 'ST: ' + st,
2641 '', ''])
2642 return ssdp_send(msg, no_recv=no_recv)
2643
2644 def test_ap_wps_ssdp_msearch(dev, apdev):
2645 """WPS AP and SSDP M-SEARCH messages"""
2646 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2647 add_ssdp_ap(apdev[0], ap_uuid)
2648
2649 msg = '\r\n'.join([
2650 'M-SEARCH * HTTP/1.1',
2651 'Host: 239.255.255.250:1900',
2652 'Mx: 1',
2653 'Man: "ssdp:discover"',
2654 'St: urn:schemas-wifialliance-org:device:WFADevice:1',
2655 '', ''])
2656 ssdp_send(msg)
2657
2658 msg = '\r\n'.join([
2659 'M-SEARCH * HTTP/1.1',
2660 'host:\t239.255.255.250:1900\t\t\t\t \t\t',
2661 'mx: \t1\t\t ',
2662 'man: \t \t "ssdp:discover" ',
2663 'st: urn:schemas-wifialliance-org:device:WFADevice:1\t\t',
2664 '', ''])
2665 ssdp_send(msg)
2666
2667 ssdp_send_msearch("ssdp:all")
2668 ssdp_send_msearch("upnp:rootdevice")
2669 ssdp_send_msearch("uuid:" + ap_uuid)
2670 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1")
2671 ssdp_send_msearch("urn:schemas-wifialliance-org:device:WFADevice:1")
2672
2673 msg = '\r\n'.join([
2674 'M-SEARCH * HTTP/1.1',
2675 'HOST:\t239.255.255.250:1900',
2676 'MAN: "ssdp:discover"',
2677 'MX: 130',
2678 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2679 '', ''])
2680 ssdp_send(msg, no_recv=True)
2681
2682 def test_ap_wps_ssdp_invalid_msearch(dev, apdev):
2683 """WPS AP and invalid SSDP M-SEARCH messages"""
2684 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2685 add_ssdp_ap(apdev[0], ap_uuid)
2686
2687 socket.setdefaulttimeout(1)
2688 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2689 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2690 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2691 sock.bind(("127.0.0.1", 0))
2692
2693 logger.debug("Missing MX")
2694 msg = '\r\n'.join([
2695 'M-SEARCH * HTTP/1.1',
2696 'HOST: 239.255.255.250:1900',
2697 'MAN: "ssdp:discover"',
2698 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2699 '', ''])
2700 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2701
2702 logger.debug("Negative MX")
2703 msg = '\r\n'.join([
2704 'M-SEARCH * HTTP/1.1',
2705 'HOST: 239.255.255.250:1900',
2706 'MX: -1',
2707 'MAN: "ssdp:discover"',
2708 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2709 '', ''])
2710 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2711
2712 logger.debug("Invalid MX")
2713 msg = '\r\n'.join([
2714 'M-SEARCH * HTTP/1.1',
2715 'HOST: 239.255.255.250:1900',
2716 'MX; 1',
2717 'MAN: "ssdp:discover"',
2718 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2719 '', ''])
2720 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2721
2722 logger.debug("Missing MAN")
2723 msg = '\r\n'.join([
2724 'M-SEARCH * HTTP/1.1',
2725 'HOST: 239.255.255.250:1900',
2726 'MX: 1',
2727 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2728 '', ''])
2729 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2730
2731 logger.debug("Invalid MAN")
2732 msg = '\r\n'.join([
2733 'M-SEARCH * HTTP/1.1',
2734 'HOST: 239.255.255.250:1900',
2735 'MX: 1',
2736 'MAN: foo',
2737 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2738 '', ''])
2739 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2740 msg = '\r\n'.join([
2741 'M-SEARCH * HTTP/1.1',
2742 'HOST: 239.255.255.250:1900',
2743 'MX: 1',
2744 'MAN; "ssdp:discover"',
2745 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2746 '', ''])
2747 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2748
2749 logger.debug("Missing HOST")
2750 msg = '\r\n'.join([
2751 'M-SEARCH * HTTP/1.1',
2752 'MAN: "ssdp:discover"',
2753 'MX: 1',
2754 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2755 '', ''])
2756 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2757
2758 logger.debug("Missing ST")
2759 msg = '\r\n'.join([
2760 'M-SEARCH * HTTP/1.1',
2761 'HOST: 239.255.255.250:1900',
2762 'MAN: "ssdp:discover"',
2763 'MX: 1',
2764 '', ''])
2765 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2766
2767 logger.debug("Mismatching ST")
2768 msg = '\r\n'.join([
2769 'M-SEARCH * HTTP/1.1',
2770 'HOST: 239.255.255.250:1900',
2771 'MAN: "ssdp:discover"',
2772 'MX: 1',
2773 'ST: uuid:16d5f8a9-4ee4-4f5e-81f9-cc6e2f47f42d',
2774 '', ''])
2775 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2776 msg = '\r\n'.join([
2777 'M-SEARCH * HTTP/1.1',
2778 'HOST: 239.255.255.250:1900',
2779 'MAN: "ssdp:discover"',
2780 'MX: 1',
2781 'ST: foo:bar',
2782 '', ''])
2783 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2784 msg = '\r\n'.join([
2785 'M-SEARCH * HTTP/1.1',
2786 'HOST: 239.255.255.250:1900',
2787 'MAN: "ssdp:discover"',
2788 'MX: 1',
2789 'ST: foobar',
2790 '', ''])
2791 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2792
2793 logger.debug("Invalid ST")
2794 msg = '\r\n'.join([
2795 'M-SEARCH * HTTP/1.1',
2796 'HOST: 239.255.255.250:1900',
2797 'MAN: "ssdp:discover"',
2798 'MX: 1',
2799 'ST; urn:schemas-wifialliance-org:device:WFADevice:1',
2800 '', ''])
2801 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2802
2803 logger.debug("Invalid M-SEARCH")
2804 msg = '\r\n'.join([
2805 'M+SEARCH * HTTP/1.1',
2806 'HOST: 239.255.255.250:1900',
2807 'MAN: "ssdp:discover"',
2808 'MX: 1',
2809 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2810 '', ''])
2811 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2812 msg = '\r\n'.join([
2813 'M-SEARCH-* HTTP/1.1',
2814 'HOST: 239.255.255.250:1900',
2815 'MAN: "ssdp:discover"',
2816 'MX: 1',
2817 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2818 '', ''])
2819 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2820
2821 logger.debug("Invalid message format")
2822 sock.sendto(b"NOTIFY * HTTP/1.1", ("239.255.255.250", 1900))
2823 msg = '\r'.join([
2824 'M-SEARCH * HTTP/1.1',
2825 'HOST: 239.255.255.250:1900',
2826 'MAN: "ssdp:discover"',
2827 'MX: 1',
2828 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2829 '', ''])
2830 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2831
2832 try:
2833 r = sock.recv(1000)
2834 raise Exception("Unexpected M-SEARCH response: " + r)
2835 except socket.timeout:
2836 pass
2837
2838 logger.debug("Valid M-SEARCH")
2839 msg = '\r\n'.join([
2840 'M-SEARCH * HTTP/1.1',
2841 'HOST: 239.255.255.250:1900',
2842 'MAN: "ssdp:discover"',
2843 'MX: 1',
2844 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2845 '', ''])
2846 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2847
2848 try:
2849 r = sock.recv(1000)
2850 pass
2851 except socket.timeout:
2852 raise Exception("No SSDP response")
2853
2854 def test_ap_wps_ssdp_burst(dev, apdev):
2855 """WPS AP and SSDP burst"""
2856 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2857 add_ssdp_ap(apdev[0], ap_uuid)
2858
2859 msg = '\r\n'.join([
2860 'M-SEARCH * HTTP/1.1',
2861 'HOST: 239.255.255.250:1900',
2862 'MAN: "ssdp:discover"',
2863 'MX: 1',
2864 'ST: urn:schemas-wifialliance-org:device:WFADevice:1',
2865 '', ''])
2866 socket.setdefaulttimeout(1)
2867 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2868 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2869 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2870 sock.bind(("127.0.0.1", 0))
2871 for i in range(0, 25):
2872 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2873 resp = 0
2874 while True:
2875 try:
2876 r = sock.recv(1000).decode()
2877 if not r.startswith("HTTP/1.1 200 OK\r\n"):
2878 raise Exception("Unexpected message: " + r)
2879 resp += 1
2880 except socket.timeout:
2881 break
2882 if resp < 20:
2883 raise Exception("Too few SSDP responses")
2884
2885 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
2886 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
2887 sock.setsockopt(socket.IPPROTO_IP, socket.IP_MULTICAST_TTL, 2)
2888 sock.bind(("127.0.0.1", 0))
2889 for i in range(0, 25):
2890 sock.sendto(msg.encode(), ("239.255.255.250", 1900))
2891 while True:
2892 try:
2893 r = sock.recv(1000).decode()
2894 if ap_uuid in r:
2895 break
2896 except socket.timeout:
2897 raise Exception("No SSDP response")
2898
2899 def ssdp_get_location(uuid):
2900 res = ssdp_send_msearch("uuid:" + uuid)
2901 location = None
2902 for l in res.splitlines():
2903 if l.lower().startswith("location:"):
2904 location = l.split(':', 1)[1].strip()
2905 break
2906 if location is None:
2907 raise Exception("No UPnP location found")
2908 return location
2909
2910 def upnp_get_urls(location):
2911 if sys.version_info[0] > 2:
2912 conn = urlopen(location)
2913 else:
2914 conn = urlopen(location, proxies={})
2915 tree = ET.parse(conn)
2916 root = tree.getroot()
2917 urn = '{urn:schemas-upnp-org:device-1-0}'
2918 service = root.find("./" + urn + "device/" + urn + "serviceList/" + urn + "service")
2919 res = {}
2920 res['scpd_url'] = urljoin(location, service.find(urn + 'SCPDURL').text)
2921 res['control_url'] = urljoin(location,
2922 service.find(urn + 'controlURL').text)
2923 res['event_sub_url'] = urljoin(location,
2924 service.find(urn + 'eventSubURL').text)
2925 return res
2926
2927 def upnp_soap_action(conn, path, action, include_soap_action=True,
2928 soap_action_override=None, newmsg=None, neweventtype=None,
2929 neweventmac=None):
2930 soapns = 'http://schemas.xmlsoap.org/soap/envelope/'
2931 wpsns = 'urn:schemas-wifialliance-org:service:WFAWLANConfig:1'
2932 ET.register_namespace('soapenv', soapns)
2933 ET.register_namespace('wfa', wpsns)
2934 attrib = {}
2935 attrib['{%s}encodingStyle' % soapns] = 'http://schemas.xmlsoap.org/soap/encoding/'
2936 root = ET.Element("{%s}Envelope" % soapns, attrib=attrib)
2937 body = ET.SubElement(root, "{%s}Body" % soapns)
2938 act = ET.SubElement(body, "{%s}%s" % (wpsns, action))
2939 if newmsg:
2940 msg = ET.SubElement(act, "NewMessage")
2941 msg.text = base64.b64encode(newmsg.encode()).decode()
2942 if neweventtype:
2943 msg = ET.SubElement(act, "NewWLANEventType")
2944 msg.text = neweventtype
2945 if neweventmac:
2946 msg = ET.SubElement(act, "NewWLANEventMAC")
2947 msg.text = neweventmac
2948
2949 headers = {"Content-type": 'text/xml; charset="utf-8"'}
2950 if include_soap_action:
2951 headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % action
2952 elif soap_action_override:
2953 headers["SOAPAction"] = soap_action_override
2954 decl = b'<?xml version=\'1.0\' encoding=\'utf8\'?>\n'
2955 conn.request("POST", path, decl + ET.tostring(root), headers)
2956 return conn.getresponse()
2957
2958 def test_ap_wps_upnp(dev, apdev):
2959 """WPS AP and UPnP operations"""
2960 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
2961 add_ssdp_ap(apdev[0], ap_uuid)
2962
2963 location = ssdp_get_location(ap_uuid)
2964 urls = upnp_get_urls(location)
2965
2966 if sys.version_info[0] > 2:
2967 conn = urlopen(urls['scpd_url'])
2968 else:
2969 conn = urlopen(urls['scpd_url'], proxies={})
2970 scpd = conn.read()
2971
2972 if sys.version_info[0] > 2:
2973 try:
2974 conn = urlopen(urljoin(location, "unknown.html"))
2975 raise Exception("Unexpected HTTP response to GET unknown URL")
2976 except HTTPError as e:
2977 if e.code != 404:
2978 raise Exception("Unexpected HTTP response to GET unknown URL")
2979 else:
2980 conn = urlopen(urljoin(location, "unknown.html"), proxies={})
2981 if conn.getcode() != 404:
2982 raise Exception("Unexpected HTTP response to GET unknown URL")
2983
2984 url = urlparse(location)
2985 conn = HTTPConnection(url.netloc)
2986 #conn.set_debuglevel(1)
2987 headers = {"Content-type": 'text/xml; charset="utf-8"',
2988 "SOAPAction": '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo"'}
2989 conn.request("POST", "hello", "\r\n\r\n", headers)
2990 resp = conn.getresponse()
2991 if resp.status != 404:
2992 raise Exception("Unexpected HTTP response: %d" % resp.status)
2993
2994 conn.request("UNKNOWN", "hello", "\r\n\r\n", headers)
2995 resp = conn.getresponse()
2996 if resp.status != 501:
2997 raise Exception("Unexpected HTTP response: %d" % resp.status)
2998
2999 headers = {"Content-type": 'text/xml; charset="utf-8"',
3000 "SOAPAction": '"urn:some-unknown-action#GetDeviceInfo"'}
3001 ctrlurl = urlparse(urls['control_url'])
3002 conn.request("POST", ctrlurl.path, "\r\n\r\n", headers)
3003 resp = conn.getresponse()
3004 if resp.status != 401:
3005 raise Exception("Unexpected HTTP response: %d" % resp.status)
3006
3007 logger.debug("GetDeviceInfo without SOAPAction header")
3008 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo",
3009 include_soap_action=False)
3010 if resp.status != 401:
3011 raise Exception("Unexpected HTTP response: %d" % resp.status)
3012
3013 logger.debug("GetDeviceInfo with invalid SOAPAction header")
3014 for act in ["foo",
3015 "urn:schemas-wifialliance-org:service:WFAWLANConfig:1#GetDeviceInfo",
3016 '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1"',
3017 '"urn:schemas-wifialliance-org:service:WFAWLANConfig:123#GetDevice']:
3018 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo",
3019 include_soap_action=False,
3020 soap_action_override=act)
3021 if resp.status != 401:
3022 raise Exception("Unexpected HTTP response: %d" % resp.status)
3023
3024 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
3025 if resp.status != 200:
3026 raise Exception("Unexpected HTTP response: %d" % resp.status)
3027 dev = resp.read().decode()
3028 if "NewDeviceInfo" not in dev:
3029 raise Exception("Unexpected GetDeviceInfo response")
3030
3031 logger.debug("PutMessage without required parameters")
3032 resp = upnp_soap_action(conn, ctrlurl.path, "PutMessage")
3033 if resp.status != 600:
3034 raise Exception("Unexpected HTTP response: %d" % resp.status)
3035
3036 logger.debug("PutWLANResponse without required parameters")
3037 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse")
3038 if resp.status != 600:
3039 raise Exception("Unexpected HTTP response: %d" % resp.status)
3040
3041 logger.debug("SetSelectedRegistrar from unregistered ER")
3042 resp = upnp_soap_action(conn, ctrlurl.path, "SetSelectedRegistrar")
3043 if resp.status != 501:
3044 raise Exception("Unexpected HTTP response: %d" % resp.status)
3045
3046 logger.debug("Unknown action")
3047 resp = upnp_soap_action(conn, ctrlurl.path, "Unknown")
3048 if resp.status != 401:
3049 raise Exception("Unexpected HTTP response: %d" % resp.status)
3050
3051 def test_ap_wps_upnp_subscribe(dev, apdev):
3052 """WPS AP and UPnP event subscription"""
3053 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3054 hapd = add_ssdp_ap(apdev[0], ap_uuid)
3055
3056 location = ssdp_get_location(ap_uuid)
3057 urls = upnp_get_urls(location)
3058 eventurl = urlparse(urls['event_sub_url'])
3059
3060 url = urlparse(location)
3061 conn = HTTPConnection(url.netloc)
3062 #conn.set_debuglevel(1)
3063 headers = {"callback": '<http://127.0.0.1:12345/event>',
3064 "timeout": "Second-1234"}
3065 conn.request("SUBSCRIBE", "hello", "\r\n\r\n", headers)
3066 resp = conn.getresponse()
3067 if resp.status != 412:
3068 raise Exception("Unexpected HTTP response: %d" % resp.status)
3069
3070 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3071 resp = conn.getresponse()
3072 if resp.status != 412:
3073 raise Exception("Unexpected HTTP response: %d" % resp.status)
3074
3075 headers = {"NT": "upnp:event",
3076 "timeout": "Second-1234"}
3077 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3078 resp = conn.getresponse()
3079 if resp.status != 412:
3080 raise Exception("Unexpected HTTP response: %d" % resp.status)
3081
3082 headers = {"callback": '<http://127.0.0.1:12345/event>',
3083 "NT": "upnp:foobar",
3084 "timeout": "Second-1234"}
3085 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3086 resp = conn.getresponse()
3087 if resp.status != 400:
3088 raise Exception("Unexpected HTTP response: %d" % resp.status)
3089
3090 logger.debug("Valid subscription")
3091 headers = {"callback": '<http://127.0.0.1:12345/event>',
3092 "NT": "upnp:event",
3093 "timeout": "Second-1234"}
3094 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3095 resp = conn.getresponse()
3096 if resp.status != 200:
3097 raise Exception("Unexpected HTTP response: %d" % resp.status)
3098 sid = resp.getheader("sid")
3099 logger.debug("Subscription SID " + sid)
3100
3101 logger.debug("Invalid re-subscription")
3102 headers = {"NT": "upnp:event",
3103 "sid": "123456734567854",
3104 "timeout": "Second-1234"}
3105 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3106 resp = conn.getresponse()
3107 if resp.status != 400:
3108 raise Exception("Unexpected HTTP response: %d" % resp.status)
3109
3110 logger.debug("Invalid re-subscription")
3111 headers = {"NT": "upnp:event",
3112 "sid": "uuid:123456734567854",
3113 "timeout": "Second-1234"}
3114 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3115 resp = conn.getresponse()
3116 if resp.status != 400:
3117 raise Exception("Unexpected HTTP response: %d" % resp.status)
3118
3119 logger.debug("Invalid re-subscription")
3120 headers = {"callback": '<http://127.0.0.1:12345/event>',
3121 "NT": "upnp:event",
3122 "sid": sid,
3123 "timeout": "Second-1234"}
3124 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3125 resp = conn.getresponse()
3126 if resp.status != 400:
3127 raise Exception("Unexpected HTTP response: %d" % resp.status)
3128
3129 logger.debug("SID mismatch in re-subscription")
3130 headers = {"NT": "upnp:event",
3131 "sid": "uuid:4c2bca79-1ff4-4e43-85d4-952a2b8a51fb",
3132 "timeout": "Second-1234"}
3133 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3134 resp = conn.getresponse()
3135 if resp.status != 412:
3136 raise Exception("Unexpected HTTP response: %d" % resp.status)
3137
3138 logger.debug("Valid re-subscription")
3139 headers = {"NT": "upnp:event",
3140 "sid": sid,
3141 "timeout": "Second-1234"}
3142 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3143 resp = conn.getresponse()
3144 if resp.status != 200:
3145 raise Exception("Unexpected HTTP response: %d" % resp.status)
3146 sid2 = resp.getheader("sid")
3147 logger.debug("Subscription SID " + sid2)
3148
3149 if sid != sid2:
3150 raise Exception("Unexpected SID change")
3151
3152 logger.debug("Valid re-subscription")
3153 headers = {"NT": "upnp:event",
3154 "sid": "uuid: \t \t" + sid.split(':')[1],
3155 "timeout": "Second-1234"}
3156 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3157 resp = conn.getresponse()
3158 if resp.status != 200:
3159 raise Exception("Unexpected HTTP response: %d" % resp.status)
3160
3161 logger.debug("Invalid unsubscription")
3162 headers = {"sid": sid}
3163 conn.request("UNSUBSCRIBE", "/hello", "\r\n\r\n", headers)
3164 resp = conn.getresponse()
3165 if resp.status != 412:
3166 raise Exception("Unexpected HTTP response: %d" % resp.status)
3167 headers = {"foo": "bar"}
3168 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3169 resp = conn.getresponse()
3170 if resp.status != 412:
3171 raise Exception("Unexpected HTTP response: %d" % resp.status)
3172
3173 logger.debug("Valid unsubscription")
3174 headers = {"sid": sid}
3175 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3176 resp = conn.getresponse()
3177 if resp.status != 200:
3178 raise Exception("Unexpected HTTP response: %d" % resp.status)
3179
3180 logger.debug("Unsubscription for not existing SID")
3181 headers = {"sid": sid}
3182 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3183 resp = conn.getresponse()
3184 if resp.status != 412:
3185 raise Exception("Unexpected HTTP response: %d" % resp.status)
3186
3187 logger.debug("Invalid unsubscription")
3188 headers = {"sid": " \t \tfoo"}
3189 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3190 resp = conn.getresponse()
3191 if resp.status != 400:
3192 raise Exception("Unexpected HTTP response: %d" % resp.status)
3193
3194 logger.debug("Invalid unsubscription")
3195 headers = {"sid": "uuid:\t \tfoo"}
3196 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3197 resp = conn.getresponse()
3198 if resp.status != 400:
3199 raise Exception("Unexpected HTTP response: %d" % resp.status)
3200
3201 logger.debug("Invalid unsubscription")
3202 headers = {"NT": "upnp:event",
3203 "sid": sid}
3204 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3205 resp = conn.getresponse()
3206 if resp.status != 400:
3207 raise Exception("Unexpected HTTP response: %d" % resp.status)
3208 headers = {"callback": '<http://127.0.0.1:12345/event>',
3209 "sid": sid}
3210 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3211 resp = conn.getresponse()
3212 if resp.status != 400:
3213 raise Exception("Unexpected HTTP response: %d" % resp.status)
3214
3215 logger.debug("Valid subscription with multiple callbacks")
3216 headers = {"callback": '<http://127.0.0.1:12345/event> <http://127.0.0.1:12345/event>\t<http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event><http://127.0.0.1:12345/event>',
3217 "NT": "upnp:event",
3218 "timeout": "Second-1234"}
3219 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3220 resp = conn.getresponse()
3221 if resp.status != 200:
3222 raise Exception("Unexpected HTTP response: %d" % resp.status)
3223 sid = resp.getheader("sid")
3224 logger.debug("Subscription SID " + sid)
3225
3226 # Force subscription to be deleted due to errors
3227 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
3228 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
3229 with alloc_fail(hapd, 1, "event_build_message"):
3230 for i in range(10):
3231 dev[1].dump_monitor()
3232 dev[2].dump_monitor()
3233 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3234 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3235 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3236 dev[1].request("WPS_CANCEL")
3237 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3238 dev[2].request("WPS_CANCEL")
3239 if i % 4 == 1:
3240 time.sleep(1)
3241 else:
3242 time.sleep(0.1)
3243 time.sleep(0.2)
3244
3245 headers = {"sid": sid}
3246 conn.request("UNSUBSCRIBE", eventurl.path, "", headers)
3247 resp = conn.getresponse()
3248 if resp.status != 200 and resp.status != 412:
3249 raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp.status)
3250
3251 headers = {"callback": '<http://127.0.0.1:12345/event>',
3252 "NT": "upnp:event",
3253 "timeout": "Second-1234"}
3254 with alloc_fail(hapd, 1, "http_client_addr;event_send_start"):
3255 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3256 resp = conn.getresponse()
3257 if resp.status != 200:
3258 raise Exception("Unexpected HTTP response for SUBSCRIBE: %d" % resp.status)
3259 sid = resp.getheader("sid")
3260 logger.debug("Subscription SID " + sid)
3261
3262 headers = {"sid": sid}
3263 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3264 resp = conn.getresponse()
3265 if resp.status != 200:
3266 raise Exception("Unexpected HTTP response for UNSUBSCRIBE: %d" % resp.status)
3267
3268 headers = {"callback": '<http://127.0.0.1:12345/event>',
3269 "NT": "upnp:event",
3270 "timeout": "Second-1234"}
3271 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3272 resp = conn.getresponse()
3273 if resp.status != 200:
3274 raise Exception("Unexpected HTTP response: %d" % resp.status)
3275 sid = resp.getheader("sid")
3276 logger.debug("Subscription SID " + sid)
3277
3278 with alloc_fail(hapd, 1, "=wps_upnp_event_add"):
3279 for i in range(2):
3280 dev[1].dump_monitor()
3281 dev[2].dump_monitor()
3282 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3283 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3284 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3285 dev[1].request("WPS_CANCEL")
3286 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3287 dev[2].request("WPS_CANCEL")
3288 if i == 0:
3289 time.sleep(1)
3290 else:
3291 time.sleep(0.1)
3292
3293 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3294 resp = conn.getresponse()
3295 if resp.status != 200:
3296 raise Exception("Unexpected HTTP response: %d" % resp.status)
3297
3298 with alloc_fail(hapd, 1, "wpabuf_dup;wps_upnp_event_add"):
3299 dev[1].dump_monitor()
3300 dev[2].dump_monitor()
3301 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3302 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3303 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3304 dev[1].request("WPS_CANCEL")
3305 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3306 dev[2].request("WPS_CANCEL")
3307 time.sleep(0.1)
3308
3309 with fail_test(hapd, 1, "os_get_random;uuid_make;subscription_start"):
3310 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3311 resp = conn.getresponse()
3312 if resp.status != 500:
3313 raise Exception("Unexpected HTTP response: %d" % resp.status)
3314
3315 with alloc_fail(hapd, 1, "=subscription_start"):
3316 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3317 resp = conn.getresponse()
3318 if resp.status != 500:
3319 raise Exception("Unexpected HTTP response: %d" % resp.status)
3320
3321 headers = {"callback": '',
3322 "NT": "upnp:event",
3323 "timeout": "Second-1234"}
3324 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3325 resp = conn.getresponse()
3326 if resp.status != 500:
3327 raise Exception("Unexpected HTTP response: %d" % resp.status)
3328
3329 headers = {"callback": ' <',
3330 "NT": "upnp:event",
3331 "timeout": "Second-1234"}
3332 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3333 resp = conn.getresponse()
3334 if resp.status != 500:
3335 raise Exception("Unexpected HTTP response: %d" % resp.status)
3336
3337 headers = {"callback": '<http://127.0.0.1:12345/event>',
3338 "NT": "upnp:event",
3339 "timeout": "Second-1234"}
3340 with alloc_fail(hapd, 1, "wpabuf_alloc;subscription_first_event"):
3341 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3342 resp = conn.getresponse()
3343 if resp.status != 500:
3344 raise Exception("Unexpected HTTP response: %d" % resp.status)
3345
3346 with alloc_fail(hapd, 1, "wps_upnp_event_add;subscription_first_event"):
3347 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3348 resp = conn.getresponse()
3349 if resp.status != 500:
3350 raise Exception("Unexpected HTTP response: %d" % resp.status)
3351
3352 with alloc_fail(hapd, 1, "subscr_addr_add_url"):
3353 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3354 resp = conn.getresponse()
3355 if resp.status != 500:
3356 raise Exception("Unexpected HTTP response: %d" % resp.status)
3357
3358 with alloc_fail(hapd, 2, "subscr_addr_add_url"):
3359 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3360 resp = conn.getresponse()
3361 if resp.status != 500:
3362 raise Exception("Unexpected HTTP response: %d" % resp.status)
3363
3364 for i in range(6):
3365 headers = {"callback": '<http://127.0.0.1:%d/event>' % (12345 + i),
3366 "NT": "upnp:event",
3367 "timeout": "Second-1234"}
3368 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3369 resp = conn.getresponse()
3370 if resp.status != 200:
3371 raise Exception("Unexpected HTTP response: %d" % resp.status)
3372
3373 with alloc_fail(hapd, 1, "=upnp_wps_device_send_wlan_event"):
3374 dev[1].dump_monitor()
3375 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3376 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3377 dev[1].request("WPS_CANCEL")
3378 time.sleep(0.1)
3379
3380 with alloc_fail(hapd, 1, "wpabuf_alloc;upnp_wps_device_send_event"):
3381 dev[1].dump_monitor()
3382 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3383 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3384 dev[1].request("WPS_CANCEL")
3385 time.sleep(0.1)
3386
3387 with alloc_fail(hapd, 1,
3388 "base64_gen_encode;?base64_encode;upnp_wps_device_send_wlan_event"):
3389 dev[1].dump_monitor()
3390 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3391 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3392 dev[1].request("WPS_CANCEL")
3393 time.sleep(0.1)
3394
3395 hapd.disable()
3396 with alloc_fail(hapd, 1, "get_netif_info"):
3397 if "FAIL" not in hapd.request("ENABLE"):
3398 raise Exception("ENABLE succeeded during OOM")
3399
3400 def test_ap_wps_upnp_subscribe_events(dev, apdev):
3401 """WPS AP and UPnP event subscription and many events"""
3402 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3403 hapd = add_ssdp_ap(apdev[0], ap_uuid)
3404
3405 location = ssdp_get_location(ap_uuid)
3406 urls = upnp_get_urls(location)
3407 eventurl = urlparse(urls['event_sub_url'])
3408
3409 class WPSERHTTPServer(StreamRequestHandler):
3410 def handle(self):
3411 data = self.rfile.readline().strip()
3412 logger.debug(data)
3413 self.wfile.write(gen_wps_event())
3414
3415 server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
3416 server.timeout = 1
3417
3418 url = urlparse(location)
3419 conn = HTTPConnection(url.netloc)
3420
3421 headers = {"callback": '<http://127.0.0.1:12345/event>',
3422 "NT": "upnp:event",
3423 "timeout": "Second-1234"}
3424 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
3425 resp = conn.getresponse()
3426 if resp.status != 200:
3427 raise Exception("Unexpected HTTP response: %d" % resp.status)
3428 sid = resp.getheader("sid")
3429 logger.debug("Subscription SID " + sid)
3430
3431 # Fetch the first event message
3432 server.handle_request()
3433
3434 # Force subscription event queue to reach the maximum length by generating
3435 # new proxied events without the ER fetching any of the pending events.
3436 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
3437 dev[2].scan_for_bss(apdev[0]['bssid'], freq=2412)
3438 for i in range(16):
3439 dev[1].dump_monitor()
3440 dev[2].dump_monitor()
3441 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3442 dev[2].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3443 dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3444 dev[1].request("WPS_CANCEL")
3445 dev[2].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 5)
3446 dev[2].request("WPS_CANCEL")
3447 if i % 4 == 1:
3448 time.sleep(1)
3449 else:
3450 time.sleep(0.1)
3451
3452 hapd.request("WPS_PIN any 12345670")
3453 dev[1].dump_monitor()
3454 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
3455 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=10)
3456 if ev is None:
3457 raise Exception("WPS success not reported")
3458
3459 # Close the WPS ER HTTP server without fetching all the pending events.
3460 # This tests hostapd code path that clears subscription and the remaining
3461 # event queue when the interface is deinitialized.
3462 server.handle_request()
3463 server.server_close()
3464
3465 dev[1].wait_connected()
3466
3467 def test_ap_wps_upnp_http_proto(dev, apdev):
3468 """WPS AP and UPnP/HTTP protocol testing"""
3469 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3470 add_ssdp_ap(apdev[0], ap_uuid)
3471
3472 location = ssdp_get_location(ap_uuid)
3473
3474 url = urlparse(location)
3475 conn = HTTPConnection(url.netloc, timeout=0.2)
3476 #conn.set_debuglevel(1)
3477
3478 conn.request("HEAD", "hello")
3479 resp = conn.getresponse()
3480 if resp.status != 501:
3481 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3482 conn.close()
3483
3484 for cmd in ["PUT", "DELETE", "TRACE", "CONNECT", "M-SEARCH", "M-POST"]:
3485 try:
3486 conn.request(cmd, "hello")
3487 resp = conn.getresponse()
3488 except Exception as e:
3489 pass
3490 conn.close()
3491
3492 headers = {"Content-Length": 'abc'}
3493 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3494 try:
3495 resp = conn.getresponse()
3496 except Exception as e:
3497 pass
3498 conn.close()
3499
3500 headers = {"Content-Length": '-10'}
3501 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3502 try:
3503 resp = conn.getresponse()
3504 except Exception as e:
3505 pass
3506 conn.close()
3507
3508 headers = {"Content-Length": '10000000000000'}
3509 conn.request("HEAD", "hello", "\r\n\r\nhello", headers)
3510 try:
3511 resp = conn.getresponse()
3512 except Exception as e:
3513 pass
3514 conn.close()
3515
3516 headers = {"Transfer-Encoding": 'abc'}
3517 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3518 resp = conn.getresponse()
3519 if resp.status != 501:
3520 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3521 conn.close()
3522
3523 headers = {"Transfer-Encoding": 'chunked'}
3524 conn.request("HEAD", "hello", "\r\n\r\n", headers)
3525 resp = conn.getresponse()
3526 if resp.status != 501:
3527 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3528 conn.close()
3529
3530 # Too long a header
3531 conn.request("HEAD", 5000 * 'A')
3532 try:
3533 resp = conn.getresponse()
3534 except Exception as e:
3535 pass
3536 conn.close()
3537
3538 # Long URL but within header length limits
3539 conn.request("HEAD", 3000 * 'A')
3540 resp = conn.getresponse()
3541 if resp.status != 501:
3542 raise Exception("Unexpected response to HEAD: " + str(resp.status))
3543 conn.close()
3544
3545 headers = {"Content-Length": '20'}
3546 conn.request("POST", "hello", 10 * 'A' + "\r\n\r\n", headers)
3547 try:
3548 resp = conn.getresponse()
3549 except Exception as e:
3550 pass
3551 conn.close()
3552
3553 conn.request("POST", "hello", 5000 * 'A' + "\r\n\r\n")
3554 resp = conn.getresponse()
3555 if resp.status != 404:
3556 raise Exception("Unexpected HTTP response: %d" % resp.status)
3557 conn.close()
3558
3559 conn.request("POST", "hello", 60000 * 'A' + "\r\n\r\n")
3560 try:
3561 resp = conn.getresponse()
3562 except Exception as e:
3563 pass
3564 conn.close()
3565
3566 def test_ap_wps_upnp_http_proto_chunked(dev, apdev):
3567 """WPS AP and UPnP/HTTP protocol testing for chunked encoding"""
3568 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3569 add_ssdp_ap(apdev[0], ap_uuid)
3570
3571 location = ssdp_get_location(ap_uuid)
3572
3573 url = urlparse(location)
3574 conn = HTTPConnection(url.netloc)
3575 #conn.set_debuglevel(1)
3576
3577 headers = {"Transfer-Encoding": 'chunked'}
3578 conn.request("POST", "hello",
3579 "a\r\nabcdefghij\r\n" + "2\r\nkl\r\n" + "0\r\n\r\n",
3580 headers)
3581 resp = conn.getresponse()
3582 if resp.status != 404:
3583 raise Exception("Unexpected HTTP response: %d" % resp.status)
3584 conn.close()
3585
3586 conn.putrequest("POST", "hello")
3587 conn.putheader('Transfer-Encoding', 'chunked')
3588 conn.endheaders()
3589 conn.send(b"a\r\nabcdefghij\r\n")
3590 time.sleep(0.1)
3591 conn.send(b"2\r\nkl\r\n")
3592 conn.send(b"0\r\n\r\n")
3593 resp = conn.getresponse()
3594 if resp.status != 404:
3595 raise Exception("Unexpected HTTP response: %d" % resp.status)
3596 conn.close()
3597
3598 conn.putrequest("POST", "hello")
3599 conn.putheader('Transfer-Encoding', 'chunked')
3600 conn.endheaders()
3601 completed = False
3602 try:
3603 for i in range(20000):
3604 conn.send(b"1\r\nZ\r\n")
3605 conn.send(b"0\r\n\r\n")
3606 resp = conn.getresponse()
3607 completed = True
3608 except Exception as e:
3609 pass
3610 conn.close()
3611 if completed:
3612 raise Exception("Too long chunked request did not result in connection reset")
3613
3614 headers = {"Transfer-Encoding": 'chunked'}
3615 conn.request("POST", "hello", "80000000\r\na", headers)
3616 try:
3617 resp = conn.getresponse()
3618 except Exception as e:
3619 pass
3620 conn.close()
3621
3622 conn.request("POST", "hello", "10000000\r\na", headers)
3623 try:
3624 resp = conn.getresponse()
3625 except Exception as e:
3626 pass
3627 conn.close()
3628
3629 @remote_compatible
3630 def test_ap_wps_disabled(dev, apdev):
3631 """WPS operations while WPS is disabled"""
3632 ssid = "test-wps-disabled"
3633 hapd = hostapd.add_ap(apdev[0], {"ssid": ssid})
3634 if "FAIL" not in hapd.request("WPS_PBC"):
3635 raise Exception("WPS_PBC succeeded unexpectedly")
3636 if "FAIL" not in hapd.request("WPS_CANCEL"):
3637 raise Exception("WPS_CANCEL succeeded unexpectedly")
3638
3639 def test_ap_wps_mixed_cred(dev, apdev):
3640 """WPS 2.0 STA merging mixed mode WPA/WPA2 credentials"""
3641 ssid = "test-wps-wep"
3642 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3643 "skip_cred_build": "1", "extra_cred": "wps-mixed-cred"}
3644 hapd = hostapd.add_ap(apdev[0], params)
3645 hapd.request("WPS_PBC")
3646 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3647 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
3648 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=30)
3649 if ev is None:
3650 raise Exception("WPS-SUCCESS event timed out")
3651 nets = dev[0].list_networks()
3652 if len(nets) != 1:
3653 raise Exception("Unexpected number of network blocks")
3654 id = nets[0]['id']
3655 proto = dev[0].get_network(id, "proto")
3656 if proto != "WPA RSN":
3657 raise Exception("Unexpected merged proto field value: " + proto)
3658 pairwise = dev[0].get_network(id, "pairwise")
3659 p = pairwise.split()
3660 if "CCMP" not in p or "TKIP" not in p:
3661 raise Exception("Unexpected merged pairwise field value: " + pairwise)
3662
3663 @remote_compatible
3664 def test_ap_wps_while_connected(dev, apdev):
3665 """WPS PBC provisioning while connected to another AP"""
3666 ssid = "test-wps-conf"
3667 hapd = hostapd.add_ap(apdev[0],
3668 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3669 "wpa_passphrase": "12345678", "wpa": "2",
3670 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3671
3672 hostapd.add_ap(apdev[1], {"ssid": "open"})
3673 dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
3674
3675 logger.info("WPS provisioning step")
3676 hapd.request("WPS_PBC")
3677 dev[0].dump_monitor()
3678 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
3679 dev[0].wait_connected(timeout=30)
3680 status = dev[0].get_status()
3681 if status['bssid'] != apdev[0]['bssid']:
3682 raise Exception("Unexpected BSSID")
3683
3684 @remote_compatible
3685 def test_ap_wps_while_connected_no_autoconnect(dev, apdev):
3686 """WPS PBC provisioning while connected to another AP and STA_AUTOCONNECT disabled"""
3687 ssid = "test-wps-conf"
3688 hapd = hostapd.add_ap(apdev[0],
3689 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3690 "wpa_passphrase": "12345678", "wpa": "2",
3691 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3692
3693 hostapd.add_ap(apdev[1], {"ssid": "open"})
3694
3695 try:
3696 dev[0].request("STA_AUTOCONNECT 0")
3697 dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
3698
3699 logger.info("WPS provisioning step")
3700 hapd.request("WPS_PBC")
3701 dev[0].dump_monitor()
3702 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
3703 dev[0].wait_connected(timeout=30)
3704 status = dev[0].get_status()
3705 if status['bssid'] != apdev[0]['bssid']:
3706 raise Exception("Unexpected BSSID")
3707 finally:
3708 dev[0].request("STA_AUTOCONNECT 1")
3709
3710 @remote_compatible
3711 def test_ap_wps_from_event(dev, apdev):
3712 """WPS PBC event on AP to enable PBC"""
3713 ssid = "test-wps-conf"
3714 hapd = hostapd.add_ap(apdev[0],
3715 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3716 "wpa_passphrase": "12345678", "wpa": "2",
3717 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3718 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3719 dev[0].dump_monitor()
3720 hapd.dump_monitor()
3721 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
3722
3723 ev = hapd.wait_event(['WPS-ENROLLEE-SEEN'], timeout=15)
3724 if ev is None:
3725 raise Exception("No WPS-ENROLLEE-SEEN event on AP")
3726 vals = ev.split(' ')
3727 if vals[1] != dev[0].p2p_interface_addr():
3728 raise Exception("Unexpected enrollee address: " + vals[1])
3729 if vals[5] != '4':
3730 raise Exception("Unexpected Device Password Id: " + vals[5])
3731 hapd.request("WPS_PBC")
3732 dev[0].wait_connected(timeout=30)
3733
3734 def test_ap_wps_ap_scan_2(dev, apdev):
3735 """AP_SCAN 2 for WPS"""
3736 ssid = "test-wps-conf"
3737 hapd = hostapd.add_ap(apdev[0],
3738 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3739 "wpa_passphrase": "12345678", "wpa": "2",
3740 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3741 hapd.request("WPS_PBC")
3742
3743 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
3744 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
3745 wpas.dump_monitor()
3746
3747 if "OK" not in wpas.request("AP_SCAN 2"):
3748 raise Exception("Failed to set AP_SCAN 2")
3749
3750 wpas.flush_scan_cache()
3751 wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
3752 wpas.dump_monitor()
3753 wpas.request("WPS_PBC " + apdev[0]['bssid'])
3754 ev = wpas.wait_event(["WPS-SUCCESS"], timeout=15)
3755 if ev is None:
3756 raise Exception("WPS-SUCCESS event timed out")
3757 wpas.wait_connected(timeout=30)
3758 wpas.dump_monitor()
3759 wpas.request("DISCONNECT")
3760 wpas.wait_disconnected()
3761 id = wpas.list_networks()[0]['id']
3762 pairwise = wpas.get_network(id, "pairwise")
3763 if "CCMP" not in pairwise.split():
3764 raise Exception("Unexpected pairwise parameter value: " + pairwise)
3765 group = wpas.get_network(id, "group")
3766 if "CCMP" not in group.split():
3767 raise Exception("Unexpected group parameter value: " + group)
3768 # Need to select a single cipher for ap_scan=2 testing
3769 wpas.set_network(id, "pairwise", "CCMP")
3770 wpas.set_network(id, "group", "CCMP")
3771 wpas.request("BSS_FLUSH 0")
3772 wpas.dump_monitor()
3773 wpas.request("REASSOCIATE")
3774 wpas.wait_connected(timeout=30)
3775 wpas.dump_monitor()
3776 wpas.request("DISCONNECT")
3777 wpas.wait_disconnected()
3778 wpas.flush_scan_cache()
3779
3780 @remote_compatible
3781 def test_ap_wps_eapol_workaround(dev, apdev):
3782 """EAPOL workaround code path for 802.1X header length mismatch"""
3783 ssid = "test-wps"
3784 hapd = hostapd.add_ap(apdev[0],
3785 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
3786 bssid = apdev[0]['bssid']
3787 hapd.request("SET ext_eapol_frame_io 1")
3788 dev[0].request("SET ext_eapol_frame_io 1")
3789 hapd.request("WPS_PBC")
3790 dev[0].request("WPS_PBC")
3791
3792 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3793 if ev is None:
3794 raise Exception("Timeout on EAPOL-TX from hostapd")
3795
3796 res = dev[0].request("EAPOL_RX " + bssid + " 020000040193000501FFFF")
3797 if "OK" not in res:
3798 raise Exception("EAPOL_RX to wpa_supplicant failed")
3799
3800 def test_ap_wps_iteration(dev, apdev):
3801 """WPS PIN and iterate through APs without selected registrar"""
3802 ssid = "test-wps-conf"
3803 hapd = hostapd.add_ap(apdev[0],
3804 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3805 "wpa_passphrase": "12345678", "wpa": "2",
3806 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3807
3808 ssid2 = "test-wps-conf2"
3809 hapd2 = hostapd.add_ap(apdev[1],
3810 {"ssid": ssid2, "eap_server": "1", "wps_state": "2",
3811 "wpa_passphrase": "12345678", "wpa": "2",
3812 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3813
3814 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3815 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
3816 dev[0].dump_monitor()
3817 pin = dev[0].request("WPS_PIN any")
3818
3819 # Wait for iteration through all WPS APs to happen before enabling any
3820 # Registrar.
3821 for i in range(2):
3822 ev = dev[0].wait_event(["Associated with"], timeout=30)
3823 if ev is None:
3824 raise Exception("No association seen")
3825 ev = dev[0].wait_event(["WPS-M2D"], timeout=10)
3826 if ev is None:
3827 raise Exception("No M2D from AP")
3828 dev[0].wait_disconnected()
3829
3830 # Verify that each AP requested PIN
3831 ev = hapd.wait_event(["WPS-PIN-NEEDED"], timeout=1)
3832 if ev is None:
3833 raise Exception("No WPS-PIN-NEEDED event from AP")
3834 ev = hapd2.wait_event(["WPS-PIN-NEEDED"], timeout=1)
3835 if ev is None:
3836 raise Exception("No WPS-PIN-NEEDED event from AP2")
3837
3838 # Provide PIN to one of the APs and verify that connection gets formed
3839 hapd.request("WPS_PIN any " + pin)
3840 dev[0].wait_connected(timeout=30)
3841
3842 def test_ap_wps_iteration_error(dev, apdev):
3843 """WPS AP iteration on no Selected Registrar and error case with an AP"""
3844 ssid = "test-wps-conf-pin"
3845 hapd = hostapd.add_ap(apdev[0],
3846 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3847 "wpa_passphrase": "12345678", "wpa": "2",
3848 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3849 "wps_independent": "1"})
3850 hapd.request("SET ext_eapol_frame_io 1")
3851 bssid = apdev[0]['bssid']
3852 pin = dev[0].wps_read_pin()
3853 dev[0].request("WPS_PIN any " + pin)
3854
3855 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3856 if ev is None:
3857 raise Exception("No EAPOL-TX (EAP-Request/Identity) from hostapd")
3858 dev[0].request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
3859
3860 ev = hapd.wait_event(["EAPOL-TX"], timeout=15)
3861 if ev is None:
3862 raise Exception("No EAPOL-TX (EAP-WSC/Start) from hostapd")
3863 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5)
3864 if ev is None:
3865 raise Exception("No CTRL-EVENT-EAP-STARTED")
3866
3867 # Do not forward any more EAPOL frames to test wpa_supplicant behavior for
3868 # a case with an incorrectly behaving WPS AP.
3869
3870 # Start the real target AP and activate registrar on it.
3871 hapd2 = hostapd.add_ap(apdev[1],
3872 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3873 "wpa_passphrase": "12345678", "wpa": "2",
3874 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3875 "wps_independent": "1"})
3876 hapd2.request("WPS_PIN any " + pin)
3877
3878 dev[0].wait_disconnected(timeout=15)
3879 ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=15)
3880 if ev is None:
3881 raise Exception("No CTRL-EVENT-EAP-STARTED for the second AP")
3882 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=15)
3883 if ev is None:
3884 raise Exception("No WPS-CRED-RECEIVED for the second AP")
3885 dev[0].wait_connected(timeout=15)
3886
3887 @remote_compatible
3888 def test_ap_wps_priority(dev, apdev):
3889 """WPS PIN provisioning with configured AP and wps_priority"""
3890 ssid = "test-wps-conf-pin"
3891 hapd = hostapd.add_ap(apdev[0],
3892 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3893 "wpa_passphrase": "12345678", "wpa": "2",
3894 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
3895 logger.info("WPS provisioning step")
3896 pin = dev[0].wps_read_pin()
3897 hapd.request("WPS_PIN any " + pin)
3898 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3899 dev[0].dump_monitor()
3900 try:
3901 dev[0].request("SET wps_priority 6")
3902 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
3903 dev[0].wait_connected(timeout=30)
3904 netw = dev[0].list_networks()
3905 prio = dev[0].get_network(netw[0]['id'], 'priority')
3906 if prio != '6':
3907 raise Exception("Unexpected network priority: " + prio)
3908 finally:
3909 dev[0].request("SET wps_priority 0")
3910
3911 @remote_compatible
3912 def test_ap_wps_and_non_wps(dev, apdev):
3913 """WPS and non-WPS AP in single hostapd process"""
3914 params = {"ssid": "wps", "eap_server": "1", "wps_state": "1"}
3915 hapd = hostapd.add_ap(apdev[0], params)
3916
3917 params = {"ssid": "no wps"}
3918 hapd2 = hostapd.add_ap(apdev[1], params)
3919
3920 appin = hapd.request("WPS_AP_PIN random")
3921 if "FAIL" in appin:
3922 raise Exception("Could not generate random AP PIN")
3923 if appin not in hapd.request("WPS_AP_PIN get"):
3924 raise Exception("Could not fetch current AP PIN")
3925
3926 if "FAIL" in hapd.request("WPS_PBC"):
3927 raise Exception("WPS_PBC failed")
3928 if "FAIL" in hapd.request("WPS_CANCEL"):
3929 raise Exception("WPS_CANCEL failed")
3930
3931 def test_ap_wps_init_oom(dev, apdev):
3932 """Initial AP configuration and OOM during PSK generation"""
3933 ssid = "test-wps"
3934 params = {"ssid": ssid, "eap_server": "1", "wps_state": "1"}
3935 hapd = hostapd.add_ap(apdev[0], params)
3936
3937 with alloc_fail(hapd, 1, "base64_gen_encode;?base64_encode;wps_build_cred"):
3938 pin = dev[0].wps_read_pin()
3939 hapd.request("WPS_PIN any " + pin)
3940 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
3941 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
3942 dev[0].wait_disconnected()
3943
3944 hapd.request("WPS_PIN any " + pin)
3945 dev[0].wait_connected(timeout=30)
3946
3947 @remote_compatible
3948 def test_ap_wps_er_oom(dev, apdev):
3949 """WPS ER OOM in XML processing"""
3950 try:
3951 _test_ap_wps_er_oom(dev, apdev)
3952 finally:
3953 dev[0].request("WPS_ER_STOP")
3954 dev[1].request("WPS_CANCEL")
3955 dev[0].request("DISCONNECT")
3956
3957 def _test_ap_wps_er_oom(dev, apdev):
3958 ssid = "wps-er-ap-config"
3959 ap_pin = "12345670"
3960 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
3961 hostapd.add_ap(apdev[0],
3962 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
3963 "wpa_passphrase": "12345678", "wpa": "2",
3964 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
3965 "device_name": "Wireless AP", "manufacturer": "Company",
3966 "model_name": "WAP", "model_number": "123",
3967 "serial_number": "12345", "device_type": "6-0050F204-1",
3968 "os_version": "01020300",
3969 "config_methods": "label push_button",
3970 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
3971
3972 dev[0].connect(ssid, psk="12345678", scan_freq="2412")
3973
3974 with alloc_fail(dev[0], 1,
3975 "base64_gen_decode;?base64_decode;xml_get_base64_item"):
3976 dev[0].request("WPS_ER_START ifname=lo")
3977 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=3)
3978 if ev is not None:
3979 raise Exception("Unexpected AP discovery")
3980
3981 dev[0].request("WPS_ER_STOP")
3982 dev[0].request("WPS_ER_START ifname=lo")
3983 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
3984 if ev is None:
3985 raise Exception("AP discovery timed out")
3986
3987 dev[1].scan_for_bss(apdev[0]['bssid'], freq=2412)
3988 with alloc_fail(dev[0], 1,
3989 "base64_gen_decode;?base64_decode;xml_get_base64_item"):
3990 dev[1].request("WPS_PBC " + apdev[0]['bssid'])
3991 ev = dev[1].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
3992 if ev is None:
3993 raise Exception("PBC scan failed")
3994 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=15)
3995 if ev is None:
3996 raise Exception("Enrollee discovery timed out")
3997
3998 @remote_compatible
3999 def test_ap_wps_er_init_oom(dev, apdev):
4000 """WPS ER and OOM during init"""
4001 try:
4002 _test_ap_wps_er_init_oom(dev, apdev)
4003 finally:
4004 dev[0].request("WPS_ER_STOP")
4005
4006 def _test_ap_wps_er_init_oom(dev, apdev):
4007 with alloc_fail(dev[0], 1, "wps_er_init"):
4008 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
4009 raise Exception("WPS_ER_START succeeded during OOM")
4010 with alloc_fail(dev[0], 1, "http_server_init"):
4011 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
4012 raise Exception("WPS_ER_START succeeded during OOM")
4013 with alloc_fail(dev[0], 2, "http_server_init"):
4014 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
4015 raise Exception("WPS_ER_START succeeded during OOM")
4016 with alloc_fail(dev[0], 1, "eloop_sock_table_add_sock;?eloop_register_sock;wps_er_ssdp_init"):
4017 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
4018 raise Exception("WPS_ER_START succeeded during OOM")
4019 with fail_test(dev[0], 1, "os_get_random;wps_er_init"):
4020 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo"):
4021 raise Exception("WPS_ER_START succeeded during os_get_random failure")
4022
4023 @remote_compatible
4024 def test_ap_wps_er_init_fail(dev, apdev):
4025 """WPS ER init failure"""
4026 if "FAIL" not in dev[0].request("WPS_ER_START ifname=does-not-exist"):
4027 dev[0].request("WPS_ER_STOP")
4028 raise Exception("WPS_ER_START with non-existing ifname succeeded")
4029
4030 def test_ap_wps_wpa_cli_action(dev, apdev, test_params):
4031 """WPS events and wpa_cli action script"""
4032 logdir = os.path.abspath(test_params['logdir'])
4033 pidfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.pid')
4034 logfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.res')
4035 actionfile = os.path.join(logdir, 'ap_wps_wpa_cli_action.wpa_cli.action.sh')
4036
4037 with open(actionfile, 'w') as f:
4038 f.write('#!/bin/sh\n')
4039 f.write('echo $* >> %s\n' % logfile)
4040 # Kill the process and wait some time before returning to allow all the
4041 # pending events to be processed with some of this happening after the
4042 # eloop SIGALRM signal has been scheduled.
4043 f.write('if [ $2 = "WPS-SUCCESS" -a -r %s ]; then kill `cat %s`; sleep 1; fi\n' % (pidfile, pidfile))
4044
4045 os.chmod(actionfile, stat.S_IREAD | stat.S_IWRITE | stat.S_IEXEC |
4046 stat.S_IRGRP | stat.S_IXGRP | stat.S_IROTH | stat.S_IXOTH)
4047
4048 ssid = "test-wps-conf"
4049 hapd = hostapd.add_ap(apdev[0],
4050 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
4051 "wpa_passphrase": "12345678", "wpa": "2",
4052 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
4053
4054 prg = os.path.join(test_params['logdir'],
4055 'alt-wpa_supplicant/wpa_supplicant/wpa_cli')
4056 if not os.path.exists(prg):
4057 prg = '../../wpa_supplicant/wpa_cli'
4058 arg = [prg, '-P', pidfile, '-B', '-i', dev[0].ifname, '-a', actionfile]
4059 subprocess.call(arg)
4060
4061 arg = ['ps', 'ax']
4062 cmd = subprocess.Popen(arg, stdout=subprocess.PIPE)
4063 out = cmd.communicate()[0].decode()
4064 cmd.wait()
4065 logger.debug("Processes:\n" + out)
4066 if "wpa_cli -P %s -B -i %s" % (pidfile, dev[0].ifname) not in out:
4067 raise Exception("Did not see wpa_cli running")
4068
4069 hapd.request("WPS_PIN any 12345670")
4070 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
4071 dev[0].dump_monitor()
4072 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
4073 dev[0].wait_connected(timeout=30)
4074
4075 for i in range(30):
4076 if not os.path.exists(pidfile):
4077 break
4078 time.sleep(0.1)
4079
4080 if not os.path.exists(logfile):
4081 raise Exception("wpa_cli action results file not found")
4082 with open(logfile, 'r') as f:
4083 res = f.read()
4084 if "WPS-SUCCESS" not in res:
4085 raise Exception("WPS-SUCCESS event not seen in action file")
4086
4087 arg = ['ps', 'ax']
4088 cmd = subprocess.Popen(arg, stdout=subprocess.PIPE)
4089 out = cmd.communicate()[0].decode()
4090 cmd.wait()
4091 logger.debug("Remaining processes:\n" + out)
4092 if "wpa_cli -P %s -B -i %s" % (pidfile, dev[0].ifname) in out:
4093 raise Exception("wpa_cli still running")
4094
4095 if os.path.exists(pidfile):
4096 raise Exception("PID file not removed")
4097
4098 def test_ap_wps_er_ssdp_proto(dev, apdev):
4099 """WPS ER SSDP protocol testing"""
4100 try:
4101 _test_ap_wps_er_ssdp_proto(dev, apdev)
4102 finally:
4103 dev[0].request("WPS_ER_STOP")
4104
4105 def _test_ap_wps_er_ssdp_proto(dev, apdev):
4106 socket.setdefaulttimeout(1)
4107 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
4108 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
4109 sock.bind(("239.255.255.250", 1900))
4110 if "FAIL" not in dev[0].request("WPS_ER_START ifname=lo foo"):
4111 raise Exception("Invalid filter accepted")
4112 if "OK" not in dev[0].request("WPS_ER_START ifname=lo 1.2.3.4"):
4113 raise Exception("WPS_ER_START with filter failed")
4114 (msg, addr) = sock.recvfrom(1000)
4115 msg = msg.decode()
4116 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
4117 if "M-SEARCH" not in msg:
4118 raise Exception("Not an M-SEARCH")
4119 sock.sendto(b"FOO", addr)
4120 time.sleep(0.1)
4121 dev[0].request("WPS_ER_STOP")
4122
4123 dev[0].request("WPS_ER_START ifname=lo")
4124 (msg, addr) = sock.recvfrom(1000)
4125 msg = msg.decode()
4126 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
4127 if "M-SEARCH" not in msg:
4128 raise Exception("Not an M-SEARCH")
4129 sock.sendto(b"FOO", addr)
4130 sock.sendto(b"HTTP/1.1 200 OK\r\nFOO\r\n\r\n", addr)
4131 sock.sendto(b"HTTP/1.1 200 OK\r\nNTS:foo\r\n\r\n", addr)
4132 sock.sendto(b"HTTP/1.1 200 OK\r\nNTS:ssdp:byebye\r\n\r\n", addr)
4133 sock.sendto(b"HTTP/1.1 200 OK\r\ncache-control: foo=1\r\n\r\n", addr)
4134 sock.sendto(b"HTTP/1.1 200 OK\r\ncache-control: max-age=1\r\n\r\n", addr)
4135 sock.sendto(b"HTTP/1.1 200 OK\r\nusn:\r\n\r\n", addr)
4136 sock.sendto(b"HTTP/1.1 200 OK\r\nusn:foo\r\n\r\n", addr)
4137 sock.sendto(b"HTTP/1.1 200 OK\r\nusn: uuid:\r\n\r\n", addr)
4138 sock.sendto(b"HTTP/1.1 200 OK\r\nusn: uuid: \r\n\r\n", addr)
4139 sock.sendto(b"HTTP/1.1 200 OK\r\nusn: uuid: foo\r\n\r\n", addr)
4140 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\n\r\n", addr)
4141 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nNTS:ssdp:byebye\r\n\r\n", addr)
4142 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\n\r\n", addr)
4143 with alloc_fail(dev[0], 1, "wps_er_ap_add"):
4144 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
4145 time.sleep(0.1)
4146 with alloc_fail(dev[0], 2, "wps_er_ap_add"):
4147 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
4148 time.sleep(0.1)
4149
4150 # Add an AP with bogus URL
4151 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
4152 # Update timeout on AP without updating URL
4153 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
4154 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
4155 if ev is None:
4156 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
4157
4158 # Add an AP with a valid URL (but no server listing to it)
4159 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1:12345/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
4160 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
4161 if ev is None:
4162 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
4163
4164 sock.close()
4165
4166 wps_event_url = None
4167
4168 def gen_upnp_info(eventSubURL='wps_event', controlURL='wps_control',
4169 udn='uuid:27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'):
4170 payload = '''<?xml version="1.0"?>
4171 <root xmlns="urn:schemas-upnp-org:device-1-0">
4172 <specVersion>
4173 <major>1</major>
4174 <minor>0</minor>
4175 </specVersion>
4176 <device>
4177 <deviceType>urn:schemas-wifialliance-org:device:WFADevice:1</deviceType>
4178 <friendlyName>WPS Access Point</friendlyName>
4179 <manufacturer>Company</manufacturer>
4180 <modelName>WAP</modelName>
4181 <modelNumber>123</modelNumber>
4182 <serialNumber>12345</serialNumber>
4183 '''
4184 if udn:
4185 payload += '<UDN>' + udn + '</UDN>'
4186 payload += '''<serviceList>
4187 <service>
4188 <serviceType>urn:schemas-wifialliance-org:service:WFAWLANConfig:1</serviceType>
4189 <serviceId>urn:wifialliance-org:serviceId:WFAWLANConfig1</serviceId>
4190 <SCPDURL>wps_scpd.xml</SCPDURL>
4191 '''
4192 if controlURL:
4193 payload += '<controlURL>' + controlURL + '</controlURL>\n'
4194 if eventSubURL:
4195 payload += '<eventSubURL>' + eventSubURL + '</eventSubURL>\n'
4196 payload += '''</service>
4197 </serviceList>
4198 </device>
4199 </root>
4200 '''
4201 hdr = 'HTTP/1.1 200 OK\r\n' + \
4202 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4203 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4204 'Connection: close\r\n' + \
4205 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4206 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4207 return (hdr + payload).encode()
4208
4209 def gen_wps_control(payload_override=None):
4210 payload = '''<?xml version="1.0"?>
4211 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
4212 <s:Body>
4213 <u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
4214 <NewDeviceInfo>EEoAARAQIgABBBBHABAn6oAanlxOc72C+Jy80Q1+ECAABgIAAAADABAaABCJZ7DPtbU3Ust9
4215 Z3wJF07WEDIAwH45D3i1OqB7eJGwTzqeapS71h3KyXncK2xJZ+xqScrlorNEg6LijBJzG2Ca
4216 +FZli0iliDJd397yAx/jk4nFXco3q5ylBSvSw9dhJ5u1xBKSnTilKGlUHPhLP75PUqM3fot9
4217 7zwtFZ4bx6x1sBA6oEe2d0aUJmLumQGCiKEIWlnxs44zego/2tAe81bDzdPBM7o5HH/FUhD+
4218 KoGzFXp51atP+1n9Vta6AkI0Vye99JKLcC6Md9dMJltSVBgd4Xc4lRAEAAIAIxAQAAIADRAN
4219 AAEBEAgAAgAEEEQAAQIQIQAHQ29tcGFueRAjAANXQVAQJAADMTIzEEIABTEyMzQ1EFQACAAG
4220 AFDyBAABEBEAC1dpcmVsZXNzIEFQEDwAAQEQAgACAAAQEgACAAAQCQACAAAQLQAEgQIDABBJ
4221 AAYANyoAASA=
4222 </NewDeviceInfo>
4223 </u:GetDeviceInfoResponse>
4224 </s:Body>
4225 </s:Envelope>
4226 '''
4227 if payload_override:
4228 payload = payload_override
4229 hdr = 'HTTP/1.1 200 OK\r\n' + \
4230 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4231 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4232 'Connection: close\r\n' + \
4233 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4234 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4235 return (hdr + payload).encode()
4236
4237 def gen_wps_event(sid='uuid:7eb3342a-8a5f-47fe-a585-0785bfec6d8a'):
4238 payload = ""
4239 hdr = 'HTTP/1.1 200 OK\r\n' + \
4240 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4241 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4242 'Connection: close\r\n' + \
4243 'Content-Length: ' + str(len(payload)) + '\r\n'
4244 if sid:
4245 hdr += 'SID: ' + sid + '\r\n'
4246 hdr += 'Timeout: Second-1801\r\n' + \
4247 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4248 return (hdr + payload).encode()
4249
4250 class WPSAPHTTPServer(StreamRequestHandler):
4251 def handle(self):
4252 data = self.rfile.readline().decode().strip()
4253 logger.info("HTTP server received: " + data)
4254 while True:
4255 hdr = self.rfile.readline().decode().strip()
4256 if len(hdr) == 0:
4257 break
4258 logger.info("HTTP header: " + hdr)
4259 if "CALLBACK:" in hdr:
4260 global wps_event_url
4261 wps_event_url = hdr.split(' ')[1].strip('<>')
4262
4263 if "GET /foo.xml" in data:
4264 self.handle_upnp_info()
4265 elif "POST /wps_control" in data:
4266 self.handle_wps_control()
4267 elif "SUBSCRIBE /wps_event" in data:
4268 self.handle_wps_event()
4269 else:
4270 self.handle_others(data)
4271
4272 def handle_upnp_info(self):
4273 self.wfile.write(gen_upnp_info())
4274
4275 def handle_wps_control(self):
4276 self.wfile.write(gen_wps_control())
4277
4278 def handle_wps_event(self):
4279 self.wfile.write(gen_wps_event())
4280
4281 def handle_others(self, data):
4282 logger.info("Ignore HTTP request: " + data)
4283
4284 class MyTCPServer(TCPServer):
4285 def __init__(self, addr, handler):
4286 self.allow_reuse_address = True
4287 TCPServer.__init__(self, addr, handler)
4288
4289 def wps_er_start(dev, http_server, max_age=1, wait_m_search=False,
4290 location_url=None):
4291 socket.setdefaulttimeout(1)
4292 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
4293 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
4294 sock.bind(("239.255.255.250", 1900))
4295 dev.request("WPS_ER_START ifname=lo")
4296 for i in range(100):
4297 (msg, addr) = sock.recvfrom(1000)
4298 msg = msg.decode()
4299 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
4300 if "M-SEARCH" in msg:
4301 break
4302 if not wait_m_search:
4303 raise Exception("Not an M-SEARCH")
4304 if i == 99:
4305 raise Exception("No M-SEARCH seen")
4306
4307 # Add an AP with a valid URL and server listing to it
4308 server = MyTCPServer(("127.0.0.1", 12345), http_server)
4309 if not location_url:
4310 location_url = 'http://127.0.0.1:12345/foo.xml'
4311 sock.sendto(("HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:%s\r\ncache-control:max-age=%d\r\n\r\n" % (location_url, max_age)).encode(), addr)
4312 server.timeout = 1
4313 return server, sock
4314
4315 def wps_er_stop(dev, sock, server, on_alloc_fail=False):
4316 sock.close()
4317 server.server_close()
4318
4319 if on_alloc_fail:
4320 done = False
4321 for i in range(50):
4322 res = dev.request("GET_ALLOC_FAIL")
4323 if res.startswith("0:"):
4324 done = True
4325 break
4326 time.sleep(0.1)
4327 if not done:
4328 raise Exception("No allocation failure reported")
4329 else:
4330 ev = dev.wait_event(["WPS-ER-AP-REMOVE"], timeout=5)
4331 if ev is None:
4332 raise Exception("No WPS-ER-AP-REMOVE event on max-age timeout")
4333 dev.request("WPS_ER_STOP")
4334
4335 def run_wps_er_proto_test(dev, handler, no_event_url=False, location_url=None):
4336 try:
4337 uuid = '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
4338 server, sock = wps_er_start(dev, handler, location_url=location_url)
4339 global wps_event_url
4340 wps_event_url = None
4341 server.handle_request()
4342 server.handle_request()
4343 server.handle_request()
4344 server.server_close()
4345 if no_event_url:
4346 if wps_event_url:
4347 raise Exception("Received event URL unexpectedly")
4348 return
4349 if wps_event_url is None:
4350 raise Exception("Did not get event URL")
4351 logger.info("Event URL: " + wps_event_url)
4352 finally:
4353 dev.request("WPS_ER_STOP")
4354
4355 def send_wlanevent(url, uuid, data, no_response=False):
4356 conn = HTTPConnection(url.netloc)
4357 payload = '''<?xml version="1.0" encoding="utf-8"?>
4358 <e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
4359 <e:property><STAStatus>1</STAStatus></e:property>
4360 <e:property><APStatus>1</APStatus></e:property>
4361 <e:property><WLANEvent>'''
4362 payload += base64.b64encode(data).decode()
4363 payload += '</WLANEvent></e:property></e:propertyset>'
4364 headers = {"Content-type": 'text/xml; charset="utf-8"',
4365 "Server": "Unspecified, UPnP/1.0, Unspecified",
4366 "HOST": url.netloc,
4367 "NT": "upnp:event",
4368 "SID": "uuid:" + uuid,
4369 "SEQ": "0",
4370 "Content-Length": str(len(payload))}
4371 conn.request("NOTIFY", url.path, payload, headers)
4372 if no_response:
4373 try:
4374 conn.getresponse()
4375 except Exception as e:
4376 pass
4377 return
4378 resp = conn.getresponse()
4379 if resp.status != 200:
4380 raise Exception("Unexpected HTTP response: %d" % resp.status)
4381
4382 def test_ap_wps_er_http_proto(dev, apdev):
4383 """WPS ER HTTP protocol testing"""
4384 try:
4385 _test_ap_wps_er_http_proto(dev, apdev)
4386 finally:
4387 dev[0].request("WPS_ER_STOP")
4388
4389 def _test_ap_wps_er_http_proto(dev, apdev):
4390 uuid = '27ea801a-9e5c-4e73-bd82-f89cbcd10d7e'
4391 server, sock = wps_er_start(dev[0], WPSAPHTTPServer, max_age=15)
4392 global wps_event_url
4393 wps_event_url = None
4394 server.handle_request()
4395 server.handle_request()
4396 server.handle_request()
4397 server.server_close()
4398 if wps_event_url is None:
4399 raise Exception("Did not get event URL")
4400 logger.info("Event URL: " + wps_event_url)
4401
4402 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=10)
4403 if ev is None:
4404 raise Exception("No WPS-ER-AP-ADD event")
4405 if uuid not in ev:
4406 raise Exception("UUID mismatch")
4407
4408 sock.close()
4409
4410 logger.info("Valid Probe Request notification")
4411 url = urlparse(wps_event_url)
4412 conn = HTTPConnection(url.netloc)
4413 payload = '''<?xml version="1.0" encoding="utf-8"?>
4414 <e:propertyset xmlns:e="urn:schemas-upnp-org:event-1-0">
4415 <e:property><STAStatus>1</STAStatus></e:property>
4416 <e:property><APStatus>1</APStatus></e:property>
4417 <e:property><WLANEvent>ATAyOjAwOjAwOjAwOjAwOjAwEEoAARAQOgABAhAIAAIxSBBHABA2LbR7pTpRkYj7VFi5hrLk
4418 EFQACAAAAAAAAAAAEDwAAQMQAgACAAAQCQACAAAQEgACAAAQIQABIBAjAAEgECQAASAQEQAI
4419 RGV2aWNlIEEQSQAGADcqAAEg
4420 </WLANEvent></e:property>
4421 </e:propertyset>
4422 '''
4423 headers = {"Content-type": 'text/xml; charset="utf-8"',
4424 "Server": "Unspecified, UPnP/1.0, Unspecified",
4425 "HOST": url.netloc,
4426 "NT": "upnp:event",
4427 "SID": "uuid:" + uuid,
4428 "SEQ": "0",
4429 "Content-Length": str(len(payload))}
4430 conn.request("NOTIFY", url.path, payload, headers)
4431 resp = conn.getresponse()
4432 if resp.status != 200:
4433 raise Exception("Unexpected HTTP response: %d" % resp.status)
4434
4435 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=5)
4436 if ev is None:
4437 raise Exception("No WPS-ER-ENROLLEE-ADD event")
4438 if "362db47b-a53a-5191-88fb-5458b986b2e4" not in ev:
4439 raise Exception("No Enrollee UUID match")
4440
4441 logger.info("Incorrect event URL AP id")
4442 conn = HTTPConnection(url.netloc)
4443 conn.request("NOTIFY", url.path + '123', payload, headers)
4444 resp = conn.getresponse()
4445 if resp.status != 404:
4446 raise Exception("Unexpected HTTP response: %d" % resp.status)
4447
4448 logger.info("Missing AP id")
4449 conn = HTTPConnection(url.netloc)
4450 conn.request("NOTIFY", '/event/' + url.path.split('/')[2],
4451 payload, headers)
4452 time.sleep(0.1)
4453
4454 logger.info("Incorrect event URL event id")
4455 conn = HTTPConnection(url.netloc)
4456 conn.request("NOTIFY", '/event/123456789/123', payload, headers)
4457 time.sleep(0.1)
4458
4459 logger.info("Incorrect event URL prefix")
4460 conn = HTTPConnection(url.netloc)
4461 conn.request("NOTIFY", '/foobar/123456789/123', payload, headers)
4462 resp = conn.getresponse()
4463 if resp.status != 404:
4464 raise Exception("Unexpected HTTP response: %d" % resp.status)
4465
4466 logger.info("Unsupported request")
4467 conn = HTTPConnection(url.netloc)
4468 conn.request("FOOBAR", '/foobar/123456789/123', payload, headers)
4469 resp = conn.getresponse()
4470 if resp.status != 501:
4471 raise Exception("Unexpected HTTP response: %d" % resp.status)
4472
4473 logger.info("Unsupported request and OOM")
4474 with alloc_fail(dev[0], 1, "wps_er_http_req"):
4475 conn = HTTPConnection(url.netloc)
4476 conn.request("FOOBAR", '/foobar/123456789/123', payload, headers)
4477 time.sleep(0.5)
4478
4479 logger.info("Too short WLANEvent")
4480 data = b'\x00'
4481 send_wlanevent(url, uuid, data)
4482
4483 logger.info("Invalid WLANEventMAC")
4484 data = b'\x00qwertyuiopasdfghjklzxcvbnm'
4485 send_wlanevent(url, uuid, data)
4486
4487 logger.info("Unknown WLANEventType")
4488 data = b'\xff02:00:00:00:00:00'
4489 send_wlanevent(url, uuid, data)
4490
4491 logger.info("Probe Request notification without any attributes")
4492 data = b'\x0102:00:00:00:00:00'
4493 send_wlanevent(url, uuid, data)
4494
4495 logger.info("Probe Request notification with invalid attribute")
4496 data = b'\x0102:00:00:00:00:00\xff'
4497 send_wlanevent(url, uuid, data)
4498
4499 logger.info("EAP message without any attributes")
4500 data = b'\x0202:00:00:00:00:00'
4501 send_wlanevent(url, uuid, data)
4502
4503 logger.info("EAP message with invalid attribute")
4504 data = b'\x0202:00:00:00:00:00\xff'
4505 send_wlanevent(url, uuid, data)
4506
4507 logger.info("EAP message from new STA and not M1")
4508 data = b'\x0202:ff:ff:ff:ff:ff' + b'\x10\x22\x00\x01\x05'
4509 send_wlanevent(url, uuid, data)
4510
4511 logger.info("EAP message: M1")
4512 data = b'\x0202:00:00:00:00:00'
4513 data += b'\x10\x22\x00\x01\x04'
4514 data += b'\x10\x47\x00\x10' + 16 * b'\x00'
4515 data += b'\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4516 data += b'\x10\x1a\x00\x10' + 16 * b'\x00'
4517 data += b'\x10\x32\x00\xc0' + 192 * b'\x00'
4518 data += b'\x10\x04\x00\x02\x00\x00'
4519 data += b'\x10\x10\x00\x02\x00\x00'
4520 data += b'\x10\x0d\x00\x01\x00'
4521 data += b'\x10\x08\x00\x02\x00\x00'
4522 data += b'\x10\x44\x00\x01\x00'
4523 data += b'\x10\x21\x00\x00'
4524 data += b'\x10\x23\x00\x00'
4525 data += b'\x10\x24\x00\x00'
4526 data += b'\x10\x42\x00\x00'
4527 data += b'\x10\x54\x00\x08' + 8 * b'\x00'
4528 data += b'\x10\x11\x00\x00'
4529 data += b'\x10\x3c\x00\x01\x00'
4530 data += b'\x10\x02\x00\x02\x00\x00'
4531 data += b'\x10\x12\x00\x02\x00\x00'
4532 data += b'\x10\x09\x00\x02\x00\x00'
4533 data += b'\x10\x2d\x00\x04\x00\x00\x00\x00'
4534 m1 = data
4535 send_wlanevent(url, uuid, data)
4536
4537 logger.info("EAP message: WSC_ACK")
4538 data = b'\x0202:00:00:00:00:00' + b'\x10\x22\x00\x01\x0d'
4539 send_wlanevent(url, uuid, data)
4540
4541 logger.info("EAP message: M1")
4542 send_wlanevent(url, uuid, m1)
4543
4544 logger.info("EAP message: WSC_NACK")
4545 data = b'\x0202:00:00:00:00:00' + b'\x10\x22\x00\x01\x0e'
4546 send_wlanevent(url, uuid, data)
4547
4548 logger.info("EAP message: M1 - Too long attribute values")
4549 data = b'\x0202:00:00:00:00:00'
4550 data += b'\x10\x11\x00\x21' + 33 * b'\x00'
4551 data += b'\x10\x45\x00\x21' + 33 * b'\x00'
4552 data += b'\x10\x42\x00\x21' + 33 * b'\x00'
4553 data += b'\x10\x24\x00\x21' + 33 * b'\x00'
4554 data += b'\x10\x23\x00\x21' + 33 * b'\x00'
4555 data += b'\x10\x21\x00\x41' + 65 * b'\x00'
4556 data += b'\x10\x49\x00\x09\x00\x37\x2a\x05\x02\x00\x00\x05\x00'
4557 send_wlanevent(url, uuid, data)
4558
4559 logger.info("EAP message: M1 missing UUID-E")
4560 data = b'\x0202:00:00:00:00:00'
4561 data += b'\x10\x22\x00\x01\x04'
4562 send_wlanevent(url, uuid, data)
4563
4564 logger.info("EAP message: M1 missing MAC Address")
4565 data += b'\x10\x47\x00\x10' + 16 * b'\x00'
4566 send_wlanevent(url, uuid, data)
4567
4568 logger.info("EAP message: M1 missing Enrollee Nonce")
4569 data += b'\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4570 send_wlanevent(url, uuid, data)
4571
4572 logger.info("EAP message: M1 missing Public Key")
4573 data += b'\x10\x1a\x00\x10' + 16 * b'\x00'
4574 send_wlanevent(url, uuid, data)
4575
4576 logger.info("EAP message: M1 missing Authentication Type flags")
4577 data += b'\x10\x32\x00\xc0' + 192 * b'\x00'
4578 send_wlanevent(url, uuid, data)
4579
4580 logger.info("EAP message: M1 missing Encryption Type Flags")
4581 data += b'\x10\x04\x00\x02\x00\x00'
4582 send_wlanevent(url, uuid, data)
4583
4584 logger.info("EAP message: M1 missing Connection Type flags")
4585 data += b'\x10\x10\x00\x02\x00\x00'
4586 send_wlanevent(url, uuid, data)
4587
4588 logger.info("EAP message: M1 missing Config Methods")
4589 data += b'\x10\x0d\x00\x01\x00'
4590 send_wlanevent(url, uuid, data)
4591
4592 logger.info("EAP message: M1 missing Wi-Fi Protected Setup State")
4593 data += b'\x10\x08\x00\x02\x00\x00'
4594 send_wlanevent(url, uuid, data)
4595
4596 logger.info("EAP message: M1 missing Manufacturer")
4597 data += b'\x10\x44\x00\x01\x00'
4598 send_wlanevent(url, uuid, data)
4599
4600 logger.info("EAP message: M1 missing Model Name")
4601 data += b'\x10\x21\x00\x00'
4602 send_wlanevent(url, uuid, data)
4603
4604 logger.info("EAP message: M1 missing Model Number")
4605 data += b'\x10\x23\x00\x00'
4606 send_wlanevent(url, uuid, data)
4607
4608 logger.info("EAP message: M1 missing Serial Number")
4609 data += b'\x10\x24\x00\x00'
4610 send_wlanevent(url, uuid, data)
4611
4612 logger.info("EAP message: M1 missing Primary Device Type")
4613 data += b'\x10\x42\x00\x00'
4614 send_wlanevent(url, uuid, data)
4615
4616 logger.info("EAP message: M1 missing Device Name")
4617 data += b'\x10\x54\x00\x08' + 8 * b'\x00'
4618 send_wlanevent(url, uuid, data)
4619
4620 logger.info("EAP message: M1 missing RF Bands")
4621 data += b'\x10\x11\x00\x00'
4622 send_wlanevent(url, uuid, data)
4623
4624 logger.info("EAP message: M1 missing Association State")
4625 data += b'\x10\x3c\x00\x01\x00'
4626 send_wlanevent(url, uuid, data)
4627
4628 logger.info("EAP message: M1 missing Device Password ID")
4629 data += b'\x10\x02\x00\x02\x00\x00'
4630 send_wlanevent(url, uuid, data)
4631
4632 logger.info("EAP message: M1 missing Configuration Error")
4633 data += b'\x10\x12\x00\x02\x00\x00'
4634 send_wlanevent(url, uuid, data)
4635
4636 logger.info("EAP message: M1 missing OS Version")
4637 data += b'\x10\x09\x00\x02\x00\x00'
4638 send_wlanevent(url, uuid, data)
4639
4640 logger.info("Check max concurrent requests")
4641 addr = (url.hostname, url.port)
4642 socks = {}
4643 for i in range(20):
4644 socks[i] = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4645 socket.IPPROTO_TCP)
4646 socks[i].settimeout(10)
4647 socks[i].connect(addr)
4648 for i in range(20):
4649 socks[i].send(b"GET / HTTP/1.1\r\n\r\n")
4650 count = 0
4651 for i in range(20):
4652 try:
4653 res = socks[i].recv(100).decode()
4654 if "HTTP/1" in res:
4655 count += 1
4656 else:
4657 logger.info("recv[%d]: len=%d" % (i, len(res)))
4658 except:
4659 pass
4660 socks[i].close()
4661 logger.info("%d concurrent HTTP GET operations returned response" % count)
4662 if count < 8:
4663 raise Exception("Too few concurrent HTTP connections accepted")
4664
4665 logger.info("OOM in HTTP server")
4666 for func in ["http_request_init", "httpread_create",
4667 "eloop_register_timeout;httpread_create",
4668 "eloop_sock_table_add_sock;?eloop_register_sock;httpread_create",
4669 "httpread_hdr_analyze"]:
4670 with alloc_fail(dev[0], 1, func):
4671 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4672 socket.IPPROTO_TCP)
4673 sock.connect(addr)
4674 sock.send(b"GET / HTTP/1.1\r\n\r\n")
4675 try:
4676 sock.recv(100)
4677 except:
4678 pass
4679 sock.close()
4680
4681 logger.info("Invalid HTTP header")
4682 for req in [" GET / HTTP/1.1\r\n\r\n",
4683 "HTTP/1.1 200 OK\r\n\r\n",
4684 "HTTP/\r\n\r\n",
4685 "GET %%a%aa% HTTP/1.1\r\n\r\n",
4686 "GET / HTTP/1.1\r\n FOO\r\n\r\n",
4687 "NOTIFY / HTTP/1.1\r\n" + 4097*'a' + '\r\n\r\n',
4688 "NOTIFY / HTTP/1.1\r\n\r\n" + 8193*'a',
4689 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n foo\r\n",
4690 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n1\r\nfoo\r\n",
4691 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\n",
4692 "POST / HTTP/1.1\r\nTransfer-Encoding: CHUNKED\r\n\r\n0\r\naa\ra\r\n\ra"]:
4693 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4694 socket.IPPROTO_TCP)
4695 sock.settimeout(0.1)
4696 sock.connect(addr)
4697 sock.send(req.encode())
4698 try:
4699 sock.recv(100)
4700 except:
4701 pass
4702 sock.close()
4703
4704 with alloc_fail(dev[0], 2, "httpread_read_handler"):
4705 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4706 socket.IPPROTO_TCP)
4707 sock.connect(addr)
4708 sock.send(b"NOTIFY / HTTP/1.1\r\n\r\n" + 4500 * b'a')
4709 try:
4710 sock.recv(100)
4711 except:
4712 pass
4713 sock.close()
4714
4715 conn = HTTPConnection(url.netloc)
4716 payload = '<foo'
4717 headers = {"Content-type": 'text/xml; charset="utf-8"',
4718 "Server": "Unspecified, UPnP/1.0, Unspecified",
4719 "HOST": url.netloc,
4720 "NT": "upnp:event",
4721 "SID": "uuid:" + uuid,
4722 "SEQ": "0",
4723 "Content-Length": str(len(payload))}
4724 conn.request("NOTIFY", url.path, payload, headers)
4725 resp = conn.getresponse()
4726 if resp.status != 200:
4727 raise Exception("Unexpected HTTP response: %d" % resp.status)
4728
4729 conn = HTTPConnection(url.netloc)
4730 payload = '<WLANEvent foo></WLANEvent>'
4731 headers = {"Content-type": 'text/xml; charset="utf-8"',
4732 "Server": "Unspecified, UPnP/1.0, Unspecified",
4733 "HOST": url.netloc,
4734 "NT": "upnp:event",
4735 "SID": "uuid:" + uuid,
4736 "SEQ": "0",
4737 "Content-Length": str(len(payload))}
4738 conn.request("NOTIFY", url.path, payload, headers)
4739 resp = conn.getresponse()
4740 if resp.status != 200:
4741 raise Exception("Unexpected HTTP response: %d" % resp.status)
4742
4743 with alloc_fail(dev[0], 1, "xml_get_first_item"):
4744 send_wlanevent(url, uuid, b'')
4745
4746 with alloc_fail(dev[0], 1, "wpabuf_alloc_ext_data;xml_get_base64_item"):
4747 send_wlanevent(url, uuid, b'foo')
4748
4749 for func in ["wps_init",
4750 "wps_process_manufacturer",
4751 "wps_process_model_name",
4752 "wps_process_model_number",
4753 "wps_process_serial_number",
4754 "wps_process_dev_name"]:
4755 with alloc_fail(dev[0], 1, func):
4756 send_wlanevent(url, uuid, m1)
4757
4758 with alloc_fail(dev[0], 1, "wps_er_http_resp_ok"):
4759 send_wlanevent(url, uuid, m1, no_response=True)
4760
4761 with alloc_fail(dev[0], 1, "wps_er_http_resp_not_found"):
4762 url2 = urlparse(wps_event_url.replace('/event/', '/notfound/'))
4763 send_wlanevent(url2, uuid, m1, no_response=True)
4764
4765 logger.info("EAP message: M1")
4766 data = b'\x0202:11:22:00:00:00'
4767 data += b'\x10\x22\x00\x01\x04'
4768 data += b'\x10\x47\x00\x10' + 16 * b'\x00'
4769 data += b'\x10\x20\x00\x06\x02\x00\x00\x00\x00\x00'
4770 data += b'\x10\x1a\x00\x10' + 16 * b'\x00'
4771 data += b'\x10\x32\x00\xc0' + 192 * b'\x00'
4772 data += b'\x10\x04\x00\x02\x00\x00'
4773 data += b'\x10\x10\x00\x02\x00\x00'
4774 data += b'\x10\x0d\x00\x01\x00'
4775 data += b'\x10\x08\x00\x02\x00\x00'
4776 data += b'\x10\x44\x00\x01\x00'
4777 data += b'\x10\x21\x00\x00'
4778 data += b'\x10\x23\x00\x00'
4779 data += b'\x10\x24\x00\x00'
4780 data += b'\x10\x42\x00\x00'
4781 data += b'\x10\x54\x00\x08' + 8 * b'\x00'
4782 data += b'\x10\x11\x00\x00'
4783 data += b'\x10\x3c\x00\x01\x00'
4784 data += b'\x10\x02\x00\x02\x00\x00'
4785 data += b'\x10\x12\x00\x02\x00\x00'
4786 data += b'\x10\x09\x00\x02\x00\x00'
4787 data += b'\x10\x2d\x00\x04\x00\x00\x00\x00'
4788 dev[0].dump_monitor()
4789 with alloc_fail(dev[0], 1, "wps_er_add_sta_data"):
4790 send_wlanevent(url, uuid, data)
4791 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=0.1)
4792 if ev is not None:
4793 raise Exception("Unexpected enrollee add event")
4794 send_wlanevent(url, uuid, data)
4795 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=2)
4796 if ev is None:
4797 raise Exception("Enrollee add event not seen")
4798
4799 with alloc_fail(dev[0], 1,
4800 "base64_gen_encode;?base64_encode;wps_er_soap_hdr"):
4801 send_wlanevent(url, uuid, data)
4802
4803 with alloc_fail(dev[0], 1, "wpabuf_alloc;wps_er_soap_hdr"):
4804 send_wlanevent(url, uuid, data)
4805
4806 with alloc_fail(dev[0], 1, "http_client_url_parse;wps_er_sta_send_msg"):
4807 send_wlanevent(url, uuid, data)
4808
4809 with alloc_fail(dev[0], 1, "http_client_addr;wps_er_sta_send_msg"):
4810 send_wlanevent(url, uuid, data)
4811
4812 def test_ap_wps_er_http_proto_no_event_sub_url(dev, apdev):
4813 """WPS ER HTTP protocol testing - no eventSubURL"""
4814 class WPSAPHTTPServer_no_event_sub_url(WPSAPHTTPServer):
4815 def handle_upnp_info(self):
4816 self.wfile.write(gen_upnp_info(eventSubURL=None))
4817 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_event_sub_url,
4818 no_event_url=True)
4819
4820 def test_ap_wps_er_http_proto_event_sub_url_dns(dev, apdev):
4821 """WPS ER HTTP protocol testing - DNS name in eventSubURL"""
4822 class WPSAPHTTPServer_event_sub_url_dns(WPSAPHTTPServer):
4823 def handle_upnp_info(self):
4824 self.wfile.write(gen_upnp_info(eventSubURL='http://example.com/wps_event'))
4825 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_event_sub_url_dns,
4826 no_event_url=True)
4827
4828 def test_ap_wps_er_http_proto_subscribe_oom(dev, apdev):
4829 """WPS ER HTTP protocol testing - subscribe OOM"""
4830 try:
4831 _test_ap_wps_er_http_proto_subscribe_oom(dev, apdev)
4832 finally:
4833 dev[0].request("WPS_ER_STOP")
4834
4835 def _test_ap_wps_er_http_proto_subscribe_oom(dev, apdev):
4836 tests = [(1, "http_client_url_parse"),
4837 (1, "wpabuf_alloc;wps_er_subscribe"),
4838 (1, "http_client_addr"),
4839 (1, "eloop_sock_table_add_sock;?eloop_register_sock;http_client_addr"),
4840 (1, "eloop_register_timeout;http_client_addr")]
4841 for count, func in tests:
4842 with alloc_fail(dev[0], count, func):
4843 server, sock = wps_er_start(dev[0], WPSAPHTTPServer)
4844 server.handle_request()
4845 server.handle_request()
4846 wps_er_stop(dev[0], sock, server, on_alloc_fail=True)
4847
4848 def test_ap_wps_er_http_proto_no_sid(dev, apdev):
4849 """WPS ER HTTP protocol testing - no SID"""
4850 class WPSAPHTTPServer_no_sid(WPSAPHTTPServer):
4851 def handle_wps_event(self):
4852 self.wfile.write(gen_wps_event(sid=None))
4853 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_sid)
4854
4855 def test_ap_wps_er_http_proto_invalid_sid_no_uuid(dev, apdev):
4856 """WPS ER HTTP protocol testing - invalid SID - no UUID"""
4857 class WPSAPHTTPServer_invalid_sid_no_uuid(WPSAPHTTPServer):
4858 def handle_wps_event(self):
4859 self.wfile.write(gen_wps_event(sid='FOO'))
4860 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_sid_no_uuid)
4861
4862 def test_ap_wps_er_http_proto_invalid_sid_uuid(dev, apdev):
4863 """WPS ER HTTP protocol testing - invalid SID UUID"""
4864 class WPSAPHTTPServer_invalid_sid_uuid(WPSAPHTTPServer):
4865 def handle_wps_event(self):
4866 self.wfile.write(gen_wps_event(sid='uuid:FOO'))
4867 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_sid_uuid)
4868
4869 def test_ap_wps_er_http_proto_subscribe_failing(dev, apdev):
4870 """WPS ER HTTP protocol testing - SUBSCRIBE failing"""
4871 class WPSAPHTTPServer_fail_subscribe(WPSAPHTTPServer):
4872 def handle_wps_event(self):
4873 payload = ""
4874 hdr = 'HTTP/1.1 404 Not Found\r\n' + \
4875 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4876 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4877 'Connection: close\r\n' + \
4878 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4879 'Timeout: Second-1801\r\n' + \
4880 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4881 self.wfile.write((hdr + payload).encode())
4882 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_fail_subscribe)
4883
4884 def test_ap_wps_er_http_proto_subscribe_invalid_response(dev, apdev):
4885 """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
4886 class WPSAPHTTPServer_subscribe_invalid_response(WPSAPHTTPServer):
4887 def handle_wps_event(self):
4888 payload = ""
4889 hdr = 'HTTP/1.1 FOO\r\n' + \
4890 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4891 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4892 'Connection: close\r\n' + \
4893 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4894 'Timeout: Second-1801\r\n' + \
4895 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4896 self.wfile.write((hdr + payload).encode())
4897 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_subscribe_invalid_response)
4898
4899 def test_ap_wps_er_http_proto_subscribe_invalid_response(dev, apdev):
4900 """WPS ER HTTP protocol testing - SUBSCRIBE and invalid response"""
4901 class WPSAPHTTPServer_invalid_m1(WPSAPHTTPServer):
4902 def handle_wps_control(self):
4903 payload = '''<?xml version="1.0"?>
4904 <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
4905 <s:Body>
4906 <u:GetDeviceInfoResponse xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">
4907 <NewDeviceInfo>Rk9P</NewDeviceInfo>
4908 </u:GetDeviceInfoResponse>
4909 </s:Body>
4910 </s:Envelope>
4911 '''
4912 self.wfile.write(gen_wps_control(payload_override=payload))
4913 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_m1, no_event_url=True)
4914
4915 def test_ap_wps_er_http_proto_upnp_info_no_device(dev, apdev):
4916 """WPS ER HTTP protocol testing - No device in UPnP info"""
4917 class WPSAPHTTPServer_no_device(WPSAPHTTPServer):
4918 def handle_upnp_info(self):
4919 payload = '''<?xml version="1.0"?>
4920 <root xmlns="urn:schemas-upnp-org:device-1-0">
4921 <specVersion>
4922 <major>1</major>
4923 <minor>0</minor>
4924 </specVersion>
4925 </root>
4926 '''
4927 hdr = 'HTTP/1.1 200 OK\r\n' + \
4928 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4929 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4930 'Connection: close\r\n' + \
4931 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4932 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4933 self.wfile.write((hdr + payload).encode())
4934 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_device, no_event_url=True)
4935
4936 def test_ap_wps_er_http_proto_upnp_info_no_device_type(dev, apdev):
4937 """WPS ER HTTP protocol testing - No deviceType in UPnP info"""
4938 class WPSAPHTTPServer_no_device(WPSAPHTTPServer):
4939 def handle_upnp_info(self):
4940 payload = '''<?xml version="1.0"?>
4941 <root xmlns="urn:schemas-upnp-org:device-1-0">
4942 <specVersion>
4943 <major>1</major>
4944 <minor>0</minor>
4945 </specVersion>
4946 <device>
4947 </device>
4948 </root>
4949 '''
4950 hdr = 'HTTP/1.1 200 OK\r\n' + \
4951 'Content-Type: text/xml; charset="utf-8"\r\n' + \
4952 'Server: Unspecified, UPnP/1.0, Unspecified\r\n' + \
4953 'Connection: close\r\n' + \
4954 'Content-Length: ' + str(len(payload)) + '\r\n' + \
4955 'Date: Sat, 15 Aug 2015 18:55:08 GMT\r\n\r\n'
4956 self.wfile.write((hdr + payload).encode())
4957 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_device, no_event_url=True)
4958
4959 def test_ap_wps_er_http_proto_upnp_info_invalid_udn_uuid(dev, apdev):
4960 """WPS ER HTTP protocol testing - Invalid UDN UUID"""
4961 class WPSAPHTTPServer_invalid_udn_uuid(WPSAPHTTPServer):
4962 def handle_upnp_info(self):
4963 self.wfile.write(gen_upnp_info(udn='uuid:foo'))
4964 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_invalid_udn_uuid)
4965
4966 def test_ap_wps_er_http_proto_no_control_url(dev, apdev):
4967 """WPS ER HTTP protocol testing - no controlURL"""
4968 class WPSAPHTTPServer_no_control_url(WPSAPHTTPServer):
4969 def handle_upnp_info(self):
4970 self.wfile.write(gen_upnp_info(controlURL=None))
4971 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_no_control_url,
4972 no_event_url=True)
4973
4974 def test_ap_wps_er_http_proto_control_url_dns(dev, apdev):
4975 """WPS ER HTTP protocol testing - DNS name in controlURL"""
4976 class WPSAPHTTPServer_control_url_dns(WPSAPHTTPServer):
4977 def handle_upnp_info(self):
4978 self.wfile.write(gen_upnp_info(controlURL='http://example.com/wps_control'))
4979 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_control_url_dns,
4980 no_event_url=True)
4981
4982 def test_ap_wps_http_timeout(dev, apdev):
4983 """WPS AP/ER and HTTP timeout"""
4984 try:
4985 _test_ap_wps_http_timeout(dev, apdev)
4986 finally:
4987 dev[0].request("WPS_ER_STOP")
4988
4989 def _test_ap_wps_http_timeout(dev, apdev):
4990 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
4991 add_ssdp_ap(apdev[0], ap_uuid)
4992
4993 location = ssdp_get_location(ap_uuid)
4994 url = urlparse(location)
4995 addr = (url.hostname, url.port)
4996 logger.debug("Open HTTP connection to hostapd, but do not complete request")
4997 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4998 socket.IPPROTO_TCP)
4999 sock.connect(addr)
5000 sock.send(b"G")
5001
5002 class DummyServer(StreamRequestHandler):
5003 def handle(self):
5004 logger.debug("DummyServer - start 31 sec wait")
5005 time.sleep(31)
5006 logger.debug("DummyServer - wait done")
5007
5008 logger.debug("Start WPS ER")
5009 server, sock2 = wps_er_start(dev[0], DummyServer, max_age=40,
5010 wait_m_search=True)
5011
5012 logger.debug("Start server to accept, but not complete, HTTP connection from WPS ER")
5013 # This will wait for 31 seconds..
5014 server.handle_request()
5015
5016 logger.debug("Complete HTTP connection with hostapd (that should have already closed the connection)")
5017 try:
5018 sock.send("ET / HTTP/1.1\r\n\r\n")
5019 res = sock.recv(100)
5020 sock.close()
5021 except:
5022 pass
5023
5024 def test_ap_wps_er_url_parse(dev, apdev):
5025 """WPS ER and URL parsing special cases"""
5026 try:
5027 _test_ap_wps_er_url_parse(dev, apdev)
5028 finally:
5029 dev[0].request("WPS_ER_STOP")
5030
5031 def _test_ap_wps_er_url_parse(dev, apdev):
5032 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM, socket.IPPROTO_UDP)
5033 sock.settimeout(1)
5034 sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
5035 sock.bind(("239.255.255.250", 1900))
5036 dev[0].request("WPS_ER_START ifname=lo")
5037 (msg, addr) = sock.recvfrom(1000)
5038 msg = msg.decode()
5039 logger.debug("Received SSDP message from %s: %s" % (str(addr), msg))
5040 if "M-SEARCH" not in msg:
5041 raise Exception("Not an M-SEARCH")
5042 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1\r\ncache-control:max-age=1\r\n\r\n", addr)
5043 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
5044 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://127.0.0.1/:foo\r\ncache-control:max-age=1\r\n\r\n", addr)
5045 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
5046 sock.sendto(b"HTTP/1.1 200 OK\r\nST: urn:schemas-wifialliance-org:device:WFADevice:1\r\nlocation:http://255.255.255.255:0/foo.xml\r\ncache-control:max-age=1\r\n\r\n", addr)
5047 ev = dev[0].wait_event(["WPS-ER-AP-REMOVE"], timeout=2)
5048
5049 sock.close()
5050
5051 def test_ap_wps_er_link_update(dev, apdev):
5052 """WPS ER and link update special cases"""
5053 class WPSAPHTTPServer_link_update(WPSAPHTTPServer):
5054 def handle_upnp_info(self):
5055 self.wfile.write(gen_upnp_info(controlURL='/wps_control'))
5056 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_link_update)
5057
5058 class WPSAPHTTPServer_link_update2(WPSAPHTTPServer):
5059 def handle_others(self, data):
5060 if "GET / " in data:
5061 self.wfile.write(gen_upnp_info(controlURL='/wps_control'))
5062 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_link_update2,
5063 location_url='http://127.0.0.1:12345')
5064
5065 def test_ap_wps_er_http_client(dev, apdev):
5066 """WPS ER and HTTP client special cases"""
5067 with alloc_fail(dev[0], 1, "http_link_update"):
5068 run_wps_er_proto_test(dev[0], WPSAPHTTPServer)
5069
5070 with alloc_fail(dev[0], 1, "wpabuf_alloc;http_client_url"):
5071 run_wps_er_proto_test(dev[0], WPSAPHTTPServer, no_event_url=True)
5072
5073 with alloc_fail(dev[0], 1, "httpread_create;http_client_tx_ready"):
5074 run_wps_er_proto_test(dev[0], WPSAPHTTPServer, no_event_url=True)
5075
5076 class WPSAPHTTPServer_req_as_resp(WPSAPHTTPServer):
5077 def handle_upnp_info(self):
5078 self.wfile.write(b"GET / HTTP/1.1\r\n\r\n")
5079 run_wps_er_proto_test(dev[0], WPSAPHTTPServer_req_as_resp,
5080 no_event_url=True)
5081
5082 def test_ap_wps_init_oom(dev, apdev):
5083 """wps_init OOM cases"""
5084 ssid = "test-wps"
5085 appin = "12345670"
5086 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
5087 "ap_pin": appin}
5088 hapd = hostapd.add_ap(apdev[0], params)
5089 pin = dev[0].wps_read_pin()
5090
5091 with alloc_fail(hapd, 1, "wps_init"):
5092 hapd.request("WPS_PIN any " + pin)
5093 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5094 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5095 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5096 if ev is None:
5097 raise Exception("No EAP failure reported")
5098 dev[0].request("WPS_CANCEL")
5099
5100 with alloc_fail(dev[0], 2, "wps_init"):
5101 hapd.request("WPS_PIN any " + pin)
5102 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5103 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5104 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5105 if ev is None:
5106 raise Exception("No EAP failure reported")
5107 dev[0].request("WPS_CANCEL")
5108
5109 with alloc_fail(dev[0], 2, "wps_init"):
5110 hapd.request("WPS_PBC")
5111 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5112 dev[0].request("WPS_PBC %s" % (apdev[0]['bssid']))
5113 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5114 if ev is None:
5115 raise Exception("No EAP failure reported")
5116 dev[0].request("WPS_CANCEL")
5117
5118 dev[0].dump_monitor()
5119 new_ssid = "wps-new-ssid"
5120 new_passphrase = "1234567890"
5121 with alloc_fail(dev[0], 3, "wps_init"):
5122 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
5123 new_passphrase, no_wait=True)
5124 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5125 if ev is None:
5126 raise Exception("No EAP failure reported")
5127
5128 dev[0].flush_scan_cache()
5129
5130 @remote_compatible
5131 def test_ap_wps_invalid_assoc_req_elem(dev, apdev):
5132 """WPS and invalid IE in Association Request frame"""
5133 ssid = "test-wps"
5134 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5135 hapd = hostapd.add_ap(apdev[0], params)
5136 pin = "12345670"
5137 hapd.request("WPS_PIN any " + pin)
5138 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5139 try:
5140 dev[0].request("VENDOR_ELEM_ADD 13 dd050050f20410")
5141 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5142 for i in range(5):
5143 ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=10)
5144 if ev and "vendor=14122" in ev:
5145 break
5146 if ev is None or "vendor=14122" not in ev:
5147 raise Exception("EAP-WSC not started")
5148 dev[0].request("WPS_CANCEL")
5149 finally:
5150 dev[0].request("VENDOR_ELEM_REMOVE 13 *")
5151
5152 def test_ap_wps_pbc_pin_mismatch(dev, apdev):
5153 """WPS PBC/PIN mismatch"""
5154 ssid = "test-wps"
5155 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5156 hapd = hostapd.add_ap(apdev[0], params)
5157 hapd.request("SET wps_version_number 0x10")
5158 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5159 hapd.request("WPS_PBC")
5160 pin = dev[0].wps_read_pin()
5161 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5162 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
5163 if ev is None:
5164 raise Exception("Scan did not complete")
5165 dev[0].request("WPS_CANCEL")
5166
5167 hapd.request("WPS_CANCEL")
5168 dev[0].flush_scan_cache()
5169
5170 @remote_compatible
5171 def test_ap_wps_ie_invalid(dev, apdev):
5172 """WPS PIN attempt with AP that has invalid WSC IE"""
5173 ssid = "test-wps"
5174 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
5175 "vendor_elements": "dd050050f20410"}
5176 hapd = hostapd.add_ap(apdev[0], params)
5177 params = {'ssid': "another", "vendor_elements": "dd050050f20410"}
5178 hostapd.add_ap(apdev[1], params)
5179 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5180 pin = dev[0].wps_read_pin()
5181 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5182 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
5183 if ev is None:
5184 raise Exception("Scan did not complete")
5185 dev[0].request("WPS_CANCEL")
5186
5187 @remote_compatible
5188 def test_ap_wps_scan_prio_order(dev, apdev):
5189 """WPS scan priority ordering"""
5190 ssid = "test-wps"
5191 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5192 hapd = hostapd.add_ap(apdev[0], params)
5193 params = {'ssid': "another", "vendor_elements": "dd050050f20410"}
5194 hostapd.add_ap(apdev[1], params)
5195 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5196 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
5197 pin = dev[0].wps_read_pin()
5198 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5199 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
5200 if ev is None:
5201 raise Exception("Scan did not complete")
5202 dev[0].request("WPS_CANCEL")
5203
5204 def test_ap_wps_probe_req_ie_oom(dev, apdev):
5205 """WPS ProbeReq IE OOM"""
5206 ssid = "test-wps"
5207 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5208 hapd = hostapd.add_ap(apdev[0], params)
5209 pin = dev[0].wps_read_pin()
5210 hapd.request("WPS_PIN any " + pin)
5211 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5212 with alloc_fail(dev[0], 1, "wps_build_probe_req_ie"):
5213 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5214 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
5215 if ev is None:
5216 raise Exception("Association not seen")
5217 dev[0].request("WPS_CANCEL")
5218 dev[0].wait_disconnected()
5219
5220 with alloc_fail(dev[0], 1, "wps_ie_encapsulate"):
5221 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5222 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
5223 if ev is None:
5224 raise Exception("Association not seen")
5225 dev[0].request("WPS_CANCEL")
5226 hapd.disable()
5227 dev[0].request("REMOVE_NETWORK all")
5228 dev[0].wait_disconnected()
5229 time.sleep(0.2)
5230 dev[0].flush_scan_cache()
5231
5232 def test_ap_wps_assoc_req_ie_oom(dev, apdev):
5233 """WPS AssocReq IE OOM"""
5234 ssid = "test-wps"
5235 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5236 hapd = hostapd.add_ap(apdev[0], params)
5237 pin = dev[0].wps_read_pin()
5238 hapd.request("WPS_PIN any " + pin)
5239 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5240 with alloc_fail(dev[0], 1, "wps_build_assoc_req_ie"):
5241 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5242 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
5243 if ev is None:
5244 raise Exception("Association not seen")
5245 dev[0].request("WPS_CANCEL")
5246
5247 def test_ap_wps_assoc_resp_ie_oom(dev, apdev):
5248 """WPS AssocResp IE OOM"""
5249 ssid = "test-wps"
5250 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2"}
5251 hapd = hostapd.add_ap(apdev[0], params)
5252 pin = dev[0].wps_read_pin()
5253 hapd.request("WPS_PIN any " + pin)
5254 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5255 with alloc_fail(hapd, 1, "wps_build_assoc_resp_ie"):
5256 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
5257 ev = hapd.wait_event(["AP-STA-CONNECTED"], timeout=10)
5258 if ev is None:
5259 raise Exception("Association not seen")
5260 dev[0].request("WPS_CANCEL")
5261
5262 @remote_compatible
5263 def test_ap_wps_bss_info_errors(dev, apdev):
5264 """WPS BSS info errors"""
5265 params = {"ssid": "1",
5266 "vendor_elements": "dd0e0050f20410440001ff101100010a"}
5267 hostapd.add_ap(apdev[0], params)
5268 params = {'ssid': "2", "vendor_elements": "dd050050f20410"}
5269 hostapd.add_ap(apdev[1], params)
5270 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5271 dev[0].scan_for_bss(apdev[1]['bssid'], freq="2412")
5272 bss = dev[0].get_bss(apdev[0]['bssid'])
5273 logger.info("BSS: " + str(bss))
5274 if "wps_state" in bss:
5275 raise Exception("Unexpected wps_state in BSS info")
5276 if 'wps_device_name' not in bss:
5277 raise Exception("No wps_device_name in BSS info")
5278 if bss['wps_device_name'] != '_':
5279 raise Exception("Unexpected wps_device_name value")
5280 bss = dev[0].get_bss(apdev[1]['bssid'])
5281 logger.info("BSS: " + str(bss))
5282
5283 with alloc_fail(dev[0], 1, "=wps_attr_text"):
5284 bss = dev[0].get_bss(apdev[0]['bssid'])
5285 logger.info("BSS(OOM): " + str(bss))
5286
5287 def wps_run_pbc_fail_ap(apdev, dev, hapd):
5288 hapd.request("WPS_PBC")
5289 dev.scan_for_bss(apdev['bssid'], freq="2412")
5290 dev.request("WPS_PBC " + apdev['bssid'])
5291 ev = dev.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5292 if ev is None:
5293 raise Exception("No EAP failure reported")
5294 dev.request("WPS_CANCEL")
5295 dev.wait_disconnected()
5296 for i in range(5):
5297 try:
5298 dev.flush_scan_cache()
5299 break
5300 except Exception as e:
5301 if str(e).startswith("Failed to trigger scan"):
5302 # Try again
5303 time.sleep(1)
5304 else:
5305 raise
5306
5307 def wps_run_pbc_fail(apdev, dev):
5308 hapd = wps_start_ap(apdev)
5309 wps_run_pbc_fail_ap(apdev, dev, hapd)
5310
5311 @remote_compatible
5312 def test_ap_wps_pk_oom(dev, apdev):
5313 """WPS and public key OOM"""
5314 with alloc_fail(dev[0], 1, "wps_build_public_key"):
5315 wps_run_pbc_fail(apdev[0], dev[0])
5316
5317 @remote_compatible
5318 def test_ap_wps_pk_oom_ap(dev, apdev):
5319 """WPS and public key OOM on AP"""
5320 hapd = wps_start_ap(apdev[0])
5321 with alloc_fail(hapd, 1, "wps_build_public_key"):
5322 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5323
5324 @remote_compatible
5325 def test_ap_wps_encr_oom_ap(dev, apdev):
5326 """WPS and encrypted settings decryption OOM on AP"""
5327 hapd = wps_start_ap(apdev[0])
5328 pin = dev[0].wps_read_pin()
5329 hapd.request("WPS_PIN any " + pin)
5330 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5331 with alloc_fail(hapd, 1, "wps_decrypt_encr_settings"):
5332 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
5333 ev = hapd.wait_event(["WPS-FAIL"], timeout=10)
5334 if ev is None:
5335 raise Exception("No WPS-FAIL reported")
5336 dev[0].request("WPS_CANCEL")
5337 dev[0].wait_disconnected()
5338
5339 @remote_compatible
5340 def test_ap_wps_encr_no_random_ap(dev, apdev):
5341 """WPS and no random data available for encryption on AP"""
5342 hapd = wps_start_ap(apdev[0])
5343 with fail_test(hapd, 1, "os_get_random;wps_build_encr_settings"):
5344 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5345
5346 @remote_compatible
5347 def test_ap_wps_e_hash_no_random_sta(dev, apdev):
5348 """WPS and no random data available for e-hash on STA"""
5349 with fail_test(dev[0], 1, "os_get_random;wps_build_e_hash"):
5350 wps_run_pbc_fail(apdev[0], dev[0])
5351
5352 @remote_compatible
5353 def test_ap_wps_m1_no_random(dev, apdev):
5354 """WPS and no random for M1 on STA"""
5355 with fail_test(dev[0], 1, "os_get_random;wps_build_m1"):
5356 wps_run_pbc_fail(apdev[0], dev[0])
5357
5358 @remote_compatible
5359 def test_ap_wps_m1_oom(dev, apdev):
5360 """WPS and OOM for M1 on STA"""
5361 with alloc_fail(dev[0], 1, "wps_build_m1"):
5362 wps_run_pbc_fail(apdev[0], dev[0])
5363
5364 @remote_compatible
5365 def test_ap_wps_m3_oom(dev, apdev):
5366 """WPS and OOM for M3 on STA"""
5367 with alloc_fail(dev[0], 1, "wps_build_m3"):
5368 wps_run_pbc_fail(apdev[0], dev[0])
5369
5370 @remote_compatible
5371 def test_ap_wps_m5_oom(dev, apdev):
5372 """WPS and OOM for M5 on STA"""
5373 hapd = wps_start_ap(apdev[0])
5374 hapd.request("WPS_PBC")
5375 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5376 for i in range(1, 3):
5377 with alloc_fail(dev[0], i, "wps_build_m5"):
5378 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5379 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5380 if ev is None:
5381 raise Exception("No EAP failure reported")
5382 dev[0].request("WPS_CANCEL")
5383 dev[0].wait_disconnected()
5384 dev[0].flush_scan_cache()
5385
5386 @remote_compatible
5387 def test_ap_wps_m5_no_random(dev, apdev):
5388 """WPS and no random for M5 on STA"""
5389 with fail_test(dev[0], 1,
5390 "os_get_random;wps_build_encr_settings;wps_build_m5"):
5391 wps_run_pbc_fail(apdev[0], dev[0])
5392
5393 @remote_compatible
5394 def test_ap_wps_m7_oom(dev, apdev):
5395 """WPS and OOM for M7 on STA"""
5396 hapd = wps_start_ap(apdev[0])
5397 hapd.request("WPS_PBC")
5398 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5399 for i in range(1, 3):
5400 with alloc_fail(dev[0], i, "wps_build_m7"):
5401 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
5402 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5403 if ev is None:
5404 raise Exception("No EAP failure reported")
5405 dev[0].request("WPS_CANCEL")
5406 dev[0].wait_disconnected()
5407 dev[0].flush_scan_cache()
5408
5409 @remote_compatible
5410 def test_ap_wps_m7_no_random(dev, apdev):
5411 """WPS and no random for M7 on STA"""
5412 with fail_test(dev[0], 1,
5413 "os_get_random;wps_build_encr_settings;wps_build_m7"):
5414 wps_run_pbc_fail(apdev[0], dev[0])
5415
5416 @remote_compatible
5417 def test_ap_wps_wsc_done_oom(dev, apdev):
5418 """WPS and OOM for WSC_Done on STA"""
5419 with alloc_fail(dev[0], 1, "wps_build_wsc_done"):
5420 wps_run_pbc_fail(apdev[0], dev[0])
5421
5422 def test_ap_wps_random_psk_fail(dev, apdev):
5423 """WPS and no random for PSK on AP"""
5424 ssid = "test-wps"
5425 pskfile = "/tmp/ap_wps_per_enrollee_psk.psk_file"
5426 appin = "12345670"
5427 try:
5428 os.remove(pskfile)
5429 except:
5430 pass
5431
5432 try:
5433 with open(pskfile, "w") as f:
5434 f.write("# WPA PSKs\n")
5435
5436 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
5437 "wpa": "2", "wpa_key_mgmt": "WPA-PSK",
5438 "rsn_pairwise": "CCMP", "ap_pin": appin,
5439 "wpa_psk_file": pskfile}
5440 hapd = hostapd.add_ap(apdev[0], params)
5441
5442 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
5443 with fail_test(hapd, 1, "os_get_random;wps_build_cred_network_key"):
5444 dev[0].request("WPS_REG " + apdev[0]['bssid'] + " " + appin)
5445 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=10)
5446 if ev is None:
5447 raise Exception("No EAP failure reported")
5448 dev[0].request("WPS_CANCEL")
5449 dev[0].wait_disconnected()
5450
5451 with fail_test(hapd, 1, "os_get_random;wps_build_cred"):
5452 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5453
5454 with alloc_fail(hapd, 1, "wps_build_cred"):
5455 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5456
5457 with alloc_fail(hapd, 2, "wps_build_cred"):
5458 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
5459 finally:
5460 os.remove(pskfile)
5461
5462 def wps_ext_eap_identity_req(dev, hapd, bssid):
5463 logger.debug("EAP-Identity/Request")
5464 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5465 if ev is None:
5466 raise Exception("Timeout on EAPOL-TX from hostapd")
5467 res = dev.request("EAPOL_RX " + bssid + " " + ev.split(' ')[2])
5468 if "OK" not in res:
5469 raise Exception("EAPOL_RX to wpa_supplicant failed")
5470
5471 def wps_ext_eap_identity_resp(hapd, dev, addr):
5472 ev = dev.wait_event(["EAPOL-TX"], timeout=10)
5473 if ev is None:
5474 raise Exception("Timeout on EAPOL-TX from wpa_supplicant")
5475 res = hapd.request("EAPOL_RX " + addr + " " + ev.split(' ')[2])
5476 if "OK" not in res:
5477 raise Exception("EAPOL_RX to hostapd failed")
5478
5479 def wps_ext_eap_wsc(dst, src, src_addr, msg):
5480 logger.debug(msg)
5481 ev = src.wait_event(["EAPOL-TX"], timeout=10)
5482 if ev is None:
5483 raise Exception("Timeout on EAPOL-TX")
5484 res = dst.request("EAPOL_RX " + src_addr + " " + ev.split(' ')[2])
5485 if "OK" not in res:
5486 raise Exception("EAPOL_RX failed")
5487
5488 def wps_start_ext(apdev, dev, pbc=False, pin=None):
5489 addr = dev.own_addr()
5490 bssid = apdev['bssid']
5491 ssid = "test-wps-conf"
5492 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
5493 "wpa_passphrase": "12345678", "wpa": "2",
5494 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
5495 hapd = hostapd.add_ap(apdev, params)
5496
5497 if pbc:
5498 hapd.request("WPS_PBC")
5499 else:
5500 if pin is None:
5501 pin = dev.wps_read_pin()
5502 hapd.request("WPS_PIN any " + pin)
5503 dev.scan_for_bss(bssid, freq="2412")
5504 hapd.request("SET ext_eapol_frame_io 1")
5505 dev.request("SET ext_eapol_frame_io 1")
5506
5507 if pbc:
5508 dev.request("WPS_PBC " + bssid)
5509 else:
5510 dev.request("WPS_PIN " + bssid + " " + pin)
5511 return addr, bssid, hapd
5512
5513 def wps_auth_corrupt(dst, src, addr):
5514 ev = src.wait_event(["EAPOL-TX"], timeout=10)
5515 if ev is None:
5516 raise Exception("Timeout on EAPOL-TX")
5517 src.request("SET ext_eapol_frame_io 0")
5518 dst.request("SET ext_eapol_frame_io 0")
5519 msg = ev.split(' ')[2]
5520 if msg[-24:-16] != '10050008':
5521 raise Exception("Could not find Authenticator attribute")
5522 # Corrupt Authenticator value
5523 msg = msg[:-1] + '%x' % ((int(msg[-1], 16) + 1) % 16)
5524 res = dst.request("EAPOL_RX " + addr + " " + msg)
5525 if "OK" not in res:
5526 raise Exception("EAPOL_RX failed")
5527
5528 def wps_fail_finish(hapd, dev, fail_str):
5529 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
5530 if ev is None:
5531 raise Exception("WPS-FAIL not indicated")
5532 if fail_str not in ev:
5533 raise Exception("Unexpected WPS-FAIL value: " + ev)
5534 dev.request("WPS_CANCEL")
5535 dev.wait_disconnected()
5536
5537 def wps_auth_corrupt_from_ap(dev, hapd, bssid, fail_str):
5538 wps_auth_corrupt(dev, hapd, bssid)
5539 wps_fail_finish(hapd, dev, fail_str)
5540
5541 def wps_auth_corrupt_to_ap(dev, hapd, addr, fail_str):
5542 wps_auth_corrupt(hapd, dev, addr)
5543 wps_fail_finish(hapd, dev, fail_str)
5544
5545 def test_ap_wps_authenticator_mismatch_m2(dev, apdev):
5546 """WPS and Authenticator attribute mismatch in M2"""
5547 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5548 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5549 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5550 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5551 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5552 logger.debug("M2")
5553 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=5")
5554
5555 def test_ap_wps_authenticator_mismatch_m3(dev, apdev):
5556 """WPS and Authenticator attribute mismatch in M3"""
5557 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5558 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5559 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5560 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5561 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5562 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5563 logger.debug("M3")
5564 wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=7")
5565
5566 def test_ap_wps_authenticator_mismatch_m4(dev, apdev):
5567 """WPS and Authenticator attribute mismatch in M4"""
5568 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5569 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5570 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5571 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5572 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5573 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5574 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5575 logger.debug("M4")
5576 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=8")
5577
5578 def test_ap_wps_authenticator_mismatch_m5(dev, apdev):
5579 """WPS and Authenticator attribute mismatch in M5"""
5580 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5581 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5582 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5583 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5584 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5585 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5586 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5587 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5588 logger.debug("M5")
5589 wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=9")
5590
5591 def test_ap_wps_authenticator_mismatch_m6(dev, apdev):
5592 """WPS and Authenticator attribute mismatch in M6"""
5593 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5594 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5595 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5596 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5597 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5598 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5599 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5600 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5601 wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
5602 logger.debug("M6")
5603 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=10")
5604
5605 def test_ap_wps_authenticator_mismatch_m7(dev, apdev):
5606 """WPS and Authenticator attribute mismatch in M7"""
5607 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5608 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5609 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5610 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5611 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5612 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5613 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5614 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5615 wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
5616 wps_ext_eap_wsc(dev[0], hapd, bssid, "M6")
5617 logger.debug("M7")
5618 wps_auth_corrupt_to_ap(dev[0], hapd, addr, "msg=11")
5619
5620 def test_ap_wps_authenticator_mismatch_m8(dev, apdev):
5621 """WPS and Authenticator attribute mismatch in M8"""
5622 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5623 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5624 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5625 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5626 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5627 wps_ext_eap_wsc(dev[0], hapd, bssid, "M2")
5628 wps_ext_eap_wsc(hapd, dev[0], addr, "M3")
5629 wps_ext_eap_wsc(dev[0], hapd, bssid, "M4")
5630 wps_ext_eap_wsc(hapd, dev[0], addr, "M5")
5631 wps_ext_eap_wsc(dev[0], hapd, bssid, "M6")
5632 wps_ext_eap_wsc(hapd, dev[0], addr, "M7")
5633 logger.debug("M8")
5634 wps_auth_corrupt_from_ap(dev[0], hapd, bssid, "msg=12")
5635
5636 def test_ap_wps_authenticator_missing_m2(dev, apdev):
5637 """WPS and Authenticator attribute missing from M2"""
5638 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5639 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5640 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5641 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5642 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5643 logger.debug("M2")
5644 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5645 if ev is None:
5646 raise Exception("Timeout on EAPOL-TX")
5647 hapd.request("SET ext_eapol_frame_io 0")
5648 dev[0].request("SET ext_eapol_frame_io 0")
5649 msg = ev.split(' ')[2]
5650 if msg[-24:-16] != '10050008':
5651 raise Exception("Could not find Authenticator attribute")
5652 # Remove Authenticator value
5653 msg = msg[:-24]
5654 mlen = "%04x" % (int(msg[4:8], 16) - 12)
5655 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:]
5656 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5657 if "OK" not in res:
5658 raise Exception("EAPOL_RX failed")
5659 wps_fail_finish(hapd, dev[0], "msg=5")
5660
5661 def test_ap_wps_m2_dev_passwd_id_p2p(dev, apdev):
5662 """WPS and M2 with different Device Password ID (P2P)"""
5663 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5664 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5665 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5666 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5667 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5668 logger.debug("M2")
5669 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5670 if ev is None:
5671 raise Exception("Timeout on EAPOL-TX")
5672 hapd.request("SET ext_eapol_frame_io 0")
5673 dev[0].request("SET ext_eapol_frame_io 0")
5674 msg = ev.split(' ')[2]
5675 if msg[722:730] != '10120002':
5676 raise Exception("Could not find Device Password ID attribute")
5677 # Replace Device Password ID value. This will fail Authenticator check, but
5678 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5679 # log.
5680 msg = msg[0:730] + "0005" + msg[734:]
5681 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5682 if "OK" not in res:
5683 raise Exception("EAPOL_RX failed")
5684 wps_fail_finish(hapd, dev[0], "msg=5")
5685
5686 def test_ap_wps_m2_dev_passwd_id_change_pin_to_pbc(dev, apdev):
5687 """WPS and M2 with different Device Password ID (PIN to PBC)"""
5688 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5689 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5690 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5691 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5692 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5693 logger.debug("M2")
5694 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5695 if ev is None:
5696 raise Exception("Timeout on EAPOL-TX")
5697 hapd.request("SET ext_eapol_frame_io 0")
5698 dev[0].request("SET ext_eapol_frame_io 0")
5699 msg = ev.split(' ')[2]
5700 if msg[722:730] != '10120002':
5701 raise Exception("Could not find Device Password ID attribute")
5702 # Replace Device Password ID value (PIN --> PBC). This will be rejected.
5703 msg = msg[0:730] + "0004" + msg[734:]
5704 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5705 if "OK" not in res:
5706 raise Exception("EAPOL_RX failed")
5707 wps_fail_finish(hapd, dev[0], "msg=5")
5708
5709 def test_ap_wps_m2_dev_passwd_id_change_pbc_to_pin(dev, apdev):
5710 """WPS and M2 with different Device Password ID (PBC to PIN)"""
5711 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5712 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5713 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5714 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5715 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5716 logger.debug("M2")
5717 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5718 if ev is None:
5719 raise Exception("Timeout on EAPOL-TX")
5720 hapd.request("SET ext_eapol_frame_io 0")
5721 dev[0].request("SET ext_eapol_frame_io 0")
5722 msg = ev.split(' ')[2]
5723 if msg[722:730] != '10120002':
5724 raise Exception("Could not find Device Password ID attribute")
5725 # Replace Device Password ID value. This will fail Authenticator check, but
5726 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5727 # log.
5728 msg = msg[0:730] + "0000" + msg[734:]
5729 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5730 if "OK" not in res:
5731 raise Exception("EAPOL_RX failed")
5732 wps_fail_finish(hapd, dev[0], "msg=5")
5733 dev[0].flush_scan_cache()
5734
5735 def test_ap_wps_m2_missing_dev_passwd_id(dev, apdev):
5736 """WPS and M2 without Device Password ID"""
5737 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0])
5738 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5739 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5740 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5741 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5742 logger.debug("M2")
5743 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5744 if ev is None:
5745 raise Exception("Timeout on EAPOL-TX")
5746 hapd.request("SET ext_eapol_frame_io 0")
5747 dev[0].request("SET ext_eapol_frame_io 0")
5748 msg = ev.split(' ')[2]
5749 if msg[722:730] != '10120002':
5750 raise Exception("Could not find Device Password ID attribute")
5751 # Remove Device Password ID value. This will fail Authenticator check, but
5752 # allows the code path in wps_process_dev_pw_id() to be checked from debug
5753 # log.
5754 mlen = "%04x" % (int(msg[4:8], 16) - 6)
5755 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:722] + msg[734:]
5756 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5757 if "OK" not in res:
5758 raise Exception("EAPOL_RX failed")
5759 wps_fail_finish(hapd, dev[0], "msg=5")
5760
5761 def test_ap_wps_m2_missing_registrar_nonce(dev, apdev):
5762 """WPS and M2 without Registrar Nonce"""
5763 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5764 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5765 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5766 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5767 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5768 logger.debug("M2")
5769 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5770 if ev is None:
5771 raise Exception("Timeout on EAPOL-TX")
5772 hapd.request("SET ext_eapol_frame_io 0")
5773 dev[0].request("SET ext_eapol_frame_io 0")
5774 msg = ev.split(' ')[2]
5775 if msg[96:104] != '10390010':
5776 raise Exception("Could not find Registrar Nonce attribute")
5777 # Remove Registrar Nonce. This will fail Authenticator check, but
5778 # allows the code path in wps_process_registrar_nonce() to be checked from
5779 # the debug log.
5780 mlen = "%04x" % (int(msg[4:8], 16) - 20)
5781 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:96] + msg[136:]
5782 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5783 if "OK" not in res:
5784 raise Exception("EAPOL_RX failed")
5785 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5786 if ev is None:
5787 raise Exception("Disconnect event not seen")
5788 dev[0].request("WPS_CANCEL")
5789 dev[0].flush_scan_cache()
5790
5791 def test_ap_wps_m2_missing_enrollee_nonce(dev, apdev):
5792 """WPS and M2 without Enrollee Nonce"""
5793 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5794 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5795 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5796 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5797 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5798 logger.debug("M2")
5799 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5800 if ev is None:
5801 raise Exception("Timeout on EAPOL-TX")
5802 hapd.request("SET ext_eapol_frame_io 0")
5803 dev[0].request("SET ext_eapol_frame_io 0")
5804 msg = ev.split(' ')[2]
5805 if msg[56:64] != '101a0010':
5806 raise Exception("Could not find enrollee Nonce attribute")
5807 # Remove Enrollee Nonce. This will fail Authenticator check, but
5808 # allows the code path in wps_process_enrollee_nonce() to be checked from
5809 # the debug log.
5810 mlen = "%04x" % (int(msg[4:8], 16) - 20)
5811 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:56] + msg[96:]
5812 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5813 if "OK" not in res:
5814 raise Exception("EAPOL_RX failed")
5815 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5816 if ev is None:
5817 raise Exception("Disconnect event not seen")
5818 dev[0].request("WPS_CANCEL")
5819 dev[0].flush_scan_cache()
5820
5821 def test_ap_wps_m2_missing_uuid_r(dev, apdev):
5822 """WPS and M2 without UUID-R"""
5823 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5824 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5825 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5826 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5827 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5828 logger.debug("M2")
5829 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5830 if ev is None:
5831 raise Exception("Timeout on EAPOL-TX")
5832 hapd.request("SET ext_eapol_frame_io 0")
5833 dev[0].request("SET ext_eapol_frame_io 0")
5834 msg = ev.split(' ')[2]
5835 if msg[136:144] != '10480010':
5836 raise Exception("Could not find enrollee Nonce attribute")
5837 # Remove UUID-R. This will fail Authenticator check, but allows the code
5838 # path in wps_process_uuid_r() to be checked from the debug log.
5839 mlen = "%04x" % (int(msg[4:8], 16) - 20)
5840 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:136] + msg[176:]
5841 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5842 if "OK" not in res:
5843 raise Exception("EAPOL_RX failed")
5844 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5845 if ev is None:
5846 raise Exception("Disconnect event not seen")
5847 dev[0].request("WPS_CANCEL")
5848 dev[0].flush_scan_cache()
5849
5850 def test_ap_wps_m2_invalid(dev, apdev):
5851 """WPS and M2 parsing failure"""
5852 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5853 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5854 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5855 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5856 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5857 logger.debug("M2")
5858 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5859 if ev is None:
5860 raise Exception("Timeout on EAPOL-TX")
5861 hapd.request("SET ext_eapol_frame_io 0")
5862 dev[0].request("SET ext_eapol_frame_io 0")
5863 msg = ev.split(' ')[2]
5864 if msg[136:144] != '10480010':
5865 raise Exception("Could not find enrollee Nonce attribute")
5866 # Remove UUID-R. This will fail Authenticator check, but allows the code
5867 # path in wps_process_uuid_r() to be checked from the debug log.
5868 mlen = "%04x" % (int(msg[4:8], 16) - 1)
5869 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:-2]
5870 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5871 if "OK" not in res:
5872 raise Exception("EAPOL_RX failed")
5873 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5874 if ev is None:
5875 raise Exception("Disconnect event not seen")
5876 dev[0].request("WPS_CANCEL")
5877 dev[0].flush_scan_cache()
5878
5879 def test_ap_wps_m2_missing_msg_type(dev, apdev):
5880 """WPS and M2 without Message Type"""
5881 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5882 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5883 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5884 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5885 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5886 logger.debug("M2")
5887 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5888 if ev is None:
5889 raise Exception("Timeout on EAPOL-TX")
5890 hapd.request("SET ext_eapol_frame_io 0")
5891 dev[0].request("SET ext_eapol_frame_io 0")
5892 msg = ev.split(' ')[2]
5893 if msg[46:54] != '10220001':
5894 raise Exception("Could not find Message Type attribute")
5895 # Remove Message Type. This will fail Authenticator check, but allows the
5896 # code path in wps_process_wsc_msg() to be checked from the debug log.
5897 mlen = "%04x" % (int(msg[4:8], 16) - 5)
5898 msg = msg[0:4] + mlen + msg[8:12] + mlen + msg[16:46] + msg[56:]
5899 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5900 if "OK" not in res:
5901 raise Exception("EAPOL_RX failed")
5902 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5903 if ev is None:
5904 raise Exception("Disconnect event not seen")
5905 dev[0].request("WPS_CANCEL")
5906 dev[0].flush_scan_cache()
5907
5908 def test_ap_wps_m2_unknown_msg_type(dev, apdev):
5909 """WPS and M2 but unknown Message Type"""
5910 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5911 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5912 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5913 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5914 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5915 logger.debug("M2")
5916 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5917 if ev is None:
5918 raise Exception("Timeout on EAPOL-TX")
5919 hapd.request("SET ext_eapol_frame_io 0")
5920 dev[0].request("SET ext_eapol_frame_io 0")
5921 msg = ev.split(' ')[2]
5922 if msg[46:54] != '10220001':
5923 raise Exception("Could not find Message Type attribute")
5924 # Replace Message Type value. This will be rejected.
5925 msg = msg[0:54] + "00" + msg[56:]
5926 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5927 if "OK" not in res:
5928 raise Exception("EAPOL_RX failed")
5929 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECT"], timeout=5)
5930 if ev is None:
5931 raise Exception("Disconnect event not seen")
5932 dev[0].request("WPS_CANCEL")
5933 dev[0].flush_scan_cache()
5934
5935 def test_ap_wps_m2_unknown_opcode(dev, apdev):
5936 """WPS and M2 but unknown opcode"""
5937 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5938 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5939 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5940 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5941 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5942 logger.debug("M2")
5943 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5944 if ev is None:
5945 raise Exception("Timeout on EAPOL-TX")
5946 hapd.request("SET ext_eapol_frame_io 0")
5947 dev[0].request("SET ext_eapol_frame_io 0")
5948 msg = ev.split(' ')[2]
5949 # Replace opcode. This will be discarded in EAP-WSC processing.
5950 msg = msg[0:32] + "00" + msg[34:]
5951 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5952 if "OK" not in res:
5953 raise Exception("EAPOL_RX failed")
5954 dev[0].request("WPS_CANCEL")
5955 dev[0].wait_disconnected()
5956 dev[0].flush_scan_cache()
5957
5958 def test_ap_wps_m2_unknown_opcode2(dev, apdev):
5959 """WPS and M2 but unknown opcode (WSC_Start)"""
5960 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5961 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5962 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5963 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5964 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5965 logger.debug("M2")
5966 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5967 if ev is None:
5968 raise Exception("Timeout on EAPOL-TX")
5969 hapd.request("SET ext_eapol_frame_io 0")
5970 dev[0].request("SET ext_eapol_frame_io 0")
5971 msg = ev.split(' ')[2]
5972 # Replace opcode. This will be discarded in EAP-WSC processing.
5973 msg = msg[0:32] + "01" + msg[34:]
5974 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5975 if "OK" not in res:
5976 raise Exception("EAPOL_RX failed")
5977 dev[0].request("WPS_CANCEL")
5978 dev[0].wait_disconnected()
5979 dev[0].flush_scan_cache()
5980
5981 def test_ap_wps_m2_unknown_opcode3(dev, apdev):
5982 """WPS and M2 but unknown opcode (WSC_Done)"""
5983 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
5984 wps_ext_eap_identity_req(dev[0], hapd, bssid)
5985 wps_ext_eap_identity_resp(hapd, dev[0], addr)
5986 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
5987 wps_ext_eap_wsc(hapd, dev[0], addr, "M1")
5988 logger.debug("M2")
5989 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
5990 if ev is None:
5991 raise Exception("Timeout on EAPOL-TX")
5992 hapd.request("SET ext_eapol_frame_io 0")
5993 dev[0].request("SET ext_eapol_frame_io 0")
5994 msg = ev.split(' ')[2]
5995 # Replace opcode. This will be discarded in WPS Enrollee processing.
5996 msg = msg[0:32] + "05" + msg[34:]
5997 res = dev[0].request("EAPOL_RX " + bssid + " " + msg)
5998 if "OK" not in res:
5999 raise Exception("EAPOL_RX failed")
6000 dev[0].request("WPS_CANCEL")
6001 dev[0].wait_disconnected()
6002 dev[0].flush_scan_cache()
6003
6004 def wps_m2_but_other(dev, apdev, title, msgtype):
6005 addr, bssid, hapd = wps_start_ext(apdev, dev)
6006 wps_ext_eap_identity_req(dev, hapd, bssid)
6007 wps_ext_eap_identity_resp(hapd, dev, addr)
6008 wps_ext_eap_wsc(dev, hapd, bssid, "EAP-WSC/Start")
6009 wps_ext_eap_wsc(hapd, dev, addr, "M1")
6010 logger.debug(title)
6011 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
6012 if ev is None:
6013 raise Exception("Timeout on EAPOL-TX")
6014 hapd.request("SET ext_eapol_frame_io 0")
6015 dev.request("SET ext_eapol_frame_io 0")
6016 msg = ev.split(' ')[2]
6017 if msg[46:54] != '10220001':
6018 raise Exception("Could not find Message Type attribute")
6019 # Replace Message Type value. This will be rejected.
6020 msg = msg[0:54] + msgtype + msg[56:]
6021 res = dev.request("EAPOL_RX " + bssid + " " + msg)
6022 if "OK" not in res:
6023 raise Exception("EAPOL_RX failed")
6024 ev = dev.wait_event(["WPS-FAIL"], timeout=5)
6025 if ev is None:
6026 raise Exception("WPS-FAIL event not seen")
6027 dev.request("WPS_CANCEL")
6028 dev.wait_disconnected()
6029
6030 def wps_m4_but_other(dev, apdev, title, msgtype):
6031 addr, bssid, hapd = wps_start_ext(apdev, dev)
6032 wps_ext_eap_identity_req(dev, hapd, bssid)
6033 wps_ext_eap_identity_resp(hapd, dev, addr)
6034 wps_ext_eap_wsc(dev, hapd, bssid, "EAP-WSC/Start")
6035 wps_ext_eap_wsc(hapd, dev, addr, "M1")
6036 wps_ext_eap_wsc(dev, hapd, bssid, "M2")
6037 wps_ext_eap_wsc(hapd, dev, addr, "M3")
6038 logger.debug(title)
6039 ev = hapd.wait_event(["EAPOL-TX"], timeout=10)
6040 if ev is None:
6041 raise Exception("Timeout on EAPOL-TX")
6042 hapd.request("SET ext_eapol_frame_io 0")
6043 dev.request("SET ext_eapol_frame_io 0")
6044 msg = ev.split(' ')[2]
6045 if msg[46:54] != '10220001':
6046 raise Exception("Could not find Message Type attribute")
6047 # Replace Message Type value. This will be rejected.
6048 msg = msg[0:54] + msgtype + msg[56:]
6049 res = dev.request("EAPOL_RX " + bssid + " " + msg)
6050 if "OK" not in res:
6051 raise Exception("EAPOL_RX failed")
6052 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
6053 if ev is None:
6054 raise Exception("WPS-FAIL event not seen")
6055 dev.request("WPS_CANCEL")
6056 dev.wait_disconnected()
6057
6058 def test_ap_wps_m2_msg_type_m4(dev, apdev):
6059 """WPS and M2 but Message Type M4"""
6060 wps_m2_but_other(dev[0], apdev[0], "M2/M4", "08")
6061
6062 def test_ap_wps_m2_msg_type_m6(dev, apdev):
6063 """WPS and M2 but Message Type M6"""
6064 wps_m2_but_other(dev[0], apdev[0], "M2/M6", "0a")
6065
6066 def test_ap_wps_m2_msg_type_m8(dev, apdev):
6067 """WPS and M2 but Message Type M8"""
6068 wps_m2_but_other(dev[0], apdev[0], "M2/M8", "0c")
6069
6070 def test_ap_wps_m4_msg_type_m2(dev, apdev):
6071 """WPS and M4 but Message Type M2"""
6072 wps_m4_but_other(dev[0], apdev[0], "M4/M2", "05")
6073
6074 def test_ap_wps_m4_msg_type_m2d(dev, apdev):
6075 """WPS and M4 but Message Type M2D"""
6076 wps_m4_but_other(dev[0], apdev[0], "M4/M2D", "06")
6077
6078 @remote_compatible
6079 def test_ap_wps_config_methods(dev, apdev):
6080 """WPS configuration method parsing"""
6081 ssid = "test-wps-conf"
6082 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
6083 "wpa_passphrase": "12345678", "wpa": "2",
6084 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
6085 "config_methods": "ethernet display ext_nfc_token int_nfc_token physical_display physical_push_button"}
6086 hapd = hostapd.add_ap(apdev[0], params)
6087 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
6088 "wpa_passphrase": "12345678", "wpa": "2",
6089 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
6090 "config_methods": "display push_button"}
6091 hapd2 = hostapd.add_ap(apdev[1], params)
6092
6093 def test_ap_wps_set_selected_registrar_proto(dev, apdev):
6094 """WPS UPnP SetSelectedRegistrar protocol testing"""
6095 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
6096 hapd = add_ssdp_ap(apdev[0], ap_uuid)
6097
6098 location = ssdp_get_location(ap_uuid)
6099 urls = upnp_get_urls(location)
6100 eventurl = urlparse(urls['event_sub_url'])
6101 ctrlurl = urlparse(urls['control_url'])
6102 url = urlparse(location)
6103 conn = HTTPConnection(url.netloc)
6104
6105 class WPSERHTTPServer(StreamRequestHandler):
6106 def handle(self):
6107 data = self.rfile.readline().strip()
6108 logger.debug(data)
6109 self.wfile.write(gen_wps_event())
6110
6111 server = MyTCPServer(("127.0.0.1", 12345), WPSERHTTPServer)
6112 server.timeout = 1
6113
6114 headers = {"callback": '<http://127.0.0.1:12345/event>',
6115 "NT": "upnp:event",
6116 "timeout": "Second-1234"}
6117 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
6118 resp = conn.getresponse()
6119 if resp.status != 200:
6120 raise Exception("Unexpected HTTP response: %d" % resp.status)
6121 sid = resp.getheader("sid")
6122 logger.debug("Subscription SID " + sid)
6123 server.handle_request()
6124
6125 tests = [(500, "10"),
6126 (200, "104a000110" + "1041000101" + "101200020000" +
6127 "105300023148" +
6128 "1049002c00372a0001200124111111111111222222222222333333333333444444444444555555555555666666666666" +
6129 "10480010362db47ba53a519188fb5458b986b2e4"),
6130 (200, "104a000110" + "1041000100" + "101200020000" +
6131 "105300020000"),
6132 (200, "104a000110" + "1041000100"),
6133 (200, "104a000110")]
6134 for status, test in tests:
6135 tlvs = binascii.unhexlify(test)
6136 newmsg = base64.b64encode(tlvs).decode()
6137 msg = '<?xml version="1.0"?>\n'
6138 msg += '<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">'
6139 msg += '<s:Body>'
6140 msg += '<u:SetSelectedRegistrar xmlns:u="urn:schemas-wifialliance-org:service:WFAWLANConfig:1">'
6141 msg += '<NewMessage>'
6142 msg += newmsg
6143 msg += "</NewMessage></u:SetSelectedRegistrar></s:Body></s:Envelope>"
6144 headers = {"Content-type": 'text/xml; charset="utf-8"'}
6145 headers["SOAPAction"] = '"urn:schemas-wifialliance-org:service:WFAWLANConfig:1#%s"' % "SetSelectedRegistrar"
6146 conn.request("POST", ctrlurl.path, msg, headers)
6147 resp = conn.getresponse()
6148 if resp.status != status:
6149 raise Exception("Unexpected HTTP response: %d (expected %d)" % (resp.status, status))
6150
6151 def test_ap_wps_adv_oom(dev, apdev):
6152 """WPS AP and advertisement OOM"""
6153 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
6154 hapd = add_ssdp_ap(apdev[0], ap_uuid)
6155
6156 with alloc_fail(hapd, 1, "=msearchreply_state_machine_start"):
6157 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
6158 no_recv=True)
6159 time.sleep(0.2)
6160
6161 with alloc_fail(hapd, 1, "eloop_register_timeout;msearchreply_state_machine_start"):
6162 ssdp_send_msearch("urn:schemas-wifialliance-org:service:WFAWLANConfig:1",
6163 no_recv=True)
6164 time.sleep(0.2)
6165
6166 with alloc_fail(hapd, 1,
6167 "next_advertisement;advertisement_state_machine_stop"):
6168 hapd.disable()
6169
6170 with alloc_fail(hapd, 1, "ssdp_listener_start"):
6171 if "FAIL" not in hapd.request("ENABLE"):
6172 raise Exception("ENABLE succeeded during OOM")
6173
6174 def test_wps_config_methods(dev):
6175 """WPS config method update"""
6176 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
6177 wpas.interface_add("wlan5")
6178 if "OK" not in wpas.request("SET config_methods display label"):
6179 raise Exception("Failed to set config_methods")
6180 if wpas.request("GET config_methods").strip() != "display label":
6181 raise Exception("config_methods were not updated")
6182 if "OK" not in wpas.request("SET config_methods "):
6183 raise Exception("Failed to clear config_methods")
6184 if wpas.request("GET config_methods").strip() != "":
6185 raise Exception("config_methods were not cleared")
6186
6187 WPS_VENDOR_ID_WFA = 14122
6188 WPS_VENDOR_TYPE = 1
6189
6190 # EAP-WSC Op-Code values
6191 WSC_Start = 0x01
6192 WSC_ACK = 0x02
6193 WSC_NACK = 0x03
6194 WSC_MSG = 0x04
6195 WSC_Done = 0x05
6196 WSC_FRAG_ACK = 0x06
6197
6198 ATTR_AP_CHANNEL = 0x1001
6199 ATTR_ASSOC_STATE = 0x1002
6200 ATTR_AUTH_TYPE = 0x1003
6201 ATTR_AUTH_TYPE_FLAGS = 0x1004
6202 ATTR_AUTHENTICATOR = 0x1005
6203 ATTR_CONFIG_METHODS = 0x1008
6204 ATTR_CONFIG_ERROR = 0x1009
6205 ATTR_CONFIRM_URL4 = 0x100a
6206 ATTR_CONFIRM_URL6 = 0x100b
6207 ATTR_CONN_TYPE = 0x100c
6208 ATTR_CONN_TYPE_FLAGS = 0x100d
6209 ATTR_CRED = 0x100e
6210 ATTR_ENCR_TYPE = 0x100f
6211 ATTR_ENCR_TYPE_FLAGS = 0x1010
6212 ATTR_DEV_NAME = 0x1011
6213 ATTR_DEV_PASSWORD_ID = 0x1012
6214 ATTR_E_HASH1 = 0x1014
6215 ATTR_E_HASH2 = 0x1015
6216 ATTR_E_SNONCE1 = 0x1016
6217 ATTR_E_SNONCE2 = 0x1017
6218 ATTR_ENCR_SETTINGS = 0x1018
6219 ATTR_ENROLLEE_NONCE = 0x101a
6220 ATTR_FEATURE_ID = 0x101b
6221 ATTR_IDENTITY = 0x101c
6222 ATTR_IDENTITY_PROOF = 0x101d
6223 ATTR_KEY_WRAP_AUTH = 0x101e
6224 ATTR_KEY_ID = 0x101f
6225 ATTR_MAC_ADDR = 0x1020
6226 ATTR_MANUFACTURER = 0x1021
6227 ATTR_MSG_TYPE = 0x1022
6228 ATTR_MODEL_NAME = 0x1023
6229 ATTR_MODEL_NUMBER = 0x1024
6230 ATTR_NETWORK_INDEX = 0x1026
6231 ATTR_NETWORK_KEY = 0x1027
6232 ATTR_NETWORK_KEY_INDEX = 0x1028
6233 ATTR_NEW_DEVICE_NAME = 0x1029
6234 ATTR_NEW_PASSWORD = 0x102a
6235 ATTR_OOB_DEVICE_PASSWORD = 0x102c
6236 ATTR_OS_VERSION = 0x102d
6237 ATTR_POWER_LEVEL = 0x102f
6238 ATTR_PSK_CURRENT = 0x1030
6239 ATTR_PSK_MAX = 0x1031
6240 ATTR_PUBLIC_KEY = 0x1032
6241 ATTR_RADIO_ENABLE = 0x1033
6242 ATTR_REBOOT = 0x1034
6243 ATTR_REGISTRAR_CURRENT = 0x1035
6244 ATTR_REGISTRAR_ESTABLISHED = 0x1036
6245 ATTR_REGISTRAR_LIST = 0x1037
6246 ATTR_REGISTRAR_MAX = 0x1038
6247 ATTR_REGISTRAR_NONCE = 0x1039
6248 ATTR_REQUEST_TYPE = 0x103a
6249 ATTR_RESPONSE_TYPE = 0x103b
6250 ATTR_RF_BANDS = 0x103c
6251 ATTR_R_HASH1 = 0x103d
6252 ATTR_R_HASH2 = 0x103e
6253 ATTR_R_SNONCE1 = 0x103f
6254 ATTR_R_SNONCE2 = 0x1040
6255 ATTR_SELECTED_REGISTRAR = 0x1041
6256 ATTR_SERIAL_NUMBER = 0x1042
6257 ATTR_WPS_STATE = 0x1044
6258 ATTR_SSID = 0x1045
6259 ATTR_TOTAL_NETWORKS = 0x1046
6260 ATTR_UUID_E = 0x1047
6261 ATTR_UUID_R = 0x1048
6262 ATTR_VENDOR_EXT = 0x1049
6263 ATTR_VERSION = 0x104a
6264 ATTR_X509_CERT_REQ = 0x104b
6265 ATTR_X509_CERT = 0x104c
6266 ATTR_EAP_IDENTITY = 0x104d
6267 ATTR_MSG_COUNTER = 0x104e
6268 ATTR_PUBKEY_HASH = 0x104f
6269 ATTR_REKEY_KEY = 0x1050
6270 ATTR_KEY_LIFETIME = 0x1051
6271 ATTR_PERMITTED_CFG_METHODS = 0x1052
6272 ATTR_SELECTED_REGISTRAR_CONFIG_METHODS = 0x1053
6273 ATTR_PRIMARY_DEV_TYPE = 0x1054
6274 ATTR_SECONDARY_DEV_TYPE_LIST = 0x1055
6275 ATTR_PORTABLE_DEV = 0x1056
6276 ATTR_AP_SETUP_LOCKED = 0x1057
6277 ATTR_APPLICATION_EXT = 0x1058
6278 ATTR_EAP_TYPE = 0x1059
6279 ATTR_IV = 0x1060
6280 ATTR_KEY_PROVIDED_AUTO = 0x1061
6281 ATTR_802_1X_ENABLED = 0x1062
6282 ATTR_APPSESSIONKEY = 0x1063
6283 ATTR_WEPTRANSMITKEY = 0x1064
6284 ATTR_REQUESTED_DEV_TYPE = 0x106a
6285
6286 # Message Type
6287 WPS_Beacon = 0x01
6288 WPS_ProbeRequest = 0x02
6289 WPS_ProbeResponse = 0x03
6290 WPS_M1 = 0x04
6291 WPS_M2 = 0x05
6292 WPS_M2D = 0x06
6293 WPS_M3 = 0x07
6294 WPS_M4 = 0x08
6295 WPS_M5 = 0x09
6296 WPS_M6 = 0x0a
6297 WPS_M7 = 0x0b
6298 WPS_M8 = 0x0c
6299 WPS_WSC_ACK = 0x0d
6300 WPS_WSC_NACK = 0x0e
6301 WPS_WSC_DONE = 0x0f
6302
6303 def get_wsc_msg(dev):
6304 ev = dev.wait_event(["EAPOL-TX"], timeout=10)
6305 if ev is None:
6306 raise Exception("Timeout on EAPOL-TX")
6307 data = binascii.unhexlify(ev.split(' ')[2])
6308 msg = {}
6309
6310 # Parse EAPOL header
6311 if len(data) < 4:
6312 raise Exception("No room for EAPOL header")
6313 version, type, length = struct.unpack('>BBH', data[0:4])
6314 msg['eapol_version'] = version
6315 msg['eapol_type'] = type
6316 msg['eapol_length'] = length
6317 data = data[4:]
6318 if length != len(data):
6319 raise Exception("EAPOL header length mismatch (%d != %d)" % (length, len(data)))
6320 if type != 0:
6321 raise Exception("Unexpected EAPOL header type: %d" % type)
6322
6323 # Parse EAP header
6324 if len(data) < 4:
6325 raise Exception("No room for EAP header")
6326 code, identifier, length = struct.unpack('>BBH', data[0:4])
6327 msg['eap_code'] = code
6328 msg['eap_identifier'] = identifier
6329 msg['eap_length'] = length
6330 data = data[4:]
6331 if msg['eapol_length'] != msg['eap_length']:
6332 raise Exception("EAP header length mismatch (%d != %d)" % (msg['eapol_length'], length))
6333
6334 # Parse EAP expanded header
6335 if len(data) < 1:
6336 raise Exception("No EAP type included")
6337 msg['eap_type'], = struct.unpack('B', data[0:1])
6338 data = data[1:]
6339
6340 if msg['eap_type'] == 254:
6341 if len(data) < 3 + 4:
6342 raise Exception("Truncated EAP expanded header")
6343 msg['eap_vendor_id'], msg['eap_vendor_type'] = struct.unpack('>LL', b'\x00' + data[0:7])
6344 data = data[7:]
6345 else:
6346 raise Exception("Unexpected EAP type")
6347
6348 if msg['eap_vendor_id'] != WPS_VENDOR_ID_WFA:
6349 raise Exception("Unexpected Vendor-Id")
6350 if msg['eap_vendor_type'] != WPS_VENDOR_TYPE:
6351 raise Exception("Unexpected Vendor-Type")
6352
6353 # Parse EAP-WSC header
6354 if len(data) < 2:
6355 raise Exception("Truncated EAP-WSC header")
6356 msg['wsc_opcode'], msg['wsc_flags'] = struct.unpack('BB', data[0:2])
6357 data = data[2:]
6358
6359 # Parse WSC attributes
6360 msg['raw_attrs'] = data
6361 attrs = {}
6362 while len(data) > 0:
6363 if len(data) < 4:
6364 raise Exception("Truncated attribute header")
6365 attr, length = struct.unpack('>HH', data[0:4])
6366 data = data[4:]
6367 if length > len(data):
6368 raise Exception("Truncated attribute 0x%04x" % attr)
6369 attrs[attr] = data[0:length]
6370 data = data[length:]
6371 msg['wsc_attrs'] = attrs
6372
6373 if ATTR_MSG_TYPE in attrs:
6374 msg['wsc_msg_type'], = struct.unpack('B', attrs[ATTR_MSG_TYPE])
6375
6376 return msg
6377
6378 def recv_wsc_msg(dev, opcode, msg_type):
6379 msg = get_wsc_msg(dev)
6380 if msg['wsc_opcode'] != opcode or msg['wsc_msg_type'] != msg_type:
6381 raise Exception("Unexpected Op-Code/MsgType")
6382 return msg, msg['wsc_attrs'], msg['raw_attrs']
6383
6384 def build_wsc_attr(attr, payload):
6385 _payload = payload if type(payload) == bytes else payload.encode()
6386 return struct.pack('>HH', attr, len(_payload)) + _payload
6387
6388 def build_attr_msg_type(msg_type):
6389 return build_wsc_attr(ATTR_MSG_TYPE, struct.pack('B', msg_type))
6390
6391 def build_eap_wsc(eap_code, eap_id, payload, opcode=WSC_MSG):
6392 length = 4 + 8 + 2 + len(payload)
6393 # EAPOL header
6394 msg = struct.pack('>BBH', 2, 0, length)
6395 # EAP header
6396 msg += struct.pack('>BBH', eap_code, eap_id, length)
6397 # EAP expanded header for EAP-WSC
6398 msg += struct.pack('B', 254)
6399 msg += struct.pack('>L', WPS_VENDOR_ID_WFA)[1:4]
6400 msg += struct.pack('>L', WPS_VENDOR_TYPE)
6401 # EAP-WSC header
6402 msg += struct.pack('BB', opcode, 0)
6403 # WSC attributes
6404 msg += payload
6405 return msg
6406
6407 def build_eap_success(eap_id):
6408 length = 4
6409 # EAPOL header
6410 msg = struct.pack('>BBH', 2, 0, length)
6411 # EAP header
6412 msg += struct.pack('>BBH', 3, eap_id, length)
6413 return msg
6414
6415 def build_eap_failure(eap_id):
6416 length = 4
6417 # EAPOL header
6418 msg = struct.pack('>BBH', 2, 0, length)
6419 # EAP header
6420 msg += struct.pack('>BBH', 4, eap_id, length)
6421 return msg
6422
6423 def send_wsc_msg(dev, src, msg):
6424 res = dev.request("EAPOL_RX " + src + " " + binascii.hexlify(msg).decode())
6425 if "OK" not in res:
6426 raise Exception("EAPOL_RX failed")
6427
6428 group_5_prime = 0xFFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA237327FFFFFFFFFFFFFFFF
6429 group_5_generator = 2
6430
6431 def wsc_kdf(key, label, bits):
6432 result = b''
6433 i = 1
6434 while len(result) * 8 < bits:
6435 data = struct.pack('>L', i) + label.encode() + struct.pack('>L', bits)
6436 m = hmac.new(key, data, hashlib.sha256)
6437 result += m.digest()
6438 i += 1
6439 return result[0:bits // 8]
6440
6441 def wsc_keys(kdk):
6442 keys = wsc_kdf(kdk, "Wi-Fi Easy and Secure Key Derivation", 640)
6443 authkey = keys[0:32]
6444 keywrapkey = keys[32:48]
6445 emsk = keys[48:80]
6446 return authkey, keywrapkey, emsk
6447
6448 def wsc_dev_pw_half_psk(authkey, dev_pw):
6449 m = hmac.new(authkey, dev_pw.encode(), hashlib.sha256)
6450 return m.digest()[0:16]
6451
6452 def wsc_dev_pw_psk(authkey, dev_pw):
6453 dev_pw_1 = dev_pw[0:len(dev_pw) // 2]
6454 dev_pw_2 = dev_pw[len(dev_pw) // 2:]
6455 psk1 = wsc_dev_pw_half_psk(authkey, dev_pw_1)
6456 psk2 = wsc_dev_pw_half_psk(authkey, dev_pw_2)
6457 return psk1, psk2
6458
6459 def build_attr_authenticator(authkey, prev_msg, curr_msg):
6460 m = hmac.new(authkey, prev_msg + curr_msg, hashlib.sha256)
6461 auth = m.digest()[0:8]
6462 return build_wsc_attr(ATTR_AUTHENTICATOR, auth)
6463
6464 def build_attr_encr_settings(authkey, keywrapkey, data):
6465 m = hmac.new(authkey, data, hashlib.sha256)
6466 kwa = m.digest()[0:8]
6467 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
6468 iv = 16*b'\x99'
6469 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6470 pad_len = 16 - len(data) % 16
6471 ps = pad_len * struct.pack('B', pad_len)
6472 data += ps
6473 wrapped = aes.encrypt(data)
6474 return build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6475
6476 def decrypt_attr_encr_settings(authkey, keywrapkey, data):
6477 if len(data) < 32 or len(data) % 16 != 0:
6478 raise Exception("Unexpected Encrypted Settings length: %d" % len(data))
6479 iv = data[0:16]
6480 encr = data[16:]
6481 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6482 decrypted = aes.decrypt(encr)
6483 pad_len, = struct.unpack('B', decrypted[-1:])
6484 if pad_len > len(decrypted):
6485 raise Exception("Invalid padding in Encrypted Settings")
6486 for i in range(-pad_len, -1):
6487 if decrypted[i] != decrypted[-1]:
6488 raise Exception("Invalid PS value in Encrypted Settings")
6489
6490 decrypted = decrypted[0:len(decrypted) - pad_len]
6491 if len(decrypted) < 12:
6492 raise Exception("Truncated Encrypted Settings plaintext")
6493 kwa = decrypted[-12:]
6494 attr, length = struct.unpack(">HH", kwa[0:4])
6495 if attr != ATTR_KEY_WRAP_AUTH or length != 8:
6496 raise Exception("Invalid KWA header")
6497 kwa = kwa[4:]
6498 decrypted = decrypted[0:len(decrypted) - 12]
6499
6500 m = hmac.new(authkey, decrypted, hashlib.sha256)
6501 calc_kwa = m.digest()[0:8]
6502 if kwa != calc_kwa:
6503 raise Exception("KWA mismatch")
6504
6505 return decrypted
6506
6507 def zeropad_str(val, pad_len):
6508 while len(val) < pad_len * 2:
6509 val = '0' + val
6510 return val
6511
6512 def wsc_dh_init():
6513 # For now, use a hardcoded private key. In theory, this is supposed to be
6514 # randomly selected.
6515 own_private = 0x123456789
6516 own_public = pow(group_5_generator, own_private, group_5_prime)
6517 pk = binascii.unhexlify(zeropad_str(format(own_public, '02x'), 192))
6518 return own_private, pk
6519
6520 def wsc_dh_kdf(peer_pk, own_private, mac_addr, e_nonce, r_nonce):
6521 peer_public = int(binascii.hexlify(peer_pk), 16)
6522 if peer_public < 2 or peer_public >= group_5_prime:
6523 raise Exception("Invalid peer public key")
6524 if pow(peer_public, (group_5_prime - 1) // 2, group_5_prime) != 1:
6525 raise Exception("Unexpected Legendre symbol for peer public key")
6526
6527 shared_secret = pow(peer_public, own_private, group_5_prime)
6528 ss = zeropad_str(format(shared_secret, "02x"), 192)
6529 logger.debug("DH shared secret: " + ss)
6530
6531 dhkey = hashlib.sha256(binascii.unhexlify(ss)).digest()
6532 logger.debug("DHKey: " + binascii.hexlify(dhkey).decode())
6533
6534 m = hmac.new(dhkey, e_nonce + mac_addr + r_nonce, hashlib.sha256)
6535 kdk = m.digest()
6536 logger.debug("KDK: " + binascii.hexlify(kdk).decode())
6537 authkey, keywrapkey, emsk = wsc_keys(kdk)
6538 logger.debug("AuthKey: " + binascii.hexlify(authkey).decode())
6539 logger.debug("KeyWrapKey: " + binascii.hexlify(keywrapkey).decode())
6540 logger.debug("EMSK: " + binascii.hexlify(emsk).decode())
6541 return authkey, keywrapkey
6542
6543 def wsc_dev_pw_hash(authkey, dev_pw, e_pk, r_pk):
6544 psk1, psk2 = wsc_dev_pw_psk(authkey, dev_pw)
6545 logger.debug("PSK1: " + binascii.hexlify(psk1).decode())
6546 logger.debug("PSK2: " + binascii.hexlify(psk2).decode())
6547
6548 # Note: Secret values are supposed to be random, but hardcoded values are
6549 # fine for testing.
6550 s1 = 16*b'\x77'
6551 m = hmac.new(authkey, s1 + psk1 + e_pk + r_pk, hashlib.sha256)
6552 hash1 = m.digest()
6553 logger.debug("Hash1: " + binascii.hexlify(hash1).decode())
6554
6555 s2 = 16*b'\x88'
6556 m = hmac.new(authkey, s2 + psk2 + e_pk + r_pk, hashlib.sha256)
6557 hash2 = m.digest()
6558 logger.debug("Hash2: " + binascii.hexlify(hash2).decode())
6559 return s1, s2, hash1, hash2
6560
6561 def build_m1(eap_id, uuid_e, mac_addr, e_nonce, e_pk,
6562 manufacturer='', model_name='', config_methods='\x00\x00'):
6563 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6564 attrs += build_attr_msg_type(WPS_M1)
6565 attrs += build_wsc_attr(ATTR_UUID_E, uuid_e)
6566 attrs += build_wsc_attr(ATTR_MAC_ADDR, mac_addr)
6567 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6568 attrs += build_wsc_attr(ATTR_PUBLIC_KEY, e_pk)
6569 attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
6570 attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
6571 attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
6572 attrs += build_wsc_attr(ATTR_CONFIG_METHODS, config_methods)
6573 attrs += build_wsc_attr(ATTR_WPS_STATE, '\x00')
6574 attrs += build_wsc_attr(ATTR_MANUFACTURER, manufacturer)
6575 attrs += build_wsc_attr(ATTR_MODEL_NAME, model_name)
6576 attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6577 attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
6578 attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
6579 attrs += build_wsc_attr(ATTR_DEV_NAME, '')
6580 attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
6581 attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
6582 attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, '\x00\x00')
6583 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
6584 attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
6585 m1 = build_eap_wsc(2, eap_id, attrs)
6586 return m1, attrs
6587
6588 def build_m2(authkey, m1, eap_id, e_nonce, r_nonce, uuid_r, r_pk,
6589 dev_pw_id='\x00\x00', eap_code=1):
6590 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6591 attrs += build_attr_msg_type(WPS_M2)
6592 if e_nonce:
6593 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6594 if r_nonce:
6595 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6596 attrs += build_wsc_attr(ATTR_UUID_R, uuid_r)
6597 if r_pk:
6598 attrs += build_wsc_attr(ATTR_PUBLIC_KEY, r_pk)
6599 attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
6600 attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
6601 attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
6602 attrs += build_wsc_attr(ATTR_CONFIG_METHODS, '\x00\x00')
6603 attrs += build_wsc_attr(ATTR_MANUFACTURER, '')
6604 attrs += build_wsc_attr(ATTR_MODEL_NAME, '')
6605 attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6606 attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
6607 attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
6608 attrs += build_wsc_attr(ATTR_DEV_NAME, '')
6609 attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
6610 attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
6611 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
6612 attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, dev_pw_id)
6613 attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
6614 attrs += build_attr_authenticator(authkey, m1, attrs)
6615 m2 = build_eap_wsc(eap_code, eap_id, attrs)
6616 return m2, attrs
6617
6618 def build_m2d(m1, eap_id, e_nonce, r_nonce, uuid_r, dev_pw_id=None, eap_code=1):
6619 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6620 attrs += build_attr_msg_type(WPS_M2D)
6621 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6622 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6623 attrs += build_wsc_attr(ATTR_UUID_R, uuid_r)
6624 attrs += build_wsc_attr(ATTR_AUTH_TYPE_FLAGS, '\x00\x00')
6625 attrs += build_wsc_attr(ATTR_ENCR_TYPE_FLAGS, '\x00\x00')
6626 attrs += build_wsc_attr(ATTR_CONN_TYPE_FLAGS, '\x00')
6627 attrs += build_wsc_attr(ATTR_CONFIG_METHODS, '\x00\x00')
6628 attrs += build_wsc_attr(ATTR_MANUFACTURER, '')
6629 attrs += build_wsc_attr(ATTR_MODEL_NAME, '')
6630 #attrs += build_wsc_attr(ATTR_MODEL_NUMBER, '')
6631 attrs += build_wsc_attr(ATTR_SERIAL_NUMBER, '')
6632 attrs += build_wsc_attr(ATTR_PRIMARY_DEV_TYPE, 8*'\x00')
6633 attrs += build_wsc_attr(ATTR_DEV_NAME, '')
6634 attrs += build_wsc_attr(ATTR_RF_BANDS, '\x00')
6635 attrs += build_wsc_attr(ATTR_ASSOC_STATE, '\x00\x00')
6636 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, '\x00\x00')
6637 attrs += build_wsc_attr(ATTR_OS_VERSION, '\x00\x00\x00\x00')
6638 if dev_pw_id:
6639 attrs += build_wsc_attr(ATTR_DEV_PASSWORD_ID, dev_pw_id)
6640 m2d = build_eap_wsc(eap_code, eap_id, attrs)
6641 return m2d, attrs
6642
6643 def build_ack(eap_id, e_nonce, r_nonce, msg_type=WPS_WSC_ACK, eap_code=1):
6644 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6645 if msg_type is not None:
6646 attrs += build_attr_msg_type(msg_type)
6647 if e_nonce:
6648 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6649 if r_nonce:
6650 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6651 msg = build_eap_wsc(eap_code, eap_id, attrs, opcode=WSC_ACK)
6652 return msg, attrs
6653
6654 def build_nack(eap_id, e_nonce, r_nonce, config_error='\x00\x00',
6655 msg_type=WPS_WSC_NACK, eap_code=1):
6656 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6657 if msg_type is not None:
6658 attrs += build_attr_msg_type(msg_type)
6659 if e_nonce:
6660 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6661 if r_nonce:
6662 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
6663 if config_error:
6664 attrs += build_wsc_attr(ATTR_CONFIG_ERROR, config_error)
6665 msg = build_eap_wsc(eap_code, eap_id, attrs, opcode=WSC_NACK)
6666 return msg, attrs
6667
6668 def test_wps_ext(dev, apdev):
6669 """WPS against external implementation"""
6670 pin = "12345670"
6671 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6672 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6673 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6674
6675 logger.debug("Receive WSC/Start from AP")
6676 msg = get_wsc_msg(hapd)
6677 if msg['wsc_opcode'] != WSC_Start:
6678 raise Exception("Unexpected Op-Code for WSC/Start")
6679 wsc_start_id = msg['eap_identifier']
6680
6681 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6682 uuid_e = 16*b'\x11'
6683 e_nonce = 16*b'\x22'
6684 own_private, e_pk = wsc_dh_init()
6685
6686 logger.debug("Send M1 to AP")
6687 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
6688 e_nonce, e_pk)
6689 send_wsc_msg(hapd, addr, m1)
6690
6691 logger.debug("Receive M2 from AP")
6692 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
6693
6694 authkey, keywrapkey = wsc_dh_kdf(m2_attrs[ATTR_PUBLIC_KEY], own_private,
6695 mac_addr, e_nonce,
6696 m2_attrs[ATTR_REGISTRAR_NONCE])
6697 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk,
6698 m2_attrs[ATTR_PUBLIC_KEY])
6699
6700 logger.debug("Send M3 to AP")
6701 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6702 attrs += build_attr_msg_type(WPS_M3)
6703 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6704 m2_attrs[ATTR_REGISTRAR_NONCE])
6705 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
6706 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
6707 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
6708 raw_m3_attrs = attrs
6709 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
6710 send_wsc_msg(hapd, addr, m3)
6711
6712 logger.debug("Receive M4 from AP")
6713 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
6714
6715 logger.debug("Send M5 to AP")
6716 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6717 attrs += build_attr_msg_type(WPS_M5)
6718 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6719 m2_attrs[ATTR_REGISTRAR_NONCE])
6720 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
6721 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6722 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
6723 raw_m5_attrs = attrs
6724 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
6725 send_wsc_msg(hapd, addr, m5)
6726
6727 logger.debug("Receive M6 from AP")
6728 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
6729
6730 logger.debug("Send M7 to AP")
6731 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6732 attrs += build_attr_msg_type(WPS_M7)
6733 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6734 m2_attrs[ATTR_REGISTRAR_NONCE])
6735 data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
6736 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6737 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
6738 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
6739 raw_m7_attrs = attrs
6740 send_wsc_msg(hapd, addr, m7)
6741
6742 logger.debug("Receive M8 from AP")
6743 msg, m8_attrs, raw_m8_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M8)
6744 m8_cred = decrypt_attr_encr_settings(authkey, keywrapkey,
6745 m8_attrs[ATTR_ENCR_SETTINGS])
6746 logger.debug("M8 Credential: " + binascii.hexlify(m8_cred).decode())
6747
6748 logger.debug("Prepare WSC_Done")
6749 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6750 attrs += build_attr_msg_type(WPS_WSC_DONE)
6751 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
6752 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE,
6753 m2_attrs[ATTR_REGISTRAR_NONCE])
6754 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
6755 # Do not send WSC_Done yet to allow exchangw with STA complete before the
6756 # AP disconnects.
6757
6758 uuid_r = 16*b'\x33'
6759 r_nonce = 16*b'\x44'
6760
6761 eap_id = wsc_start_id
6762 logger.debug("Send WSC/Start to STA")
6763 wsc_start = build_eap_wsc(1, eap_id, b'', opcode=WSC_Start)
6764 send_wsc_msg(dev[0], bssid, wsc_start)
6765 eap_id = (eap_id + 1) % 256
6766
6767 logger.debug("Receive M1 from STA")
6768 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6769
6770 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6771 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6772 r_nonce)
6773 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
6774 m1_attrs[ATTR_PUBLIC_KEY],
6775 e_pk)
6776
6777 logger.debug("Send M2 to STA")
6778 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6779 m1_attrs[ATTR_ENROLLEE_NONCE],
6780 r_nonce, uuid_r, e_pk)
6781 send_wsc_msg(dev[0], bssid, m2)
6782 eap_id = (eap_id + 1) % 256
6783
6784 logger.debug("Receive M3 from STA")
6785 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
6786
6787 logger.debug("Send M4 to STA")
6788 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6789 attrs += build_attr_msg_type(WPS_M4)
6790 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
6791 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
6792 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
6793 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6794 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6795 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
6796 raw_m4_attrs = attrs
6797 m4 = build_eap_wsc(1, eap_id, attrs)
6798 send_wsc_msg(dev[0], bssid, m4)
6799 eap_id = (eap_id + 1) % 256
6800
6801 logger.debug("Receive M5 from STA")
6802 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
6803
6804 logger.debug("Send M6 to STA")
6805 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6806 attrs += build_attr_msg_type(WPS_M6)
6807 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6808 m1_attrs[ATTR_ENROLLEE_NONCE])
6809 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
6810 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6811 attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
6812 raw_m6_attrs = attrs
6813 m6 = build_eap_wsc(1, eap_id, attrs)
6814 send_wsc_msg(dev[0], bssid, m6)
6815 eap_id = (eap_id + 1) % 256
6816
6817 logger.debug("Receive M7 from STA")
6818 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
6819
6820 logger.debug("Send M8 to STA")
6821 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6822 attrs += build_attr_msg_type(WPS_M8)
6823 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
6824 m1_attrs[ATTR_ENROLLEE_NONCE])
6825 attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
6826 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
6827 raw_m8_attrs = attrs
6828 m8 = build_eap_wsc(1, eap_id, attrs)
6829 send_wsc_msg(dev[0], bssid, m8)
6830 eap_id = (eap_id + 1) % 256
6831
6832 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=5)
6833 if ev is None:
6834 raise Exception("wpa_supplicant did not report credential")
6835
6836 logger.debug("Receive WSC_Done from STA")
6837 msg = get_wsc_msg(dev[0])
6838 if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
6839 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
6840
6841 logger.debug("Send WSC_Done to AP")
6842 hapd.request("SET ext_eapol_frame_io 0")
6843 dev[0].request("SET ext_eapol_frame_io 0")
6844 send_wsc_msg(hapd, addr, wsc_done)
6845
6846 ev = hapd.wait_event(["WPS-REG-SUCCESS"], timeout=5)
6847 if ev is None:
6848 raise Exception("hostapd did not report WPS success")
6849
6850 dev[0].wait_connected()
6851
6852 def wps_start_kwa(dev, apdev):
6853 pin = "12345670"
6854 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6855 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6856 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6857 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6858
6859 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6860 uuid_r = 16*b'\x33'
6861 r_nonce = 16*b'\x44'
6862 own_private, e_pk = wsc_dh_init()
6863
6864 logger.debug("Receive M1 from STA")
6865 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6866 eap_id = (msg['eap_identifier'] + 1) % 256
6867
6868 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6869 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6870 r_nonce)
6871 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
6872 m1_attrs[ATTR_PUBLIC_KEY],
6873 e_pk)
6874
6875 logger.debug("Send M2 to STA")
6876 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6877 m1_attrs[ATTR_ENROLLEE_NONCE],
6878 r_nonce, uuid_r, e_pk)
6879 send_wsc_msg(dev[0], bssid, m2)
6880 eap_id = (eap_id + 1) % 256
6881
6882 logger.debug("Receive M3 from STA")
6883 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
6884
6885 logger.debug("Send M4 to STA")
6886 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6887 attrs += build_attr_msg_type(WPS_M4)
6888 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
6889 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
6890 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
6891
6892 return r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs
6893
6894 def wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id):
6895 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
6896 m4 = build_eap_wsc(1, eap_id, attrs)
6897 send_wsc_msg(dev[0], bssid, m4)
6898 eap_id = (eap_id + 1) % 256
6899
6900 logger.debug("Receive M5 from STA")
6901 msg = get_wsc_msg(dev[0])
6902 if msg['wsc_opcode'] != WSC_NACK:
6903 raise Exception("Unexpected message - expected WSC_Nack")
6904
6905 dev[0].request("WPS_CANCEL")
6906 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
6907 dev[0].wait_disconnected()
6908
6909 def test_wps_ext_kwa_proto_no_kwa(dev, apdev):
6910 """WPS and KWA error: No KWA attribute"""
6911 r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs = wps_start_kwa(dev, apdev)
6912 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6913 # Encrypted Settings without KWA
6914 iv = 16*b'\x99'
6915 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6916 pad_len = 16 - len(data) % 16
6917 ps = pad_len * struct.pack('B', pad_len)
6918 data += ps
6919 wrapped = aes.encrypt(data)
6920 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6921 wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
6922
6923 def test_wps_ext_kwa_proto_data_after_kwa(dev, apdev):
6924 """WPS and KWA error: Data after KWA"""
6925 r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs = wps_start_kwa(dev, apdev)
6926 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6927 # Encrypted Settings and data after KWA
6928 m = hmac.new(authkey, data, hashlib.sha256)
6929 kwa = m.digest()[0:8]
6930 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
6931 data += build_wsc_attr(ATTR_VENDOR_EXT, "1234567890")
6932 iv = 16*b'\x99'
6933 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6934 pad_len = 16 - len(data) % 16
6935 ps = pad_len * struct.pack('B', pad_len)
6936 data += ps
6937 wrapped = aes.encrypt(data)
6938 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6939 wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
6940
6941 def test_wps_ext_kwa_proto_kwa_mismatch(dev, apdev):
6942 """WPS and KWA error: KWA mismatch"""
6943 r_s1, keywrapkey, authkey, raw_m3_attrs, eap_id, bssid, attrs = wps_start_kwa(dev, apdev)
6944 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6945 # Encrypted Settings and KWA with incorrect value
6946 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, 8*'\x00')
6947 iv = 16*b'\x99'
6948 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
6949 pad_len = 16 - len(data) % 16
6950 ps = pad_len * struct.pack('B', pad_len)
6951 data += ps
6952 wrapped = aes.encrypt(data)
6953 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
6954 wps_stop_kwa(dev, bssid, attrs, authkey, raw_m3_attrs, eap_id)
6955
6956 def wps_run_cred_proto(dev, apdev, m8_cred, connect=False, no_connect=False):
6957 pin = "12345670"
6958 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
6959 wps_ext_eap_identity_req(dev[0], hapd, bssid)
6960 wps_ext_eap_identity_resp(hapd, dev[0], addr)
6961 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
6962
6963 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
6964 uuid_r = 16*b'\x33'
6965 r_nonce = 16*b'\x44'
6966 own_private, e_pk = wsc_dh_init()
6967
6968 logger.debug("Receive M1 from STA")
6969 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
6970 eap_id = (msg['eap_identifier'] + 1) % 256
6971
6972 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
6973 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
6974 r_nonce)
6975 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
6976 m1_attrs[ATTR_PUBLIC_KEY],
6977 e_pk)
6978
6979 logger.debug("Send M2 to STA")
6980 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
6981 m1_attrs[ATTR_ENROLLEE_NONCE],
6982 r_nonce, uuid_r, e_pk)
6983 send_wsc_msg(dev[0], bssid, m2)
6984 eap_id = (eap_id + 1) % 256
6985
6986 logger.debug("Receive M3 from STA")
6987 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
6988
6989 logger.debug("Send M4 to STA")
6990 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
6991 attrs += build_attr_msg_type(WPS_M4)
6992 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
6993 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
6994 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
6995 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
6996 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
6997 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
6998 raw_m4_attrs = attrs
6999 m4 = build_eap_wsc(1, eap_id, attrs)
7000 send_wsc_msg(dev[0], bssid, m4)
7001 eap_id = (eap_id + 1) % 256
7002
7003 logger.debug("Receive M5 from STA")
7004 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
7005
7006 logger.debug("Send M6 to STA")
7007 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7008 attrs += build_attr_msg_type(WPS_M6)
7009 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
7010 m1_attrs[ATTR_ENROLLEE_NONCE])
7011 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7012 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7013 attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
7014 raw_m6_attrs = attrs
7015 m6 = build_eap_wsc(1, eap_id, attrs)
7016 send_wsc_msg(dev[0], bssid, m6)
7017 eap_id = (eap_id + 1) % 256
7018
7019 logger.debug("Receive M7 from STA")
7020 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
7021
7022 logger.debug("Send M8 to STA")
7023 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7024 attrs += build_attr_msg_type(WPS_M8)
7025 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE,
7026 m1_attrs[ATTR_ENROLLEE_NONCE])
7027 attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
7028 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
7029 raw_m8_attrs = attrs
7030 m8 = build_eap_wsc(1, eap_id, attrs)
7031 send_wsc_msg(dev[0], bssid, m8)
7032 eap_id = (eap_id + 1) % 256
7033
7034 if no_connect:
7035 logger.debug("Receive WSC_Done from STA")
7036 msg = get_wsc_msg(dev[0])
7037 if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
7038 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
7039
7040 hapd.request("SET ext_eapol_frame_io 0")
7041 dev[0].request("SET ext_eapol_frame_io 0")
7042
7043 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7044
7045 dev[0].wait_disconnected()
7046 dev[0].request("REMOVE_NETWORK all")
7047 elif connect:
7048 logger.debug("Receive WSC_Done from STA")
7049 msg = get_wsc_msg(dev[0])
7050 if msg['wsc_opcode'] != WSC_Done or msg['wsc_msg_type'] != WPS_WSC_DONE:
7051 raise Exception("Unexpected Op-Code/MsgType for WSC_Done")
7052
7053 hapd.request("SET ext_eapol_frame_io 0")
7054 dev[0].request("SET ext_eapol_frame_io 0")
7055
7056 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7057
7058 dev[0].wait_connected()
7059 else:
7060 # Verify STA NACK's the credential
7061 msg = get_wsc_msg(dev[0])
7062 if msg['wsc_opcode'] != WSC_NACK:
7063 raise Exception("Unexpected message - expected WSC_Nack")
7064 dev[0].request("WPS_CANCEL")
7065 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7066 dev[0].wait_disconnected()
7067
7068 def build_cred(nw_idx='\x01', ssid='test-wps-conf', auth_type='\x00\x20',
7069 encr_type='\x00\x08', nw_key="12345678",
7070 mac_addr='\x00\x00\x00\x00\x00\x00'):
7071 attrs = b''
7072 if nw_idx is not None:
7073 attrs += build_wsc_attr(ATTR_NETWORK_INDEX, nw_idx)
7074 if ssid is not None:
7075 attrs += build_wsc_attr(ATTR_SSID, ssid)
7076 if auth_type is not None:
7077 attrs += build_wsc_attr(ATTR_AUTH_TYPE, auth_type)
7078 if encr_type is not None:
7079 attrs += build_wsc_attr(ATTR_ENCR_TYPE, encr_type)
7080 if nw_key is not None:
7081 attrs += build_wsc_attr(ATTR_NETWORK_KEY, nw_key)
7082 if mac_addr is not None:
7083 attrs += build_wsc_attr(ATTR_MAC_ADDR, mac_addr)
7084 return build_wsc_attr(ATTR_CRED, attrs)
7085
7086 def test_wps_ext_cred_proto_success(dev, apdev):
7087 """WPS and Credential: success"""
7088 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7089 m8_cred = build_cred(mac_addr=mac_addr)
7090 wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
7091
7092 def test_wps_ext_cred_proto_mac_addr_mismatch(dev, apdev):
7093 """WPS and Credential: MAC Address mismatch"""
7094 m8_cred = build_cred()
7095 wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
7096
7097 def test_wps_ext_cred_proto_zero_padding(dev, apdev):
7098 """WPS and Credential: zeropadded attributes"""
7099 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7100 m8_cred = build_cred(mac_addr=mac_addr, ssid='test-wps-conf\x00',
7101 nw_key="12345678\x00")
7102 wps_run_cred_proto(dev, apdev, m8_cred, connect=True)
7103
7104 def test_wps_ext_cred_proto_ssid_missing(dev, apdev):
7105 """WPS and Credential: SSID missing"""
7106 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7107 m8_cred = build_cred(mac_addr=mac_addr, ssid=None)
7108 wps_run_cred_proto(dev, apdev, m8_cred)
7109
7110 def test_wps_ext_cred_proto_ssid_zero_len(dev, apdev):
7111 """WPS and Credential: Zero-length SSID"""
7112 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7113 m8_cred = build_cred(mac_addr=mac_addr, ssid="")
7114 wps_run_cred_proto(dev, apdev, m8_cred, no_connect=True)
7115
7116 def test_wps_ext_cred_proto_auth_type_missing(dev, apdev):
7117 """WPS and Credential: Auth Type missing"""
7118 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7119 m8_cred = build_cred(mac_addr=mac_addr, auth_type=None)
7120 wps_run_cred_proto(dev, apdev, m8_cred)
7121
7122 def test_wps_ext_cred_proto_encr_type_missing(dev, apdev):
7123 """WPS and Credential: Encr Type missing"""
7124 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7125 m8_cred = build_cred(mac_addr=mac_addr, encr_type=None)
7126 wps_run_cred_proto(dev, apdev, m8_cred)
7127
7128 def test_wps_ext_cred_proto_network_key_missing(dev, apdev):
7129 """WPS and Credential: Network Key missing"""
7130 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7131 m8_cred = build_cred(mac_addr=mac_addr, nw_key=None)
7132 wps_run_cred_proto(dev, apdev, m8_cred)
7133
7134 def test_wps_ext_cred_proto_network_key_missing_open(dev, apdev):
7135 """WPS and Credential: Network Key missing (open)"""
7136 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7137 m8_cred = build_cred(mac_addr=mac_addr, auth_type='\x00\x01',
7138 encr_type='\x00\x01', nw_key=None, ssid="foo")
7139 wps_run_cred_proto(dev, apdev, m8_cred, no_connect=True)
7140
7141 def test_wps_ext_cred_proto_mac_addr_missing(dev, apdev):
7142 """WPS and Credential: MAC Address missing"""
7143 m8_cred = build_cred(mac_addr=None)
7144 wps_run_cred_proto(dev, apdev, m8_cred)
7145
7146 def test_wps_ext_cred_proto_invalid_encr_type(dev, apdev):
7147 """WPS and Credential: Invalid Encr Type"""
7148 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7149 m8_cred = build_cred(mac_addr=mac_addr, encr_type='\x00\x00')
7150 wps_run_cred_proto(dev, apdev, m8_cred)
7151
7152 def test_wps_ext_cred_proto_missing_cred(dev, apdev):
7153 """WPS and Credential: Missing Credential"""
7154 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7155 m8_cred = b''
7156 wps_run_cred_proto(dev, apdev, m8_cred)
7157
7158 def test_wps_ext_proto_m2_no_public_key(dev, apdev):
7159 """WPS and no Public Key in M2"""
7160 pin = "12345670"
7161 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7162 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7163 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7164 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7165
7166 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7167 uuid_r = 16*b'\x33'
7168 r_nonce = 16*b'\x44'
7169 own_private, e_pk = wsc_dh_init()
7170
7171 logger.debug("Receive M1 from STA")
7172 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7173 eap_id = (msg['eap_identifier'] + 1) % 256
7174
7175 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7176 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7177 r_nonce)
7178 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7179 m1_attrs[ATTR_PUBLIC_KEY],
7180 e_pk)
7181
7182 logger.debug("Send M2 to STA")
7183 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7184 m1_attrs[ATTR_ENROLLEE_NONCE],
7185 r_nonce, uuid_r, None)
7186 send_wsc_msg(dev[0], bssid, m2)
7187 eap_id = (eap_id + 1) % 256
7188
7189 # Verify STA NACK's the credential
7190 msg = get_wsc_msg(dev[0])
7191 if msg['wsc_opcode'] != WSC_NACK:
7192 raise Exception("Unexpected message - expected WSC_Nack")
7193 dev[0].request("WPS_CANCEL")
7194 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7195 dev[0].wait_disconnected()
7196
7197 def test_wps_ext_proto_m2_invalid_public_key(dev, apdev):
7198 """WPS and invalid Public Key in M2"""
7199 pin = "12345670"
7200 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7201 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7202 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7203 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7204
7205 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7206 uuid_r = 16*b'\x33'
7207 r_nonce = 16*b'\x44'
7208 own_private, e_pk = wsc_dh_init()
7209
7210 logger.debug("Receive M1 from STA")
7211 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7212 eap_id = (msg['eap_identifier'] + 1) % 256
7213
7214 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7215 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7216 r_nonce)
7217 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7218 m1_attrs[ATTR_PUBLIC_KEY],
7219 e_pk)
7220
7221 logger.debug("Send M2 to STA")
7222 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7223 m1_attrs[ATTR_ENROLLEE_NONCE],
7224 r_nonce, uuid_r, 192*b'\xff')
7225 send_wsc_msg(dev[0], bssid, m2)
7226 eap_id = (eap_id + 1) % 256
7227
7228 # Verify STA NACK's the credential
7229 msg = get_wsc_msg(dev[0])
7230 if msg['wsc_opcode'] != WSC_NACK:
7231 raise Exception("Unexpected message - expected WSC_Nack")
7232 dev[0].request("WPS_CANCEL")
7233 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7234 dev[0].wait_disconnected()
7235
7236 def test_wps_ext_proto_m2_public_key_oom(dev, apdev):
7237 """WPS and Public Key OOM in M2"""
7238 pin = "12345670"
7239 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7240 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7241 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7242 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7243
7244 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7245 uuid_r = 16*b'\x33'
7246 r_nonce = 16*b'\x44'
7247 own_private, e_pk = wsc_dh_init()
7248
7249 logger.debug("Receive M1 from STA")
7250 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7251 eap_id = (msg['eap_identifier'] + 1) % 256
7252
7253 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7254 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7255 r_nonce)
7256 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7257 m1_attrs[ATTR_PUBLIC_KEY],
7258 e_pk)
7259
7260 logger.debug("Send M2 to STA")
7261 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7262 m1_attrs[ATTR_ENROLLEE_NONCE],
7263 r_nonce, uuid_r, e_pk)
7264 with alloc_fail(dev[0], 1, "wpabuf_alloc_copy;wps_process_pubkey"):
7265 send_wsc_msg(dev[0], bssid, m2)
7266 eap_id = (eap_id + 1) % 256
7267
7268 # Verify STA NACK's the credential
7269 msg = get_wsc_msg(dev[0])
7270 if msg['wsc_opcode'] != WSC_NACK:
7271 raise Exception("Unexpected message - expected WSC_Nack")
7272 dev[0].request("WPS_CANCEL")
7273 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7274 dev[0].wait_disconnected()
7275
7276 def test_wps_ext_proto_nack_m3(dev, apdev):
7277 """WPS and NACK M3"""
7278 pin = "12345670"
7279 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7280 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7281 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7282 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7283
7284 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7285 uuid_r = 16*b'\x33'
7286 r_nonce = 16*b'\x44'
7287 own_private, e_pk = wsc_dh_init()
7288
7289 logger.debug("Receive M1 from STA")
7290 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7291 eap_id = (msg['eap_identifier'] + 1) % 256
7292
7293 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7294 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7295 r_nonce)
7296 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7297 m1_attrs[ATTR_PUBLIC_KEY],
7298 e_pk)
7299
7300 logger.debug("Send M2 to STA")
7301 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7302 m1_attrs[ATTR_ENROLLEE_NONCE],
7303 r_nonce, uuid_r, e_pk)
7304 send_wsc_msg(dev[0], bssid, m2)
7305 eap_id = (eap_id + 1) % 256
7306
7307 logger.debug("Receive M3 from STA")
7308 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7309
7310 logger.debug("Send NACK to STA")
7311 msg, attrs = build_nack(eap_id, m1_attrs[ATTR_ENROLLEE_NONCE],
7312 r_nonce, config_error='\x01\x23')
7313 send_wsc_msg(dev[0], bssid, msg)
7314 ev = dev[0].wait_event(["WPS-FAIL"], timeout=5)
7315 if ev is None:
7316 raise Exception("Failure not reported")
7317 if "msg=7 config_error=291" not in ev:
7318 raise Exception("Unexpected failure reason: " + ev)
7319
7320 def test_wps_ext_proto_nack_m5(dev, apdev):
7321 """WPS and NACK M5"""
7322 pin = "12345670"
7323 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7324 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7325 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7326 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7327
7328 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7329 uuid_r = 16*b'\x33'
7330 r_nonce = 16*b'\x44'
7331 own_private, e_pk = wsc_dh_init()
7332
7333 logger.debug("Receive M1 from STA")
7334 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7335 eap_id = (msg['eap_identifier'] + 1) % 256
7336
7337 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7338 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7339 r_nonce)
7340 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7341 m1_attrs[ATTR_PUBLIC_KEY],
7342 e_pk)
7343
7344 logger.debug("Send M2 to STA")
7345 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7346 m1_attrs[ATTR_ENROLLEE_NONCE],
7347 r_nonce, uuid_r, e_pk)
7348 send_wsc_msg(dev[0], bssid, m2)
7349 eap_id = (eap_id + 1) % 256
7350
7351 logger.debug("Receive M3 from STA")
7352 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7353
7354 logger.debug("Send M4 to STA")
7355 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7356 attrs += build_attr_msg_type(WPS_M4)
7357 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
7358 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7359 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7360 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7361 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7362 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
7363 raw_m4_attrs = attrs
7364 m4 = build_eap_wsc(1, eap_id, attrs)
7365 send_wsc_msg(dev[0], bssid, m4)
7366 eap_id = (eap_id + 1) % 256
7367
7368 logger.debug("Receive M5 from STA")
7369 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
7370
7371 logger.debug("Send NACK to STA")
7372 msg, attrs = build_nack(eap_id, m1_attrs[ATTR_ENROLLEE_NONCE],
7373 r_nonce, config_error='\x01\x24')
7374 send_wsc_msg(dev[0], bssid, msg)
7375 ev = dev[0].wait_event(["WPS-FAIL"], timeout=5)
7376 if ev is None:
7377 raise Exception("Failure not reported")
7378 if "msg=9 config_error=292" not in ev:
7379 raise Exception("Unexpected failure reason: " + ev)
7380
7381 def wps_nack_m3(dev, apdev):
7382 pin = "00000000"
7383 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pbc=True)
7384 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7385 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7386 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7387
7388 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7389 uuid_r = 16*b'\x33'
7390 r_nonce = 16*b'\x44'
7391 own_private, e_pk = wsc_dh_init()
7392
7393 logger.debug("Receive M1 from STA")
7394 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7395 eap_id = (msg['eap_identifier'] + 1) % 256
7396
7397 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7398 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7399 r_nonce)
7400 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7401 m1_attrs[ATTR_PUBLIC_KEY],
7402 e_pk)
7403
7404 logger.debug("Send M2 to STA")
7405 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7406 m1_attrs[ATTR_ENROLLEE_NONCE],
7407 r_nonce, uuid_r, e_pk, dev_pw_id='\x00\x04')
7408 send_wsc_msg(dev[0], bssid, m2)
7409 eap_id = (eap_id + 1) % 256
7410
7411 logger.debug("Receive M3 from STA")
7412 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7413 return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid
7414
7415 def test_wps_ext_proto_nack_m3_no_config_error(dev, apdev):
7416 """WPS and NACK M3 missing Config Error"""
7417 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7418 logger.debug("Send NACK to STA")
7419 msg, attrs = build_nack(eap_id, e_nonce, r_nonce, config_error=None)
7420 send_wsc_msg(dev[0], bssid, msg)
7421 dev[0].request("WPS_CANCEL")
7422 dev[0].wait_disconnected()
7423 dev[0].flush_scan_cache()
7424
7425 def test_wps_ext_proto_nack_m3_no_e_nonce(dev, apdev):
7426 """WPS and NACK M3 missing E-Nonce"""
7427 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7428 logger.debug("Send NACK to STA")
7429 msg, attrs = build_nack(eap_id, None, r_nonce)
7430 send_wsc_msg(dev[0], bssid, msg)
7431 dev[0].request("WPS_CANCEL")
7432 dev[0].wait_disconnected()
7433 dev[0].flush_scan_cache()
7434
7435 def test_wps_ext_proto_nack_m3_e_nonce_mismatch(dev, apdev):
7436 """WPS and NACK M3 E-Nonce mismatch"""
7437 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7438 logger.debug("Send NACK to STA")
7439 msg, attrs = build_nack(eap_id, 16*'\x00', r_nonce)
7440 send_wsc_msg(dev[0], bssid, msg)
7441 dev[0].request("WPS_CANCEL")
7442 dev[0].wait_disconnected()
7443 dev[0].flush_scan_cache()
7444
7445 def test_wps_ext_proto_nack_m3_no_r_nonce(dev, apdev):
7446 """WPS and NACK M3 missing R-Nonce"""
7447 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7448 logger.debug("Send NACK to STA")
7449 msg, attrs = build_nack(eap_id, e_nonce, None)
7450 send_wsc_msg(dev[0], bssid, msg)
7451 dev[0].request("WPS_CANCEL")
7452 dev[0].wait_disconnected()
7453 dev[0].flush_scan_cache()
7454
7455 def test_wps_ext_proto_nack_m3_r_nonce_mismatch(dev, apdev):
7456 """WPS and NACK M3 R-Nonce mismatch"""
7457 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7458 logger.debug("Send NACK to STA")
7459 msg, attrs = build_nack(eap_id, e_nonce, 16*'\x00')
7460 send_wsc_msg(dev[0], bssid, msg)
7461 dev[0].request("WPS_CANCEL")
7462 dev[0].wait_disconnected()
7463 dev[0].flush_scan_cache()
7464
7465 def test_wps_ext_proto_nack_m3_no_msg_type(dev, apdev):
7466 """WPS and NACK M3 no Message Type"""
7467 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7468 logger.debug("Send NACK to STA")
7469 msg, attrs = build_nack(eap_id, e_nonce, r_nonce, msg_type=None)
7470 send_wsc_msg(dev[0], bssid, msg)
7471 dev[0].request("WPS_CANCEL")
7472 dev[0].wait_disconnected()
7473 dev[0].flush_scan_cache()
7474
7475 def test_wps_ext_proto_nack_m3_invalid_msg_type(dev, apdev):
7476 """WPS and NACK M3 invalid Message Type"""
7477 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7478 logger.debug("Send NACK to STA")
7479 msg, attrs = build_nack(eap_id, e_nonce, r_nonce, msg_type=123)
7480 send_wsc_msg(dev[0], bssid, msg)
7481 dev[0].request("WPS_CANCEL")
7482 dev[0].wait_disconnected()
7483 dev[0].flush_scan_cache()
7484
7485 def test_wps_ext_proto_nack_m3_invalid_attr(dev, apdev):
7486 """WPS and NACK M3 invalid attribute"""
7487 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7488 logger.debug("Send NACK to STA")
7489 attrs = b'\x10\x10\x00'
7490 msg = build_eap_wsc(1, eap_id, attrs, opcode=WSC_NACK)
7491 send_wsc_msg(dev[0], bssid, msg)
7492 dev[0].request("WPS_CANCEL")
7493 dev[0].wait_disconnected()
7494 dev[0].flush_scan_cache()
7495
7496 def test_wps_ext_proto_ack_m3_no_e_nonce(dev, apdev):
7497 """WPS and ACK M3 missing E-Nonce"""
7498 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7499 logger.debug("Send NACK to STA")
7500 msg, attrs = build_ack(eap_id, None, r_nonce)
7501 send_wsc_msg(dev[0], bssid, msg)
7502 dev[0].request("WPS_CANCEL")
7503 dev[0].wait_disconnected()
7504 dev[0].flush_scan_cache()
7505
7506 def test_wps_ext_proto_ack_m3_e_nonce_mismatch(dev, apdev):
7507 """WPS and ACK M3 E-Nonce mismatch"""
7508 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7509 logger.debug("Send NACK to STA")
7510 msg, attrs = build_ack(eap_id, 16*'\x00', r_nonce)
7511 send_wsc_msg(dev[0], bssid, msg)
7512 dev[0].request("WPS_CANCEL")
7513 dev[0].wait_disconnected()
7514 dev[0].flush_scan_cache()
7515
7516 def test_wps_ext_proto_ack_m3_no_r_nonce(dev, apdev):
7517 """WPS and ACK M3 missing R-Nonce"""
7518 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7519 logger.debug("Send NACK to STA")
7520 msg, attrs = build_ack(eap_id, e_nonce, None)
7521 send_wsc_msg(dev[0], bssid, msg)
7522 dev[0].request("WPS_CANCEL")
7523 dev[0].wait_disconnected()
7524 dev[0].flush_scan_cache()
7525
7526 def test_wps_ext_proto_ack_m3_r_nonce_mismatch(dev, apdev):
7527 """WPS and ACK M3 R-Nonce mismatch"""
7528 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7529 logger.debug("Send NACK to STA")
7530 msg, attrs = build_ack(eap_id, e_nonce, 16*'\x00')
7531 send_wsc_msg(dev[0], bssid, msg)
7532 dev[0].request("WPS_CANCEL")
7533 dev[0].wait_disconnected()
7534 dev[0].flush_scan_cache()
7535
7536 def test_wps_ext_proto_ack_m3_no_msg_type(dev, apdev):
7537 """WPS and ACK M3 no Message Type"""
7538 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7539 logger.debug("Send NACK to STA")
7540 msg, attrs = build_ack(eap_id, e_nonce, r_nonce, msg_type=None)
7541 send_wsc_msg(dev[0], bssid, msg)
7542 dev[0].request("WPS_CANCEL")
7543 dev[0].wait_disconnected()
7544 dev[0].flush_scan_cache()
7545
7546 def test_wps_ext_proto_ack_m3_invalid_msg_type(dev, apdev):
7547 """WPS and ACK M3 invalid Message Type"""
7548 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7549 logger.debug("Send NACK to STA")
7550 msg, attrs = build_ack(eap_id, e_nonce, r_nonce, msg_type=123)
7551 send_wsc_msg(dev[0], bssid, msg)
7552 dev[0].request("WPS_CANCEL")
7553 dev[0].wait_disconnected()
7554 dev[0].flush_scan_cache()
7555
7556 def test_wps_ext_proto_ack_m3_invalid_attr(dev, apdev):
7557 """WPS and ACK M3 invalid attribute"""
7558 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7559 logger.debug("Send ACK to STA")
7560 attrs = b'\x10\x10\x00'
7561 msg = build_eap_wsc(1, eap_id, attrs, opcode=WSC_ACK)
7562 send_wsc_msg(dev[0], bssid, msg)
7563 dev[0].request("WPS_CANCEL")
7564 dev[0].wait_disconnected()
7565 dev[0].flush_scan_cache()
7566
7567 def test_wps_ext_proto_ack_m3(dev, apdev):
7568 """WPS and ACK M3"""
7569 eap_id, e_nonce, r_nonce, bssid = wps_nack_m3(dev, apdev)
7570 logger.debug("Send ACK to STA")
7571 msg, attrs = build_ack(eap_id, e_nonce, r_nonce)
7572 send_wsc_msg(dev[0], bssid, msg)
7573 dev[0].request("WPS_CANCEL")
7574 dev[0].wait_disconnected()
7575 dev[0].flush_scan_cache()
7576
7577 def wps_to_m3_helper(dev, apdev):
7578 pin = "12345670"
7579 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
7580 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7581 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7582 wps_ext_eap_wsc(dev[0], hapd, bssid, "EAP-WSC/Start")
7583
7584 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
7585 uuid_r = 16*b'\x33'
7586 r_nonce = 16*b'\x44'
7587 own_private, e_pk = wsc_dh_init()
7588
7589 logger.debug("Receive M1 from STA")
7590 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M1)
7591 eap_id = (msg['eap_identifier'] + 1) % 256
7592
7593 authkey, keywrapkey = wsc_dh_kdf(m1_attrs[ATTR_PUBLIC_KEY], own_private,
7594 mac_addr, m1_attrs[ATTR_ENROLLEE_NONCE],
7595 r_nonce)
7596 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, pin,
7597 m1_attrs[ATTR_PUBLIC_KEY],
7598 e_pk)
7599
7600 logger.debug("Send M2 to STA")
7601 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, eap_id,
7602 m1_attrs[ATTR_ENROLLEE_NONCE],
7603 r_nonce, uuid_r, e_pk)
7604 send_wsc_msg(dev[0], bssid, m2)
7605 eap_id = (eap_id + 1) % 256
7606
7607 logger.debug("Receive M3 from STA")
7608 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M3)
7609 return eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey
7610
7611 def wps_to_m3(dev, apdev):
7612 eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey = wps_to_m3_helper(dev, apdev)
7613 return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid, r_hash1, r_hash2, r_s1, raw_m3_attrs, authkey, keywrapkey
7614
7615 def wps_to_m5(dev, apdev):
7616 eap_id, m1_attrs, r_nonce, bssid, r_hash1, r_hash2, r_s1, r_s2, raw_m3_attrs, authkey, keywrapkey = wps_to_m3_helper(dev, apdev)
7617
7618 logger.debug("Send M4 to STA")
7619 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7620 attrs += build_attr_msg_type(WPS_M4)
7621 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, m1_attrs[ATTR_ENROLLEE_NONCE])
7622 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7623 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7624 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7625 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7626 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
7627 raw_m4_attrs = attrs
7628 m4 = build_eap_wsc(1, eap_id, attrs)
7629 send_wsc_msg(dev[0], bssid, m4)
7630 eap_id = (eap_id + 1) % 256
7631
7632 logger.debug("Receive M5 from STA")
7633 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M5)
7634
7635 return eap_id, m1_attrs[ATTR_ENROLLEE_NONCE], r_nonce, bssid, r_hash1, r_hash2, r_s2, raw_m5_attrs, authkey, keywrapkey
7636
7637 def test_wps_ext_proto_m4_missing_r_hash1(dev, apdev):
7638 """WPS and no R-Hash1 in M4"""
7639 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7640
7641 logger.debug("Send M4 to STA")
7642 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7643 attrs += build_attr_msg_type(WPS_M4)
7644 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7645 #attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7646 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7647 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7648 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7649 attrs += build_attr_authenticator(authkey, m3, attrs)
7650 m4 = build_eap_wsc(1, eap_id, attrs)
7651 send_wsc_msg(dev[0], bssid, m4)
7652 eap_id = (eap_id + 1) % 256
7653
7654 logger.debug("Receive M5 (NACK) from STA")
7655 msg = get_wsc_msg(dev[0])
7656 if msg['wsc_opcode'] != WSC_NACK:
7657 raise Exception("Unexpected message - expected WSC_Nack")
7658
7659 dev[0].request("WPS_CANCEL")
7660 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7661 dev[0].wait_disconnected()
7662
7663 def test_wps_ext_proto_m4_missing_r_hash2(dev, apdev):
7664 """WPS and no R-Hash2 in M4"""
7665 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7666
7667 logger.debug("Send M4 to STA")
7668 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7669 attrs += build_attr_msg_type(WPS_M4)
7670 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7671 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7672 #attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7673 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7674 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7675 attrs += build_attr_authenticator(authkey, m3, attrs)
7676 m4 = build_eap_wsc(1, eap_id, attrs)
7677 send_wsc_msg(dev[0], bssid, m4)
7678 eap_id = (eap_id + 1) % 256
7679
7680 logger.debug("Receive M5 (NACK) from STA")
7681 msg = get_wsc_msg(dev[0])
7682 if msg['wsc_opcode'] != WSC_NACK:
7683 raise Exception("Unexpected message - expected WSC_Nack")
7684
7685 dev[0].request("WPS_CANCEL")
7686 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7687 dev[0].wait_disconnected()
7688
7689 def test_wps_ext_proto_m4_missing_r_snonce1(dev, apdev):
7690 """WPS and no R-SNonce1 in M4"""
7691 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7692
7693 logger.debug("Send M4 to STA")
7694 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7695 attrs += build_attr_msg_type(WPS_M4)
7696 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7697 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7698 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7699 #data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7700 data = b''
7701 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7702 attrs += build_attr_authenticator(authkey, m3, attrs)
7703 m4 = build_eap_wsc(1, eap_id, attrs)
7704 send_wsc_msg(dev[0], bssid, m4)
7705 eap_id = (eap_id + 1) % 256
7706
7707 logger.debug("Receive M5 (NACK) from STA")
7708 msg = get_wsc_msg(dev[0])
7709 if msg['wsc_opcode'] != WSC_NACK:
7710 raise Exception("Unexpected message - expected WSC_Nack")
7711
7712 dev[0].request("WPS_CANCEL")
7713 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7714 dev[0].wait_disconnected()
7715
7716 def test_wps_ext_proto_m4_invalid_pad_string(dev, apdev):
7717 """WPS and invalid pad string in M4"""
7718 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7719
7720 logger.debug("Send M4 to STA")
7721 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7722 attrs += build_attr_msg_type(WPS_M4)
7723 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7724 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7725 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7726 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7727
7728 m = hmac.new(authkey, data, hashlib.sha256)
7729 kwa = m.digest()[0:8]
7730 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
7731 iv = 16*b'\x99'
7732 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
7733 pad_len = 16 - len(data) % 16
7734 ps = (pad_len - 1) * struct.pack('B', pad_len) + struct.pack('B', pad_len - 1)
7735 data += ps
7736 wrapped = aes.encrypt(data)
7737 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
7738
7739 attrs += build_attr_authenticator(authkey, m3, attrs)
7740 m4 = build_eap_wsc(1, eap_id, attrs)
7741 send_wsc_msg(dev[0], bssid, m4)
7742 eap_id = (eap_id + 1) % 256
7743
7744 logger.debug("Receive M5 (NACK) from STA")
7745 msg = get_wsc_msg(dev[0])
7746 if msg['wsc_opcode'] != WSC_NACK:
7747 raise Exception("Unexpected message - expected WSC_Nack")
7748
7749 dev[0].request("WPS_CANCEL")
7750 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7751 dev[0].wait_disconnected()
7752
7753 def test_wps_ext_proto_m4_invalid_pad_value(dev, apdev):
7754 """WPS and invalid pad value in M4"""
7755 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7756
7757 logger.debug("Send M4 to STA")
7758 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7759 attrs += build_attr_msg_type(WPS_M4)
7760 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7761 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7762 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7763 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7764
7765 m = hmac.new(authkey, data, hashlib.sha256)
7766 kwa = m.digest()[0:8]
7767 data += build_wsc_attr(ATTR_KEY_WRAP_AUTH, kwa)
7768 iv = 16*b'\x99'
7769 aes = AES.new(keywrapkey, AES.MODE_CBC, iv)
7770 pad_len = 16 - len(data) % 16
7771 ps = (pad_len - 1) * struct.pack('B', pad_len) + struct.pack('B', 255)
7772 data += ps
7773 wrapped = aes.encrypt(data)
7774 attrs += build_wsc_attr(ATTR_ENCR_SETTINGS, iv + wrapped)
7775
7776 attrs += build_attr_authenticator(authkey, m3, attrs)
7777 m4 = build_eap_wsc(1, eap_id, attrs)
7778 send_wsc_msg(dev[0], bssid, m4)
7779 eap_id = (eap_id + 1) % 256
7780
7781 logger.debug("Receive M5 (NACK) from STA")
7782 msg = get_wsc_msg(dev[0])
7783 if msg['wsc_opcode'] != WSC_NACK:
7784 raise Exception("Unexpected message - expected WSC_Nack")
7785
7786 dev[0].request("WPS_CANCEL")
7787 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7788 dev[0].wait_disconnected()
7789
7790 def test_wps_ext_proto_m4_no_encr_settings(dev, apdev):
7791 """WPS and no Encr Settings in M4"""
7792 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s1, m3, authkey, keywrapkey = wps_to_m3(dev, apdev)
7793
7794 logger.debug("Send M4 to STA")
7795 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7796 attrs += build_attr_msg_type(WPS_M4)
7797 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7798 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7799 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7800 attrs += build_attr_authenticator(authkey, m3, attrs)
7801 m4 = build_eap_wsc(1, eap_id, attrs)
7802 send_wsc_msg(dev[0], bssid, m4)
7803 eap_id = (eap_id + 1) % 256
7804
7805 logger.debug("Receive M5 (NACK) from STA")
7806 msg = get_wsc_msg(dev[0])
7807 if msg['wsc_opcode'] != WSC_NACK:
7808 raise Exception("Unexpected message - expected WSC_Nack")
7809
7810 dev[0].request("WPS_CANCEL")
7811 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7812 dev[0].wait_disconnected()
7813
7814 def test_wps_ext_proto_m6_missing_r_snonce2(dev, apdev):
7815 """WPS and no R-SNonce2 in M6"""
7816 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
7817
7818 logger.debug("Send M6 to STA")
7819 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7820 attrs += build_attr_msg_type(WPS_M6)
7821 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7822 #data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7823 data = b''
7824 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7825 attrs += build_attr_authenticator(authkey, m5, attrs)
7826 m6 = build_eap_wsc(1, eap_id, attrs)
7827 send_wsc_msg(dev[0], bssid, m6)
7828 eap_id = (eap_id + 1) % 256
7829
7830 logger.debug("Receive M7 (NACK) from STA")
7831 msg = get_wsc_msg(dev[0])
7832 if msg['wsc_opcode'] != WSC_NACK:
7833 raise Exception("Unexpected message - expected WSC_Nack")
7834
7835 dev[0].request("WPS_CANCEL")
7836 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7837 dev[0].wait_disconnected()
7838
7839 def test_wps_ext_proto_m6_no_encr_settings(dev, apdev):
7840 """WPS and no Encr Settings in M6"""
7841 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
7842
7843 logger.debug("Send M6 to STA")
7844 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7845 attrs += build_attr_msg_type(WPS_M6)
7846 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7847 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7848 #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7849 attrs += build_attr_authenticator(authkey, m5, attrs)
7850 m6 = build_eap_wsc(1, eap_id, attrs)
7851 send_wsc_msg(dev[0], bssid, m6)
7852 eap_id = (eap_id + 1) % 256
7853
7854 logger.debug("Receive M7 (NACK) from STA")
7855 msg = get_wsc_msg(dev[0])
7856 if msg['wsc_opcode'] != WSC_NACK:
7857 raise Exception("Unexpected message - expected WSC_Nack")
7858
7859 dev[0].request("WPS_CANCEL")
7860 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7861 dev[0].wait_disconnected()
7862
7863 def test_wps_ext_proto_m8_no_encr_settings(dev, apdev):
7864 """WPS and no Encr Settings in M6"""
7865 eap_id, e_nonce, r_nonce, bssid, r_hash1, r_hash2, r_s2, m5, authkey, keywrapkey = wps_to_m5(dev, apdev)
7866
7867 logger.debug("Send M6 to STA")
7868 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7869 attrs += build_attr_msg_type(WPS_M6)
7870 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7871 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7872 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7873 attrs += build_attr_authenticator(authkey, m5, attrs)
7874 raw_m6_attrs = attrs
7875 m6 = build_eap_wsc(1, eap_id, attrs)
7876 send_wsc_msg(dev[0], bssid, m6)
7877 eap_id = (eap_id + 1) % 256
7878
7879 logger.debug("Receive M7 from STA")
7880 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(dev[0], WSC_MSG, WPS_M7)
7881
7882 logger.debug("Send M8 to STA")
7883 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7884 attrs += build_attr_msg_type(WPS_M8)
7885 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7886 #attrs += build_attr_encr_settings(authkey, keywrapkey, m8_cred)
7887 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
7888 raw_m8_attrs = attrs
7889 m8 = build_eap_wsc(1, eap_id, attrs)
7890 send_wsc_msg(dev[0], bssid, m8)
7891
7892 logger.debug("Receive WSC_Done (NACK) from STA")
7893 msg = get_wsc_msg(dev[0])
7894 if msg['wsc_opcode'] != WSC_NACK:
7895 raise Exception("Unexpected message - expected WSC_Nack")
7896
7897 dev[0].request("WPS_CANCEL")
7898 send_wsc_msg(dev[0], bssid, build_eap_failure(eap_id))
7899 dev[0].wait_disconnected()
7900
7901 def wps_start_ext_reg(apdev, dev):
7902 addr = dev.own_addr()
7903 bssid = apdev['bssid']
7904 ssid = "test-wps-conf"
7905 appin = "12345670"
7906 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
7907 "wpa_passphrase": "12345678", "wpa": "2",
7908 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
7909 "ap_pin": appin}
7910 hapd = hostapd.add_ap(apdev, params)
7911
7912 dev.scan_for_bss(bssid, freq="2412")
7913 hapd.request("SET ext_eapol_frame_io 1")
7914 dev.request("SET ext_eapol_frame_io 1")
7915
7916 dev.request("WPS_REG " + bssid + " " + appin)
7917
7918 return addr, bssid, hapd
7919
7920 def wps_run_ap_settings_proto(dev, apdev, ap_settings, success):
7921 addr, bssid, hapd = wps_start_ext_reg(apdev[0], dev[0])
7922 wps_ext_eap_identity_req(dev[0], hapd, bssid)
7923 wps_ext_eap_identity_resp(hapd, dev[0], addr)
7924
7925 logger.debug("Receive M1 from AP")
7926 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M1)
7927 mac_addr = m1_attrs[ATTR_MAC_ADDR]
7928 e_nonce = m1_attrs[ATTR_ENROLLEE_NONCE]
7929 e_pk = m1_attrs[ATTR_PUBLIC_KEY]
7930
7931 appin = '12345670'
7932 uuid_r = 16*b'\x33'
7933 r_nonce = 16*b'\x44'
7934 own_private, r_pk = wsc_dh_init()
7935 authkey, keywrapkey = wsc_dh_kdf(e_pk, own_private, mac_addr, e_nonce,
7936 r_nonce)
7937 r_s1, r_s2, r_hash1, r_hash2 = wsc_dev_pw_hash(authkey, appin, e_pk, r_pk)
7938
7939 logger.debug("Send M2 to AP")
7940 m2, raw_m2_attrs = build_m2(authkey, raw_m1_attrs, msg['eap_identifier'],
7941 e_nonce, r_nonce, uuid_r, r_pk, eap_code=2)
7942 send_wsc_msg(hapd, addr, m2)
7943
7944 logger.debug("Receive M3 from AP")
7945 msg, m3_attrs, raw_m3_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M3)
7946
7947 logger.debug("Send M4 to AP")
7948 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7949 attrs += build_attr_msg_type(WPS_M4)
7950 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7951 attrs += build_wsc_attr(ATTR_R_HASH1, r_hash1)
7952 attrs += build_wsc_attr(ATTR_R_HASH2, r_hash2)
7953 data = build_wsc_attr(ATTR_R_SNONCE1, r_s1)
7954 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7955 attrs += build_attr_authenticator(authkey, raw_m3_attrs, attrs)
7956 raw_m4_attrs = attrs
7957 m4 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7958 send_wsc_msg(hapd, addr, m4)
7959
7960 logger.debug("Receive M5 from AP")
7961 msg, m5_attrs, raw_m5_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M5)
7962
7963 logger.debug("Send M6 to STA")
7964 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7965 attrs += build_attr_msg_type(WPS_M6)
7966 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7967 data = build_wsc_attr(ATTR_R_SNONCE2, r_s2)
7968 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
7969 attrs += build_attr_authenticator(authkey, raw_m5_attrs, attrs)
7970 raw_m6_attrs = attrs
7971 m6 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7972 send_wsc_msg(hapd, addr, m6)
7973
7974 logger.debug("Receive M7 from AP")
7975 msg, m7_attrs, raw_m7_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M7)
7976
7977 logger.debug("Send M8 to STA")
7978 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
7979 attrs += build_attr_msg_type(WPS_M8)
7980 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
7981 if ap_settings:
7982 attrs += build_attr_encr_settings(authkey, keywrapkey, ap_settings)
7983 attrs += build_attr_authenticator(authkey, raw_m7_attrs, attrs)
7984 raw_m8_attrs = attrs
7985 m8 = build_eap_wsc(2, msg['eap_identifier'], attrs)
7986 send_wsc_msg(hapd, addr, m8)
7987
7988 if success:
7989 ev = hapd.wait_event(["WPS-NEW-AP-SETTINGS"], timeout=5)
7990 if ev is None:
7991 raise Exception("New AP settings not reported")
7992 logger.debug("Receive WSC_Done from AP")
7993 msg = get_wsc_msg(hapd)
7994 if msg['wsc_opcode'] != WSC_Done:
7995 raise Exception("Unexpected message - expected WSC_Done")
7996
7997 logger.debug("Send WSC_ACK to AP")
7998 ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
7999 eap_code=2)
8000 send_wsc_msg(hapd, addr, ack)
8001 dev[0].wait_disconnected()
8002 else:
8003 ev = hapd.wait_event(["WPS-FAIL"], timeout=5)
8004 if ev is None:
8005 raise Exception("WPS failure not reported")
8006 logger.debug("Receive WSC_NACK from AP")
8007 msg = get_wsc_msg(hapd)
8008 if msg['wsc_opcode'] != WSC_NACK:
8009 raise Exception("Unexpected message - expected WSC_NACK")
8010
8011 logger.debug("Send WSC_NACK to AP")
8012 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8013 eap_code=2)
8014 send_wsc_msg(hapd, addr, nack)
8015 dev[0].wait_disconnected()
8016
8017 def test_wps_ext_ap_settings_success(dev, apdev):
8018 """WPS and AP Settings: success"""
8019 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
8020 ap_settings += build_wsc_attr(ATTR_SSID, "test")
8021 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
8022 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
8023 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
8024 ap_settings += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[0]['bssid'].replace(':', '')))
8025 wps_run_ap_settings_proto(dev, apdev, ap_settings, True)
8026
8027 @remote_compatible
8028 def test_wps_ext_ap_settings_missing(dev, apdev):
8029 """WPS and AP Settings: missing"""
8030 wps_run_ap_settings_proto(dev, apdev, None, False)
8031
8032 @remote_compatible
8033 def test_wps_ext_ap_settings_mac_addr_mismatch(dev, apdev):
8034 """WPS and AP Settings: MAC Address mismatch"""
8035 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
8036 ap_settings += build_wsc_attr(ATTR_SSID, "test")
8037 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
8038 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
8039 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
8040 ap_settings += build_wsc_attr(ATTR_MAC_ADDR, '\x00\x00\x00\x00\x00\x00')
8041 wps_run_ap_settings_proto(dev, apdev, ap_settings, True)
8042
8043 @remote_compatible
8044 def test_wps_ext_ap_settings_mac_addr_missing(dev, apdev):
8045 """WPS and AP Settings: missing MAC Address"""
8046 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
8047 ap_settings += build_wsc_attr(ATTR_SSID, "test")
8048 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
8049 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x01')
8050 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
8051 wps_run_ap_settings_proto(dev, apdev, ap_settings, False)
8052
8053 @remote_compatible
8054 def test_wps_ext_ap_settings_reject_encr_type(dev, apdev):
8055 """WPS and AP Settings: reject Encr Type"""
8056 ap_settings = build_wsc_attr(ATTR_NETWORK_INDEX, '\x01')
8057 ap_settings += build_wsc_attr(ATTR_SSID, "test")
8058 ap_settings += build_wsc_attr(ATTR_AUTH_TYPE, '\x00\x01')
8059 ap_settings += build_wsc_attr(ATTR_ENCR_TYPE, '\x00\x00')
8060 ap_settings += build_wsc_attr(ATTR_NETWORK_KEY, '')
8061 ap_settings += build_wsc_attr(ATTR_MAC_ADDR, binascii.unhexlify(apdev[0]['bssid'].replace(':', '')))
8062 wps_run_ap_settings_proto(dev, apdev, ap_settings, False)
8063
8064 @remote_compatible
8065 def test_wps_ext_ap_settings_m2d(dev, apdev):
8066 """WPS and AP Settings: M2D"""
8067 addr, bssid, hapd = wps_start_ext_reg(apdev[0], dev[0])
8068 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8069 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8070
8071 logger.debug("Receive M1 from AP")
8072 msg, m1_attrs, raw_m1_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M1)
8073 e_nonce = m1_attrs[ATTR_ENROLLEE_NONCE]
8074
8075 r_nonce = 16*'\x44'
8076 uuid_r = 16*'\x33'
8077
8078 logger.debug("Send M2D to AP")
8079 m2d, raw_m2d_attrs = build_m2d(raw_m1_attrs, msg['eap_identifier'],
8080 e_nonce, r_nonce, uuid_r,
8081 dev_pw_id='\x00\x00', eap_code=2)
8082 send_wsc_msg(hapd, addr, m2d)
8083
8084 ev = hapd.wait_event(["WPS-M2D"], timeout=5)
8085 if ev is None:
8086 raise Exception("M2D not reported")
8087
8088 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8089
8090 def wps_wait_ap_nack(hapd, dev, e_nonce, r_nonce):
8091 logger.debug("Receive WSC_NACK from AP")
8092 msg = get_wsc_msg(hapd)
8093 if msg['wsc_opcode'] != WSC_NACK:
8094 raise Exception("Unexpected message - expected WSC_NACK")
8095
8096 logger.debug("Send WSC_NACK to AP")
8097 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8098 eap_code=2)
8099 send_wsc_msg(hapd, dev.own_addr(), nack)
8100 dev.wait_disconnected()
8101
8102 @remote_compatible
8103 def test_wps_ext_m3_missing_e_hash1(dev, apdev):
8104 """WPS proto: M3 missing E-Hash1"""
8105 pin = "12345670"
8106 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8107 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8108 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8109
8110 logger.debug("Receive WSC/Start from AP")
8111 msg = get_wsc_msg(hapd)
8112 if msg['wsc_opcode'] != WSC_Start:
8113 raise Exception("Unexpected Op-Code for WSC/Start")
8114
8115 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8116 uuid_e = 16*b'\x11'
8117 e_nonce = 16*b'\x22'
8118 own_private, e_pk = wsc_dh_init()
8119
8120 logger.debug("Send M1 to AP")
8121 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8122 e_nonce, e_pk)
8123 send_wsc_msg(hapd, addr, m1)
8124
8125 logger.debug("Receive M2 from AP")
8126 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8127 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8128 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8129
8130 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8131 r_nonce)
8132 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8133
8134 logger.debug("Send M3 to AP")
8135 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8136 attrs += build_attr_msg_type(WPS_M3)
8137 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8138 #attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8139 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8140 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8141 raw_m3_attrs = attrs
8142 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8143 send_wsc_msg(hapd, addr, m3)
8144
8145 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8146
8147 @remote_compatible
8148 def test_wps_ext_m3_missing_e_hash2(dev, apdev):
8149 """WPS proto: M3 missing E-Hash2"""
8150 pin = "12345670"
8151 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8152 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8153 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8154
8155 logger.debug("Receive WSC/Start from AP")
8156 msg = get_wsc_msg(hapd)
8157 if msg['wsc_opcode'] != WSC_Start:
8158 raise Exception("Unexpected Op-Code for WSC/Start")
8159
8160 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8161 uuid_e = 16*b'\x11'
8162 e_nonce = 16*b'\x22'
8163 own_private, e_pk = wsc_dh_init()
8164
8165 logger.debug("Send M1 to AP")
8166 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8167 e_nonce, e_pk)
8168 send_wsc_msg(hapd, addr, m1)
8169
8170 logger.debug("Receive M2 from AP")
8171 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8172 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8173 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8174
8175 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8176 r_nonce)
8177 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8178
8179 logger.debug("Send M3 to AP")
8180 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8181 attrs += build_attr_msg_type(WPS_M3)
8182 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8183 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8184 #attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8185 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8186 raw_m3_attrs = attrs
8187 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8188 send_wsc_msg(hapd, addr, m3)
8189
8190 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8191
8192 @remote_compatible
8193 def test_wps_ext_m5_missing_e_snonce1(dev, apdev):
8194 """WPS proto: M5 missing E-SNonce1"""
8195 pin = "12345670"
8196 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8197 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8198 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8199
8200 logger.debug("Receive WSC/Start from AP")
8201 msg = get_wsc_msg(hapd)
8202 if msg['wsc_opcode'] != WSC_Start:
8203 raise Exception("Unexpected Op-Code for WSC/Start")
8204
8205 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8206 uuid_e = 16*b'\x11'
8207 e_nonce = 16*b'\x22'
8208 own_private, e_pk = wsc_dh_init()
8209
8210 logger.debug("Send M1 to AP")
8211 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8212 e_nonce, e_pk)
8213 send_wsc_msg(hapd, addr, m1)
8214
8215 logger.debug("Receive M2 from AP")
8216 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8217 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8218 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8219
8220 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8221 r_nonce)
8222 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8223
8224 logger.debug("Send M3 to AP")
8225 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8226 attrs += build_attr_msg_type(WPS_M3)
8227 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8228 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8229 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8230 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8231 raw_m3_attrs = attrs
8232 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8233 send_wsc_msg(hapd, addr, m3)
8234
8235 logger.debug("Receive M4 from AP")
8236 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8237
8238 logger.debug("Send M5 to AP")
8239 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8240 attrs += build_attr_msg_type(WPS_M5)
8241 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8242 #data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8243 data = b''
8244 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8245 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8246 raw_m5_attrs = attrs
8247 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8248 send_wsc_msg(hapd, addr, m5)
8249
8250 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8251
8252 @remote_compatible
8253 def test_wps_ext_m5_e_snonce1_mismatch(dev, apdev):
8254 """WPS proto: M5 E-SNonce1 mismatch"""
8255 pin = "12345670"
8256 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8257 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8258 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8259
8260 logger.debug("Receive WSC/Start from AP")
8261 msg = get_wsc_msg(hapd)
8262 if msg['wsc_opcode'] != WSC_Start:
8263 raise Exception("Unexpected Op-Code for WSC/Start")
8264
8265 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8266 uuid_e = 16*b'\x11'
8267 e_nonce = 16*b'\x22'
8268 own_private, e_pk = wsc_dh_init()
8269
8270 logger.debug("Send M1 to AP")
8271 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8272 e_nonce, e_pk)
8273 send_wsc_msg(hapd, addr, m1)
8274
8275 logger.debug("Receive M2 from AP")
8276 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8277 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8278 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8279
8280 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8281 r_nonce)
8282 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8283
8284 logger.debug("Send M3 to AP")
8285 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8286 attrs += build_attr_msg_type(WPS_M3)
8287 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8288 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8289 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8290 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8291 raw_m3_attrs = attrs
8292 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8293 send_wsc_msg(hapd, addr, m3)
8294
8295 logger.debug("Receive M4 from AP")
8296 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8297
8298 logger.debug("Send M5 to AP")
8299 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8300 attrs += build_attr_msg_type(WPS_M5)
8301 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8302 data = build_wsc_attr(ATTR_E_SNONCE1, 16*'\x00')
8303 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8304 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8305 raw_m5_attrs = attrs
8306 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8307 send_wsc_msg(hapd, addr, m5)
8308
8309 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8310
8311 def test_wps_ext_m7_missing_e_snonce2(dev, apdev):
8312 """WPS proto: M7 missing E-SNonce2"""
8313 pin = "12345670"
8314 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8315 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8316 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8317
8318 logger.debug("Receive WSC/Start from AP")
8319 msg = get_wsc_msg(hapd)
8320 if msg['wsc_opcode'] != WSC_Start:
8321 raise Exception("Unexpected Op-Code for WSC/Start")
8322
8323 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8324 uuid_e = 16*b'\x11'
8325 e_nonce = 16*b'\x22'
8326 own_private, e_pk = wsc_dh_init()
8327
8328 logger.debug("Send M1 to AP")
8329 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8330 e_nonce, e_pk)
8331 send_wsc_msg(hapd, addr, m1)
8332
8333 logger.debug("Receive M2 from AP")
8334 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8335 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8336 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8337
8338 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8339 r_nonce)
8340 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8341
8342 logger.debug("Send M3 to AP")
8343 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8344 attrs += build_attr_msg_type(WPS_M3)
8345 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8346 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8347 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8348 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8349 raw_m3_attrs = attrs
8350 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8351 send_wsc_msg(hapd, addr, m3)
8352
8353 logger.debug("Receive M4 from AP")
8354 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8355
8356 logger.debug("Send M5 to AP")
8357 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8358 attrs += build_attr_msg_type(WPS_M5)
8359 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8360 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8361 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8362 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8363 raw_m5_attrs = attrs
8364 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8365 send_wsc_msg(hapd, addr, m5)
8366
8367 logger.debug("Receive M6 from AP")
8368 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
8369
8370 logger.debug("Send M7 to AP")
8371 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8372 attrs += build_attr_msg_type(WPS_M7)
8373 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8374 #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
8375 data = b''
8376 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8377 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
8378 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8379 raw_m7_attrs = attrs
8380 send_wsc_msg(hapd, addr, m7)
8381
8382 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8383
8384 @remote_compatible
8385 def test_wps_ext_m7_e_snonce2_mismatch(dev, apdev):
8386 """WPS proto: M7 E-SNonce2 mismatch"""
8387 pin = "12345670"
8388 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8389 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8390 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8391
8392 logger.debug("Receive WSC/Start from AP")
8393 msg = get_wsc_msg(hapd)
8394 if msg['wsc_opcode'] != WSC_Start:
8395 raise Exception("Unexpected Op-Code for WSC/Start")
8396
8397 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8398 uuid_e = 16*b'\x11'
8399 e_nonce = 16*b'\x22'
8400 own_private, e_pk = wsc_dh_init()
8401
8402 logger.debug("Send M1 to AP")
8403 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8404 e_nonce, e_pk)
8405 send_wsc_msg(hapd, addr, m1)
8406
8407 logger.debug("Receive M2 from AP")
8408 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8409 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8410 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8411
8412 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8413 r_nonce)
8414 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8415
8416 logger.debug("Send M3 to AP")
8417 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8418 attrs += build_attr_msg_type(WPS_M3)
8419 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8420 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8421 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8422 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8423 raw_m3_attrs = attrs
8424 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8425 send_wsc_msg(hapd, addr, m3)
8426
8427 logger.debug("Receive M4 from AP")
8428 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8429
8430 logger.debug("Send M5 to AP")
8431 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8432 attrs += build_attr_msg_type(WPS_M5)
8433 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8434 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8435 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8436 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8437 raw_m5_attrs = attrs
8438 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8439 send_wsc_msg(hapd, addr, m5)
8440
8441 logger.debug("Receive M6 from AP")
8442 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
8443
8444 logger.debug("Send M7 to AP")
8445 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8446 attrs += build_attr_msg_type(WPS_M7)
8447 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8448 data = build_wsc_attr(ATTR_E_SNONCE2, 16*'\x00')
8449 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8450 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
8451 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8452 raw_m7_attrs = attrs
8453 send_wsc_msg(hapd, addr, m7)
8454
8455 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8456
8457 @remote_compatible
8458 def test_wps_ext_m1_pubkey_oom(dev, apdev):
8459 """WPS proto: M1 PubKey OOM"""
8460 pin = "12345670"
8461 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8462 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8463 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8464
8465 logger.debug("Receive WSC/Start from AP")
8466 msg = get_wsc_msg(hapd)
8467 if msg['wsc_opcode'] != WSC_Start:
8468 raise Exception("Unexpected Op-Code for WSC/Start")
8469
8470 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8471 uuid_e = 16*'\x11'
8472 e_nonce = 16*'\x22'
8473 own_private, e_pk = wsc_dh_init()
8474
8475 logger.debug("Send M1 to AP")
8476 with alloc_fail(hapd, 1, "wpabuf_alloc_copy;wps_process_pubkey"):
8477 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8478 e_nonce, e_pk)
8479 send_wsc_msg(hapd, addr, m1)
8480 wps_wait_eap_failure(hapd, dev[0])
8481
8482 def wps_wait_eap_failure(hapd, dev):
8483 ev = hapd.wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
8484 if ev is None:
8485 raise Exception("EAP-Failure not reported")
8486 dev.wait_disconnected()
8487
8488 @remote_compatible
8489 def test_wps_ext_m3_m1(dev, apdev):
8490 """WPS proto: M3 replaced with M1"""
8491 pin = "12345670"
8492 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8493 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8494 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8495
8496 logger.debug("Receive WSC/Start from AP")
8497 msg = get_wsc_msg(hapd)
8498 if msg['wsc_opcode'] != WSC_Start:
8499 raise Exception("Unexpected Op-Code for WSC/Start")
8500
8501 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8502 uuid_e = 16*b'\x11'
8503 e_nonce = 16*b'\x22'
8504 own_private, e_pk = wsc_dh_init()
8505
8506 logger.debug("Send M1 to AP")
8507 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8508 e_nonce, e_pk)
8509 send_wsc_msg(hapd, addr, m1)
8510
8511 logger.debug("Receive M2 from AP")
8512 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8513 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8514 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8515
8516 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8517 r_nonce)
8518 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8519
8520 logger.debug("Send M3(M1) to AP")
8521 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8522 attrs += build_attr_msg_type(WPS_M1)
8523 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8524 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8525 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8526 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8527 raw_m3_attrs = attrs
8528 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8529 send_wsc_msg(hapd, addr, m3)
8530
8531 wps_wait_eap_failure(hapd, dev[0])
8532
8533 @remote_compatible
8534 def test_wps_ext_m5_m3(dev, apdev):
8535 """WPS proto: M5 replaced with M3"""
8536 pin = "12345670"
8537 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8538 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8539 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8540
8541 logger.debug("Receive WSC/Start from AP")
8542 msg = get_wsc_msg(hapd)
8543 if msg['wsc_opcode'] != WSC_Start:
8544 raise Exception("Unexpected Op-Code for WSC/Start")
8545
8546 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8547 uuid_e = 16*b'\x11'
8548 e_nonce = 16*b'\x22'
8549 own_private, e_pk = wsc_dh_init()
8550
8551 logger.debug("Send M1 to AP")
8552 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8553 e_nonce, e_pk)
8554 send_wsc_msg(hapd, addr, m1)
8555
8556 logger.debug("Receive M2 from AP")
8557 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8558 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8559 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8560
8561 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8562 r_nonce)
8563 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8564
8565 logger.debug("Send M3 to AP")
8566 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8567 attrs += build_attr_msg_type(WPS_M3)
8568 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8569 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8570 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8571 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8572 raw_m3_attrs = attrs
8573 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8574 send_wsc_msg(hapd, addr, m3)
8575
8576 logger.debug("Receive M4 from AP")
8577 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
8578
8579 logger.debug("Send M5(M3) to AP")
8580 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8581 attrs += build_attr_msg_type(WPS_M3)
8582 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8583 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
8584 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
8585 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
8586 raw_m5_attrs = attrs
8587 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8588 send_wsc_msg(hapd, addr, m5)
8589
8590 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8591
8592 @remote_compatible
8593 def test_wps_ext_m3_m2(dev, apdev):
8594 """WPS proto: M3 replaced with M2"""
8595 pin = "12345670"
8596 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8597 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8598 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8599
8600 logger.debug("Receive WSC/Start from AP")
8601 msg = get_wsc_msg(hapd)
8602 if msg['wsc_opcode'] != WSC_Start:
8603 raise Exception("Unexpected Op-Code for WSC/Start")
8604
8605 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8606 uuid_e = 16*b'\x11'
8607 e_nonce = 16*b'\x22'
8608 own_private, e_pk = wsc_dh_init()
8609
8610 logger.debug("Send M1 to AP")
8611 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8612 e_nonce, e_pk)
8613 send_wsc_msg(hapd, addr, m1)
8614
8615 logger.debug("Receive M2 from AP")
8616 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8617 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8618 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8619
8620 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8621 r_nonce)
8622 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8623
8624 logger.debug("Send M3(M2) to AP")
8625 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8626 attrs += build_attr_msg_type(WPS_M2)
8627 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8628 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8629 raw_m3_attrs = attrs
8630 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8631 send_wsc_msg(hapd, addr, m3)
8632
8633 wps_wait_eap_failure(hapd, dev[0])
8634
8635 @remote_compatible
8636 def test_wps_ext_m3_m5(dev, apdev):
8637 """WPS proto: M3 replaced with M5"""
8638 pin = "12345670"
8639 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8640 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8641 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8642
8643 logger.debug("Receive WSC/Start from AP")
8644 msg = get_wsc_msg(hapd)
8645 if msg['wsc_opcode'] != WSC_Start:
8646 raise Exception("Unexpected Op-Code for WSC/Start")
8647
8648 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8649 uuid_e = 16*b'\x11'
8650 e_nonce = 16*b'\x22'
8651 own_private, e_pk = wsc_dh_init()
8652
8653 logger.debug("Send M1 to AP")
8654 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8655 e_nonce, e_pk)
8656 send_wsc_msg(hapd, addr, m1)
8657
8658 logger.debug("Receive M2 from AP")
8659 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8660 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8661 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8662
8663 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8664 r_nonce)
8665 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8666
8667 logger.debug("Send M3(M5) to AP")
8668 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8669 attrs += build_attr_msg_type(WPS_M5)
8670 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8671 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8672 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8673 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8674 raw_m3_attrs = attrs
8675 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8676 send_wsc_msg(hapd, addr, m3)
8677
8678 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8679
8680 @remote_compatible
8681 def test_wps_ext_m3_m7(dev, apdev):
8682 """WPS proto: M3 replaced with M7"""
8683 pin = "12345670"
8684 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8685 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8686 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8687
8688 logger.debug("Receive WSC/Start from AP")
8689 msg = get_wsc_msg(hapd)
8690 if msg['wsc_opcode'] != WSC_Start:
8691 raise Exception("Unexpected Op-Code for WSC/Start")
8692
8693 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8694 uuid_e = 16*b'\x11'
8695 e_nonce = 16*b'\x22'
8696 own_private, e_pk = wsc_dh_init()
8697
8698 logger.debug("Send M1 to AP")
8699 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8700 e_nonce, e_pk)
8701 send_wsc_msg(hapd, addr, m1)
8702
8703 logger.debug("Receive M2 from AP")
8704 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8705 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8706 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8707
8708 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8709 r_nonce)
8710 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8711
8712 logger.debug("Send M3(M7) to AP")
8713 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8714 attrs += build_attr_msg_type(WPS_M7)
8715 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
8716 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
8717 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
8718 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8719 raw_m3_attrs = attrs
8720 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
8721 send_wsc_msg(hapd, addr, m3)
8722
8723 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
8724
8725 @remote_compatible
8726 def test_wps_ext_m3_done(dev, apdev):
8727 """WPS proto: M3 replaced with WSC_Done"""
8728 pin = "12345670"
8729 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8730 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8731 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8732
8733 logger.debug("Receive WSC/Start from AP")
8734 msg = get_wsc_msg(hapd)
8735 if msg['wsc_opcode'] != WSC_Start:
8736 raise Exception("Unexpected Op-Code for WSC/Start")
8737
8738 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8739 uuid_e = 16*b'\x11'
8740 e_nonce = 16*b'\x22'
8741 own_private, e_pk = wsc_dh_init()
8742
8743 logger.debug("Send M1 to AP")
8744 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8745 e_nonce, e_pk)
8746 send_wsc_msg(hapd, addr, m1)
8747
8748 logger.debug("Receive M2 from AP")
8749 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8750 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8751 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8752
8753 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8754 r_nonce)
8755 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8756
8757 logger.debug("Send M3(WSC_Done) to AP")
8758 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
8759 attrs += build_attr_msg_type(WPS_WSC_DONE)
8760 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
8761 raw_m3_attrs = attrs
8762 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
8763 send_wsc_msg(hapd, addr, m3)
8764
8765 wps_wait_eap_failure(hapd, dev[0])
8766
8767 @remote_compatible
8768 def test_wps_ext_m2_nack_invalid(dev, apdev):
8769 """WPS proto: M2 followed by invalid NACK"""
8770 pin = "12345670"
8771 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8772 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8773 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8774
8775 logger.debug("Receive WSC/Start from AP")
8776 msg = get_wsc_msg(hapd)
8777 if msg['wsc_opcode'] != WSC_Start:
8778 raise Exception("Unexpected Op-Code for WSC/Start")
8779
8780 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8781 uuid_e = 16*b'\x11'
8782 e_nonce = 16*b'\x22'
8783 own_private, e_pk = wsc_dh_init()
8784
8785 logger.debug("Send M1 to AP")
8786 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8787 e_nonce, e_pk)
8788 send_wsc_msg(hapd, addr, m1)
8789
8790 logger.debug("Receive M2 from AP")
8791 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8792 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8793 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8794
8795 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8796 r_nonce)
8797 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8798
8799 logger.debug("Send WSC_NACK to AP")
8800 attrs = b'\x10\x00\x00'
8801 nack = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_NACK)
8802 send_wsc_msg(hapd, addr, nack)
8803
8804 wps_wait_eap_failure(hapd, dev[0])
8805
8806 @remote_compatible
8807 def test_wps_ext_m2_nack_no_msg_type(dev, apdev):
8808 """WPS proto: M2 followed by NACK without Msg Type"""
8809 pin = "12345670"
8810 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8811 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8812 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8813
8814 logger.debug("Receive WSC/Start from AP")
8815 msg = get_wsc_msg(hapd)
8816 if msg['wsc_opcode'] != WSC_Start:
8817 raise Exception("Unexpected Op-Code for WSC/Start")
8818
8819 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8820 uuid_e = 16*b'\x11'
8821 e_nonce = 16*b'\x22'
8822 own_private, e_pk = wsc_dh_init()
8823
8824 logger.debug("Send M1 to AP")
8825 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8826 e_nonce, e_pk)
8827 send_wsc_msg(hapd, addr, m1)
8828
8829 logger.debug("Receive M2 from AP")
8830 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8831 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8832 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8833
8834 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8835 r_nonce)
8836 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8837
8838 logger.debug("Send WSC_NACK to AP")
8839 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8840 msg_type=None, eap_code=2)
8841 send_wsc_msg(hapd, addr, nack)
8842
8843 wps_wait_eap_failure(hapd, dev[0])
8844
8845 @remote_compatible
8846 def test_wps_ext_m2_nack_invalid_msg_type(dev, apdev):
8847 """WPS proto: M2 followed by NACK with invalid Msg Type"""
8848 pin = "12345670"
8849 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8850 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8851 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8852
8853 logger.debug("Receive WSC/Start from AP")
8854 msg = get_wsc_msg(hapd)
8855 if msg['wsc_opcode'] != WSC_Start:
8856 raise Exception("Unexpected Op-Code for WSC/Start")
8857
8858 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8859 uuid_e = 16*b'\x11'
8860 e_nonce = 16*b'\x22'
8861 own_private, e_pk = wsc_dh_init()
8862
8863 logger.debug("Send M1 to AP")
8864 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8865 e_nonce, e_pk)
8866 send_wsc_msg(hapd, addr, m1)
8867
8868 logger.debug("Receive M2 from AP")
8869 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8870 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8871 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8872
8873 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8874 r_nonce)
8875 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8876
8877 logger.debug("Send WSC_NACK to AP")
8878 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8879 msg_type=WPS_WSC_ACK, eap_code=2)
8880 send_wsc_msg(hapd, addr, nack)
8881
8882 wps_wait_eap_failure(hapd, dev[0])
8883
8884 @remote_compatible
8885 def test_wps_ext_m2_nack_e_nonce_mismatch(dev, apdev):
8886 """WPS proto: M2 followed by NACK with e-nonce mismatch"""
8887 pin = "12345670"
8888 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8889 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8890 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8891
8892 logger.debug("Receive WSC/Start from AP")
8893 msg = get_wsc_msg(hapd)
8894 if msg['wsc_opcode'] != WSC_Start:
8895 raise Exception("Unexpected Op-Code for WSC/Start")
8896
8897 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8898 uuid_e = 16*b'\x11'
8899 e_nonce = 16*b'\x22'
8900 own_private, e_pk = wsc_dh_init()
8901
8902 logger.debug("Send M1 to AP")
8903 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8904 e_nonce, e_pk)
8905 send_wsc_msg(hapd, addr, m1)
8906
8907 logger.debug("Receive M2 from AP")
8908 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8909 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8910 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8911
8912 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8913 r_nonce)
8914 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8915
8916 logger.debug("Send WSC_NACK to AP")
8917 nack, attrs = build_nack(msg['eap_identifier'], 16*b'\x00', r_nonce,
8918 eap_code=2)
8919 send_wsc_msg(hapd, addr, nack)
8920
8921 wps_wait_eap_failure(hapd, dev[0])
8922
8923 @remote_compatible
8924 def test_wps_ext_m2_nack_no_config_error(dev, apdev):
8925 """WPS proto: M2 followed by NACK without Config Error"""
8926 pin = "12345670"
8927 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8928 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8929 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8930
8931 logger.debug("Receive WSC/Start from AP")
8932 msg = get_wsc_msg(hapd)
8933 if msg['wsc_opcode'] != WSC_Start:
8934 raise Exception("Unexpected Op-Code for WSC/Start")
8935
8936 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8937 uuid_e = 16*b'\x11'
8938 e_nonce = 16*b'\x22'
8939 own_private, e_pk = wsc_dh_init()
8940
8941 logger.debug("Send M1 to AP")
8942 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8943 e_nonce, e_pk)
8944 send_wsc_msg(hapd, addr, m1)
8945
8946 logger.debug("Receive M2 from AP")
8947 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8948 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8949 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8950
8951 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8952 r_nonce)
8953 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8954
8955 logger.debug("Send WSC_NACK to AP")
8956 nack, attrs = build_nack(msg['eap_identifier'], e_nonce, r_nonce,
8957 config_error=None, eap_code=2)
8958 send_wsc_msg(hapd, addr, nack)
8959
8960 wps_wait_eap_failure(hapd, dev[0])
8961
8962 @remote_compatible
8963 def test_wps_ext_m2_ack_invalid(dev, apdev):
8964 """WPS proto: M2 followed by invalid ACK"""
8965 pin = "12345670"
8966 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
8967 wps_ext_eap_identity_req(dev[0], hapd, bssid)
8968 wps_ext_eap_identity_resp(hapd, dev[0], addr)
8969
8970 logger.debug("Receive WSC/Start from AP")
8971 msg = get_wsc_msg(hapd)
8972 if msg['wsc_opcode'] != WSC_Start:
8973 raise Exception("Unexpected Op-Code for WSC/Start")
8974
8975 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
8976 uuid_e = 16*b'\x11'
8977 e_nonce = 16*b'\x22'
8978 own_private, e_pk = wsc_dh_init()
8979
8980 logger.debug("Send M1 to AP")
8981 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
8982 e_nonce, e_pk)
8983 send_wsc_msg(hapd, addr, m1)
8984
8985 logger.debug("Receive M2 from AP")
8986 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
8987 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
8988 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
8989
8990 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
8991 r_nonce)
8992 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
8993
8994 logger.debug("Send WSC_ACK to AP")
8995 attrs = b'\x10\x00\x00'
8996 ack = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_ACK)
8997 send_wsc_msg(hapd, addr, ack)
8998
8999 wps_wait_eap_failure(hapd, dev[0])
9000
9001 @remote_compatible
9002 def test_wps_ext_m2_ack(dev, apdev):
9003 """WPS proto: M2 followed by ACK"""
9004 pin = "12345670"
9005 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9006 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9007 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9008
9009 logger.debug("Receive WSC/Start from AP")
9010 msg = get_wsc_msg(hapd)
9011 if msg['wsc_opcode'] != WSC_Start:
9012 raise Exception("Unexpected Op-Code for WSC/Start")
9013
9014 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9015 uuid_e = 16*b'\x11'
9016 e_nonce = 16*b'\x22'
9017 own_private, e_pk = wsc_dh_init()
9018
9019 logger.debug("Send M1 to AP")
9020 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9021 e_nonce, e_pk)
9022 send_wsc_msg(hapd, addr, m1)
9023
9024 logger.debug("Receive M2 from AP")
9025 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9026 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
9027 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
9028
9029 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9030 r_nonce)
9031 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9032
9033 logger.debug("Send WSC_ACK to AP")
9034 ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce, eap_code=2)
9035 send_wsc_msg(hapd, addr, ack)
9036
9037 wps_wait_eap_failure(hapd, dev[0])
9038
9039 @remote_compatible
9040 def test_wps_ext_m2_ack_no_msg_type(dev, apdev):
9041 """WPS proto: M2 followed by ACK missing Msg Type"""
9042 pin = "12345670"
9043 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9044 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9045 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9046
9047 logger.debug("Receive WSC/Start from AP")
9048 msg = get_wsc_msg(hapd)
9049 if msg['wsc_opcode'] != WSC_Start:
9050 raise Exception("Unexpected Op-Code for WSC/Start")
9051
9052 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9053 uuid_e = 16*b'\x11'
9054 e_nonce = 16*b'\x22'
9055 own_private, e_pk = wsc_dh_init()
9056
9057 logger.debug("Send M1 to AP")
9058 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9059 e_nonce, e_pk)
9060 send_wsc_msg(hapd, addr, m1)
9061
9062 logger.debug("Receive M2 from AP")
9063 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9064 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
9065 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
9066
9067 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9068 r_nonce)
9069 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9070
9071 logger.debug("Send WSC_ACK to AP")
9072 ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
9073 msg_type=None, eap_code=2)
9074 send_wsc_msg(hapd, addr, ack)
9075
9076 wps_wait_eap_failure(hapd, dev[0])
9077
9078 @remote_compatible
9079 def test_wps_ext_m2_ack_invalid_msg_type(dev, apdev):
9080 """WPS proto: M2 followed by ACK with invalid Msg Type"""
9081 pin = "12345670"
9082 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9083 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9084 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9085
9086 logger.debug("Receive WSC/Start from AP")
9087 msg = get_wsc_msg(hapd)
9088 if msg['wsc_opcode'] != WSC_Start:
9089 raise Exception("Unexpected Op-Code for WSC/Start")
9090
9091 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9092 uuid_e = 16*b'\x11'
9093 e_nonce = 16*b'\x22'
9094 own_private, e_pk = wsc_dh_init()
9095
9096 logger.debug("Send M1 to AP")
9097 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9098 e_nonce, e_pk)
9099 send_wsc_msg(hapd, addr, m1)
9100
9101 logger.debug("Receive M2 from AP")
9102 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9103 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
9104 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
9105
9106 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9107 r_nonce)
9108 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9109
9110 logger.debug("Send WSC_ACK to AP")
9111 ack, attrs = build_ack(msg['eap_identifier'], e_nonce, r_nonce,
9112 msg_type=WPS_WSC_NACK, eap_code=2)
9113 send_wsc_msg(hapd, addr, ack)
9114
9115 wps_wait_eap_failure(hapd, dev[0])
9116
9117 @remote_compatible
9118 def test_wps_ext_m2_ack_e_nonce_mismatch(dev, apdev):
9119 """WPS proto: M2 followed by ACK with e-nonce mismatch"""
9120 pin = "12345670"
9121 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9122 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9123 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9124
9125 logger.debug("Receive WSC/Start from AP")
9126 msg = get_wsc_msg(hapd)
9127 if msg['wsc_opcode'] != WSC_Start:
9128 raise Exception("Unexpected Op-Code for WSC/Start")
9129
9130 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9131 uuid_e = 16*b'\x11'
9132 e_nonce = 16*b'\x22'
9133 own_private, e_pk = wsc_dh_init()
9134
9135 logger.debug("Send M1 to AP")
9136 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9137 e_nonce, e_pk)
9138 send_wsc_msg(hapd, addr, m1)
9139
9140 logger.debug("Receive M2 from AP")
9141 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9142 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
9143 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
9144
9145 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9146 r_nonce)
9147 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9148
9149 logger.debug("Send WSC_ACK to AP")
9150 ack, attrs = build_ack(msg['eap_identifier'], 16*b'\x00', r_nonce,
9151 eap_code=2)
9152 send_wsc_msg(hapd, addr, ack)
9153
9154 wps_wait_eap_failure(hapd, dev[0])
9155
9156 @remote_compatible
9157 def test_wps_ext_m1_invalid(dev, apdev):
9158 """WPS proto: M1 failing parsing"""
9159 pin = "12345670"
9160 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9161 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9162 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9163
9164 logger.debug("Receive WSC/Start from AP")
9165 msg = get_wsc_msg(hapd)
9166 if msg['wsc_opcode'] != WSC_Start:
9167 raise Exception("Unexpected Op-Code for WSC/Start")
9168
9169 logger.debug("Send M1 to AP")
9170 attrs = b'\x10\x00\x00'
9171 m1 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9172 send_wsc_msg(hapd, addr, m1)
9173
9174 wps_wait_eap_failure(hapd, dev[0])
9175
9176 def test_wps_ext_m1_missing_msg_type(dev, apdev):
9177 """WPS proto: M1 missing Msg Type"""
9178 pin = "12345670"
9179 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9180 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9181 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9182
9183 logger.debug("Receive WSC/Start from AP")
9184 msg = get_wsc_msg(hapd)
9185 if msg['wsc_opcode'] != WSC_Start:
9186 raise Exception("Unexpected Op-Code for WSC/Start")
9187
9188 logger.debug("Send M1 to AP")
9189 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9190 m1 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9191 send_wsc_msg(hapd, addr, m1)
9192
9193 wps_wait_ap_nack(hapd, dev[0], 16*b'\x00', 16*b'\x00')
9194
9195 def wps_ext_wsc_done(dev, apdev):
9196 pin = "12345670"
9197 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9198 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9199 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9200
9201 logger.debug("Receive WSC/Start from AP")
9202 msg = get_wsc_msg(hapd)
9203 if msg['wsc_opcode'] != WSC_Start:
9204 raise Exception("Unexpected Op-Code for WSC/Start")
9205
9206 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9207 uuid_e = 16*b'\x11'
9208 e_nonce = 16*b'\x22'
9209 own_private, e_pk = wsc_dh_init()
9210
9211 logger.debug("Send M1 to AP")
9212 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9213 e_nonce, e_pk)
9214 send_wsc_msg(hapd, addr, m1)
9215
9216 logger.debug("Receive M2 from AP")
9217 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9218 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
9219 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
9220
9221 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9222 r_nonce)
9223 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9224
9225 logger.debug("Send M3 to AP")
9226 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9227 attrs += build_attr_msg_type(WPS_M3)
9228 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9229 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
9230 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
9231 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
9232 raw_m3_attrs = attrs
9233 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9234 send_wsc_msg(hapd, addr, m3)
9235
9236 logger.debug("Receive M4 from AP")
9237 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
9238
9239 logger.debug("Send M5 to AP")
9240 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9241 attrs += build_attr_msg_type(WPS_M5)
9242 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9243 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
9244 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9245 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
9246 raw_m5_attrs = attrs
9247 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9248 send_wsc_msg(hapd, addr, m5)
9249
9250 logger.debug("Receive M6 from AP")
9251 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
9252
9253 logger.debug("Send M7 to AP")
9254 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9255 attrs += build_attr_msg_type(WPS_M7)
9256 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9257 data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
9258 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9259 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
9260 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9261 raw_m7_attrs = attrs
9262 send_wsc_msg(hapd, addr, m7)
9263
9264 logger.debug("Receive M8 from AP")
9265 msg, m8_attrs, raw_m8_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M8)
9266 return hapd, msg, e_nonce, r_nonce
9267
9268 @remote_compatible
9269 def test_wps_ext_wsc_done_invalid(dev, apdev):
9270 """WPS proto: invalid WSC_Done"""
9271 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9272
9273 logger.debug("Send WSC_Done to AP")
9274 attrs = b'\x10\x00\x00'
9275 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9276 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9277
9278 wps_wait_eap_failure(hapd, dev[0])
9279
9280 @remote_compatible
9281 def test_wps_ext_wsc_done_no_msg_type(dev, apdev):
9282 """WPS proto: invalid WSC_Done"""
9283 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9284
9285 logger.debug("Send WSC_Done to AP")
9286 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9287 #attrs += build_attr_msg_type(WPS_WSC_DONE)
9288 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
9289 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9290 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9291 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9292
9293 wps_wait_eap_failure(hapd, dev[0])
9294
9295 @remote_compatible
9296 def test_wps_ext_wsc_done_wrong_msg_type(dev, apdev):
9297 """WPS proto: WSC_Done with wrong Msg Type"""
9298 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9299
9300 logger.debug("Send WSC_Done to AP")
9301 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9302 attrs += build_attr_msg_type(WPS_WSC_ACK)
9303 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
9304 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9305 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9306 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9307
9308 wps_wait_eap_failure(hapd, dev[0])
9309
9310 @remote_compatible
9311 def test_wps_ext_wsc_done_no_e_nonce(dev, apdev):
9312 """WPS proto: WSC_Done without e_nonce"""
9313 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9314
9315 logger.debug("Send WSC_Done to AP")
9316 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9317 attrs += build_attr_msg_type(WPS_WSC_DONE)
9318 #attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
9319 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9320 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9321 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9322
9323 wps_wait_eap_failure(hapd, dev[0])
9324
9325 def test_wps_ext_wsc_done_no_r_nonce(dev, apdev):
9326 """WPS proto: WSC_Done without r_nonce"""
9327 hapd, msg, e_nonce, r_nonce = wps_ext_wsc_done(dev, apdev)
9328
9329 logger.debug("Send WSC_Done to AP")
9330 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9331 attrs += build_attr_msg_type(WPS_WSC_DONE)
9332 attrs += build_wsc_attr(ATTR_ENROLLEE_NONCE, e_nonce)
9333 #attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9334 wsc_done = build_eap_wsc(2, msg['eap_identifier'], attrs, opcode=WSC_Done)
9335 send_wsc_msg(hapd, dev[0].own_addr(), wsc_done)
9336
9337 wps_wait_eap_failure(hapd, dev[0])
9338
9339 @remote_compatible
9340 def test_wps_ext_m7_no_encr_settings(dev, apdev):
9341 """WPS proto: M7 without Encr Settings"""
9342 pin = "12345670"
9343 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9344 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9345 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9346
9347 logger.debug("Receive WSC/Start from AP")
9348 msg = get_wsc_msg(hapd)
9349 if msg['wsc_opcode'] != WSC_Start:
9350 raise Exception("Unexpected Op-Code for WSC/Start")
9351
9352 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9353 uuid_e = 16*b'\x11'
9354 e_nonce = 16*b'\x22'
9355 own_private, e_pk = wsc_dh_init()
9356
9357 logger.debug("Send M1 to AP")
9358 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9359 e_nonce, e_pk)
9360 send_wsc_msg(hapd, addr, m1)
9361
9362 logger.debug("Receive M2 from AP")
9363 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9364 r_nonce = m2_attrs[ATTR_REGISTRAR_NONCE]
9365 r_pk = m2_attrs[ATTR_PUBLIC_KEY]
9366
9367 authkey, keywrapkey = wsc_dh_kdf(r_pk, own_private, mac_addr, e_nonce,
9368 r_nonce)
9369 e_s1, e_s2, e_hash1, e_hash2 = wsc_dev_pw_hash(authkey, pin, e_pk, r_pk)
9370
9371 logger.debug("Send M3 to AP")
9372 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9373 attrs += build_attr_msg_type(WPS_M3)
9374 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9375 attrs += build_wsc_attr(ATTR_E_HASH1, e_hash1)
9376 attrs += build_wsc_attr(ATTR_E_HASH2, e_hash2)
9377 attrs += build_attr_authenticator(authkey, raw_m2_attrs, attrs)
9378 raw_m3_attrs = attrs
9379 m3 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9380 send_wsc_msg(hapd, addr, m3)
9381
9382 logger.debug("Receive M4 from AP")
9383 msg, m4_attrs, raw_m4_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M4)
9384
9385 logger.debug("Send M5 to AP")
9386 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9387 attrs += build_attr_msg_type(WPS_M5)
9388 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9389 data = build_wsc_attr(ATTR_E_SNONCE1, e_s1)
9390 attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9391 attrs += build_attr_authenticator(authkey, raw_m4_attrs, attrs)
9392 raw_m5_attrs = attrs
9393 m5 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9394 send_wsc_msg(hapd, addr, m5)
9395
9396 logger.debug("Receive M6 from AP")
9397 msg, m6_attrs, raw_m6_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M6)
9398
9399 logger.debug("Send M7 to AP")
9400 attrs = build_wsc_attr(ATTR_VERSION, '\x10')
9401 attrs += build_attr_msg_type(WPS_M7)
9402 attrs += build_wsc_attr(ATTR_REGISTRAR_NONCE, r_nonce)
9403 #data = build_wsc_attr(ATTR_E_SNONCE2, e_s2)
9404 #attrs += build_attr_encr_settings(authkey, keywrapkey, data)
9405 attrs += build_attr_authenticator(authkey, raw_m6_attrs, attrs)
9406 m7 = build_eap_wsc(2, msg['eap_identifier'], attrs)
9407 raw_m7_attrs = attrs
9408 send_wsc_msg(hapd, addr, m7)
9409
9410 wps_wait_ap_nack(hapd, dev[0], e_nonce, r_nonce)
9411
9412 @remote_compatible
9413 def test_wps_ext_m1_workaround(dev, apdev):
9414 """WPS proto: M1 Manufacturer/Model workaround"""
9415 pin = "12345670"
9416 addr, bssid, hapd = wps_start_ext(apdev[0], dev[0], pin=pin)
9417 wps_ext_eap_identity_req(dev[0], hapd, bssid)
9418 wps_ext_eap_identity_resp(hapd, dev[0], addr)
9419
9420 logger.debug("Receive WSC/Start from AP")
9421 msg = get_wsc_msg(hapd)
9422 if msg['wsc_opcode'] != WSC_Start:
9423 raise Exception("Unexpected Op-Code for WSC/Start")
9424
9425 mac_addr = binascii.unhexlify(dev[0].own_addr().replace(':', ''))
9426 uuid_e = 16*b'\x11'
9427 e_nonce = 16*b'\x22'
9428 own_private, e_pk = wsc_dh_init()
9429
9430 logger.debug("Send M1 to AP")
9431 m1, raw_m1_attrs = build_m1(msg['eap_identifier'], uuid_e, mac_addr,
9432 e_nonce, e_pk, manufacturer='Apple TEST',
9433 model_name='AirPort', config_methods=b'\xff\xff')
9434 send_wsc_msg(hapd, addr, m1)
9435
9436 logger.debug("Receive M2 from AP")
9437 msg, m2_attrs, raw_m2_attrs = recv_wsc_msg(hapd, WSC_MSG, WPS_M2)
9438
9439 @remote_compatible
9440 def test_ap_wps_disable_enable(dev, apdev):
9441 """WPS and DISABLE/ENABLE AP"""
9442 hapd = wps_start_ap(apdev[0])
9443 hapd.disable()
9444 hapd.enable()
9445 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
9446
9447 def test_ap_wps_upnp_web_oom(dev, apdev, params):
9448 """hostapd WPS UPnP web OOM"""
9449 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
9450 hapd = add_ssdp_ap(apdev[0], ap_uuid)
9451
9452 location = ssdp_get_location(ap_uuid)
9453 url = urlparse(location)
9454 urls = upnp_get_urls(location)
9455 eventurl = urlparse(urls['event_sub_url'])
9456 ctrlurl = urlparse(urls['control_url'])
9457
9458 conn = HTTPConnection(url.netloc)
9459 with alloc_fail(hapd, 1, "web_connection_parse_get"):
9460 conn.request("GET", "/wps_device.xml")
9461 try:
9462 resp = conn.getresponse()
9463 except:
9464 pass
9465
9466 conn = HTTPConnection(url.netloc)
9467 conn.request("GET", "/unknown")
9468 resp = conn.getresponse()
9469 if resp.status != 404:
9470 raise Exception("Unexpected HTTP result for unknown URL: %d" + resp.status)
9471
9472 with alloc_fail(hapd, 1, "web_connection_parse_get"):
9473 conn.request("GET", "/unknown")
9474 try:
9475 resp = conn.getresponse()
9476 print(resp.status)
9477 except:
9478 pass
9479
9480 conn = HTTPConnection(url.netloc)
9481 conn.request("GET", "/wps_device.xml")
9482 resp = conn.getresponse()
9483 if resp.status != 200:
9484 raise Exception("GET /wps_device.xml failed")
9485
9486 conn = HTTPConnection(url.netloc)
9487 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9488 if resp.status != 200:
9489 raise Exception("GetDeviceInfo failed")
9490
9491 with alloc_fail(hapd, 1, "web_process_get_device_info"):
9492 conn = HTTPConnection(url.netloc)
9493 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9494 if resp.status != 500:
9495 raise Exception("Internal error not reported from GetDeviceInfo OOM")
9496
9497 with alloc_fail(hapd, 1, "wps_build_m1;web_process_get_device_info"):
9498 conn = HTTPConnection(url.netloc)
9499 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9500 if resp.status != 500:
9501 raise Exception("Internal error not reported from GetDeviceInfo OOM")
9502
9503 with alloc_fail(hapd, 1, "wpabuf_alloc;web_connection_send_reply"):
9504 conn = HTTPConnection(url.netloc)
9505 try:
9506 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9507 except:
9508 pass
9509
9510 conn = HTTPConnection(url.netloc)
9511 resp = upnp_soap_action(conn, ctrlurl.path, "GetDeviceInfo")
9512 if resp.status != 200:
9513 raise Exception("GetDeviceInfo failed")
9514
9515 # No NewWLANEventType in PutWLANResponse NewMessage
9516 conn = HTTPConnection(url.netloc)
9517 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse", newmsg="foo")
9518 if resp.status != 600:
9519 raise Exception("Unexpected HTTP response: %d" % resp.status)
9520
9521 # No NewWLANEventMAC in PutWLANResponse NewMessage
9522 conn = HTTPConnection(url.netloc)
9523 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9524 newmsg="foo", neweventtype="1")
9525 if resp.status != 600:
9526 raise Exception("Unexpected HTTP response: %d" % resp.status)
9527
9528 # Invalid NewWLANEventMAC in PutWLANResponse NewMessage
9529 conn = HTTPConnection(url.netloc)
9530 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9531 newmsg="foo", neweventtype="1",
9532 neweventmac="foo")
9533 if resp.status != 600:
9534 raise Exception("Unexpected HTTP response: %d" % resp.status)
9535
9536 # Workaround for NewWLANEventMAC in PutWLANResponse NewMessage
9537 # Ignored unexpected PutWLANResponse WLANEventType 1
9538 conn = HTTPConnection(url.netloc)
9539 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9540 newmsg="foo", neweventtype="1",
9541 neweventmac="00.11.22.33.44.55")
9542 if resp.status != 500:
9543 raise Exception("Unexpected HTTP response: %d" % resp.status)
9544
9545 # PutWLANResponse NewMessage with invalid EAP message
9546 conn = HTTPConnection(url.netloc)
9547 resp = upnp_soap_action(conn, ctrlurl.path, "PutWLANResponse",
9548 newmsg="foo", neweventtype="2",
9549 neweventmac="00:11:22:33:44:55")
9550 if resp.status != 200:
9551 raise Exception("Unexpected HTTP response: %d" % resp.status)
9552
9553 with alloc_fail(hapd, 1, "web_connection_parse_subscribe"):
9554 conn = HTTPConnection(url.netloc)
9555 headers = {"callback": '<http://127.0.0.1:12345/event>',
9556 "NT": "upnp:event",
9557 "timeout": "Second-1234"}
9558 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
9559 try:
9560 resp = conn.getresponse()
9561 except:
9562 pass
9563
9564 with alloc_fail(hapd, 1, "dup_binstr;web_connection_parse_subscribe"):
9565 conn = HTTPConnection(url.netloc)
9566 headers = {"callback": '<http://127.0.0.1:12345/event>',
9567 "NT": "upnp:event",
9568 "timeout": "Second-1234"}
9569 conn.request("SUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
9570 resp = conn.getresponse()
9571 if resp.status != 500:
9572 raise Exception("Unexpected HTTP response: %d" % resp.status)
9573
9574 with alloc_fail(hapd, 1, "wpabuf_alloc;web_connection_parse_unsubscribe"):
9575 conn = HTTPConnection(url.netloc)
9576 headers = {"callback": '<http://127.0.0.1:12345/event>',
9577 "NT": "upnp:event",
9578 "timeout": "Second-1234"}
9579 conn.request("UNSUBSCRIBE", eventurl.path, "\r\n\r\n", headers)
9580 try:
9581 resp = conn.getresponse()
9582 except:
9583 pass
9584
9585 with alloc_fail(hapd, 1, "web_connection_unimplemented"):
9586 conn = HTTPConnection(url.netloc)
9587 conn.request("HEAD", "/wps_device.xml")
9588 try:
9589 resp = conn.getresponse()
9590 except:
9591 pass
9592
9593 def test_ap_wps_frag_ack_oom(dev, apdev):
9594 """WPS and fragment ack OOM"""
9595 dev[0].request("SET wps_fragment_size 50")
9596 hapd = wps_start_ap(apdev[0])
9597 with alloc_fail(hapd, 1, "eap_wsc_build_frag_ack"):
9598 wps_run_pbc_fail_ap(apdev[0], dev[0], hapd)
9599
9600 def wait_scan_stopped(dev):
9601 dev.request("ABORT_SCAN")
9602 for i in range(50):
9603 res = dev.get_driver_status_field("scan_state")
9604 if "SCAN_STARTED" not in res and "SCAN_REQUESTED" not in res:
9605 break
9606 logger.debug("Waiting for scan to complete")
9607 time.sleep(0.1)
9608
9609 @remote_compatible
9610 def test_ap_wps_eap_wsc_errors(dev, apdev):
9611 """WPS and EAP-WSC error cases"""
9612 ssid = "test-wps-conf-pin"
9613 appin = "12345670"
9614 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
9615 "wpa_passphrase": "12345678", "wpa": "2",
9616 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9617 "fragment_size": "300", "ap_pin": appin}
9618 hapd = hostapd.add_ap(apdev[0], params)
9619 bssid = apdev[0]['bssid']
9620
9621 pin = dev[0].wps_read_pin()
9622 hapd.request("WPS_PIN any " + pin)
9623 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
9624 dev[0].dump_monitor()
9625
9626 dev[0].wps_reg(bssid, appin + " new_ssid=a", "new ssid", "WPA2PSK", "CCMP",
9627 "new passphrase", no_wait=True)
9628 ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
9629 if ev is None:
9630 raise Exception("WPS-FAIL not reported")
9631 dev[0].request("WPS_CANCEL")
9632 dev[0].wait_disconnected()
9633 wait_scan_stopped(dev[0])
9634 dev[0].dump_monitor()
9635
9636 dev[0].wps_reg(bssid, appin, "new ssid", "FOO", "CCMP",
9637 "new passphrase", no_wait=True)
9638 ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
9639 if ev is None:
9640 raise Exception("WPS-FAIL not reported")
9641 dev[0].request("WPS_CANCEL")
9642 dev[0].wait_disconnected()
9643 wait_scan_stopped(dev[0])
9644 dev[0].dump_monitor()
9645
9646 dev[0].wps_reg(bssid, appin, "new ssid", "WPA2PSK", "FOO",
9647 "new passphrase", no_wait=True)
9648 ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
9649 if ev is None:
9650 raise Exception("WPS-FAIL not reported")
9651 dev[0].request("WPS_CANCEL")
9652 dev[0].wait_disconnected()
9653 wait_scan_stopped(dev[0])
9654 dev[0].dump_monitor()
9655
9656 dev[0].wps_reg(bssid, appin + "new_key=a", "new ssid", "WPA2PSK", "CCMP",
9657 "new passphrase", no_wait=True)
9658 ev = dev[0].wait_event(["WPS-FAIL"], timeout=10)
9659 if ev is None:
9660 raise Exception("WPS-FAIL not reported")
9661 dev[0].request("WPS_CANCEL")
9662 dev[0].wait_disconnected()
9663 wait_scan_stopped(dev[0])
9664 dev[0].dump_monitor()
9665
9666 tests = ["eap_wsc_init",
9667 "eap_msg_alloc;eap_wsc_build_msg",
9668 "wpabuf_alloc;eap_wsc_process_fragment"]
9669 for func in tests:
9670 with alloc_fail(dev[0], 1, func):
9671 dev[0].request("WPS_PIN %s %s" % (bssid, pin))
9672 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
9673 dev[0].request("WPS_CANCEL")
9674 dev[0].wait_disconnected()
9675 wait_scan_stopped(dev[0])
9676 dev[0].dump_monitor()
9677
9678 tests = [(1, "wps_decrypt_encr_settings"),
9679 (2, "hmac_sha256;wps_derive_psk")]
9680 for count, func in tests:
9681 hapd.request("WPS_PIN any " + pin)
9682 with fail_test(dev[0], count, func):
9683 dev[0].request("WPS_PIN %s %s" % (bssid, pin))
9684 wait_fail_trigger(dev[0], "GET_FAIL")
9685 dev[0].request("WPS_CANCEL")
9686 dev[0].wait_disconnected()
9687 wait_scan_stopped(dev[0])
9688 dev[0].dump_monitor()
9689
9690 with alloc_fail(dev[0], 1, "eap_msg_alloc;eap_sm_build_expanded_nak"):
9691 dev[0].wps_reg(bssid, appin + " new_ssid=a", "new ssid", "WPA2PSK",
9692 "CCMP", "new passphrase", no_wait=True)
9693 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
9694 dev[0].request("WPS_CANCEL")
9695 dev[0].wait_disconnected()
9696 wait_scan_stopped(dev[0])
9697 dev[0].dump_monitor()
9698
9699 def test_ap_wps_eap_wsc(dev, apdev):
9700 """WPS and EAP-WSC in network profile"""
9701 params = int_eap_server_params()
9702 params["wps_state"] = "2"
9703 hapd = hostapd.add_ap(apdev[0], params)
9704 bssid = apdev[0]['bssid']
9705
9706 logger.info("Unexpected identity")
9707 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9708 eap="WSC", identity="WFA-SimpleConfig-Enrollee-unexpected",
9709 wait_connect=False)
9710 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9711 if ev is None:
9712 raise Exception("No EAP-Failure seen")
9713 dev[0].request("REMOVE_NETWORK all")
9714 dev[0].wait_disconnected()
9715
9716 logger.info("No phase1 parameter")
9717 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9718 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9719 wait_connect=False)
9720 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9721 if ev is None:
9722 raise Exception("Timeout on EAP method start")
9723 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9724 if ev is None:
9725 raise Exception("No EAP-Failure seen")
9726 dev[0].request("REMOVE_NETWORK all")
9727 dev[0].wait_disconnected()
9728
9729 logger.info("No PIN/PBC in phase1")
9730 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9731 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9732 phase1="foo", wait_connect=False)
9733 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9734 if ev is None:
9735 raise Exception("Timeout on EAP method start")
9736 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9737 if ev is None:
9738 raise Exception("No EAP-Failure seen")
9739 dev[0].request("REMOVE_NETWORK all")
9740 dev[0].wait_disconnected()
9741
9742 logger.info("Invalid pkhash in phase1")
9743 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9744 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9745 phase1="foo pkhash=q pbc=1", wait_connect=False)
9746 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9747 if ev is None:
9748 raise Exception("Timeout on EAP method start")
9749 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9750 if ev is None:
9751 raise Exception("No EAP-Failure seen")
9752 dev[0].request("REMOVE_NETWORK all")
9753 dev[0].wait_disconnected()
9754
9755 logger.info("Zero fragment_size")
9756 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9757 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9758 fragment_size="0", phase1="pin=12345670", wait_connect=False)
9759 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9760 if ev is None:
9761 raise Exception("Timeout on EAP method start")
9762 ev = dev[0].wait_event(["WPS-M2D"], timeout=5)
9763 if ev is None:
9764 raise Exception("No M2D seen")
9765 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9766 if ev is None:
9767 raise Exception("No EAP-Failure seen")
9768 dev[0].request("REMOVE_NETWORK all")
9769 dev[0].wait_disconnected()
9770
9771 logger.info("Missing new_auth")
9772 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9773 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9774 phase1="pin=12345670 new_ssid=aa", wait_connect=False)
9775 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9776 if ev is None:
9777 raise Exception("Timeout on EAP method start")
9778 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9779 if ev is None:
9780 raise Exception("No EAP-Failure seen")
9781 dev[0].request("REMOVE_NETWORK all")
9782 dev[0].wait_disconnected()
9783
9784 logger.info("Missing new_encr")
9785 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9786 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9787 phase1="pin=12345670 new_auth=WPA2PSK new_ssid=aa", wait_connect=False)
9788 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9789 if ev is None:
9790 raise Exception("Timeout on EAP method start")
9791 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9792 if ev is None:
9793 raise Exception("No EAP-Failure seen")
9794 dev[0].request("REMOVE_NETWORK all")
9795 dev[0].wait_disconnected()
9796
9797 logger.info("Missing new_key")
9798 dev[0].connect("test-wpa2-eap", key_mgmt="WPA-EAP", scan_freq="2412",
9799 eap="WSC", identity="WFA-SimpleConfig-Enrollee-1-0",
9800 phase1="pin=12345670 new_auth=WPA2PSK new_ssid=aa new_encr=CCMP",
9801 wait_connect=False)
9802 ev = dev[0].wait_event(["CTRL-EVENT-EAP-PROPOSED-METHOD"], timeout=5)
9803 if ev is None:
9804 raise Exception("Timeout on EAP method start")
9805 ev = dev[0].wait_event(["CTRL-EVENT-EAP-FAILURE"], timeout=5)
9806 if ev is None:
9807 raise Exception("No EAP-Failure seen")
9808 dev[0].request("REMOVE_NETWORK all")
9809 dev[0].wait_disconnected()
9810
9811 def test_ap_wps_and_bss_limit(dev, apdev):
9812 """WPS and wpa_supplicant BSS entry limit"""
9813 try:
9814 _test_ap_wps_and_bss_limit(dev, apdev)
9815 finally:
9816 dev[0].request("SET bss_max_count 200")
9817 pass
9818
9819 def _test_ap_wps_and_bss_limit(dev, apdev):
9820 params = {"ssid": "test-wps", "eap_server": "1", "wps_state": "2",
9821 "wpa_passphrase": "12345678", "wpa": "2",
9822 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
9823 hapd = hostapd.add_ap(apdev[0], params)
9824
9825 params = {"ssid": "test-wps-2", "eap_server": "1", "wps_state": "2",
9826 "wpa_passphrase": "1234567890", "wpa": "2",
9827 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
9828 hapd2 = hostapd.add_ap(apdev[1], params)
9829
9830 id = dev[1].add_network()
9831 dev[1].set_network(id, "mode", "2")
9832 dev[1].set_network_quoted(id, "ssid", "wpas-ap-no-wps")
9833 dev[1].set_network_quoted(id, "psk", "12345678")
9834 dev[1].set_network(id, "frequency", "2462")
9835 dev[1].set_network(id, "scan_freq", "2462")
9836 dev[1].set_network(id, "wps_disabled", "1")
9837 dev[1].select_network(id)
9838
9839 id = dev[2].add_network()
9840 dev[2].set_network(id, "mode", "2")
9841 dev[2].set_network_quoted(id, "ssid", "wpas-ap")
9842 dev[2].set_network_quoted(id, "psk", "12345678")
9843 dev[2].set_network(id, "frequency", "2437")
9844 dev[2].set_network(id, "scan_freq", "2437")
9845 dev[2].select_network(id)
9846
9847 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
9848 wpas.interface_add("wlan5")
9849 id = wpas.add_network()
9850 wpas.set_network(id, "mode", "2")
9851 wpas.set_network_quoted(id, "ssid", "wpas-ap")
9852 wpas.set_network_quoted(id, "psk", "12345678")
9853 wpas.set_network(id, "frequency", "2437")
9854 wpas.set_network(id, "scan_freq", "2437")
9855 wpas.select_network(id)
9856
9857 dev[1].wait_connected()
9858 dev[2].wait_connected()
9859 wpas.wait_connected()
9860 wpas.request("WPS_PIN any 12345670")
9861
9862 hapd.request("WPS_PBC")
9863 hapd2.request("WPS_PBC")
9864
9865 dev[0].request("SET bss_max_count 1")
9866
9867 id = dev[0].add_network()
9868 dev[0].set_network_quoted(id, "ssid", "testing")
9869
9870 id = dev[0].add_network()
9871 dev[0].set_network_quoted(id, "ssid", "testing")
9872 dev[0].set_network(id, "key_mgmt", "WPS")
9873
9874 dev[0].request("WPS_PBC")
9875 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=10)
9876 dev[0].request("WPS_CANCEL")
9877
9878 id = dev[0].add_network()
9879 dev[0].set_network_quoted(id, "ssid", "testing")
9880 dev[0].set_network(id, "key_mgmt", "WPS")
9881
9882 dev[0].scan(freq="2412")
9883
9884 def test_ap_wps_pbc_2ap(dev, apdev):
9885 """WPS PBC with two APs advertising same SSID"""
9886 params = {"ssid": "wps", "eap_server": "1", "wps_state": "2",
9887 "wpa_passphrase": "12345678", "wpa": "2",
9888 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9889 "wps_independent": "1"}
9890 hapd = hostapd.add_ap(apdev[0], params)
9891 params = {"ssid": "wps", "eap_server": "1", "wps_state": "2",
9892 "wpa_passphrase": "123456789", "wpa": "2",
9893 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9894 "wps_independent": "1"}
9895 hapd2 = hostapd.add_ap(apdev[1], params)
9896 hapd.request("WPS_PBC")
9897
9898 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
9899 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
9900 wpas.dump_monitor()
9901 wpas.flush_scan_cache()
9902
9903 wpas.scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
9904 wpas.scan_for_bss(apdev[1]['bssid'], freq="2412")
9905 wpas.request("WPS_PBC")
9906 wpas.wait_connected()
9907 wpas.request("DISCONNECT")
9908 hapd.request("DISABLE")
9909 hapd2.request("DISABLE")
9910 wpas.flush_scan_cache()
9911
9912 def test_ap_wps_er_enrollee_to_conf_ap(dev, apdev):
9913 """WPS ER enrolling a new device to a configured AP"""
9914 try:
9915 _test_ap_wps_er_enrollee_to_conf_ap(dev, apdev)
9916 finally:
9917 dev[0].request("WPS_ER_STOP")
9918
9919 def _test_ap_wps_er_enrollee_to_conf_ap(dev, apdev):
9920 ssid = "wps-er-enrollee-to-conf-ap"
9921 ap_pin = "12345670"
9922 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
9923 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
9924 "wpa_passphrase": "12345678", "wpa": "2",
9925 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9926 "device_name": "Wireless AP", "manufacturer": "Company",
9927 "model_name": "WAP", "model_number": "123",
9928 "serial_number": "12345", "device_type": "6-0050F204-1",
9929 "os_version": "01020300",
9930 "config_methods": "label push_button",
9931 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
9932 hapd = hostapd.add_ap(apdev[0], params)
9933 bssid = hapd.own_addr()
9934
9935 id = dev[0].connect(ssid, psk="12345678", scan_freq="2412")
9936 dev[0].dump_monitor()
9937
9938 dev[0].request("WPS_ER_START ifname=lo")
9939 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
9940 if ev is None:
9941 raise Exception("AP discovery timed out")
9942 if ap_uuid not in ev:
9943 raise Exception("Expected AP UUID not found")
9944
9945 pin = dev[2].wps_read_pin()
9946 addr2 = dev[2].own_addr()
9947 dev[0].dump_monitor()
9948 dev[2].scan_for_bss(bssid, freq=2412)
9949 dev[2].dump_monitor()
9950 dev[2].request("WPS_PIN %s %s" % (bssid, pin))
9951
9952 for i in range(3):
9953 ev = dev[0].wait_event(["WPS-ER-ENROLLEE-ADD"], timeout=10)
9954 if ev is None:
9955 raise Exception("Enrollee not seen")
9956 if addr2 in ev:
9957 break
9958 if addr2 not in ev:
9959 raise Exception("Unexpected Enrollee MAC address")
9960 dev[0].dump_monitor()
9961
9962 dev[0].request("WPS_ER_SET_CONFIG " + ap_uuid + " " + str(id))
9963 dev[0].request("WPS_ER_PIN " + addr2 + " " + pin + " " + addr2)
9964 dev[2].wait_connected(timeout=30)
9965 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
9966 if ev is None:
9967 raise Exception("WPS ER did not report success")
9968
9969 def test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev):
9970 """WPS ER enrolling a new device to a configured AP (2)"""
9971 try:
9972 _test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev)
9973 finally:
9974 dev[0].request("WPS_ER_STOP")
9975
9976 def _test_ap_wps_er_enrollee_to_conf_ap2(dev, apdev):
9977 ssid = "wps-er-enrollee-to-conf-ap"
9978 ap_pin = "12345670"
9979 ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
9980 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
9981 "wpa_passphrase": "12345678", "wpa": "2",
9982 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
9983 "device_name": "Wireless AP", "manufacturer": "Company",
9984 "model_name": "WAP", "model_number": "123",
9985 "serial_number": "12345", "device_type": "6-0050F204-1",
9986 "os_version": "01020300",
9987 "config_methods": "label push_button",
9988 "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}
9989 hapd = hostapd.add_ap(apdev[0], params)
9990 bssid = hapd.own_addr()
9991
9992 id = dev[0].connect(ssid, psk="12345678", scan_freq="2412")
9993 dev[0].dump_monitor()
9994
9995 dev[0].request("WPS_ER_START ifname=lo")
9996 ev = dev[0].wait_event(["WPS-ER-AP-ADD"], timeout=15)
9997 if ev is None:
9998 raise Exception("AP discovery timed out")
9999 if ap_uuid not in ev:
10000 raise Exception("Expected AP UUID not found")
10001
10002 dev[0].request("WPS_ER_LEARN " + ap_uuid + " " + ap_pin)
10003 ev = dev[0].wait_event(["WPS-ER-AP-SETTINGS"], timeout=15)
10004 if ev is None:
10005 raise Exception("AP learn timed out")
10006 if ap_uuid not in ev:
10007 raise Exception("Expected AP UUID not in settings")
10008 ev = dev[0].wait_event(["WPS-FAIL"], timeout=15)
10009 if ev is None:
10010 raise Exception("WPS-FAIL after AP learn timed out")
10011 time.sleep(0.1)
10012
10013 pin = dev[1].wps_read_pin()
10014 addr1 = dev[1].own_addr()
10015 dev[0].dump_monitor()
10016 dev[0].request("WPS_ER_PIN any " + pin)
10017 time.sleep(0.1)
10018 dev[1].scan_for_bss(bssid, freq=2412)
10019 dev[1].request("WPS_PIN any %s" % pin)
10020 ev = dev[1].wait_event(["WPS-SUCCESS"], timeout=30)
10021 if ev is None:
10022 raise Exception("Enrollee did not report success")
10023 dev[1].wait_connected(timeout=15)
10024 ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
10025 if ev is None:
10026 raise Exception("WPS ER did not report success")
10027
10028 def test_ap_wps_ignore_broadcast_ssid(dev, apdev):
10029 """WPS AP trying to ignore broadcast SSID"""
10030 ssid = "test-wps"
10031 hapd = hostapd.add_ap(apdev[0],
10032 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
10033 "ignore_broadcast_ssid": "1"})
10034 if "FAIL" not in hapd.request("WPS_PBC"):
10035 raise Exception("WPS unexpectedly enabled")
10036
10037 def test_ap_wps_wep(dev, apdev):
10038 """WPS AP trying to enable WEP"""
10039 ssid = "test-wps"
10040 hapd = hostapd.add_ap(apdev[0],
10041 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
10042 "ieee80211n": "0", "wep_key0": '"hello"'})
10043 if "FAIL" not in hapd.request("WPS_PBC"):
10044 raise Exception("WPS unexpectedly enabled")
10045
10046 def test_ap_wps_tkip(dev, apdev):
10047 """WPS AP trying to enable TKIP"""
10048 ssid = "test-wps"
10049 hapd = hostapd.add_ap(apdev[0],
10050 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
10051 "ieee80211n": "0", "wpa": '1',
10052 "wpa_key_mgmt": "WPA-PSK",
10053 "wpa_passphrase": "12345678"})
10054 if "FAIL" not in hapd.request("WPS_PBC"):
10055 raise Exception("WPS unexpectedly enabled")
10056
10057 def test_ap_wps_conf_dummy_cred(dev, apdev):
10058 """WPS PIN provisioning with configured AP using dummy cred"""
10059 ssid = "test-wps-conf"
10060 hapd = hostapd.add_ap(apdev[0],
10061 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10062 "wpa_passphrase": "12345678", "wpa": "2",
10063 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
10064 hapd.request("WPS_PIN any 12345670")
10065 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
10066 dev[0].dump_monitor()
10067 try:
10068 hapd.set("wps_testing_dummy_cred", "1")
10069 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " 12345670")
10070 for i in range(1, 3):
10071 ev = dev[0].wait_event(["WPS-CRED-RECEIVED"], timeout=15)
10072 if ev is None:
10073 raise Exception("WPS credential %d not received" % i)
10074 dev[0].wait_connected(timeout=30)
10075 finally:
10076 hapd.set("wps_testing_dummy_cred", "0")
10077
10078 def test_ap_wps_rf_bands(dev, apdev):
10079 """WPS and wps_rf_bands configuration"""
10080 ssid = "test-wps-conf"
10081 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10082 "wpa_passphrase": "12345678", "wpa": "2",
10083 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
10084 "wps_rf_bands": "ag"}
10085
10086 hapd = hostapd.add_ap(apdev[0], params)
10087 bssid = hapd.own_addr()
10088 hapd.request("WPS_PBC")
10089 dev[0].scan_for_bss(bssid, freq="2412")
10090 dev[0].dump_monitor()
10091 dev[0].request("WPS_PBC " + bssid)
10092 dev[0].wait_connected(timeout=30)
10093 bss = dev[0].get_bss(bssid)
10094 logger.info("BSS: " + str(bss))
10095 if "103c000103" not in bss['ie']:
10096 raise Exception("RF Bands attribute with expected values not found")
10097 dev[0].request("DISCONNECT")
10098 dev[0].wait_disconnected()
10099 hapd.set("wps_rf_bands", "ad")
10100 hapd.set("wps_rf_bands", "a")
10101 hapd.set("wps_rf_bands", "g")
10102 hapd.set("wps_rf_bands", "b")
10103 hapd.set("wps_rf_bands", "ga")
10104 hapd.disable()
10105 dev[0].dump_monitor()
10106 dev[0].flush_scan_cache()
10107
10108 def test_ap_wps_pbc_in_m1(dev, apdev):
10109 """WPS and pbc_in_m1"""
10110 ssid = "test-wps-conf"
10111 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10112 "wpa_passphrase": "12345678", "wpa": "2",
10113 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
10114 "config_methods": "virtual_push_button virtual_display",
10115 "pbc_in_m1": "1"}
10116
10117 hapd = hostapd.add_ap(apdev[0], params)
10118 bssid = hapd.own_addr()
10119 hapd.request("WPS_PBC")
10120 dev[0].scan_for_bss(bssid, freq="2412")
10121 dev[0].dump_monitor()
10122 dev[0].request("WPS_PBC " + bssid)
10123 dev[0].wait_connected(timeout=30)
10124 dev[0].request("DISCONNECT")
10125 dev[0].wait_disconnected()
10126 hapd.disable()
10127 dev[0].dump_monitor()
10128 dev[0].flush_scan_cache()
10129
10130 def test_ap_wps_pbc_mac_addr_change(dev, apdev, params):
10131 """WPS M1 with MAC address change"""
10132 ssid = "test-wps-mac-addr-change"
10133 hapd = hostapd.add_ap(apdev[0],
10134 {"ssid": ssid, "eap_server": "1", "wps_state": "1"})
10135 hapd.request("WPS_PBC")
10136 if "PBC Status: Active" not in hapd.request("WPS_GET_STATUS"):
10137 raise Exception("PBC status not shown correctly")
10138 dev[0].flush_scan_cache()
10139
10140 test_addr = '02:11:22:33:44:55'
10141 addr = dev[0].get_status_field("address")
10142 if addr == test_addr:
10143 raise Exception("Unexpected initial MAC address")
10144
10145 try:
10146 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
10147 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
10148 test_addr])
10149 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
10150 addr1 = dev[0].get_status_field("address")
10151 if addr1 != test_addr:
10152 raise Exception("Failed to change MAC address")
10153
10154 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
10155 dev[0].request("WPS_PBC " + apdev[0]['bssid'])
10156 dev[0].wait_connected(timeout=30)
10157 status = dev[0].get_status()
10158 if status['wpa_state'] != 'COMPLETED' or \
10159 status['bssid'] != apdev[0]['bssid']:
10160 raise Exception("Not fully connected")
10161
10162 out = run_tshark(os.path.join(params['logdir'], "hwsim0.pcapng"),
10163 "wps.message_type == 0x04",
10164 display=["wps.mac_address"])
10165 res = out.splitlines()
10166
10167 if len(res) < 1:
10168 raise Exception("No M1 message with MAC address found")
10169 if res[0] != addr1:
10170 raise Exception("Wrong M1 MAC address")
10171 dev[0].request("DISCONNECT")
10172 dev[0].wait_disconnected()
10173 hapd.disable()
10174 dev[0].dump_monitor()
10175 dev[0].flush_scan_cache()
10176 finally:
10177 # Restore MAC address
10178 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'down'])
10179 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'address',
10180 addr])
10181 subprocess.call(['ip', 'link', 'set', 'dev', dev[0].ifname, 'up'])
10182
10183 def test_ap_wps_pin_start_failure(dev, apdev):
10184 """WPS_PIN start failure"""
10185 with alloc_fail(dev[0], 1, "wpas_wps_start_dev_pw"):
10186 if "FAIL" not in dev[0].request("WPS_PIN any 12345670"):
10187 raise Exception("WPS_PIN not rejected during OOM")
10188 with alloc_fail(dev[0], 1, "wpas_wps_start_dev_pw"):
10189 if "FAIL" not in dev[0].request("WPS_PIN any"):
10190 raise Exception("WPS_PIN not rejected during OOM")
10191
10192 def test_ap_wps_ap_pin_failure(dev, apdev):
10193 """WPS_AP_PIN failure"""
10194 id = dev[0].add_network()
10195 dev[0].set_network(id, "mode", "2")
10196 dev[0].set_network_quoted(id, "ssid", "wpas-ap-wps")
10197 dev[0].set_network_quoted(id, "psk", "1234567890")
10198 dev[0].set_network(id, "frequency", "2412")
10199 dev[0].set_network(id, "scan_freq", "2412")
10200 dev[0].select_network(id)
10201 dev[0].wait_connected()
10202
10203 with fail_test(dev[0], 1,
10204 "os_get_random;wpa_supplicant_ctrl_iface_wps_ap_pin"):
10205 if "FAIL" not in dev[0].request("WPS_AP_PIN random"):
10206 raise Exception("WPS_AP_PIN random accepted")
10207 with alloc_fail(dev[0], 1, "wpas_wps_ap_pin_set"):
10208 if "FAIL" not in dev[0].request("WPS_AP_PIN set 12345670"):
10209 raise Exception("WPS_AP_PIN set accepted")
10210
10211 dev[0].request("DISCONNECT")
10212 dev[0].wait_disconnected()
10213
10214 def test_ap_wps_random_uuid(dev, apdev, params):
10215 """WPS and random UUID on Enrollee"""
10216 ssid = "test-wps-conf"
10217 hapd = hostapd.add_ap(apdev[0],
10218 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10219 "wpa_passphrase": "12345678", "wpa": "2",
10220 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
10221
10222 config = os.path.join(params['logdir'], 'ap_wps_random_uuid.conf')
10223 with open(config, "w") as f:
10224 f.write("auto_uuid=1\n")
10225
10226 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
10227
10228 uuid = []
10229 for i in range(3):
10230 wpas.interface_add("wlan5", config=config)
10231
10232 wpas.scan_for_bss(apdev[0]['bssid'], freq="2412")
10233 wpas.dump_monitor()
10234 wpas.request("WPS_PBC " + apdev[0]['bssid'])
10235
10236 ev = hapd.wait_event(["WPS-ENROLLEE-SEEN"], timeout=10)
10237 if ev is None:
10238 raise Exception("Enrollee not seen")
10239 uuid.append(ev.split(' ')[2])
10240 wpas.request("WPS_CANCEL")
10241 wpas.dump_monitor()
10242
10243 wpas.interface_remove("wlan5")
10244
10245 hapd.dump_monitor()
10246
10247 logger.info("Seen UUIDs: " + str(uuid))
10248 if uuid[0] == uuid[1] or uuid[0] == uuid[2] or uuid[1] == uuid[2]:
10249 raise Exception("Same UUID used multiple times")
10250
10251 def test_ap_wps_conf_pin_gcmp_128(dev, apdev):
10252 """WPS PIN provisioning with configured AP using GCMP-128"""
10253 run_ap_wps_conf_pin_cipher(dev, apdev, "GCMP")
10254
10255 def test_ap_wps_conf_pin_gcmp_256(dev, apdev):
10256 """WPS PIN provisioning with configured AP using GCMP-256"""
10257 run_ap_wps_conf_pin_cipher(dev, apdev, "GCMP-256")
10258
10259 def test_ap_wps_conf_pin_ccmp_256(dev, apdev):
10260 """WPS PIN provisioning with configured AP using CCMP-256"""
10261 run_ap_wps_conf_pin_cipher(dev, apdev, "CCMP-256")
10262
10263 def run_ap_wps_conf_pin_cipher(dev, apdev, cipher):
10264 if cipher not in dev[0].get_capability("pairwise"):
10265 raise HwsimSkip("Cipher %s not supported" % cipher)
10266 ssid = "test-wps-conf-pin"
10267 hapd = hostapd.add_ap(apdev[0],
10268 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10269 "wpa_passphrase": "12345678", "wpa": "2",
10270 "wpa_key_mgmt": "WPA-PSK",
10271 "rsn_pairwise": cipher})
10272 logger.info("WPS provisioning step")
10273 pin = dev[0].wps_read_pin()
10274 hapd.request("WPS_PIN any " + pin)
10275 dev[0].flush_scan_cache()
10276 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
10277 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
10278 dev[0].wait_connected(timeout=15)
10279
10280 def test_ap_wps_and_sae(dev, apdev):
10281 """Initial AP configuration with first WPS Enrollee and adding SAE"""
10282 try:
10283 run_ap_wps_and_sae(dev, apdev)
10284 finally:
10285 dev[0].set("wps_cred_add_sae", "0")
10286
10287 def run_ap_wps_and_sae(dev, apdev):
10288 check_sae_capab(dev[0])
10289 ssid = "test-wps-sae"
10290 hapd = hostapd.add_ap(apdev[0],
10291 {"ssid": ssid, "eap_server": "1", "wps_state": "1",
10292 "wps_cred_add_sae": "1"})
10293 logger.info("WPS provisioning step")
10294 pin = dev[0].wps_read_pin()
10295 hapd.request("WPS_PIN any " + pin)
10296
10297 dev[0].set("wps_cred_add_sae", "1")
10298 dev[0].request("SET sae_groups ")
10299 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
10300 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
10301 dev[0].wait_connected(timeout=30)
10302 status = dev[0].get_status()
10303 if status['key_mgmt'] != "SAE":
10304 raise Exception("SAE not used")
10305 if 'pmf' not in status or status['pmf'] != "1":
10306 raise Exception("PMF not enabled")
10307
10308 pin = dev[1].wps_read_pin()
10309 hapd.request("WPS_PIN any " + pin)
10310 dev[1].scan_for_bss(apdev[0]['bssid'], freq="2412", force_scan=True)
10311 dev[1].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
10312 dev[1].wait_connected(timeout=30)
10313 status = dev[1].get_status()
10314 if status['key_mgmt'] != "WPA2-PSK":
10315 raise Exception("WPA2-PSK not used")
10316 if 'pmf' in status:
10317 raise Exception("PMF enabled")
10318
10319 def test_ap_wps_conf_and_sae(dev, apdev):
10320 """WPS PBC provisioning with configured AP using PSK+SAE"""
10321 try:
10322 run_ap_wps_conf_and_sae(dev, apdev)
10323 finally:
10324 dev[0].set("wps_cred_add_sae", "0")
10325
10326 def run_ap_wps_conf_and_sae(dev, apdev):
10327 check_sae_capab(dev[0])
10328 ssid = "test-wps-conf-sae"
10329 hapd = hostapd.add_ap(apdev[0],
10330 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10331 "wpa_passphrase": "12345678", "wpa": "2",
10332 "ieee80211w": "1", "sae_require_mfp": "1",
10333 "wpa_key_mgmt": "WPA-PSK SAE",
10334 "rsn_pairwise": "CCMP"})
10335
10336 dev[0].set("wps_cred_add_sae", "1")
10337 dev[0].request("SET sae_groups ")
10338 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
10339 pin = dev[0].wps_read_pin()
10340 hapd.request("WPS_PIN any " + pin)
10341 dev[0].request("WPS_PIN " + apdev[0]['bssid'] + " " + pin)
10342 dev[0].wait_connected(timeout=30)
10343 status = dev[0].get_status()
10344 if status['key_mgmt'] != "SAE":
10345 raise Exception("SAE not used")
10346 if 'pmf' not in status or status['pmf'] != "1":
10347 raise Exception("PMF not enabled")
10348
10349 dev[1].connect(ssid, psk="12345678", scan_freq="2412", proto="WPA2",
10350 key_mgmt="WPA-PSK", ieee80211w="0")
10351
10352 def test_ap_wps_reg_config_and_sae(dev, apdev):
10353 """WPS registrar configuring an AP using AP PIN and using PSK+SAE"""
10354 try:
10355 run_ap_wps_reg_config_and_sae(dev, apdev)
10356 finally:
10357 dev[0].set("wps_cred_add_sae", "0")
10358
10359 def run_ap_wps_reg_config_and_sae(dev, apdev):
10360 check_sae_capab(dev[0])
10361 ssid = "test-wps-init-ap-pin-sae"
10362 appin = "12345670"
10363 hostapd.add_ap(apdev[0],
10364 {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10365 "ap_pin": appin, "wps_cred_add_sae": "1"})
10366 logger.info("WPS configuration step")
10367 dev[0].flush_scan_cache()
10368 dev[0].set("wps_cred_add_sae", "1")
10369 dev[0].request("SET sae_groups ")
10370 dev[0].scan_for_bss(apdev[0]['bssid'], freq=2412)
10371 dev[0].dump_monitor()
10372 new_ssid = "wps-new-ssid"
10373 new_passphrase = "1234567890"
10374 dev[0].wps_reg(apdev[0]['bssid'], appin, new_ssid, "WPA2PSK", "CCMP",
10375 new_passphrase)
10376 status = dev[0].get_status()
10377 if status['key_mgmt'] != "SAE":
10378 raise Exception("SAE not used")
10379 if 'pmf' not in status or status['pmf'] != "1":
10380 raise Exception("PMF not enabled")
10381
10382 dev[1].connect(new_ssid, psk=new_passphrase, scan_freq="2412", proto="WPA2",
10383 key_mgmt="WPA-PSK", ieee80211w="0")
10384
10385 def test_ap_wps_appl_ext(dev, apdev):
10386 """WPS Application Extension attribute"""
10387 ssid = "test-wps-conf"
10388 params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
10389 "wps_application_ext": 16*"11" + 5*"ee",
10390 "wpa_passphrase": "12345678", "wpa": "2",
10391 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
10392 hapd = hostapd.add_ap(apdev[0], params)
10393 pin = dev[0].wps_read_pin()
10394 hapd.request("WPS_PIN any " + pin)
10395 dev[0].scan_for_bss(apdev[0]['bssid'], freq="2412")
10396 dev[0].request("WPS_PIN %s %s" % (apdev[0]['bssid'], pin))
10397 dev[0].wait_connected(timeout=30)
Unnamed repository; edit this file 'description' to name the repository.