2 # Copyright (c) 2013-2015, Jouni Malinen <j@w1.fi>
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
12 logger = logging.getLogger()
19 from utils import HwsimSkip
21 from wlantest import Wlantest
22 from wpasupplicant import WpaSupplicant
23 from test_ap_eap import check_eap_capa, check_domain_match_full
25 def hs20_ap_params(ssid="test-hs20"):
26 params = hostapd.wpa2_params(ssid=ssid)
27 params['wpa_key_mgmt'] = "WPA-EAP"
28 params['ieee80211w'] = "1"
29 params['ieee8021x'] = "1"
30 params['auth_server_addr'] = "127.0.0.1"
31 params['auth_server_port'] = "1812"
32 params['auth_server_shared_secret'] = "radius"
33 params['interworking'] = "1"
34 params['access_network_type'] = "14"
35 params['internet'] = "1"
39 params['venue_group'] = "7"
40 params['venue_type'] = "1"
41 params['venue_name'] = [ "eng:Example venue", "fin:Esimerkkipaikka" ]
42 params['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
44 params['domain_name'] = "example.com,another.example.com"
45 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
46 "0,another.example.com" ]
48 params['hs20_wan_metrics'] = "01:8000:1000:80:240:3000"
49 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0" ]
50 params['hs20_operating_class'] = "5173"
51 params['anqp_3gpp_cell_net'] = "244,91"
54 def check_auto_select(dev, bssid):
55 dev.scan_for_bss(bssid, freq="2412")
56 dev.request("INTERWORKING_SELECT auto freq=2412")
57 ev = dev.wait_connected(timeout=15)
59 raise Exception("Connected to incorrect network")
60 dev.request("REMOVE_NETWORK all")
62 def interworking_select(dev, bssid, type=None, no_match=False, freq=None):
64 if bssid and freq and not no_match:
65 dev.scan_for_bss(bssid, freq=freq)
66 freq_extra = " freq=" + freq if freq else ""
67 dev.request("INTERWORKING_SELECT" + freq_extra)
68 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
71 raise Exception("Network selection timed out");
73 if "INTERWORKING-NO-MATCH" not in ev:
74 raise Exception("Unexpected network match")
76 if "INTERWORKING-NO-MATCH" in ev:
77 logger.info("Matching network not found - try again")
79 dev.request("INTERWORKING_SELECT" + freq_extra)
80 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
83 raise Exception("Network selection timed out");
84 if "INTERWORKING-NO-MATCH" in ev:
85 raise Exception("Matching network not found")
86 if bssid and bssid not in ev:
87 raise Exception("Unexpected BSSID in match")
88 if type and "type=" + type not in ev:
89 raise Exception("Network type not recognized correctly")
91 def check_sp_type(dev, sp_type):
92 type = dev.get_status_field("sp_type")
94 raise Exception("sp_type not available")
96 raise Exception("sp_type did not indicate home network")
98 def hlr_auc_gw_available():
99 if not os.path.exists("/tmp/hlr_auc_gw.sock"):
100 raise HwsimSkip("No hlr_auc_gw socket available")
101 if not os.path.exists("../../hostapd/hlr_auc_gw"):
102 raise HwsimSkip("No hlr_auc_gw available")
104 def interworking_ext_sim_connect(dev, bssid, method):
105 dev.request("INTERWORKING_CONNECT " + bssid)
106 interworking_ext_sim_auth(dev, method)
108 def interworking_ext_sim_auth(dev, method):
109 ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
111 raise Exception("Network connected timed out")
112 if "(" + method + ")" not in ev:
113 raise Exception("Unexpected EAP method selection")
115 ev = dev.wait_event(["CTRL-REQ-SIM"], timeout=15)
117 raise Exception("Wait for external SIM processing request timed out")
119 if p[1] != "GSM-AUTH":
120 raise Exception("Unexpected CTRL-REQ-SIM type")
121 id = p[0].split('-')[3]
122 rand = p[2].split(' ')[0]
124 res = subprocess.check_output(["../../hostapd/hlr_auc_gw",
126 "auth_serv/hlr_auc_gw.milenage_db",
127 "GSM-AUTH-REQ 232010000000000 " + rand])
128 if "GSM-AUTH-RESP" not in res:
129 raise Exception("Unexpected hlr_auc_gw response")
130 resp = res.split(' ')[2].rstrip()
132 dev.request("CTRL-RSP-SIM-" + id + ":GSM-AUTH:" + resp)
133 dev.wait_connected(timeout=15)
135 def interworking_connect(dev, bssid, method):
136 dev.request("INTERWORKING_CONNECT " + bssid)
137 interworking_auth(dev, method)
139 def interworking_auth(dev, method):
140 ev = dev.wait_event(["CTRL-EVENT-EAP-METHOD"], timeout=15)
142 raise Exception("Network connected timed out")
143 if "(" + method + ")" not in ev:
144 raise Exception("Unexpected EAP method selection")
146 dev.wait_connected(timeout=15)
148 def check_probe_resp(wt, bssid_unexpected, bssid_expected):
150 count = wt.get_bss_counter("probe_response", bssid_unexpected)
152 raise Exception("Unexpected Probe Response frame from AP")
155 count = wt.get_bss_counter("probe_response", bssid_expected)
157 raise Exception("No Probe Response frame from AP")
159 def test_ap_anqp_sharing(dev, apdev):
160 """ANQP sharing within ESS and explicit unshare"""
161 bssid = apdev[0]['bssid']
162 params = hs20_ap_params()
163 params['hessid'] = bssid
164 hostapd.add_ap(apdev[0]['ifname'], params)
166 bssid2 = apdev[1]['bssid']
167 params = hs20_ap_params()
168 params['hessid'] = bssid
169 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ]
170 hostapd.add_ap(apdev[1]['ifname'], params)
173 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
174 'password': "secret",
175 'domain': "example.com" })
176 logger.info("Normal network selection with shared ANQP results")
177 dev[0].scan_for_bss(bssid, freq="2412")
178 dev[0].scan_for_bss(bssid2, freq="2412")
179 interworking_select(dev[0], None, "home", freq="2412")
180 dev[0].dump_monitor()
182 res1 = dev[0].get_bss(bssid)
183 res2 = dev[0].get_bss(bssid2)
184 if res1['anqp_nai_realm'] != res2['anqp_nai_realm']:
185 raise Exception("ANQP results were not shared between BSSes")
187 logger.info("Explicit ANQP request to unshare ANQP results")
188 dev[0].request("ANQP_GET " + bssid + " 263")
189 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
191 raise Exception("ANQP operation timed out")
193 dev[0].request("ANQP_GET " + bssid2 + " 263")
194 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
196 raise Exception("ANQP operation timed out")
198 res1 = dev[0].get_bss(bssid)
199 res2 = dev[0].get_bss(bssid2)
200 if res1['anqp_nai_realm'] == res2['anqp_nai_realm']:
201 raise Exception("ANQP results were not unshared")
203 def test_ap_nai_home_realm_query(dev, apdev):
204 """NAI Home Realm Query"""
205 bssid = apdev[0]['bssid']
206 params = hs20_ap_params()
207 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
208 "0,another.example.org" ]
209 hostapd.add_ap(apdev[0]['ifname'], params)
211 dev[0].scan(freq="2412")
212 dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " realm=example.com")
213 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
215 raise Exception("ANQP operation timed out")
216 nai1 = dev[0].get_bss(bssid)['anqp_nai_realm']
217 dev[0].dump_monitor()
219 dev[0].request("ANQP_GET " + bssid + " 263")
220 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
222 raise Exception("ANQP operation timed out")
223 nai2 = dev[0].get_bss(bssid)['anqp_nai_realm']
225 if len(nai1) >= len(nai2):
226 raise Exception("Unexpected NAI Realm list response lengths")
227 if "example.com".encode('hex') not in nai1:
228 raise Exception("Home realm not reported")
229 if "example.org".encode('hex') in nai1:
230 raise Exception("Non-home realm reported")
231 if "example.com".encode('hex') not in nai2:
232 raise Exception("Home realm not reported in wildcard query")
233 if "example.org".encode('hex') not in nai2:
234 raise Exception("Non-home realm not reported in wildcard query ")
237 "00:11:22:33:44:55 123",
238 "00:11:22:33:44:55 qq" ]
240 if "FAIL" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + cmd):
241 raise Exception("Invalid HS20_GET_NAI_HOME_REALM_LIST accepted: " + cmd)
243 dev[0].dump_monitor()
244 if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid):
245 raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
246 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
248 raise Exception("ANQP operation timed out")
249 ev = dev[0].wait_event(["RX-ANQP"], timeout=0.1)
251 raise Exception("Unexpected ANQP response: " + ev)
253 dev[0].dump_monitor()
254 if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid + " 01000b6578616d706c652e636f6d"):
255 raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
256 ev = dev[0].wait_event(["RX-ANQP"], timeout=10)
258 raise Exception("No ANQP response")
259 if "NAI Realm list" not in ev:
260 raise Exception("Missing NAI Realm list: " + ev)
262 dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
263 'password': "secret",
264 'domain': "example.com" })
265 dev[0].dump_monitor()
266 if "OK" not in dev[0].request("HS20_GET_NAI_HOME_REALM_LIST " + bssid):
267 raise Exception("HS20_GET_NAI_HOME_REALM_LIST failed")
268 ev = dev[0].wait_event(["RX-ANQP"], timeout=10)
270 raise Exception("No ANQP response")
271 if "NAI Realm list" not in ev:
272 raise Exception("Missing NAI Realm list: " + ev)
274 def test_ap_interworking_scan_filtering(dev, apdev):
275 """Interworking scan filtering with HESSID and access network type"""
277 _test_ap_interworking_scan_filtering(dev, apdev)
279 dev[0].request("SET hessid 00:00:00:00:00:00")
280 dev[0].request("SET access_network_type 15")
282 def _test_ap_interworking_scan_filtering(dev, apdev):
283 bssid = apdev[0]['bssid']
284 params = hs20_ap_params()
285 ssid = "test-hs20-ap1"
286 params['ssid'] = ssid
287 params['hessid'] = bssid
288 hostapd.add_ap(apdev[0]['ifname'], params)
290 bssid2 = apdev[1]['bssid']
291 params = hs20_ap_params()
292 ssid2 = "test-hs20-ap2"
293 params['ssid'] = ssid2
294 params['hessid'] = bssid2
295 params['access_network_type'] = "1"
296 del params['venue_group']
297 del params['venue_type']
298 hostapd.add_ap(apdev[1]['ifname'], params)
305 logger.info("Check probe request filtering based on HESSID")
307 dev[0].request("SET hessid " + bssid2)
308 dev[0].scan(freq="2412")
310 check_probe_resp(wt, bssid, bssid2)
312 logger.info("Check probe request filtering based on access network type")
314 wt.clear_bss_counters(bssid)
315 wt.clear_bss_counters(bssid2)
316 dev[0].request("SET hessid 00:00:00:00:00:00")
317 dev[0].request("SET access_network_type 14")
318 dev[0].scan(freq="2412")
320 check_probe_resp(wt, bssid2, bssid)
322 wt.clear_bss_counters(bssid)
323 wt.clear_bss_counters(bssid2)
324 dev[0].request("SET hessid 00:00:00:00:00:00")
325 dev[0].request("SET access_network_type 1")
326 dev[0].scan(freq="2412")
328 check_probe_resp(wt, bssid, bssid2)
330 logger.info("Check probe request filtering based on HESSID and ANT")
332 wt.clear_bss_counters(bssid)
333 wt.clear_bss_counters(bssid2)
334 dev[0].request("SET hessid " + bssid)
335 dev[0].request("SET access_network_type 14")
336 dev[0].scan(freq="2412")
338 check_probe_resp(wt, bssid2, bssid)
340 wt.clear_bss_counters(bssid)
341 wt.clear_bss_counters(bssid2)
342 dev[0].request("SET hessid " + bssid2)
343 dev[0].request("SET access_network_type 14")
344 dev[0].scan(freq="2412")
346 check_probe_resp(wt, bssid, None)
347 check_probe_resp(wt, bssid2, None)
349 wt.clear_bss_counters(bssid)
350 wt.clear_bss_counters(bssid2)
351 dev[0].request("SET hessid " + bssid)
352 dev[0].request("SET access_network_type 1")
353 dev[0].scan(freq="2412")
355 check_probe_resp(wt, bssid, None)
356 check_probe_resp(wt, bssid2, None)
358 def test_ap_hs20_select(dev, apdev):
359 """Hotspot 2.0 network selection"""
360 bssid = apdev[0]['bssid']
361 params = hs20_ap_params()
362 params['hessid'] = bssid
363 hostapd.add_ap(apdev[0]['ifname'], params)
366 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
367 'password': "secret",
368 'domain': "example.com" })
369 interworking_select(dev[0], bssid, "home")
371 dev[0].remove_cred(id)
372 id = dev[0].add_cred_values({ 'realm': "example.com", 'username': "test",
373 'password': "secret",
374 'domain': "no.match.example.com" })
375 interworking_select(dev[0], bssid, "roaming", freq="2412")
377 dev[0].set_cred_quoted(id, "realm", "no.match.example.com");
378 interworking_select(dev[0], bssid, no_match=True, freq="2412")
380 res = dev[0].request("SCAN_RESULTS")
381 if "[HS20]" not in res:
382 raise Exception("HS20 flag missing from scan results: " + res)
384 bssid2 = apdev[1]['bssid']
385 params = hs20_ap_params()
386 params['nai_realm'] = [ "0,example.org,21" ]
387 params['hessid'] = bssid2
388 params['domain_name'] = "example.org"
389 hostapd.add_ap(apdev[1]['ifname'], params)
390 dev[0].remove_cred(id)
391 id = dev[0].add_cred_values({ 'realm': "example.org", 'username': "test",
392 'password': "secret",
393 'domain': "example.org" })
394 interworking_select(dev[0], bssid2, "home", freq="2412")
396 def hs20_simulated_sim(dev, ap, method):
398 params = hs20_ap_params()
399 params['hessid'] = bssid
400 params['anqp_3gpp_cell_net'] = "555,444"
401 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
402 hostapd.add_ap(ap['ifname'], params)
405 dev.add_cred_values({ 'imsi': "555444-333222111", 'eap': method,
406 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
407 interworking_select(dev, "home", freq="2412")
408 interworking_connect(dev, bssid, method)
409 check_sp_type(dev, "home")
411 def test_ap_hs20_sim(dev, apdev):
412 """Hotspot 2.0 with simulated SIM and EAP-SIM"""
413 hlr_auc_gw_available()
414 hs20_simulated_sim(dev[0], apdev[0], "SIM")
415 dev[0].request("INTERWORKING_SELECT auto freq=2412")
416 ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
418 raise Exception("Timeout on already-connected event")
420 def test_ap_hs20_aka(dev, apdev):
421 """Hotspot 2.0 with simulated USIM and EAP-AKA"""
422 hlr_auc_gw_available()
423 hs20_simulated_sim(dev[0], apdev[0], "AKA")
425 def test_ap_hs20_aka_prime(dev, apdev):
426 """Hotspot 2.0 with simulated USIM and EAP-AKA'"""
427 hlr_auc_gw_available()
428 hs20_simulated_sim(dev[0], apdev[0], "AKA'")
430 def test_ap_hs20_ext_sim(dev, apdev):
431 """Hotspot 2.0 with external SIM processing"""
432 hlr_auc_gw_available()
433 bssid = apdev[0]['bssid']
434 params = hs20_ap_params()
435 params['hessid'] = bssid
436 params['anqp_3gpp_cell_net'] = "232,01"
437 params['domain_name'] = "wlan.mnc001.mcc232.3gppnetwork.org"
438 hostapd.add_ap(apdev[0]['ifname'], params)
442 dev[0].request("SET external_sim 1")
443 dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
444 interworking_select(dev[0], "home", freq="2412")
445 interworking_ext_sim_connect(dev[0], bssid, "SIM")
446 check_sp_type(dev[0], "home")
448 dev[0].request("SET external_sim 0")
450 def test_ap_hs20_ext_sim_roaming(dev, apdev):
451 """Hotspot 2.0 with external SIM processing in roaming network"""
452 hlr_auc_gw_available()
453 bssid = apdev[0]['bssid']
454 params = hs20_ap_params()
455 params['hessid'] = bssid
456 params['anqp_3gpp_cell_net'] = "244,91;310,026;232,01;234,56"
457 params['domain_name'] = "wlan.mnc091.mcc244.3gppnetwork.org"
458 hostapd.add_ap(apdev[0]['ifname'], params)
462 dev[0].request("SET external_sim 1")
463 dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM" })
464 interworking_select(dev[0], "roaming", freq="2412")
465 interworking_ext_sim_connect(dev[0], bssid, "SIM")
466 check_sp_type(dev[0], "roaming")
468 dev[0].request("SET external_sim 0")
470 def test_ap_hs20_username(dev, apdev):
471 """Hotspot 2.0 connection in username/password credential"""
472 bssid = apdev[0]['bssid']
473 params = hs20_ap_params()
474 params['hessid'] = bssid
475 params['disable_dgaf'] = '1'
476 hostapd.add_ap(apdev[0]['ifname'], params)
479 id = dev[0].add_cred_values({ 'realm': "example.com",
480 'username': "hs20-test",
481 'password': "password",
482 'ca_cert': "auth_serv/ca.pem",
483 'domain': "example.com",
484 'update_identifier': "1234" })
485 interworking_select(dev[0], bssid, "home", freq="2412")
486 interworking_connect(dev[0], bssid, "TTLS")
487 check_sp_type(dev[0], "home")
488 status = dev[0].get_status()
489 if status['pairwise_cipher'] != "CCMP":
490 raise Exception("Unexpected pairwise cipher")
491 if status['hs20'] != "2":
492 raise Exception("Unexpected HS 2.0 support indication")
494 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
495 identity="hs20-test", password="password",
496 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
499 def test_ap_hs20_connect_api(dev, apdev):
500 """Hotspot 2.0 connection with connect API"""
501 bssid = apdev[0]['bssid']
502 params = hs20_ap_params()
503 params['hessid'] = bssid
504 params['disable_dgaf'] = '1'
505 hostapd.add_ap(apdev[0]['ifname'], params)
507 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
508 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
510 wpas.flush_scan_cache()
511 id = wpas.add_cred_values({ 'realm': "example.com",
512 'username': "hs20-test",
513 'password': "password",
514 'ca_cert': "auth_serv/ca.pem",
515 'domain': "example.com",
516 'update_identifier': "1234" })
517 interworking_select(wpas, bssid, "home", freq="2412")
518 interworking_connect(wpas, bssid, "TTLS")
519 check_sp_type(wpas, "home")
520 status = wpas.get_status()
521 if status['pairwise_cipher'] != "CCMP":
522 raise Exception("Unexpected pairwise cipher")
523 if status['hs20'] != "2":
524 raise Exception("Unexpected HS 2.0 support indication")
526 def test_ap_hs20_auto_interworking(dev, apdev):
527 """Hotspot 2.0 connection with auto_interworking=1"""
528 bssid = apdev[0]['bssid']
529 params = hs20_ap_params()
530 params['hessid'] = bssid
531 params['disable_dgaf'] = '1'
532 hostapd.add_ap(apdev[0]['ifname'], params)
534 dev[0].hs20_enable(auto_interworking=True)
535 id = dev[0].add_cred_values({ 'realm': "example.com",
536 'username': "hs20-test",
537 'password': "password",
538 'ca_cert': "auth_serv/ca.pem",
539 'domain': "example.com",
540 'update_identifier': "1234" })
541 dev[0].request("REASSOCIATE")
542 dev[0].wait_connected(timeout=15)
543 check_sp_type(dev[0], "home")
544 status = dev[0].get_status()
545 if status['pairwise_cipher'] != "CCMP":
546 raise Exception("Unexpected pairwise cipher")
547 if status['hs20'] != "2":
548 raise Exception("Unexpected HS 2.0 support indication")
550 def test_ap_hs20_auto_interworking_no_match(dev, apdev):
551 """Hotspot 2.0 connection with auto_interworking=1 and no matching network"""
552 hapd = hostapd.add_ap(apdev[0]['ifname'], { "ssid": "mismatch" })
554 dev[0].hs20_enable(auto_interworking=True)
555 id = dev[0].connect("mismatch", psk="12345678", scan_freq="2412",
556 only_add_network=True)
557 dev[0].request("ENABLE_NETWORK " + str(id) + " no-connect")
559 id = dev[0].add_cred_values({ 'realm': "example.com",
560 'username': "hs20-test",
561 'password': "password",
562 'ca_cert': "auth_serv/ca.pem",
563 'domain': "example.com",
564 'update_identifier': "1234" })
565 dev[0].request("INTERWORKING_SELECT auto freq=2412")
567 dev[0].dump_monitor()
569 logger.info("start ping")
570 if "PONG" not in dev[0].ctrl.request("PING", timeout=2):
571 raise Exception("PING failed")
572 logger.info("ping done")
576 ev = dev[0].wait_event([ "ANQP fetch completed",
577 "CTRL-EVENT-SCAN-RESULTS" ], timeout=0.05)
580 if "ANQP fetch completed" in ev:
584 if fetch > 2 * scan + 3:
585 raise Exception("Too many ANQP fetch iterations")
586 dev[0].dump_monitor()
587 dev[0].request("DISCONNECT")
589 def test_ap_hs20_auto_interworking_no_cred_match(dev, apdev):
590 """Hotspot 2.0 connection with auto_interworking=1 but no cred match"""
591 bssid = apdev[0]['bssid']
592 params = { "ssid": "test" }
593 hostapd.add_ap(apdev[0]['ifname'], params)
595 dev[0].hs20_enable(auto_interworking=True)
596 dev[0].add_cred_values({ 'realm': "example.com",
597 'username': "hs20-test",
598 'password': "password",
599 'ca_cert': "auth_serv/ca.pem",
600 'domain': "example.com" })
602 id = dev[0].connect("test", psk="12345678", only_add_network=True)
603 dev[0].request("ENABLE_NETWORK %s" % id)
604 logger.info("Verify that scanning continues when there is partial network block match")
605 for i in range(0, 2):
606 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
608 raise Exception("Scan timed out")
609 logger.info("Scan completed")
611 def eap_test(dev, ap, eap_params, method, user):
613 params = hs20_ap_params()
614 params['nai_realm'] = [ "0,example.com," + eap_params ]
615 hostapd.add_ap(ap['ifname'], params)
618 dev.add_cred_values({ 'realm': "example.com",
619 'ca_cert': "auth_serv/ca.pem",
621 'password': "password" })
622 interworking_select(dev, bssid, freq="2412")
623 interworking_connect(dev, bssid, method)
625 def test_ap_hs20_eap_unknown(dev, apdev):
626 """Hotspot 2.0 connection with unknown EAP method"""
627 bssid = apdev[0]['bssid']
628 params = hs20_ap_params()
629 params['nai_realm'] = "0,example.com,99"
630 hostapd.add_ap(apdev[0]['ifname'], params)
633 dev[0].add_cred_values(default_cred())
634 interworking_select(dev[0], None, no_match=True, freq="2412")
636 def test_ap_hs20_eap_peap_mschapv2(dev, apdev):
637 """Hotspot 2.0 connection with PEAP/MSCHAPV2"""
638 eap_test(dev[0], apdev[0], "25[3:26]", "PEAP", "user")
640 def test_ap_hs20_eap_peap_default(dev, apdev):
641 """Hotspot 2.0 connection with PEAP/MSCHAPV2 (as default)"""
642 eap_test(dev[0], apdev[0], "25", "PEAP", "user")
644 def test_ap_hs20_eap_peap_gtc(dev, apdev):
645 """Hotspot 2.0 connection with PEAP/GTC"""
646 eap_test(dev[0], apdev[0], "25[3:6]", "PEAP", "user")
648 def test_ap_hs20_eap_peap_unknown(dev, apdev):
649 """Hotspot 2.0 connection with PEAP/unknown"""
650 bssid = apdev[0]['bssid']
651 params = hs20_ap_params()
652 params['nai_realm'] = "0,example.com,25[3:99]"
653 hostapd.add_ap(apdev[0]['ifname'], params)
656 dev[0].add_cred_values(default_cred())
657 interworking_select(dev[0], None, no_match=True, freq="2412")
659 def test_ap_hs20_eap_ttls_chap(dev, apdev):
660 """Hotspot 2.0 connection with TTLS/CHAP"""
661 eap_test(dev[0], apdev[0], "21[2:2]", "TTLS", "chap user")
663 def test_ap_hs20_eap_ttls_mschap(dev, apdev):
664 """Hotspot 2.0 connection with TTLS/MSCHAP"""
665 eap_test(dev[0], apdev[0], "21[2:3]", "TTLS", "mschap user")
667 def test_ap_hs20_eap_ttls_eap_mschapv2(dev, apdev):
668 """Hotspot 2.0 connection with TTLS/EAP-MSCHAPv2"""
669 eap_test(dev[0], apdev[0], "21[3:26][6:7][99:99]", "TTLS", "user")
671 def test_ap_hs20_eap_ttls_eap_unknown(dev, apdev):
672 """Hotspot 2.0 connection with TTLS/EAP-unknown"""
673 bssid = apdev[0]['bssid']
674 params = hs20_ap_params()
675 params['nai_realm'] = "0,example.com,21[3:99]"
676 hostapd.add_ap(apdev[0]['ifname'], params)
679 dev[0].add_cred_values(default_cred())
680 interworking_select(dev[0], None, no_match=True, freq="2412")
682 def test_ap_hs20_eap_ttls_eap_unsupported(dev, apdev):
683 """Hotspot 2.0 connection with TTLS/EAP-OTP(unsupported)"""
684 bssid = apdev[0]['bssid']
685 params = hs20_ap_params()
686 params['nai_realm'] = "0,example.com,21[3:5]"
687 hostapd.add_ap(apdev[0]['ifname'], params)
690 dev[0].add_cred_values(default_cred())
691 interworking_select(dev[0], None, no_match=True, freq="2412")
693 def test_ap_hs20_eap_ttls_unknown(dev, apdev):
694 """Hotspot 2.0 connection with TTLS/unknown"""
695 bssid = apdev[0]['bssid']
696 params = hs20_ap_params()
697 params['nai_realm'] = "0,example.com,21[2:5]"
698 hostapd.add_ap(apdev[0]['ifname'], params)
701 dev[0].add_cred_values(default_cred())
702 interworking_select(dev[0], None, no_match=True, freq="2412")
704 def test_ap_hs20_eap_fast_mschapv2(dev, apdev):
705 """Hotspot 2.0 connection with FAST/EAP-MSCHAPV2"""
706 check_eap_capa(dev[0], "FAST")
707 eap_test(dev[0], apdev[0], "43[3:26]", "FAST", "user")
709 def test_ap_hs20_eap_fast_gtc(dev, apdev):
710 """Hotspot 2.0 connection with FAST/EAP-GTC"""
711 check_eap_capa(dev[0], "FAST")
712 eap_test(dev[0], apdev[0], "43[3:6]", "FAST", "user")
714 def test_ap_hs20_eap_tls(dev, apdev):
715 """Hotspot 2.0 connection with EAP-TLS"""
716 bssid = apdev[0]['bssid']
717 params = hs20_ap_params()
718 params['nai_realm'] = [ "0,example.com,13[5:6]" ]
719 hostapd.add_ap(apdev[0]['ifname'], params)
722 dev[0].add_cred_values({ 'realm': "example.com",
723 'username': "certificate-user",
724 'ca_cert': "auth_serv/ca.pem",
725 'client_cert': "auth_serv/user.pem",
726 'private_key': "auth_serv/user.key"})
727 interworking_select(dev[0], bssid, freq="2412")
728 interworking_connect(dev[0], bssid, "TLS")
730 def test_ap_hs20_eap_cert_unknown(dev, apdev):
731 """Hotspot 2.0 connection with certificate, but unknown EAP method"""
732 bssid = apdev[0]['bssid']
733 params = hs20_ap_params()
734 params['nai_realm'] = [ "0,example.com,99[5:6]" ]
735 hostapd.add_ap(apdev[0]['ifname'], params)
738 dev[0].add_cred_values({ 'realm': "example.com",
739 'username': "certificate-user",
740 'ca_cert': "auth_serv/ca.pem",
741 'client_cert': "auth_serv/user.pem",
742 'private_key': "auth_serv/user.key"})
743 interworking_select(dev[0], None, no_match=True, freq="2412")
745 def test_ap_hs20_eap_cert_unsupported(dev, apdev):
746 """Hotspot 2.0 connection with certificate, but unsupported TTLS"""
747 bssid = apdev[0]['bssid']
748 params = hs20_ap_params()
749 params['nai_realm'] = [ "0,example.com,21[5:6]" ]
750 hostapd.add_ap(apdev[0]['ifname'], params)
753 dev[0].add_cred_values({ 'realm': "example.com",
754 'username': "certificate-user",
755 'ca_cert': "auth_serv/ca.pem",
756 'client_cert': "auth_serv/user.pem",
757 'private_key': "auth_serv/user.key"})
758 interworking_select(dev[0], None, no_match=True, freq="2412")
760 def test_ap_hs20_eap_invalid_cred(dev, apdev):
761 """Hotspot 2.0 connection with invalid cred configuration"""
762 bssid = apdev[0]['bssid']
763 params = hs20_ap_params()
764 hostapd.add_ap(apdev[0]['ifname'], params)
767 dev[0].add_cred_values({ 'realm': "example.com",
768 'username': "certificate-user",
769 'client_cert': "auth_serv/user.pem" })
770 interworking_select(dev[0], None, no_match=True, freq="2412")
772 def test_ap_hs20_nai_realms(dev, apdev):
773 """Hotspot 2.0 connection and multiple NAI realms and TTLS/PAP"""
774 bssid = apdev[0]['bssid']
775 params = hs20_ap_params()
776 params['hessid'] = bssid
777 params['nai_realm'] = [ "0,no.match.here;example.com;no.match.here.either,21[2:1][5:7]" ]
778 hostapd.add_ap(apdev[0]['ifname'], params)
781 id = dev[0].add_cred_values({ 'realm': "example.com",
782 'ca_cert': "auth_serv/ca.pem",
783 'username': "pap user",
784 'password': "password",
785 'domain': "example.com" })
786 interworking_select(dev[0], bssid, "home", freq="2412")
787 interworking_connect(dev[0], bssid, "TTLS")
788 check_sp_type(dev[0], "home")
790 def test_ap_hs20_roaming_consortium(dev, apdev):
791 """Hotspot 2.0 connection based on roaming consortium match"""
792 bssid = apdev[0]['bssid']
793 params = hs20_ap_params()
794 params['hessid'] = bssid
795 hostapd.add_ap(apdev[0]['ifname'], params)
798 for consortium in [ "112233", "1020304050", "010203040506", "fedcba" ]:
799 id = dev[0].add_cred_values({ 'username': "user",
800 'password': "password",
801 'domain': "example.com",
802 'ca_cert': "auth_serv/ca.pem",
803 'roaming_consortium': consortium,
805 interworking_select(dev[0], bssid, "home", freq="2412")
806 interworking_connect(dev[0], bssid, "PEAP")
807 check_sp_type(dev[0], "home")
808 dev[0].request("INTERWORKING_SELECT auto freq=2412")
809 ev = dev[0].wait_event(["INTERWORKING-ALREADY-CONNECTED"], timeout=15)
811 raise Exception("Timeout on already-connected event")
812 dev[0].remove_cred(id)
814 def test_ap_hs20_username_roaming(dev, apdev):
815 """Hotspot 2.0 connection in username/password credential (roaming)"""
816 bssid = apdev[0]['bssid']
817 params = hs20_ap_params()
818 params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
819 "0,roaming.example.com,21[2:4][5:7]",
820 "0,another.example.com" ]
821 params['domain_name'] = "another.example.com"
822 params['hessid'] = bssid
823 hostapd.add_ap(apdev[0]['ifname'], params)
826 id = dev[0].add_cred_values({ 'realm': "roaming.example.com",
827 'username': "hs20-test",
828 'password': "password",
829 'ca_cert': "auth_serv/ca.pem",
830 'domain': "example.com" })
831 interworking_select(dev[0], bssid, "roaming", freq="2412")
832 interworking_connect(dev[0], bssid, "TTLS")
833 check_sp_type(dev[0], "roaming")
835 def test_ap_hs20_username_unknown(dev, apdev):
836 """Hotspot 2.0 connection in username/password credential (no domain in cred)"""
837 bssid = apdev[0]['bssid']
838 params = hs20_ap_params()
839 params['hessid'] = bssid
840 hostapd.add_ap(apdev[0]['ifname'], params)
843 id = dev[0].add_cred_values({ 'realm': "example.com",
844 'ca_cert': "auth_serv/ca.pem",
845 'username': "hs20-test",
846 'password': "password" })
847 interworking_select(dev[0], bssid, "unknown", freq="2412")
848 interworking_connect(dev[0], bssid, "TTLS")
849 check_sp_type(dev[0], "unknown")
851 def test_ap_hs20_username_unknown2(dev, apdev):
852 """Hotspot 2.0 connection in username/password credential (no domain advertized)"""
853 bssid = apdev[0]['bssid']
854 params = hs20_ap_params()
855 params['hessid'] = bssid
856 del params['domain_name']
857 hostapd.add_ap(apdev[0]['ifname'], params)
860 id = dev[0].add_cred_values({ 'realm': "example.com",
861 'ca_cert': "auth_serv/ca.pem",
862 'username': "hs20-test",
863 'password': "password",
864 'domain': "example.com" })
865 interworking_select(dev[0], bssid, "unknown", freq="2412")
866 interworking_connect(dev[0], bssid, "TTLS")
867 check_sp_type(dev[0], "unknown")
869 def test_ap_hs20_gas_while_associated(dev, apdev):
870 """Hotspot 2.0 connection with GAS query while associated"""
871 bssid = apdev[0]['bssid']
872 params = hs20_ap_params()
873 params['hessid'] = bssid
874 hostapd.add_ap(apdev[0]['ifname'], params)
877 id = dev[0].add_cred_values({ 'realm': "example.com",
878 'ca_cert': "auth_serv/ca.pem",
879 'username': "hs20-test",
880 'password': "password",
881 'domain': "example.com" })
882 interworking_select(dev[0], bssid, "home", freq="2412")
883 interworking_connect(dev[0], bssid, "TTLS")
885 logger.info("Verifying GAS query while associated")
886 dev[0].request("FETCH_ANQP")
887 for i in range(0, 6):
888 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
890 raise Exception("Operation timed out")
892 def test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
893 """Hotspot 2.0 connection with GAS query while associated and using PMF"""
895 _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev)
897 dev[0].request("SET pmf 0")
899 def _test_ap_hs20_gas_while_associated_with_pmf(dev, apdev):
900 bssid = apdev[0]['bssid']
901 params = hs20_ap_params()
902 params['hessid'] = bssid
903 hostapd.add_ap(apdev[0]['ifname'], params)
905 bssid2 = apdev[1]['bssid']
906 params = hs20_ap_params()
907 params['hessid'] = bssid2
908 params['nai_realm'] = [ "0,no-match.example.org,13[5:6],21[2:4][5:7]" ]
909 hostapd.add_ap(apdev[1]['ifname'], params)
912 dev[0].request("SET pmf 2")
913 id = dev[0].add_cred_values({ 'realm': "example.com",
914 'ca_cert': "auth_serv/ca.pem",
915 'username': "hs20-test",
916 'password': "password",
917 'domain': "example.com" })
918 interworking_select(dev[0], bssid, "home", freq="2412")
919 interworking_connect(dev[0], bssid, "TTLS")
921 logger.info("Verifying GAS query while associated")
922 dev[0].request("FETCH_ANQP")
923 for i in range(0, 2 * 6):
924 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
926 raise Exception("Operation timed out")
928 def test_ap_hs20_gas_frag_while_associated(dev, apdev):
929 """Hotspot 2.0 connection with fragmented GAS query while associated"""
930 bssid = apdev[0]['bssid']
931 params = hs20_ap_params()
932 params['hessid'] = bssid
933 hostapd.add_ap(apdev[0]['ifname'], params)
934 hapd = hostapd.Hostapd(apdev[0]['ifname'])
935 hapd.set("gas_frag_limit", "50")
938 id = dev[0].add_cred_values({ 'realm': "example.com",
939 'ca_cert': "auth_serv/ca.pem",
940 'username': "hs20-test",
941 'password': "password",
942 'domain': "example.com" })
943 interworking_select(dev[0], bssid, "home", freq="2412")
944 interworking_connect(dev[0], bssid, "TTLS")
946 logger.info("Verifying GAS query while associated")
947 dev[0].request("FETCH_ANQP")
948 for i in range(0, 6):
949 ev = dev[0].wait_event(["RX-ANQP"], timeout=5)
951 raise Exception("Operation timed out")
953 def test_ap_hs20_multiple_connects(dev, apdev):
954 """Hotspot 2.0 connection through multiple network selections"""
955 bssid = apdev[0]['bssid']
956 params = hs20_ap_params()
957 params['hessid'] = bssid
958 hostapd.add_ap(apdev[0]['ifname'], params)
961 values = { 'realm': "example.com",
962 'ca_cert': "auth_serv/ca.pem",
963 'username': "hs20-test",
964 'password': "password",
965 'domain': "example.com" }
966 id = dev[0].add_cred_values(values)
968 dev[0].scan_for_bss(bssid, freq="2412")
970 for i in range(0, 3):
971 logger.info("Starting Interworking network selection")
972 dev[0].request("INTERWORKING_SELECT auto freq=2412")
974 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
975 "INTERWORKING-ALREADY-CONNECTED",
976 "CTRL-EVENT-CONNECTED"], timeout=15)
978 raise Exception("Connection timed out")
979 if "INTERWORKING-NO-MATCH" in ev:
980 raise Exception("Matching AP not found")
981 if "CTRL-EVENT-CONNECTED" in ev:
983 if i == 2 and "INTERWORKING-ALREADY-CONNECTED" in ev:
986 dev[0].request("DISCONNECT")
987 dev[0].dump_monitor()
989 networks = dev[0].list_networks()
990 if len(networks) > 1:
991 raise Exception("Duplicated network block detected")
993 def test_ap_hs20_disallow_aps(dev, apdev):
994 """Hotspot 2.0 connection and disallow_aps"""
995 bssid = apdev[0]['bssid']
996 params = hs20_ap_params()
997 params['hessid'] = bssid
998 hostapd.add_ap(apdev[0]['ifname'], params)
1000 dev[0].hs20_enable()
1001 values = { 'realm': "example.com",
1002 'ca_cert': "auth_serv/ca.pem",
1003 'username': "hs20-test",
1004 'password': "password",
1005 'domain': "example.com" }
1006 id = dev[0].add_cred_values(values)
1008 dev[0].scan_for_bss(bssid, freq="2412")
1010 logger.info("Verify disallow_aps bssid")
1011 dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
1012 dev[0].request("INTERWORKING_SELECT auto")
1013 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
1015 raise Exception("Network selection timed out")
1016 dev[0].dump_monitor()
1018 logger.info("Verify disallow_aps ssid")
1019 dev[0].request("SET disallow_aps ssid 746573742d68733230")
1020 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1021 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH"], timeout=15)
1023 raise Exception("Network selection timed out")
1024 dev[0].dump_monitor()
1026 logger.info("Verify disallow_aps clear")
1027 dev[0].request("SET disallow_aps ")
1028 interworking_select(dev[0], bssid, "home", freq="2412")
1030 dev[0].request("SET disallow_aps bssid " + bssid.translate(None, ':'))
1031 ret = dev[0].request("INTERWORKING_CONNECT " + bssid)
1032 if "FAIL" not in ret:
1033 raise Exception("INTERWORKING_CONNECT to disallowed BSS not rejected")
1035 if "FAIL" not in dev[0].request("INTERWORKING_CONNECT foo"):
1036 raise Exception("Invalid INTERWORKING_CONNECT not rejected")
1037 if "FAIL" not in dev[0].request("INTERWORKING_CONNECT 00:11:22:33:44:55"):
1038 raise Exception("Invalid INTERWORKING_CONNECT not rejected")
1040 def policy_test(dev, ap, values, only_one=True):
1043 logger.info("Verify network selection to AP " + ap['ifname'])
1045 dev.scan_for_bss(bssid, freq="2412")
1047 logger.info("Verify network selection")
1050 id = dev.add_cred_values(values)
1051 dev.request("INTERWORKING_SELECT auto freq=2412")
1054 ev = dev.wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH",
1055 "INTERWORKING-BLACKLISTED",
1056 "INTERWORKING-SELECTED"], timeout=15)
1058 raise Exception("Network selection timed out")
1060 if "INTERWORKING-NO-MATCH" in ev:
1061 raise Exception("Matching AP not found")
1062 if bssid and only_one and "INTERWORKING-AP" in ev and bssid not in ev:
1063 raise Exception("Unexpected AP claimed acceptable")
1064 if "INTERWORKING-SELECTED" in ev:
1065 if bssid and bssid not in ev:
1066 raise Exception("Selected incorrect BSS")
1069 ev = dev.wait_connected(timeout=15)
1070 if bssid and bssid not in ev:
1071 raise Exception("Connected to incorrect BSS")
1073 conn_bssid = dev.get_status_field("bssid")
1074 if bssid and conn_bssid != bssid:
1075 raise Exception("bssid information points to incorrect BSS")
1081 def default_cred(domain=None):
1082 cred = { 'realm': "example.com",
1083 'ca_cert': "auth_serv/ca.pem",
1084 'username': "hs20-test",
1085 'password': "password" }
1087 cred['domain'] = domain
1090 def test_ap_hs20_prefer_home(dev, apdev):
1091 """Hotspot 2.0 required roaming consortium"""
1092 params = hs20_ap_params()
1093 params['domain_name'] = "example.org"
1094 hostapd.add_ap(apdev[0]['ifname'], params)
1096 params = hs20_ap_params()
1097 params['ssid'] = "test-hs20-other"
1098 params['domain_name'] = "example.com"
1099 hostapd.add_ap(apdev[1]['ifname'], params)
1101 values = default_cred()
1102 values['domain'] = "example.com"
1103 policy_test(dev[0], apdev[1], values, only_one=False)
1104 values['domain'] = "example.org"
1105 policy_test(dev[0], apdev[0], values, only_one=False)
1107 def test_ap_hs20_req_roaming_consortium(dev, apdev):
1108 """Hotspot 2.0 required roaming consortium"""
1109 params = hs20_ap_params()
1110 hostapd.add_ap(apdev[0]['ifname'], params)
1112 params = hs20_ap_params()
1113 params['ssid'] = "test-hs20-other"
1114 params['roaming_consortium'] = [ "223344" ]
1115 hostapd.add_ap(apdev[1]['ifname'], params)
1117 values = default_cred()
1118 values['required_roaming_consortium'] = "223344"
1119 policy_test(dev[0], apdev[1], values)
1120 values['required_roaming_consortium'] = "112233"
1121 policy_test(dev[0], apdev[0], values)
1123 id = dev[0].add_cred()
1124 dev[0].set_cred(id, "required_roaming_consortium", "112233")
1125 dev[0].set_cred(id, "required_roaming_consortium", "112233445566778899aabbccddeeff")
1127 for val in [ "", "1", "11", "1122", "1122334", "112233445566778899aabbccddeeff00" ]:
1128 if "FAIL" not in dev[0].request('SET_CRED {} required_roaming_consortium {}'.format(id, val)):
1129 raise Exception("Invalid roaming consortium value accepted: " + val)
1131 def test_ap_hs20_excluded_ssid(dev, apdev):
1132 """Hotspot 2.0 exclusion based on SSID"""
1133 params = hs20_ap_params()
1134 params['roaming_consortium'] = [ "223344" ]
1135 params['anqp_3gpp_cell_net'] = "555,444"
1136 hostapd.add_ap(apdev[0]['ifname'], params)
1138 params = hs20_ap_params()
1139 params['ssid'] = "test-hs20-other"
1140 params['roaming_consortium'] = [ "223344" ]
1141 params['anqp_3gpp_cell_net'] = "555,444"
1142 hostapd.add_ap(apdev[1]['ifname'], params)
1144 values = default_cred()
1145 values['excluded_ssid'] = "test-hs20"
1146 events = policy_test(dev[0], apdev[1], values)
1147 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
1149 raise Exception("Excluded network not reported")
1150 values['excluded_ssid'] = "test-hs20-other"
1151 events = policy_test(dev[0], apdev[0], values)
1152 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[1]['bssid'] in e]
1154 raise Exception("Excluded network not reported")
1156 values = default_cred()
1157 values['roaming_consortium'] = "223344"
1158 values['eap'] = "TTLS"
1159 values['phase2'] = "auth=MSCHAPV2"
1160 values['excluded_ssid'] = "test-hs20"
1161 events = policy_test(dev[0], apdev[1], values)
1162 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
1164 raise Exception("Excluded network not reported")
1166 values = { 'imsi': "555444-333222111", 'eap': "SIM",
1167 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123",
1168 'excluded_ssid': "test-hs20" }
1169 events = policy_test(dev[0], apdev[1], values)
1170 ev = [e for e in events if "INTERWORKING-BLACKLISTED " + apdev[0]['bssid'] in e]
1172 raise Exception("Excluded network not reported")
1174 def test_ap_hs20_roam_to_higher_prio(dev, apdev):
1175 """Hotspot 2.0 and roaming from current to higher priority network"""
1176 bssid = apdev[0]['bssid']
1177 params = hs20_ap_params(ssid="test-hs20-visited")
1178 params['domain_name'] = "visited.example.org"
1179 hostapd.add_ap(apdev[0]['ifname'], params)
1181 dev[0].hs20_enable()
1182 id = dev[0].add_cred_values({ 'realm': "example.com",
1183 'ca_cert': "auth_serv/ca.pem",
1184 'username': "hs20-test",
1185 'password': "password",
1186 'domain': "example.com" })
1187 logger.info("Connect to the only network option")
1188 interworking_select(dev[0], bssid, "roaming", freq="2412")
1189 dev[0].dump_monitor()
1190 interworking_connect(dev[0], bssid, "TTLS")
1192 logger.info("Start another AP (home operator) and reconnect")
1193 bssid2 = apdev[1]['bssid']
1194 params = hs20_ap_params(ssid="test-hs20-home")
1195 params['domain_name'] = "example.com"
1196 hostapd.add_ap(apdev[1]['ifname'], params)
1198 dev[0].scan_for_bss(bssid2, freq="2412", force_scan=True)
1199 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1200 ev = dev[0].wait_event(["INTERWORKING-NO-MATCH",
1201 "INTERWORKING-ALREADY-CONNECTED",
1202 "CTRL-EVENT-CONNECTED"], timeout=15)
1204 raise Exception("Connection timed out")
1205 if "INTERWORKING-NO-MATCH" in ev:
1206 raise Exception("Matching AP not found")
1207 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1208 raise Exception("Unexpected AP selected")
1209 if bssid2 not in ev:
1210 raise Exception("Unexpected BSSID after reconnection")
1212 def test_ap_hs20_domain_suffix_match_full(dev, apdev):
1213 """Hotspot 2.0 and domain_suffix_match"""
1214 bssid = apdev[0]['bssid']
1215 params = hs20_ap_params()
1216 hostapd.add_ap(apdev[0]['ifname'], params)
1218 dev[0].hs20_enable()
1219 id = dev[0].add_cred_values({ 'realm': "example.com",
1220 'username': "hs20-test",
1221 'password': "password",
1222 'ca_cert': "auth_serv/ca.pem",
1223 'domain': "example.com",
1224 'domain_suffix_match': "server.w1.fi" })
1225 interworking_select(dev[0], bssid, "home", freq="2412")
1226 dev[0].dump_monitor()
1227 interworking_connect(dev[0], bssid, "TTLS")
1228 dev[0].request("REMOVE_NETWORK all")
1229 dev[0].dump_monitor()
1231 dev[0].set_cred_quoted(id, "domain_suffix_match", "no-match.example.com")
1232 interworking_select(dev[0], bssid, "home", freq="2412")
1233 dev[0].dump_monitor()
1234 dev[0].request("INTERWORKING_CONNECT " + bssid)
1235 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"])
1237 raise Exception("TLS certificate error not reported")
1238 if "Domain suffix mismatch" not in ev:
1239 raise Exception("Domain suffix mismatch not reported")
1241 def test_ap_hs20_domain_suffix_match(dev, apdev):
1242 """Hotspot 2.0 and domain_suffix_match"""
1243 check_domain_match_full(dev[0])
1244 bssid = apdev[0]['bssid']
1245 params = hs20_ap_params()
1246 hostapd.add_ap(apdev[0]['ifname'], params)
1248 dev[0].hs20_enable()
1249 id = dev[0].add_cred_values({ 'realm': "example.com",
1250 'username': "hs20-test",
1251 'password': "password",
1252 'ca_cert': "auth_serv/ca.pem",
1253 'domain': "example.com",
1254 'domain_suffix_match': "w1.fi" })
1255 interworking_select(dev[0], bssid, "home", freq="2412")
1256 dev[0].dump_monitor()
1257 interworking_connect(dev[0], bssid, "TTLS")
1259 def test_ap_hs20_roaming_partner_preference(dev, apdev):
1260 """Hotspot 2.0 and roaming partner preference"""
1261 params = hs20_ap_params()
1262 params['domain_name'] = "roaming.example.org"
1263 hostapd.add_ap(apdev[0]['ifname'], params)
1265 params = hs20_ap_params()
1266 params['ssid'] = "test-hs20-other"
1267 params['domain_name'] = "roaming.example.net"
1268 hostapd.add_ap(apdev[1]['ifname'], params)
1270 logger.info("Verify default vs. specified preference")
1271 values = default_cred()
1272 values['roaming_partner'] = "roaming.example.net,1,127,*"
1273 policy_test(dev[0], apdev[1], values, only_one=False)
1274 values['roaming_partner'] = "roaming.example.net,1,129,*"
1275 policy_test(dev[0], apdev[0], values, only_one=False)
1277 logger.info("Verify partial FQDN match")
1278 values['roaming_partner'] = "example.net,0,0,*"
1279 policy_test(dev[0], apdev[1], values, only_one=False)
1280 values['roaming_partner'] = "example.net,0,255,*"
1281 policy_test(dev[0], apdev[0], values, only_one=False)
1283 def test_ap_hs20_max_bss_load(dev, apdev):
1284 """Hotspot 2.0 and maximum BSS load"""
1285 params = hs20_ap_params()
1286 params['bss_load_test'] = "12:200:20000"
1287 hostapd.add_ap(apdev[0]['ifname'], params)
1289 params = hs20_ap_params()
1290 params['ssid'] = "test-hs20-other"
1291 params['bss_load_test'] = "5:20:10000"
1292 hostapd.add_ap(apdev[1]['ifname'], params)
1294 logger.info("Verify maximum BSS load constraint")
1295 values = default_cred()
1296 values['domain'] = "example.com"
1297 values['max_bss_load'] = "100"
1298 events = policy_test(dev[0], apdev[1], values, only_one=False)
1300 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1301 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1302 raise Exception("Maximum BSS Load case not noticed")
1303 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1304 if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
1305 raise Exception("Maximum BSS Load case reported incorrectly")
1307 logger.info("Verify maximum BSS load does not prevent connection")
1308 values['max_bss_load'] = "1"
1309 events = policy_test(dev[0], None, values)
1311 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1312 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1313 raise Exception("Maximum BSS Load case not noticed")
1314 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1315 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1316 raise Exception("Maximum BSS Load case not noticed")
1318 def test_ap_hs20_max_bss_load2(dev, apdev):
1319 """Hotspot 2.0 and maximum BSS load with one AP not advertising"""
1320 params = hs20_ap_params()
1321 params['bss_load_test'] = "12:200:20000"
1322 hostapd.add_ap(apdev[0]['ifname'], params)
1324 params = hs20_ap_params()
1325 params['ssid'] = "test-hs20-other"
1326 hostapd.add_ap(apdev[1]['ifname'], params)
1328 logger.info("Verify maximum BSS load constraint with AP advertisement")
1329 values = default_cred()
1330 values['domain'] = "example.com"
1331 values['max_bss_load'] = "100"
1332 events = policy_test(dev[0], apdev[1], values, only_one=False)
1334 ev = [e for e in events if "INTERWORKING-AP " + apdev[0]['bssid'] in e]
1335 if len(ev) != 1 or "over_max_bss_load=1" not in ev[0]:
1336 raise Exception("Maximum BSS Load case not noticed")
1337 ev = [e for e in events if "INTERWORKING-AP " + apdev[1]['bssid'] in e]
1338 if len(ev) != 1 or "over_max_bss_load=1" in ev[0]:
1339 raise Exception("Maximum BSS Load case reported incorrectly")
1341 def test_ap_hs20_multi_cred_sp_prio(dev, apdev):
1342 """Hotspot 2.0 multi-cred sp_priority"""
1344 _test_ap_hs20_multi_cred_sp_prio(dev, apdev)
1346 dev[0].request("SET external_sim 0")
1348 def _test_ap_hs20_multi_cred_sp_prio(dev, apdev):
1349 hlr_auc_gw_available()
1350 bssid = apdev[0]['bssid']
1351 params = hs20_ap_params()
1352 params['hessid'] = bssid
1353 del params['domain_name']
1354 params['anqp_3gpp_cell_net'] = "232,01"
1355 hostapd.add_ap(apdev[0]['ifname'], params)
1357 dev[0].hs20_enable()
1358 dev[0].scan_for_bss(bssid, freq="2412")
1359 dev[0].request("SET external_sim 1")
1360 id1 = dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1361 'provisioning_sp': "example.com",
1362 'sp_priority' :"1" })
1363 id2 = dev[0].add_cred_values({ 'realm': "example.com",
1364 'ca_cert': "auth_serv/ca.pem",
1365 'username': "hs20-test",
1366 'password': "password",
1367 'domain': "example.com",
1368 'provisioning_sp': "example.com",
1369 'sp_priority': "2" })
1370 dev[0].dump_monitor()
1371 dev[0].scan_for_bss(bssid, freq="2412")
1372 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1373 interworking_ext_sim_auth(dev[0], "SIM")
1374 check_sp_type(dev[0], "unknown")
1375 dev[0].request("REMOVE_NETWORK all")
1377 dev[0].set_cred(id1, "sp_priority", "2")
1378 dev[0].set_cred(id2, "sp_priority", "1")
1379 dev[0].dump_monitor()
1380 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1381 interworking_auth(dev[0], "TTLS")
1382 check_sp_type(dev[0], "unknown")
1384 def test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
1385 """Hotspot 2.0 multi-cred sp_priority with two BSSes"""
1387 _test_ap_hs20_multi_cred_sp_prio2(dev, apdev)
1389 dev[0].request("SET external_sim 0")
1391 def _test_ap_hs20_multi_cred_sp_prio2(dev, apdev):
1392 hlr_auc_gw_available()
1393 bssid = apdev[0]['bssid']
1394 params = hs20_ap_params()
1395 params['hessid'] = bssid
1396 del params['nai_realm']
1397 del params['domain_name']
1398 params['anqp_3gpp_cell_net'] = "232,01"
1399 hostapd.add_ap(apdev[0]['ifname'], params)
1401 bssid2 = apdev[1]['bssid']
1402 params = hs20_ap_params()
1403 params['ssid'] = "test-hs20-other"
1404 params['hessid'] = bssid2
1405 del params['domain_name']
1406 del params['anqp_3gpp_cell_net']
1407 hostapd.add_ap(apdev[1]['ifname'], params)
1409 dev[0].hs20_enable()
1410 dev[0].request("SET external_sim 1")
1411 id1 = dev[0].add_cred_values({ 'imsi': "23201-0000000000", 'eap': "SIM",
1412 'provisioning_sp': "example.com",
1413 'sp_priority': "1" })
1414 id2 = dev[0].add_cred_values({ 'realm': "example.com",
1415 'ca_cert': "auth_serv/ca.pem",
1416 'username': "hs20-test",
1417 'password': "password",
1418 'domain': "example.com",
1419 'provisioning_sp': "example.com",
1420 'sp_priority': "2" })
1421 dev[0].dump_monitor()
1422 dev[0].scan_for_bss(bssid, freq="2412")
1423 dev[0].scan_for_bss(bssid2, freq="2412")
1424 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1425 interworking_ext_sim_auth(dev[0], "SIM")
1426 check_sp_type(dev[0], "unknown")
1427 conn_bssid = dev[0].get_status_field("bssid")
1428 if conn_bssid != bssid:
1429 raise Exception("Connected to incorrect BSS")
1430 dev[0].request("REMOVE_NETWORK all")
1432 dev[0].set_cred(id1, "sp_priority", "2")
1433 dev[0].set_cred(id2, "sp_priority", "1")
1434 dev[0].dump_monitor()
1435 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1436 interworking_auth(dev[0], "TTLS")
1437 check_sp_type(dev[0], "unknown")
1438 conn_bssid = dev[0].get_status_field("bssid")
1439 if conn_bssid != bssid2:
1440 raise Exception("Connected to incorrect BSS")
1442 def check_conn_capab_selection(dev, type, missing):
1443 dev.request("INTERWORKING_SELECT freq=2412")
1444 ev = dev.wait_event(["INTERWORKING-AP"])
1446 raise Exception("Network selection timed out");
1447 if "type=" + type not in ev:
1448 raise Exception("Unexpected network type")
1449 if missing and "conn_capab_missing=1" not in ev:
1450 raise Exception("conn_capab_missing not reported")
1451 if not missing and "conn_capab_missing=1" in ev:
1452 raise Exception("conn_capab_missing reported unexpectedly")
1454 def conn_capab_cred(domain=None, req_conn_capab=None):
1455 cred = default_cred(domain=domain)
1457 cred['req_conn_capab'] = req_conn_capab
1460 def test_ap_hs20_req_conn_capab(dev, apdev):
1461 """Hotspot 2.0 network selection with req_conn_capab"""
1462 bssid = apdev[0]['bssid']
1463 params = hs20_ap_params()
1464 hostapd.add_ap(apdev[0]['ifname'], params)
1466 dev[0].hs20_enable()
1467 dev[0].scan_for_bss(bssid, freq="2412")
1468 logger.info("Not used in home network")
1469 values = conn_capab_cred(domain="example.com", req_conn_capab="6:1234")
1470 id = dev[0].add_cred_values(values)
1471 check_conn_capab_selection(dev[0], "home", False)
1473 logger.info("Used in roaming network")
1474 dev[0].remove_cred(id)
1475 values = conn_capab_cred(domain="example.org", req_conn_capab="6:1234")
1476 id = dev[0].add_cred_values(values)
1477 check_conn_capab_selection(dev[0], "roaming", True)
1479 logger.info("Verify that req_conn_capab does not prevent connection if no other network is available")
1480 check_auto_select(dev[0], bssid)
1482 logger.info("Additional req_conn_capab checks")
1484 dev[0].remove_cred(id)
1485 values = conn_capab_cred(domain="example.org", req_conn_capab="1:0")
1486 id = dev[0].add_cred_values(values)
1487 check_conn_capab_selection(dev[0], "roaming", True)
1489 dev[0].remove_cred(id)
1490 values = conn_capab_cred(domain="example.org", req_conn_capab="17:5060")
1491 id = dev[0].add_cred_values(values)
1492 check_conn_capab_selection(dev[0], "roaming", True)
1494 bssid2 = apdev[1]['bssid']
1495 params = hs20_ap_params(ssid="test-hs20b")
1496 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
1497 hostapd.add_ap(apdev[1]['ifname'], params)
1499 dev[0].remove_cred(id)
1500 values = conn_capab_cred(domain="example.org", req_conn_capab="50")
1501 id = dev[0].add_cred_values(values)
1502 dev[0].set_cred(id, "req_conn_capab", "6:22")
1503 dev[0].scan_for_bss(bssid2, freq="2412")
1504 dev[0].request("INTERWORKING_SELECT freq=2412")
1505 for i in range(0, 2):
1506 ev = dev[0].wait_event(["INTERWORKING-AP"])
1508 raise Exception("Network selection timed out");
1509 if bssid in ev and "conn_capab_missing=1" not in ev:
1510 raise Exception("Missing protocol connection capability not reported")
1511 if bssid2 in ev and "conn_capab_missing=1" in ev:
1512 raise Exception("Protocol connection capability not reported correctly")
1514 def test_ap_hs20_req_conn_capab_and_roaming_partner_preference(dev, apdev):
1515 """Hotspot 2.0 and req_conn_capab with roaming partner preference"""
1516 bssid = apdev[0]['bssid']
1517 params = hs20_ap_params()
1518 params['domain_name'] = "roaming.example.org"
1519 params['hs20_conn_capab'] = [ "1:0:2", "6:22:1", "17:5060:0", "50:0:1" ]
1520 hostapd.add_ap(apdev[0]['ifname'], params)
1522 bssid2 = apdev[1]['bssid']
1523 params = hs20_ap_params(ssid="test-hs20-b")
1524 params['domain_name'] = "roaming.example.net"
1525 hostapd.add_ap(apdev[1]['ifname'], params)
1527 values = default_cred()
1528 values['roaming_partner'] = "roaming.example.net,1,127,*"
1529 id = dev[0].add_cred_values(values)
1530 check_auto_select(dev[0], bssid2)
1532 dev[0].set_cred(id, "req_conn_capab", "50")
1533 check_auto_select(dev[0], bssid)
1535 dev[0].remove_cred(id)
1536 id = dev[0].add_cred_values(values)
1537 dev[0].set_cred(id, "req_conn_capab", "51")
1538 check_auto_select(dev[0], bssid2)
1540 def check_bandwidth_selection(dev, type, below):
1541 dev.request("INTERWORKING_SELECT freq=2412")
1542 ev = dev.wait_event(["INTERWORKING-AP"])
1544 raise Exception("Network selection timed out");
1545 if "type=" + type not in ev:
1546 raise Exception("Unexpected network type")
1547 if below and "below_min_backhaul=1" not in ev:
1548 raise Exception("below_min_backhaul not reported")
1549 if not below and "below_min_backhaul=1" in ev:
1550 raise Exception("below_min_backhaul reported unexpectedly")
1552 def bw_cred(domain=None, dl_home=None, ul_home=None, dl_roaming=None, ul_roaming=None):
1553 cred = default_cred(domain=domain)
1555 cred['min_dl_bandwidth_home'] = str(dl_home)
1557 cred['min_ul_bandwidth_home'] = str(ul_home)
1559 cred['min_dl_bandwidth_roaming'] = str(dl_roaming)
1561 cred['min_ul_bandwidth_roaming'] = str(ul_roaming)
1564 def test_ap_hs20_min_bandwidth_home(dev, apdev):
1565 """Hotspot 2.0 network selection with min bandwidth (home)"""
1566 bssid = apdev[0]['bssid']
1567 params = hs20_ap_params()
1568 hostapd.add_ap(apdev[0]['ifname'], params)
1570 dev[0].hs20_enable()
1571 dev[0].scan_for_bss(bssid, freq="2412")
1572 values = bw_cred(domain="example.com", dl_home=5490, ul_home=58)
1573 id = dev[0].add_cred_values(values)
1574 check_bandwidth_selection(dev[0], "home", False)
1575 dev[0].remove_cred(id)
1577 values = bw_cred(domain="example.com", dl_home=5491, ul_home=58)
1578 id = dev[0].add_cred_values(values)
1579 check_bandwidth_selection(dev[0], "home", True)
1580 dev[0].remove_cred(id)
1582 values = bw_cred(domain="example.com", dl_home=5490, ul_home=59)
1583 id = dev[0].add_cred_values(values)
1584 check_bandwidth_selection(dev[0], "home", True)
1585 dev[0].remove_cred(id)
1587 values = bw_cred(domain="example.com", dl_home=5491, ul_home=59)
1588 id = dev[0].add_cred_values(values)
1589 check_bandwidth_selection(dev[0], "home", True)
1590 check_auto_select(dev[0], bssid)
1592 bssid2 = apdev[1]['bssid']
1593 params = hs20_ap_params(ssid="test-hs20-b")
1594 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
1595 hostapd.add_ap(apdev[1]['ifname'], params)
1597 check_auto_select(dev[0], bssid2)
1599 def test_ap_hs20_min_bandwidth_roaming(dev, apdev):
1600 """Hotspot 2.0 network selection with min bandwidth (roaming)"""
1601 bssid = apdev[0]['bssid']
1602 params = hs20_ap_params()
1603 hostapd.add_ap(apdev[0]['ifname'], params)
1605 dev[0].hs20_enable()
1606 dev[0].scan_for_bss(bssid, freq="2412")
1607 values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=58)
1608 id = dev[0].add_cred_values(values)
1609 check_bandwidth_selection(dev[0], "roaming", False)
1610 dev[0].remove_cred(id)
1612 values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=58)
1613 id = dev[0].add_cred_values(values)
1614 check_bandwidth_selection(dev[0], "roaming", True)
1615 dev[0].remove_cred(id)
1617 values = bw_cred(domain="example.org", dl_roaming=5490, ul_roaming=59)
1618 id = dev[0].add_cred_values(values)
1619 check_bandwidth_selection(dev[0], "roaming", True)
1620 dev[0].remove_cred(id)
1622 values = bw_cred(domain="example.org", dl_roaming=5491, ul_roaming=59)
1623 id = dev[0].add_cred_values(values)
1624 check_bandwidth_selection(dev[0], "roaming", True)
1625 check_auto_select(dev[0], bssid)
1627 bssid2 = apdev[1]['bssid']
1628 params = hs20_ap_params(ssid="test-hs20-b")
1629 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
1630 hostapd.add_ap(apdev[1]['ifname'], params)
1632 check_auto_select(dev[0], bssid2)
1634 def test_ap_hs20_min_bandwidth_and_roaming_partner_preference(dev, apdev):
1635 """Hotspot 2.0 and minimum bandwidth with roaming partner preference"""
1636 bssid = apdev[0]['bssid']
1637 params = hs20_ap_params()
1638 params['domain_name'] = "roaming.example.org"
1639 params['hs20_wan_metrics'] = "01:8000:1000:1:1:3000"
1640 hostapd.add_ap(apdev[0]['ifname'], params)
1642 bssid2 = apdev[1]['bssid']
1643 params = hs20_ap_params(ssid="test-hs20-b")
1644 params['domain_name'] = "roaming.example.net"
1645 hostapd.add_ap(apdev[1]['ifname'], params)
1647 values = default_cred()
1648 values['roaming_partner'] = "roaming.example.net,1,127,*"
1649 id = dev[0].add_cred_values(values)
1650 check_auto_select(dev[0], bssid2)
1652 dev[0].set_cred(id, "min_dl_bandwidth_roaming", "6000")
1653 check_auto_select(dev[0], bssid)
1655 dev[0].set_cred(id, "min_dl_bandwidth_roaming", "10000")
1656 check_auto_select(dev[0], bssid2)
1658 def test_ap_hs20_min_bandwidth_no_wan_metrics(dev, apdev):
1659 """Hotspot 2.0 network selection with min bandwidth but no WAN Metrics"""
1660 bssid = apdev[0]['bssid']
1661 params = hs20_ap_params()
1662 del params['hs20_wan_metrics']
1663 hostapd.add_ap(apdev[0]['ifname'], params)
1665 dev[0].hs20_enable()
1666 dev[0].scan_for_bss(bssid, freq="2412")
1667 values = bw_cred(domain="example.com", dl_home=10000, ul_home=10000,
1668 dl_roaming=10000, ul_roaming=10000)
1669 dev[0].add_cred_values(values)
1670 check_bandwidth_selection(dev[0], "home", False)
1672 def test_ap_hs20_deauth_req_ess(dev, apdev):
1673 """Hotspot 2.0 connection and deauthentication request for ESS"""
1675 _test_ap_hs20_deauth_req_ess(dev, apdev)
1677 dev[0].request("SET pmf 0")
1679 def _test_ap_hs20_deauth_req_ess(dev, apdev):
1680 dev[0].request("SET pmf 2")
1681 eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
1682 dev[0].dump_monitor()
1683 addr = dev[0].p2p_interface_addr()
1684 hapd = hostapd.Hostapd(apdev[0]['ifname'])
1685 hapd.request("HS20_DEAUTH_REQ " + addr + " 1 120 http://example.com/")
1686 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
1688 raise Exception("Timeout on deauth imminent notice")
1689 if "1 120 http://example.com/" not in ev:
1690 raise Exception("Unexpected deauth imminent notice: " + ev)
1691 hapd.request("DEAUTHENTICATE " + addr)
1692 dev[0].wait_disconnected(timeout=10)
1693 if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
1694 raise Exception("Network not marked temporarily disabled")
1695 ev = dev[0].wait_event(["SME: Trying to authenticate",
1696 "Trying to associate",
1697 "CTRL-EVENT-CONNECTED"], timeout=5)
1699 raise Exception("Unexpected connection attempt")
1701 def test_ap_hs20_deauth_req_bss(dev, apdev):
1702 """Hotspot 2.0 connection and deauthentication request for BSS"""
1704 _test_ap_hs20_deauth_req_bss(dev, apdev)
1706 dev[0].request("SET pmf 0")
1708 def _test_ap_hs20_deauth_req_bss(dev, apdev):
1709 dev[0].request("SET pmf 2")
1710 eap_test(dev[0], apdev[0], "21[3:26]", "TTLS", "user")
1711 dev[0].dump_monitor()
1712 addr = dev[0].p2p_interface_addr()
1713 hapd = hostapd.Hostapd(apdev[0]['ifname'])
1714 hapd.request("HS20_DEAUTH_REQ " + addr + " 0 120 http://example.com/")
1715 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"])
1717 raise Exception("Timeout on deauth imminent notice")
1718 if "0 120 http://example.com/" not in ev:
1719 raise Exception("Unexpected deauth imminent notice: " + ev)
1720 hapd.request("DEAUTHENTICATE " + addr + " reason=4")
1721 ev = dev[0].wait_disconnected(timeout=10)
1722 if "reason=4" not in ev:
1723 raise Exception("Unexpected disconnection reason")
1724 if "[TEMP-DISABLED]" not in dev[0].list_networks()[0]['flags']:
1725 raise Exception("Network not marked temporarily disabled")
1726 ev = dev[0].wait_event(["SME: Trying to authenticate",
1727 "Trying to associate",
1728 "CTRL-EVENT-CONNECTED"], timeout=5)
1730 raise Exception("Unexpected connection attempt")
1732 def test_ap_hs20_deauth_req_from_radius(dev, apdev):
1733 """Hotspot 2.0 connection and deauthentication request from RADIUS"""
1735 _test_ap_hs20_deauth_req_from_radius(dev, apdev)
1737 dev[0].request("SET pmf 0")
1739 def _test_ap_hs20_deauth_req_from_radius(dev, apdev):
1740 bssid = apdev[0]['bssid']
1741 params = hs20_ap_params()
1742 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
1743 params['hs20_deauth_req_timeout'] = "2"
1744 hostapd.add_ap(apdev[0]['ifname'], params)
1746 dev[0].request("SET pmf 2")
1747 dev[0].hs20_enable()
1748 dev[0].add_cred_values({ 'realm': "example.com",
1749 'username': "hs20-deauth-test",
1750 'password': "password" })
1751 interworking_select(dev[0], bssid, freq="2412")
1752 interworking_connect(dev[0], bssid, "TTLS")
1753 ev = dev[0].wait_event(["HS20-DEAUTH-IMMINENT-NOTICE"], timeout=5)
1755 raise Exception("Timeout on deauth imminent notice")
1756 if " 1 100" not in ev:
1757 raise Exception("Unexpected deauth imminent contents")
1758 dev[0].wait_disconnected(timeout=3)
1760 def test_ap_hs20_remediation_required(dev, apdev):
1761 """Hotspot 2.0 connection and remediation required from RADIUS"""
1763 _test_ap_hs20_remediation_required(dev, apdev)
1765 dev[0].request("SET pmf 0")
1767 def _test_ap_hs20_remediation_required(dev, apdev):
1768 bssid = apdev[0]['bssid']
1769 params = hs20_ap_params()
1770 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
1771 hostapd.add_ap(apdev[0]['ifname'], params)
1773 dev[0].request("SET pmf 1")
1774 dev[0].hs20_enable()
1775 dev[0].add_cred_values({ 'realm': "example.com",
1776 'username': "hs20-subrem-test",
1777 'password': "password" })
1778 interworking_select(dev[0], bssid, freq="2412")
1779 interworking_connect(dev[0], bssid, "TTLS")
1780 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
1782 raise Exception("Timeout on subscription remediation notice")
1783 if " 1 https://example.com/" not in ev:
1784 raise Exception("Unexpected subscription remediation event contents")
1786 def test_ap_hs20_remediation_required_ctrl(dev, apdev):
1787 """Hotspot 2.0 connection and subrem from ctrl_iface"""
1789 _test_ap_hs20_remediation_required_ctrl(dev, apdev)
1791 dev[0].request("SET pmf 0")
1793 def _test_ap_hs20_remediation_required_ctrl(dev, apdev):
1794 bssid = apdev[0]['bssid']
1795 addr = dev[0].p2p_dev_addr()
1796 params = hs20_ap_params()
1797 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
1798 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
1800 dev[0].request("SET pmf 1")
1801 dev[0].hs20_enable()
1802 dev[0].add_cred_values(default_cred())
1803 interworking_select(dev[0], bssid, freq="2412")
1804 interworking_connect(dev[0], bssid, "TTLS")
1806 hapd.request("HS20_WNM_NOTIF " + addr + " https://example.com/")
1807 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
1809 raise Exception("Timeout on subscription remediation notice")
1810 if " 1 https://example.com/" not in ev:
1811 raise Exception("Unexpected subscription remediation event contents")
1813 hapd.request("HS20_WNM_NOTIF " + addr)
1814 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
1816 raise Exception("Timeout on subscription remediation notice")
1817 if not ev.endswith("HS20-SUBSCRIPTION-REMEDIATION "):
1818 raise Exception("Unexpected subscription remediation event contents: " + ev)
1820 if "FAIL" not in hapd.request("HS20_WNM_NOTIF "):
1821 raise Exception("Unexpected HS20_WNM_NOTIF success")
1822 if "FAIL" not in hapd.request("HS20_WNM_NOTIF foo"):
1823 raise Exception("Unexpected HS20_WNM_NOTIF success")
1824 if "FAIL" not in hapd.request("HS20_WNM_NOTIF " + addr + " https://12345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678923456789842345678456783456712345678927.very.long.example.com/"):
1825 raise Exception("Unexpected HS20_WNM_NOTIF success")
1827 def test_ap_hs20_session_info(dev, apdev):
1828 """Hotspot 2.0 connection and session information from RADIUS"""
1830 _test_ap_hs20_session_info(dev, apdev)
1832 dev[0].request("SET pmf 0")
1834 def _test_ap_hs20_session_info(dev, apdev):
1835 bssid = apdev[0]['bssid']
1836 params = hs20_ap_params()
1837 params['nai_realm'] = [ "0,example.com,21[2:4]" ]
1838 hostapd.add_ap(apdev[0]['ifname'], params)
1840 dev[0].request("SET pmf 1")
1841 dev[0].hs20_enable()
1842 dev[0].add_cred_values({ 'realm': "example.com",
1843 'username': "hs20-session-info-test",
1844 'password': "password" })
1845 interworking_select(dev[0], bssid, freq="2412")
1846 interworking_connect(dev[0], bssid, "TTLS")
1847 ev = dev[0].wait_event(["ESS-DISASSOC-IMMINENT"], timeout=10)
1849 raise Exception("Timeout on ESS disassociation imminent notice")
1850 if " 1 59904 https://example.com/" not in ev:
1851 raise Exception("Unexpected ESS disassociation imminent event contents")
1852 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"])
1854 raise Exception("Scan not started")
1855 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], timeout=30)
1857 raise Exception("Scan not completed")
1859 def test_ap_hs20_osen(dev, apdev):
1860 """Hotspot 2.0 OSEN connection"""
1861 params = { 'ssid': "osen",
1863 'auth_server_addr': "127.0.0.1",
1864 'auth_server_port': "1812",
1865 'auth_server_shared_secret': "radius" }
1866 hostapd.add_ap(apdev[0]['ifname'], params)
1868 dev[1].connect("osen", key_mgmt="NONE", scan_freq="2412",
1870 dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"',
1871 scan_freq="2412", wait_connect=False)
1872 dev[0].connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
1873 group="GTK_NOT_USED",
1874 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
1875 ca_cert="auth_serv/ca.pem",
1878 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1879 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
1880 wpas.connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
1881 group="GTK_NOT_USED",
1882 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
1883 ca_cert="auth_serv/ca.pem",
1885 wpas.request("DISCONNECT")
1887 def test_ap_hs20_network_preference(dev, apdev):
1888 """Hotspot 2.0 network selection with preferred home network"""
1889 bssid = apdev[0]['bssid']
1890 params = hs20_ap_params()
1891 hostapd.add_ap(apdev[0]['ifname'], params)
1893 dev[0].hs20_enable()
1894 values = { 'realm': "example.com",
1895 'username': "hs20-test",
1896 'password': "password",
1897 'domain': "example.com" }
1898 dev[0].add_cred_values(values)
1900 id = dev[0].add_network()
1901 dev[0].set_network_quoted(id, "ssid", "home")
1902 dev[0].set_network_quoted(id, "psk", "12345678")
1903 dev[0].set_network(id, "priority", "1")
1904 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
1906 dev[0].scan_for_bss(bssid, freq="2412")
1907 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1908 ev = dev[0].wait_connected(timeout=15)
1910 raise Exception("Unexpected network selected")
1912 bssid2 = apdev[1]['bssid']
1913 params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
1914 hostapd.add_ap(apdev[1]['ifname'], params)
1916 dev[0].scan_for_bss(bssid2, freq="2412")
1917 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1918 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1919 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
1921 raise Exception("Connection timed out")
1922 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1923 raise Exception("No roam to higher priority network")
1924 if bssid2 not in ev:
1925 raise Exception("Unexpected network selected")
1927 def test_ap_hs20_network_preference2(dev, apdev):
1928 """Hotspot 2.0 network selection with preferred credential"""
1929 bssid2 = apdev[1]['bssid']
1930 params = hostapd.wpa2_params(ssid="home", passphrase="12345678")
1931 hostapd.add_ap(apdev[1]['ifname'], params)
1933 dev[0].hs20_enable()
1934 values = { 'realm': "example.com",
1935 'username': "hs20-test",
1936 'password': "password",
1937 'domain': "example.com",
1939 dev[0].add_cred_values(values)
1941 id = dev[0].add_network()
1942 dev[0].set_network_quoted(id, "ssid", "home")
1943 dev[0].set_network_quoted(id, "psk", "12345678")
1944 dev[0].request("ENABLE_NETWORK %s no-connect" % id)
1946 dev[0].scan_for_bss(bssid2, freq="2412")
1947 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1948 ev = dev[0].wait_connected(timeout=15)
1949 if bssid2 not in ev:
1950 raise Exception("Unexpected network selected")
1952 bssid = apdev[0]['bssid']
1953 params = hs20_ap_params()
1954 hostapd.add_ap(apdev[0]['ifname'], params)
1956 dev[0].scan_for_bss(bssid, freq="2412")
1957 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1958 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1959 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
1961 raise Exception("Connection timed out")
1962 if "INTERWORKING-ALREADY-CONNECTED" in ev:
1963 raise Exception("No roam to higher priority network")
1965 raise Exception("Unexpected network selected")
1967 def test_ap_hs20_network_preference3(dev, apdev):
1968 """Hotspot 2.0 network selection with two credential (one preferred)"""
1969 bssid = apdev[0]['bssid']
1970 params = hs20_ap_params()
1971 hostapd.add_ap(apdev[0]['ifname'], params)
1973 bssid2 = apdev[1]['bssid']
1974 params = hs20_ap_params(ssid="test-hs20b")
1975 params['nai_realm'] = "0,example.org,13[5:6],21[2:4][5:7]"
1976 hostapd.add_ap(apdev[1]['ifname'], params)
1978 dev[0].hs20_enable()
1979 values = { 'realm': "example.com",
1980 'username': "hs20-test",
1981 'password': "password",
1983 dev[0].add_cred_values(values)
1984 values = { 'realm': "example.org",
1985 'username': "hs20-test",
1986 'password': "password" }
1987 id = dev[0].add_cred_values(values)
1989 dev[0].scan_for_bss(bssid, freq="2412")
1990 dev[0].scan_for_bss(bssid2, freq="2412")
1991 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1992 ev = dev[0].wait_connected(timeout=15)
1994 raise Exception("Unexpected network selected")
1996 dev[0].set_cred(id, "priority", "2")
1997 dev[0].request("INTERWORKING_SELECT auto freq=2412")
1998 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
1999 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2001 raise Exception("Connection timed out")
2002 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2003 raise Exception("No roam to higher priority network")
2004 if bssid2 not in ev:
2005 raise Exception("Unexpected network selected")
2007 def test_ap_hs20_network_preference4(dev, apdev):
2008 """Hotspot 2.0 network selection with username vs. SIM credential"""
2009 bssid = apdev[0]['bssid']
2010 params = hs20_ap_params()
2011 hostapd.add_ap(apdev[0]['ifname'], params)
2013 bssid2 = apdev[1]['bssid']
2014 params = hs20_ap_params(ssid="test-hs20b")
2015 params['hessid'] = bssid2
2016 params['anqp_3gpp_cell_net'] = "555,444"
2017 params['domain_name'] = "wlan.mnc444.mcc555.3gppnetwork.org"
2018 hostapd.add_ap(apdev[1]['ifname'], params)
2020 dev[0].hs20_enable()
2021 values = { 'realm': "example.com",
2022 'username': "hs20-test",
2023 'password': "password",
2025 dev[0].add_cred_values(values)
2026 values = { 'imsi': "555444-333222111",
2028 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123" }
2029 id = dev[0].add_cred_values(values)
2031 dev[0].scan_for_bss(bssid, freq="2412")
2032 dev[0].scan_for_bss(bssid2, freq="2412")
2033 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2034 ev = dev[0].wait_connected(timeout=15)
2036 raise Exception("Unexpected network selected")
2038 dev[0].set_cred(id, "priority", "2")
2039 dev[0].request("INTERWORKING_SELECT auto freq=2412")
2040 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
2041 "INTERWORKING-ALREADY-CONNECTED" ], timeout=15)
2043 raise Exception("Connection timed out")
2044 if "INTERWORKING-ALREADY-CONNECTED" in ev:
2045 raise Exception("No roam to higher priority network")
2046 if bssid2 not in ev:
2047 raise Exception("Unexpected network selected")
2049 def test_ap_hs20_fetch_osu(dev, apdev):
2050 """Hotspot 2.0 OSU provider and icon fetch"""
2051 bssid = apdev[0]['bssid']
2052 params = hs20_ap_params()
2053 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
2054 params['osu_ssid'] = '"HS 2.0 OSU open"'
2055 params['osu_method_list'] = "1"
2056 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2057 params['osu_icon'] = "w1fi_logo"
2058 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2059 params['osu_server_uri'] = "https://example.com/osu/"
2060 hostapd.add_ap(apdev[0]['ifname'], params)
2062 bssid2 = apdev[1]['bssid']
2063 params = hs20_ap_params(ssid="test-hs20b")
2064 params['hessid'] = bssid2
2065 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
2066 params['osu_ssid'] = '"HS 2.0 OSU OSEN"'
2067 params['osu_method_list'] = "0"
2068 params['osu_nai'] = "osen@example.com"
2069 params['osu_friendly_name'] = [ "eng:Test2 OSU", "fin:Testi2-OSU" ]
2070 params['osu_icon'] = "w1fi_logo"
2071 params['osu_service_desc'] = [ "eng:Example services2", "fin:Esimerkkipalveluja2" ]
2072 params['osu_server_uri'] = "https://example.org/osu/"
2073 hostapd.add_ap(apdev[1]['ifname'], params)
2075 with open("w1fi_logo.png", "r") as f:
2076 orig_logo = f.read()
2077 dev[0].hs20_enable()
2078 dir = "/tmp/osu-fetch"
2079 if os.path.isdir(dir):
2080 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2082 os.remove(dir + "/" + f)
2089 dev[1].scan_for_bss(bssid, freq="2412")
2090 dev[0].request("SET osu_dir " + dir)
2091 dev[0].request("FETCH_OSU")
2092 if "FAIL" not in dev[1].request("HS20_ICON_REQUEST foo w1fi_logo"):
2093 raise Exception("Invalid HS20_ICON_REQUEST accepted")
2094 if "OK" not in dev[1].request("HS20_ICON_REQUEST " + bssid + " w1fi_logo"):
2095 raise Exception("HS20_ICON_REQUEST failed")
2098 ev = dev[0].wait_event(["OSU provider fetch completed",
2099 "RX-HS20-ANQP-ICON"], timeout=15)
2101 raise Exception("Timeout on OSU fetch")
2102 if "OSU provider fetch completed" in ev:
2104 if "RX-HS20-ANQP-ICON" in ev:
2105 with open(ev.split(' ')[1], "r") as f:
2107 if logo == orig_logo:
2110 with open(dir + "/osu-providers.txt", "r") as f:
2112 logger.debug("osu-providers.txt: " + prov)
2113 if "OSU-PROVIDER " + bssid not in prov:
2114 raise Exception("Missing OSU_PROVIDER(1)")
2115 if "OSU-PROVIDER " + bssid2 not in prov:
2116 raise Exception("Missing OSU_PROVIDER(2)")
2118 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2120 os.remove(dir + "/" + f)
2124 raise Exception("Unexpected number of icons fetched")
2126 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=5)
2128 raise Exception("Timeout on GAS-QUERY-DONE")
2129 ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=5)
2131 raise Exception("Timeout on GAS-QUERY-DONE")
2132 if "freq=2412 status_code=0 result=SUCCESS" not in ev:
2133 raise Exception("Unexpected GAS-QUERY-DONE: " + ev)
2134 ev = dev[1].wait_event(["RX-HS20-ANQP"], timeout=15)
2136 raise Exception("Timeout on icon fetch")
2137 if "Icon Binary File" not in ev:
2138 raise Exception("Unexpected ANQP element")
2140 def test_ap_hs20_fetch_osu_stop(dev, apdev):
2141 """Hotspot 2.0 OSU provider fetch stopped"""
2142 bssid = apdev[0]['bssid']
2143 params = hs20_ap_params()
2144 params['hs20_icon'] = "128:80:zxx:image/png:w1fi_logo:w1fi_logo.png"
2145 params['osu_ssid'] = '"HS 2.0 OSU open"'
2146 params['osu_method_list'] = "1"
2147 params['osu_friendly_name'] = [ "eng:Test OSU", "fin:Testi-OSU" ]
2148 params['osu_icon'] = "w1fi_logo"
2149 params['osu_service_desc'] = [ "eng:Example services", "fin:Esimerkkipalveluja" ]
2150 params['osu_server_uri'] = "https://example.com/osu/"
2151 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
2153 dev[0].hs20_enable()
2154 dir = "/tmp/osu-fetch"
2155 if os.path.isdir(dir):
2156 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2158 os.remove(dir + "/" + f)
2165 dev[0].request("SET osu_dir " + dir)
2166 dev[0].request("SCAN freq=2412-2462")
2167 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-STARTED"], timeout=10)
2169 raise Exception("Scan did not start")
2170 if "FAIL" not in dev[0].request("FETCH_OSU"):
2171 raise Exception("FETCH_OSU accepted while scanning")
2172 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"], 10)
2174 raise Exception("Scan timed out")
2175 hapd.set("ext_mgmt_frame_handling", "1")
2176 dev[0].request("FETCH_ANQP")
2177 if "FAIL" not in dev[0].request("FETCH_OSU"):
2178 raise Exception("FETCH_OSU accepted while in FETCH_ANQP")
2179 dev[0].request("STOP_FETCH_ANQP")
2180 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
2181 dev[0].dump_monitor()
2183 dev[0].request("INTERWORKING_SELECT freq=2412")
2185 msg = hapd.mgmt_rx()
2186 if msg['subtype'] == 13:
2188 if "FAIL" not in dev[0].request("FETCH_OSU"):
2189 raise Exception("FETCH_OSU accepted while in INTERWORKING_SELECT")
2190 ev = dev[0].wait_event(["INTERWORKING-AP", "INTERWORKING-NO-MATCH"],
2193 raise Exception("Network selection timed out");
2195 dev[0].dump_monitor()
2196 if "OK" not in dev[0].request("FETCH_OSU"):
2197 raise Exception("FETCH_OSU failed")
2198 dev[0].request("CANCEL_FETCH_OSU")
2202 if dev[0].get_driver_status_field("scan_state") == "SCAN_COMPLETED":
2205 dev[0].dump_monitor()
2206 if "OK" not in dev[0].request("FETCH_OSU"):
2207 raise Exception("FETCH_OSU failed")
2208 if "FAIL" not in dev[0].request("FETCH_OSU"):
2209 raise Exception("FETCH_OSU accepted while in FETCH_OSU")
2210 ev = dev[0].wait_event(["GAS-QUERY-START"], 10)
2212 raise Exception("GAS timed out")
2213 if "FAIL" not in dev[0].request("FETCH_OSU"):
2214 raise Exception("FETCH_OSU accepted while in FETCH_OSU")
2215 dev[0].request("CANCEL_FETCH_OSU")
2216 ev = dev[0].wait_event(["GAS-QUERY-DONE"], 10)
2218 raise Exception("GAS event timed out after CANCEL_FETCH_OSU")
2220 files = [ f for f in os.listdir(dir) if f.startswith("osu-") ]
2222 os.remove(dir + "/" + f)
2225 def test_ap_hs20_ft(dev, apdev):
2226 """Hotspot 2.0 connection with FT"""
2227 bssid = apdev[0]['bssid']
2228 params = hs20_ap_params()
2229 params['wpa_key_mgmt'] = "FT-EAP"
2230 params['nas_identifier'] = "nas1.w1.fi"
2231 params['r1_key_holder'] = "000102030405"
2232 params["mobility_domain"] = "a1b2"
2233 params["reassociation_deadline"] = "1000"
2234 hostapd.add_ap(apdev[0]['ifname'], params)
2236 dev[0].hs20_enable()
2237 id = dev[0].add_cred_values({ 'realm': "example.com",
2238 'username': "hs20-test",
2239 'password': "password",
2240 'ca_cert': "auth_serv/ca.pem",
2241 'domain': "example.com",
2242 'update_identifier': "1234" })
2243 interworking_select(dev[0], bssid, "home", freq="2412")
2244 interworking_connect(dev[0], bssid, "TTLS")
2246 def test_ap_hs20_remediation_sql(dev, apdev, params):
2247 """Hotspot 2.0 connection and remediation required using SQLite for user DB"""
2251 raise HwsimSkip("No sqlite3 module available")
2252 dbfile = os.path.join(params['logdir'], "eap-user.db")
2257 con = sqlite3.connect(dbfile)
2260 cur.execute("CREATE TABLE users(identity TEXT PRIMARY KEY, methods TEXT, password TEXT, remediation TEXT, phase2 INTEGER)")
2261 cur.execute("CREATE TABLE wildcards(identity TEXT PRIMARY KEY, methods TEXT)")
2262 cur.execute("INSERT INTO users(identity,methods,password,phase2,remediation) VALUES ('user-mschapv2','TTLS-MSCHAPV2','password',1,'user')")
2263 cur.execute("INSERT INTO wildcards(identity,methods) VALUES ('','TTLS,TLS')")
2264 cur.execute("CREATE TABLE authlog(timestamp TEXT, session TEXT, nas_ip TEXT, username TEXT, note TEXT)")
2267 params = { "ssid": "as", "beacon_int": "2000",
2268 "radius_server_clients": "auth_serv/radius_clients.conf",
2269 "radius_server_auth_port": '18128',
2271 "eap_user_file": "sqlite:" + dbfile,
2272 "ca_cert": "auth_serv/ca.pem",
2273 "server_cert": "auth_serv/server.pem",
2274 "private_key": "auth_serv/server.key",
2275 "subscr_remediation_url": "https://example.org/",
2276 "subscr_remediation_method": "1" }
2277 hostapd.add_ap(apdev[1]['ifname'], params)
2279 bssid = apdev[0]['bssid']
2280 params = hs20_ap_params()
2281 params['auth_server_port'] = "18128"
2282 hostapd.add_ap(apdev[0]['ifname'], params)
2284 dev[0].request("SET pmf 1")
2285 dev[0].hs20_enable()
2286 id = dev[0].add_cred_values({ 'realm': "example.com",
2287 'username': "user-mschapv2",
2288 'password': "password",
2289 'ca_cert': "auth_serv/ca.pem" })
2290 interworking_select(dev[0], bssid, freq="2412")
2291 interworking_connect(dev[0], bssid, "TTLS")
2292 ev = dev[0].wait_event(["HS20-SUBSCRIPTION-REMEDIATION"], timeout=5)
2294 raise Exception("Timeout on subscription remediation notice")
2295 if " 1 https://example.org/" not in ev:
2296 raise Exception("Unexpected subscription remediation event contents")
2300 cur.execute("SELECT * from authlog")
2301 rows = cur.fetchall()
2303 raise Exception("No authlog entries")
2307 dev[0].request("SET pmf 0")
2309 def test_ap_hs20_external_selection(dev, apdev):
2310 """Hotspot 2.0 connection using external network selection and creation"""
2311 bssid = apdev[0]['bssid']
2312 params = hs20_ap_params()
2313 params['hessid'] = bssid
2314 params['disable_dgaf'] = '1'
2315 hostapd.add_ap(apdev[0]['ifname'], params)
2317 dev[0].hs20_enable()
2318 dev[0].connect("test-hs20", proto="RSN", key_mgmt="WPA-EAP", eap="TTLS",
2319 identity="hs20-test", password="password",
2320 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2321 scan_freq="2412", update_identifier="54321")
2322 if dev[0].get_status_field("hs20") != "2":
2323 raise Exception("Unexpected hs20 indication")
2325 def test_ap_hs20_random_mac_addr(dev, apdev):
2326 """Hotspot 2.0 connection with random MAC address"""
2327 bssid = apdev[0]['bssid']
2328 params = hs20_ap_params()
2329 params['hessid'] = bssid
2330 params['disable_dgaf'] = '1'
2331 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
2333 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2334 wpas.interface_add("wlan5")
2335 addr = wpas.p2p_interface_addr()
2336 wpas.request("SET mac_addr 1")
2337 wpas.request("SET preassoc_mac_addr 1")
2338 wpas.request("SET rand_addr_lifetime 60")
2340 wpas.flush_scan_cache()
2341 id = wpas.add_cred_values({ 'realm': "example.com",
2342 'username': "hs20-test",
2343 'password': "password",
2344 'ca_cert': "auth_serv/ca.pem",
2345 'domain': "example.com",
2346 'update_identifier': "1234" })
2347 interworking_select(wpas, bssid, "home", freq="2412")
2348 interworking_connect(wpas, bssid, "TTLS")
2349 addr1 = wpas.get_driver_status_field("addr")
2351 raise Exception("Did not use random MAC address")
2353 sta = hapd.get_sta(addr)
2354 if sta['addr'] != "FAIL":
2355 raise Exception("Unexpected STA association with permanent address")
2356 sta = hapd.get_sta(addr1)
2357 if sta['addr'] != addr1:
2358 raise Exception("STA association with random address not found")
2360 def test_ap_hs20_multi_network_and_cred_removal(dev, apdev):
2361 """Multiple networks and cred removal"""
2362 bssid = apdev[0]['bssid']
2363 params = hs20_ap_params()
2364 params['nai_realm'] = [ "0,example.com,25[3:26]"]
2365 hapd = hostapd.add_ap(apdev[0]['ifname'], params)
2367 dev[0].add_network()
2368 dev[0].hs20_enable()
2369 id = dev[0].add_cred_values({ 'realm': "example.com",
2371 'password': "password" })
2372 interworking_select(dev[0], bssid, freq="2412")
2373 interworking_connect(dev[0], bssid, "PEAP")
2374 dev[0].add_network()
2376 dev[0].request("DISCONNECT")
2377 dev[0].wait_disconnected(timeout=10)
2380 hapd.set("ssid", "another ssid")
2383 interworking_select(dev[0], bssid, freq="2412")
2384 interworking_connect(dev[0], bssid, "PEAP")
2385 dev[0].add_network()
2386 if len(dev[0].list_networks()) != 5:
2387 raise Exception("Unexpected number of networks prior to remove_crec")
2389 dev[0].dump_monitor()
2390 dev[0].remove_cred(id)
2391 if len(dev[0].list_networks()) != 3:
2392 raise Exception("Unexpected number of networks after to remove_crec")
2393 dev[0].wait_disconnected(timeout=10)
2395 def _test_ap_hs20_proxyarp(dev, apdev):
2396 bssid = apdev[0]['bssid']
2397 params = hs20_ap_params()
2398 params['hessid'] = bssid
2399 params['disable_dgaf'] = '0'
2400 params['proxy_arp'] = '1'
2401 hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
2402 if "OK" in hapd.request("ENABLE"):
2403 raise Exception("Incomplete hostapd configuration was accepted")
2404 hapd.set("ap_isolate", "1")
2405 if "OK" in hapd.request("ENABLE"):
2406 raise Exception("Incomplete hostapd configuration was accepted")
2407 hapd.set('bridge', 'ap-br0')
2412 # For now, do not report failures due to missing kernel support
2413 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
2414 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
2416 raise Exception("AP startup timed out")
2417 if "AP-ENABLED" not in ev:
2418 raise Exception("AP startup failed")
2420 dev[0].hs20_enable()
2421 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2422 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2424 id = dev[0].add_cred_values({ 'realm': "example.com",
2425 'username': "hs20-test",
2426 'password': "password",
2427 'ca_cert': "auth_serv/ca.pem",
2428 'domain': "example.com",
2429 'update_identifier': "1234" })
2430 interworking_select(dev[0], bssid, "home", freq="2412")
2431 interworking_connect(dev[0], bssid, "TTLS")
2433 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2434 identity="hs20-test", password="password",
2435 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2439 addr0 = dev[0].p2p_interface_addr()
2440 addr1 = dev[1].p2p_interface_addr()
2442 src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
2443 src_ll_opt1 = "\x01\x01" + binascii.unhexlify(addr1.replace(':',''))
2445 pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
2446 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
2448 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
2449 raise Exception("DATA_TEST_FRAME failed")
2451 pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:dddd::2",
2452 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:dddd::2",
2454 if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
2455 raise Exception("DATA_TEST_FRAME failed")
2457 pkt = build_ns(src_ll=addr1, ip_src="aaaa:bbbb:eeee::2",
2458 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:eeee::2",
2460 if "OK" not in dev[1].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
2461 raise Exception("DATA_TEST_FRAME failed")
2463 matches = get_permanent_neighbors("ap-br0")
2464 logger.info("After connect: " + str(matches))
2465 if len(matches) != 3:
2466 raise Exception("Unexpected number of neighbor entries after connect")
2467 if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
2468 raise Exception("dev0 addr missing")
2469 if 'aaaa:bbbb:dddd::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
2470 raise Exception("dev1 addr(1) missing")
2471 if 'aaaa:bbbb:eeee::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
2472 raise Exception("dev1 addr(2) missing")
2473 dev[0].request("DISCONNECT")
2474 dev[1].request("DISCONNECT")
2476 matches = get_permanent_neighbors("ap-br0")
2477 logger.info("After disconnect: " + str(matches))
2478 if len(matches) > 0:
2479 raise Exception("Unexpected neighbor entries after disconnect")
2481 def test_ap_hs20_hidden_ssid_in_scan_res(dev, apdev):
2482 """Hotspot 2.0 connection with hidden SSId in scan results"""
2483 bssid = apdev[0]['bssid']
2485 hapd = hostapd.add_ap(apdev[0]['ifname'], { "ssid": 'secret',
2486 "ignore_broadcast_ssid": "1" })
2487 dev[0].scan_for_bss(bssid, freq=2412)
2489 hapd_global = hostapd.HostapdGlobal()
2491 hapd_global.remove(apdev[0]['ifname'])
2493 params = hs20_ap_params()
2494 params['hessid'] = bssid
2495 hostapd.add_ap(apdev[0]['ifname'], params)
2497 dev[0].hs20_enable()
2498 id = dev[0].add_cred_values({ 'realm': "example.com",
2499 'username': "hs20-test",
2500 'password': "password",
2501 'ca_cert': "auth_serv/ca.pem",
2502 'domain': "example.com" })
2503 interworking_select(dev[0], bssid, "home", freq="2412")
2504 interworking_connect(dev[0], bssid, "TTLS")
2506 # clear BSS table to avoid issues in following test cases
2507 dev[0].request("DISCONNECT")
2508 dev[0].wait_disconnected()
2509 dev[0].flush_scan_cache()
2511 def test_ap_hs20_proxyarp(dev, apdev):
2512 """Hotspot 2.0 and ProxyARP"""
2514 _test_ap_hs20_proxyarp(dev, apdev)
2516 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2517 stderr=open('/dev/null', 'w'))
2518 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2519 stderr=open('/dev/null', 'w'))
2521 def _test_ap_hs20_proxyarp_dgaf(dev, apdev, disabled):
2522 bssid = apdev[0]['bssid']
2523 params = hs20_ap_params()
2524 params['hessid'] = bssid
2525 params['disable_dgaf'] = '1' if disabled else '0'
2526 params['proxy_arp'] = '1'
2527 params['ap_isolate'] = '1'
2528 params['bridge'] = 'ap-br0'
2529 hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
2533 # For now, do not report failures due to missing kernel support
2534 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
2535 ev = hapd.wait_event(["AP-ENABLED"], timeout=10)
2537 raise Exception("AP startup timed out")
2539 dev[0].hs20_enable()
2540 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2541 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2543 id = dev[0].add_cred_values({ 'realm': "example.com",
2544 'username': "hs20-test",
2545 'password': "password",
2546 'ca_cert': "auth_serv/ca.pem",
2547 'domain': "example.com",
2548 'update_identifier': "1234" })
2549 interworking_select(dev[0], bssid, "home", freq="2412")
2550 interworking_connect(dev[0], bssid, "TTLS")
2552 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2553 identity="hs20-test", password="password",
2554 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2558 addr0 = dev[0].p2p_interface_addr()
2560 src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
2562 pkt = build_ns(src_ll=addr0, ip_src="aaaa:bbbb:cccc::2",
2563 ip_dst="ff02::1:ff00:2", target="aaaa:bbbb:cccc::2",
2565 if "OK" not in dev[0].request("DATA_TEST_FRAME " + binascii.hexlify(pkt)):
2566 raise Exception("DATA_TEST_FRAME failed")
2568 pkt = build_ra(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::33",
2570 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2571 raise Exception("DATA_TEST_FRAME failed")
2573 pkt = build_na(src_ll=apdev[0]['bssid'], ip_src="aaaa:bbbb:cccc::44",
2574 ip_dst="ff01::1", target="aaaa:bbbb:cccc::55")
2575 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2576 raise Exception("DATA_TEST_FRAME failed")
2578 pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
2579 ip_src="192.168.1.1", ip_dst="255.255.255.255",
2580 yiaddr="192.168.1.123", chaddr=addr0)
2581 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2582 raise Exception("DATA_TEST_FRAME failed")
2583 # another copy for additional code coverage
2584 pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
2585 ip_src="192.168.1.1", ip_dst="255.255.255.255",
2586 yiaddr="192.168.1.123", chaddr=addr0)
2587 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2588 raise Exception("DATA_TEST_FRAME failed")
2590 matches = get_permanent_neighbors("ap-br0")
2591 logger.info("After connect: " + str(matches))
2592 if len(matches) != 2:
2593 raise Exception("Unexpected number of neighbor entries after connect")
2594 if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
2595 raise Exception("dev0 addr missing")
2596 if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
2597 raise Exception("dev0 IPv4 addr missing")
2598 dev[0].request("DISCONNECT")
2599 dev[1].request("DISCONNECT")
2601 matches = get_permanent_neighbors("ap-br0")
2602 logger.info("After disconnect: " + str(matches))
2603 if len(matches) > 0:
2604 raise Exception("Unexpected neighbor entries after disconnect")
2606 def test_ap_hs20_proxyarp_disable_dgaf(dev, apdev):
2607 """Hotspot 2.0 and ProxyARP with DGAF disabled"""
2609 _test_ap_hs20_proxyarp_dgaf(dev, apdev, True)
2611 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2612 stderr=open('/dev/null', 'w'))
2613 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2614 stderr=open('/dev/null', 'w'))
2616 def test_ap_hs20_proxyarp_enable_dgaf(dev, apdev):
2617 """Hotspot 2.0 and ProxyARP with DGAF enabled"""
2619 _test_ap_hs20_proxyarp_dgaf(dev, apdev, False)
2621 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2622 stderr=open('/dev/null', 'w'))
2623 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2624 stderr=open('/dev/null', 'w'))
2626 def ip_checksum(buf):
2630 for i in range(0, len(buf), 2):
2631 val, = struct.unpack('H', buf[i:i+2])
2634 sum = (sum & 0xffff) + (sum >> 16)
2635 return struct.pack('H', ~sum & 0xffff)
2637 def ipv6_solicited_node_mcaddr(target):
2638 prefix = socket.inet_pton(socket.AF_INET6, "ff02::1:ff00:0")
2639 mask = socket.inet_pton(socket.AF_INET6, "::ff:ffff")
2640 _target = socket.inet_pton(socket.AF_INET6, target)
2641 p = struct.unpack('4I', prefix)
2642 m = struct.unpack('4I', mask)
2643 t = struct.unpack('4I', _target)
2644 res = (p[0] | (t[0] & m[0]),
2645 p[1] | (t[1] & m[1]),
2646 p[2] | (t[2] & m[2]),
2647 p[3] | (t[3] & m[3]))
2648 return socket.inet_ntop(socket.AF_INET6, struct.pack('4I', *res))
2650 def build_icmpv6(ipv6_addrs, type, code, payload):
2651 start = struct.pack("BB", type, code)
2653 icmp = start + '\x00\x00' + end
2654 pseudo = ipv6_addrs + struct.pack(">LBBBB", len(icmp), 0, 0, 0, 58)
2655 csum = ip_checksum(pseudo + icmp)
2656 return start + csum + end
2658 def build_ra(src_ll, ip_src, ip_dst, cur_hop_limit=0, router_lifetime=0,
2659 reachable_time=0, retrans_timer=0, opt=None):
2660 link_mc = binascii.unhexlify("3333ff000002")
2661 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
2663 ehdr = link_mc + _src_ll + proto
2664 _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
2665 _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
2667 adv = struct.pack('>BBHLL', cur_hop_limit, 0, router_lifetime,
2668 reachable_time, retrans_timer)
2673 icmp = build_icmpv6(_ip_src + _ip_dst, 134, 0, payload)
2675 ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
2676 ipv6 += _ip_src + _ip_dst
2678 return ehdr + ipv6 + icmp
2680 def build_ns(src_ll, ip_src, ip_dst, target, opt=None):
2681 link_mc = binascii.unhexlify("3333ff000002")
2682 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
2684 ehdr = link_mc + _src_ll + proto
2685 _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
2687 ip_dst = ipv6_solicited_node_mcaddr(target)
2688 _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
2690 reserved = '\x00\x00\x00\x00'
2691 _target = socket.inet_pton(socket.AF_INET6, target)
2693 payload = reserved + _target + opt
2695 payload = reserved + _target
2696 icmp = build_icmpv6(_ip_src + _ip_dst, 135, 0, payload)
2698 ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
2699 ipv6 += _ip_src + _ip_dst
2701 return ehdr + ipv6 + icmp
2703 def send_ns(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
2708 cmd = "DATA_TEST_FRAME ifname=ap-br0 "
2711 src_ll = dev.p2p_interface_addr()
2712 cmd = "DATA_TEST_FRAME "
2715 opt = "\x01\x01" + binascii.unhexlify(src_ll.replace(':',''))
2717 pkt = build_ns(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
2719 if "OK" not in dev.request(cmd + binascii.hexlify(pkt)):
2720 raise Exception("DATA_TEST_FRAME failed")
2722 def build_na(src_ll, ip_src, ip_dst, target, opt=None):
2723 link_mc = binascii.unhexlify("3333ff000002")
2724 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
2726 ehdr = link_mc + _src_ll + proto
2727 _ip_src = socket.inet_pton(socket.AF_INET6, ip_src)
2728 _ip_dst = socket.inet_pton(socket.AF_INET6, ip_dst)
2730 reserved = '\x00\x00\x00\x00'
2731 _target = socket.inet_pton(socket.AF_INET6, target)
2733 payload = reserved + _target + opt
2735 payload = reserved + _target
2736 icmp = build_icmpv6(_ip_src + _ip_dst, 136, 0, payload)
2738 ipv6 = struct.pack('>BBBBHBB', 0x60, 0, 0, 0, len(icmp), 58, 255)
2739 ipv6 += _ip_src + _ip_dst
2741 return ehdr + ipv6 + icmp
2743 def send_na(dev, src_ll=None, target=None, ip_src=None, ip_dst=None, opt=None,
2748 cmd = "DATA_TEST_FRAME ifname=ap-br0 "
2751 src_ll = dev.p2p_interface_addr()
2752 cmd = "DATA_TEST_FRAME "
2754 pkt = build_na(src_ll=src_ll, ip_src=ip_src, ip_dst=ip_dst, target=target,
2756 if "OK" not in dev.request(cmd + binascii.hexlify(pkt)):
2757 raise Exception("DATA_TEST_FRAME failed")
2759 def build_dhcp_ack(dst_ll, src_ll, ip_src, ip_dst, yiaddr, chaddr,
2760 subnet_mask="255.255.255.0", truncated_opt=False,
2761 wrong_magic=False, force_tot_len=None, no_dhcp=False):
2762 _dst_ll = binascii.unhexlify(dst_ll.replace(':',''))
2763 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
2765 ehdr = _dst_ll + _src_ll + proto
2766 _ip_src = socket.inet_pton(socket.AF_INET, ip_src)
2767 _ip_dst = socket.inet_pton(socket.AF_INET, ip_dst)
2768 _subnet_mask = socket.inet_pton(socket.AF_INET, subnet_mask)
2770 _ciaddr = '\x00\x00\x00\x00'
2771 _yiaddr = socket.inet_pton(socket.AF_INET, yiaddr)
2772 _siaddr = '\x00\x00\x00\x00'
2773 _giaddr = '\x00\x00\x00\x00'
2774 _chaddr = binascii.unhexlify(chaddr.replace(':','') + "00000000000000000000")
2775 payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
2776 payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*'\x00'
2779 payload += '\x63\x82\x53\x00'
2781 payload += '\x63\x82\x53\x63'
2783 payload += '\x22\xff\x00'
2784 # Option: DHCP Message Type = ACK
2785 payload += '\x35\x01\x05'
2788 # Option: Subnet Mask
2789 payload += '\x01\x04' + _subnet_mask
2790 # Option: Time Offset
2791 payload += struct.pack('>BBL', 2, 4, 0)
2795 payload += '\x00\x00\x00\x00'
2798 payload = struct.pack('>BBBBL3BB', 2, 1, 6, 0, 12345, 0, 0, 0, 0)
2799 payload += _ciaddr + _yiaddr + _siaddr + _giaddr + _chaddr + 192*'\x00'
2801 udp = struct.pack('>HHHH', 67, 68, 8 + len(payload), 0) + payload
2804 tot_len = force_tot_len
2806 tot_len = 20 + len(udp)
2807 start = struct.pack('>BBHHBBBB', 0x45, 0, tot_len, 0, 0, 0, 128, 17)
2808 ipv4 = start + '\x00\x00' + _ip_src + _ip_dst
2809 csum = ip_checksum(ipv4)
2810 ipv4 = start + csum + _ip_src + _ip_dst
2812 return ehdr + ipv4 + udp
2814 def build_arp(dst_ll, src_ll, opcode, sender_mac, sender_ip,
2815 target_mac, target_ip):
2816 _dst_ll = binascii.unhexlify(dst_ll.replace(':',''))
2817 _src_ll = binascii.unhexlify(src_ll.replace(':',''))
2819 ehdr = _dst_ll + _src_ll + proto
2821 _sender_mac = binascii.unhexlify(sender_mac.replace(':',''))
2822 _sender_ip = socket.inet_pton(socket.AF_INET, sender_ip)
2823 _target_mac = binascii.unhexlify(target_mac.replace(':',''))
2824 _target_ip = socket.inet_pton(socket.AF_INET, target_ip)
2826 arp = struct.pack('>HHBBH', 1, 0x0800, 6, 4, opcode)
2827 arp += _sender_mac + _sender_ip
2828 arp += _target_mac + _target_ip
2832 def send_arp(dev, dst_ll="ff:ff:ff:ff:ff:ff", src_ll=None, opcode=1,
2833 sender_mac=None, sender_ip="0.0.0.0",
2834 target_mac="00:00:00:00:00:00", target_ip="0.0.0.0",
2839 if sender_mac is None:
2840 sender_mac = hapd_bssid
2841 cmd = "DATA_TEST_FRAME ifname=ap-br0 "
2844 src_ll = dev.p2p_interface_addr()
2845 if sender_mac is None:
2846 sender_mac = dev.p2p_interface_addr()
2847 cmd = "DATA_TEST_FRAME "
2849 pkt = build_arp(dst_ll=dst_ll, src_ll=src_ll, opcode=opcode,
2850 sender_mac=sender_mac, sender_ip=sender_ip,
2851 target_mac=target_mac, target_ip=target_ip)
2852 if "OK" not in dev.request(cmd + binascii.hexlify(pkt)):
2853 raise Exception("DATA_TEST_FRAME failed")
2855 def get_permanent_neighbors(ifname):
2856 cmd = subprocess.Popen(['ip', 'nei'], stdout=subprocess.PIPE)
2857 res = cmd.stdout.read()
2859 return [ line for line in res.splitlines() if "PERMANENT" in line and ifname in line ]
2861 def _test_proxyarp_open(dev, apdev, params):
2862 cap_br = os.path.join(params['logdir'], "proxyarp_open.ap-br0.pcap")
2863 cap_dev0 = os.path.join(params['logdir'], "proxyarp_open.%s.pcap" % dev[0].ifname)
2864 cap_dev1 = os.path.join(params['logdir'], "proxyarp_open.%s.pcap" % dev[1].ifname)
2866 bssid = apdev[0]['bssid']
2867 params = { 'ssid': 'open' }
2868 params['proxy_arp'] = '1'
2869 hapd = hostapd.add_ap(apdev[0]['ifname'], params, no_enable=True)
2870 hapd.set("ap_isolate", "1")
2871 hapd.set('bridge', 'ap-br0')
2876 # For now, do not report failures due to missing kernel support
2877 raise HwsimSkip("Could not start hostapd - assume proxyarp not supported in kernel version")
2878 ev = hapd.wait_event(["AP-ENABLED", "AP-DISABLED"], timeout=10)
2880 raise Exception("AP startup timed out")
2881 if "AP-ENABLED" not in ev:
2882 raise Exception("AP startup failed")
2884 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2885 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2887 for chain in [ 'FORWARD', 'OUTPUT' ]:
2888 subprocess.call(['ebtables', '-A', chain, '-p', 'ARP',
2889 '-d', 'Broadcast', '-o', apdev[0]['ifname'],
2891 subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
2892 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
2893 '--ip6-icmp-type', 'neighbor-solicitation',
2894 '-o', apdev[0]['ifname'], '-j', 'DROP'])
2895 subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
2896 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
2897 '--ip6-icmp-type', 'neighbor-advertisement',
2898 '-o', apdev[0]['ifname'], '-j', 'DROP'])
2899 subprocess.call(['ebtables', '-A', chain,
2900 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
2901 '--ip6-icmp-type', 'router-solicitation',
2902 '-o', apdev[0]['ifname'], '-j', 'DROP'])
2903 # Multicast Listener Report Message
2904 subprocess.call(['ebtables', '-A', chain, '-d', 'Multicast',
2905 '-p', 'IPv6', '--ip6-protocol', 'ipv6-icmp',
2906 '--ip6-icmp-type', '143',
2907 '-o', apdev[0]['ifname'], '-j', 'DROP'])
2910 cmd[0] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'ap-br0',
2911 '-w', cap_br, '-s', '2000'],
2912 stderr=open('/dev/null', 'w'))
2913 cmd[1] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[0].ifname,
2914 '-w', cap_dev0, '-s', '2000'],
2915 stderr=open('/dev/null', 'w'))
2916 cmd[2] = subprocess.Popen(['tcpdump', '-p', '-U', '-i', dev[1].ifname,
2917 '-w', cap_dev1, '-s', '2000'],
2918 stderr=open('/dev/null', 'w'))
2920 dev[0].connect("open", key_mgmt="NONE", scan_freq="2412")
2921 dev[1].connect("open", key_mgmt="NONE", scan_freq="2412")
2924 addr0 = dev[0].p2p_interface_addr()
2925 addr1 = dev[1].p2p_interface_addr()
2927 src_ll_opt0 = "\x01\x01" + binascii.unhexlify(addr0.replace(':',''))
2928 src_ll_opt1 = "\x01\x01" + binascii.unhexlify(addr1.replace(':',''))
2931 send_ns(dev[0], ip_src="::", target="aaaa:bbbb:cccc::2")
2933 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2")
2934 # test frame without source link-layer address option
2935 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
2937 # test frame with bogus option
2938 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
2939 opt="\x70\x01\x01\x02\x03\x04\x05\x05")
2940 # test frame with truncated source link-layer address option
2941 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
2942 opt="\x01\x01\x01\x02\x03\x04")
2943 # test frame with foreign source link-layer address option
2944 send_ns(dev[0], ip_src="aaaa:bbbb:cccc::2", target="aaaa:bbbb:cccc::2",
2945 opt="\x01\x01\x01\x02\x03\x04\x05\x06")
2947 send_ns(dev[1], ip_src="aaaa:bbbb:dddd::2", target="aaaa:bbbb:dddd::2")
2949 send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2")
2950 # another copy for additional code coverage
2951 send_ns(dev[1], ip_src="aaaa:bbbb:eeee::2", target="aaaa:bbbb:eeee::2")
2953 pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
2954 ip_src="192.168.1.1", ip_dst="255.255.255.255",
2955 yiaddr="192.168.1.124", chaddr=addr0)
2956 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2957 raise Exception("DATA_TEST_FRAME failed")
2958 # Change address and verify unicast
2959 pkt = build_dhcp_ack(dst_ll=addr0, src_ll=bssid,
2960 ip_src="192.168.1.1", ip_dst="255.255.255.255",
2961 yiaddr="192.168.1.123", chaddr=addr0)
2962 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2963 raise Exception("DATA_TEST_FRAME failed")
2965 # Not-associated client MAC address
2966 pkt = build_dhcp_ack(dst_ll="ff:ff:ff:ff:ff:ff", src_ll=bssid,
2967 ip_src="192.168.1.1", ip_dst="255.255.255.255",
2968 yiaddr="192.168.1.125", chaddr="22:33:44:55:66:77")
2969 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2970 raise Exception("DATA_TEST_FRAME failed")
2973 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
2974 ip_src="192.168.1.1", ip_dst="255.255.255.255",
2975 yiaddr="0.0.0.0", chaddr=addr1)
2976 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2977 raise Exception("DATA_TEST_FRAME failed")
2980 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
2981 ip_src="192.168.1.1", ip_dst="255.255.255.255",
2982 yiaddr="192.168.1.126", chaddr=addr1,
2983 subnet_mask="0.0.0.0")
2984 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2985 raise Exception("DATA_TEST_FRAME failed")
2988 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
2989 ip_src="192.168.1.1", ip_dst="255.255.255.255",
2990 yiaddr="192.168.1.127", chaddr=addr1,
2992 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
2993 raise Exception("DATA_TEST_FRAME failed")
2996 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
2997 ip_src="192.168.1.1", ip_dst="255.255.255.255",
2998 yiaddr="192.168.1.128", chaddr=addr1,
3000 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3001 raise Exception("DATA_TEST_FRAME failed")
3003 # Wrong IPv4 total length
3004 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3005 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3006 yiaddr="192.168.1.129", chaddr=addr1,
3008 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3009 raise Exception("DATA_TEST_FRAME failed")
3012 pkt = build_dhcp_ack(dst_ll=addr1, src_ll=bssid,
3013 ip_src="192.168.1.1", ip_dst="255.255.255.255",
3014 yiaddr="192.168.1.129", chaddr=addr1,
3016 if "OK" not in hapd.request("DATA_TEST_FRAME ifname=ap-br0 " + binascii.hexlify(pkt)):
3017 raise Exception("DATA_TEST_FRAME failed")
3019 matches = get_permanent_neighbors("ap-br0")
3020 logger.info("After connect: " + str(matches))
3021 if len(matches) != 4:
3022 raise Exception("Unexpected number of neighbor entries after connect")
3023 if 'aaaa:bbbb:cccc::2 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3024 raise Exception("dev0 addr missing")
3025 if 'aaaa:bbbb:dddd::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
3026 raise Exception("dev1 addr(1) missing")
3027 if 'aaaa:bbbb:eeee::2 dev ap-br0 lladdr 02:00:00:00:01:00 PERMANENT' not in matches:
3028 raise Exception("dev1 addr(2) missing")
3029 if '192.168.1.123 dev ap-br0 lladdr 02:00:00:00:00:00 PERMANENT' not in matches:
3030 raise Exception("dev0 IPv4 addr missing")
3032 targets = [ "192.168.1.123", "192.168.1.124", "192.168.1.125",
3034 for target in targets:
3035 send_arp(dev[1], sender_ip="192.168.1.100", target_ip=target)
3037 for target in targets:
3038 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.101",
3041 # ARP Probe from wireless STA
3042 send_arp(dev[1], target_ip="192.168.1.127")
3043 # ARP Announcement from wireless STA
3044 send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127")
3045 send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.127",
3048 matches = get_permanent_neighbors("ap-br0")
3049 logger.info("After ARP Probe + Announcement: " + str(matches))
3051 # ARP Request for the newly introduced IP address from wireless STA
3052 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
3054 # ARP Request for the newly introduced IP address from bridge
3055 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
3056 target_ip="192.168.1.127")
3058 # ARP Probe from bridge
3059 send_arp(hapd, hapd_bssid=bssid, target_ip="192.168.1.130")
3060 # ARP Announcement from bridge (not to be learned by AP for proxyarp)
3061 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
3062 target_ip="192.168.1.130")
3063 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.130",
3064 target_ip="192.168.1.130", opcode=2)
3066 matches = get_permanent_neighbors("ap-br0")
3067 logger.info("After ARP Probe + Announcement: " + str(matches))
3069 # ARP Request for the newly introduced IP address from wireless STA
3070 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.130")
3071 # ARP Response from bridge (AP does not proxy for non-wireless devices)
3072 send_arp(hapd, hapd_bssid=bssid, dst_ll=addr0, sender_ip="192.168.1.130",
3073 target_ip="192.168.1.123", opcode=2)
3075 # ARP Request for the newly introduced IP address from bridge
3076 send_arp(hapd, hapd_bssid=bssid, sender_ip="192.168.1.102",
3077 target_ip="192.168.1.130")
3079 # ARP Probe from wireless STA (duplicate address; learned through DHCP)
3080 send_arp(dev[1], target_ip="192.168.1.123")
3081 # ARP Probe from wireless STA (duplicate address; learned through ARP)
3082 send_arp(dev[0], target_ip="192.168.1.127")
3084 # Gratuitous ARP Reply for another STA's IP address
3085 send_arp(dev[0], opcode=2, sender_mac=addr0, sender_ip="192.168.1.127",
3086 target_mac=addr1, target_ip="192.168.1.127")
3087 send_arp(dev[1], opcode=2, sender_mac=addr1, sender_ip="192.168.1.123",
3088 target_mac=addr0, target_ip="192.168.1.123")
3089 # ARP Request to verify previous mapping
3090 send_arp(dev[1], sender_ip="192.168.1.127", target_ip="192.168.1.123")
3091 send_arp(dev[0], sender_ip="192.168.1.123", target_ip="192.168.1.127")
3095 send_ns(dev[0], target="aaaa:bbbb:dddd::2", ip_src="aaaa:bbbb:cccc::2")
3097 send_ns(dev[1], target="aaaa:bbbb:cccc::2", ip_src="aaaa:bbbb:dddd::2")
3099 send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:dddd::2",
3100 ip_src="aaaa:bbbb:ffff::2")
3103 # Try to probe for an already assigned address
3104 send_ns(dev[1], target="aaaa:bbbb:cccc::2", ip_src="::")
3106 send_ns(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc::2", ip_src="::")
3110 send_na(dev[1], target="aaaa:bbbb:cccc:aeae::3",
3111 ip_src="aaaa:bbbb:cccc:aeae::3", ip_dst="ff02::1")
3112 send_na(hapd, hapd_bssid=bssid, target="aaaa:bbbb:cccc:aeae::4",
3113 ip_src="aaaa:bbbb:cccc:aeae::4", ip_dst="ff02::1")
3116 hwsim_utils.test_connectivity_iface(dev[0], hapd, "ap-br0")
3117 except Exception, e:
3118 logger.info("test_connectibity_iface failed: " + str(e))
3119 raise HwsimSkip("Assume kernel did not have the required patches for proxyarp")
3120 hwsim_utils.test_connectivity_iface(dev[1], hapd, "ap-br0")
3121 hwsim_utils.test_connectivity(dev[0], dev[1])
3123 dev[0].request("DISCONNECT")
3124 dev[1].request("DISCONNECT")
3128 matches = get_permanent_neighbors("ap-br0")
3129 logger.info("After disconnect: " + str(matches))
3130 if len(matches) > 0:
3131 raise Exception("Unexpected neighbor entries after disconnect")
3132 cmd = subprocess.Popen(['ebtables', '-L', '--Lc'], stdout=subprocess.PIPE)
3133 res = cmd.stdout.read()
3135 logger.info("ebtables results:\n" + res)
3137 def test_proxyarp_open(dev, apdev, params):
3138 """ProxyARP with open network"""
3140 _test_proxyarp_open(dev, apdev, params)
3143 subprocess.call(['ebtables', '-F', 'FORWARD'])
3144 subprocess.call(['ebtables', '-F', 'OUTPUT'])
3147 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3148 stderr=open('/dev/null', 'w'))
3149 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3150 stderr=open('/dev/null', 'w'))
projects / mech_eap.git / blob