+
+def test_ap_hs20_no_cred_connect(dev, apdev):
+ """Hotspot 2.0 and connect attempt without credential"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dev[0].scan_for_bss(bssid, freq="2412")
+ if "FAIL" not in dev[0].request("INTERWORKING_CONNECT " + bssid):
+ raise Exception("Unexpected INTERWORKING_CONNECT success")
+
+def test_ap_hs20_no_rsn_connect(dev, apdev):
+ """Hotspot 2.0 and connect attempt without RSN"""
+ bssid = apdev[0]['bssid']
+ params = hostapd.wpa_params(ssid="test-hs20")
+ params['wpa_key_mgmt'] = "WPA-EAP"
+ params['ieee80211w'] = "1"
+ params['ieee8021x'] = "1"
+ params['auth_server_addr'] = "127.0.0.1"
+ params['auth_server_port'] = "1812"
+ params['auth_server_shared_secret'] = "radius"
+ params['interworking'] = "1"
+ params['roaming_consortium'] = [ "112233", "1020304050", "010203040506",
+ "fedcba" ]
+ params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]",
+ "0,another.example.com" ]
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dev[0].scan_for_bss(bssid, freq="2412")
+
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'username': "test",
+ 'password': "secret",
+ 'domain': "example.com",
+ 'roaming_consortium': "112233",
+ 'eap': 'TTLS' })
+
+ interworking_select(dev[0], bssid, freq=2412, no_match=True)
+ if "FAIL" not in dev[0].request("INTERWORKING_CONNECT " + bssid):
+ raise Exception("Unexpected INTERWORKING_CONNECT success")
+
+def test_ap_hs20_no_match_connect(dev, apdev):
+ """Hotspot 2.0 and connect attempt without matching cred"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dev[0].scan_for_bss(bssid, freq="2412")
+
+ id = dev[0].add_cred_values({ 'realm': "example.org",
+ 'username': "test",
+ 'password': "secret",
+ 'domain': "example.org",
+ 'roaming_consortium': "112234",
+ 'eap': 'TTLS' })
+
+ interworking_select(dev[0], bssid, freq=2412, no_match=True)
+ if "FAIL" not in dev[0].request("INTERWORKING_CONNECT " + bssid):
+ raise Exception("Unexpected INTERWORKING_CONNECT success")
+
+def test_ap_hs20_multiple_home_cred(dev, apdev):
+ """Hotspot 2.0 and select with multiple matching home credentials"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ params['nai_realm'] = [ "0,example.com,13[5:6],21[2:4][5:7]" ]
+ params['domain_name'] = "example.com"
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ bssid2 = apdev[1]['bssid']
+ params = hs20_ap_params(ssid="test-hs20-other")
+ params['hessid'] = bssid2
+ params['nai_realm'] = [ "0,example.org,13[5:6],21[2:4][5:7]" ]
+ params['domain_name'] = "example.org"
+ hapd2 = hostapd.add_ap(apdev[1], params)
+
+ dev[0].hs20_enable()
+ dev[0].scan_for_bss(bssid2, freq="2412")
+ dev[0].scan_for_bss(bssid, freq="2412")
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'priority': '2',
+ 'username': "hs20-test",
+ 'password': "password",
+ 'domain': "example.com" })
+ id2 = dev[0].add_cred_values({ 'realm': "example.org",
+ 'priority': '3',
+ 'username': "hs20-test",
+ 'password': "password",
+ 'domain': "example.org" })
+ dev[0].request("INTERWORKING_SELECT auto freq=2412")
+ ev = dev[0].wait_connected(timeout=15)
+ if bssid2 not in ev:
+ raise Exception("Connected to incorrect network")
+
+def test_ap_hs20_anqp_invalid_gas_response(dev, apdev):
+ """Hotspot 2.0 network selection and invalid GAS response"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].scan_for_bss(bssid, freq="2412")
+ hapd.set("ext_mgmt_frame_handling", "1")
+
+ dev[0].hs20_enable()
+
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'username': "test",
+ 'password': "secret",
+ 'domain': "example.com",
+ 'roaming_consortium': "112234",
+ 'eap': 'TTLS' })
+ dev[0].request("INTERWORKING_SELECT freq=2412")
+
+ query = gas_rx(hapd)
+ gas = parse_gas(query['payload'])
+
+ logger.info("ANQP: Unexpected Advertisement Protocol in response")
+ resp = action_response(query)
+ adv_proto = struct.pack('8B', 108, 6, 127, 0xdd, 0x00, 0x11, 0x22, 0x33)
+ data = struct.pack('<H', 0)
+ resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
+ GAS_INITIAL_RESPONSE,
+ gas['dialog_token'], 0, 0) + adv_proto + data
+ send_gas_resp(hapd, resp)
+
+ ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
+ if ev is None:
+ raise Exception("No ANQP-QUERY-DONE seen")
+ if "result=INVALID_FRAME" not in ev:
+ raise Exception("Unexpected result: " + ev)
+
+ dev[0].request("INTERWORKING_SELECT freq=2412")
+
+ query = gas_rx(hapd)
+ gas = parse_gas(query['payload'])
+
+ logger.info("ANQP: Invalid element length for Info ID 1234")
+ resp = action_response(query)
+ adv_proto = struct.pack('BBBB', 108, 2, 127, 0)
+ elements = struct.pack('<HH', 1234, 1)
+ data = struct.pack('<H', len(elements)) + elements
+ resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
+ GAS_INITIAL_RESPONSE,
+ gas['dialog_token'], 0, 0) + adv_proto + data
+ send_gas_resp(hapd, resp)
+
+ ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
+ if ev is None:
+ raise Exception("No ANQP-QUERY-DONE seen")
+ if "result=INVALID_FRAME" not in ev:
+ raise Exception("Unexpected result: " + ev)
+
+ with alloc_fail(dev[0], 1, "=anqp_add_extra"):
+ dev[0].request("INTERWORKING_SELECT freq=2412")
+
+ query = gas_rx(hapd)
+ gas = parse_gas(query['payload'])
+
+ resp = action_response(query)
+ elements = struct.pack('<HHHH', 1, 0, 1, 0)
+ data = struct.pack('<H', len(elements)) + elements
+ resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
+ GAS_INITIAL_RESPONSE,
+ gas['dialog_token'], 0, 0) + adv_proto + data
+ send_gas_resp(hapd, resp)
+
+ ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
+ if ev is None:
+ raise Exception("No ANQP-QUERY-DONE seen")
+ if "result=SUCCESS" not in ev:
+ raise Exception("Unexpected result: " + ev)
+
+ with alloc_fail(dev[0], 1, "wpabuf_alloc_copy;anqp_add_extra"):
+ dev[0].request("INTERWORKING_SELECT freq=2412")
+
+ query = gas_rx(hapd)
+ gas = parse_gas(query['payload'])
+
+ resp = action_response(query)
+ elements = struct.pack('<HHHH', 1, 0, 1, 0)
+ data = struct.pack('<H', len(elements)) + elements
+ resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
+ GAS_INITIAL_RESPONSE,
+ gas['dialog_token'], 0, 0) + adv_proto + data
+ send_gas_resp(hapd, resp)
+
+ ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
+ if ev is None:
+ raise Exception("No ANQP-QUERY-DONE seen")
+ if "result=SUCCESS" not in ev:
+ raise Exception("Unexpected result: " + ev)
+
+ tests = [ struct.pack('<HH', 0xdddd, 0),
+ struct.pack('<HH3B', 0xdddd, 3, 0x50, 0x6f, 0x9a),
+ struct.pack('<HH4B', 0xdddd, 4, 0x50, 0x6f, 0x9a, 0),
+ struct.pack('<HH4B', 0xdddd, 4, 0x11, 0x22, 0x33, 0),
+ struct.pack('<HHHH', 1, 0, 1, 0) ]
+ for elements in tests:
+ dev[0].request("INTERWORKING_SELECT freq=2412")
+
+ query = gas_rx(hapd)
+ gas = parse_gas(query['payload'])
+
+ resp = action_response(query)
+ data = struct.pack('<H', len(elements)) + elements
+ resp['payload'] = struct.pack('<BBBHH', ACTION_CATEG_PUBLIC,
+ GAS_INITIAL_RESPONSE,
+ gas['dialog_token'], 0, 0) + adv_proto + data
+ send_gas_resp(hapd, resp)
+
+ ev = dev[0].wait_event(["ANQP-QUERY-DONE"], timeout=5)
+ if ev is None:
+ raise Exception("No ANQP-QUERY-DONE seen")
+ if "result=SUCCESS" not in ev:
+ raise Exception("Unexpected result: " + ev)
+
+def test_ap_hs20_set_profile_failures(dev, apdev):
+ """Hotspot 2.0 and failures during profile configuration"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ params['anqp_3gpp_cell_net'] = "555,444"
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dev[0].scan_for_bss(bssid, freq="2412")
+
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'domain': "example.com",
+ 'username': "test",
+ 'password': "secret",
+ 'eap': 'TTLS' })
+ interworking_select(dev[0], bssid, "home", freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE ssid->eap.eap_methods = os_malloc()")
+ with alloc_fail(dev[0], 1, "interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].remove_cred(id)
+
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'domain': "example.com",
+ 'username': "hs20-test-with-domain@example.com",
+ 'password': "password" })
+ interworking_select(dev[0], bssid, "home", freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE anon = os_malloc()")
+ with alloc_fail(dev[0], 1, "interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE Successful connection with cred->username including realm")
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ dev[0].wait_connected()
+ dev[0].remove_cred(id)
+ dev[0].wait_disconnected()
+
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'domain': "example.com",
+ 'username': "hs20-test",
+ 'password': "password" })
+ interworking_select(dev[0], bssid, "home", freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE anon = os_malloc() (second)")
+ with alloc_fail(dev[0], 1, "interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ with alloc_fail(dev[0], 1, "wpa_config_add_network;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ with alloc_fail(dev[0], 1, "=interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set(eap)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_eap;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_MSCHAPV2-phase2)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].remove_cred(id)
+
+ id = dev[0].add_cred_values({ 'roaming_consortium': "112233",
+ 'domain': "example.com",
+ 'username': "hs20-test",
+ 'password': "password",
+ 'eap': 'TTLS',
+ 'phase2': "auth=MSCHAPV2" })
+ interworking_select(dev[0], bssid, "home", freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE anon = os_strdup()")
+ with alloc_fail(dev[0], 2, "interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set_quoted(anonymous_identity)")
+ with alloc_fail(dev[0], 1, "=wpa_config_set_quoted;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE Successful connection with cred->realm not included")
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ dev[0].wait_connected()
+ dev[0].remove_cred(id)
+ dev[0].wait_disconnected()
+
+ id = dev[0].add_cred_values({ 'roaming_consortium': "112233",
+ 'domain': "example.com",
+ 'realm': "example.com",
+ 'username': "user",
+ 'password': "password",
+ 'eap': 'PEAP' })
+ interworking_select(dev[0], bssid, "home", freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE id = os_strdup()")
+ with alloc_fail(dev[0], 2, "interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set_quoted(identity)")
+ with alloc_fail(dev[0], 1, "=wpa_config_set_quoted;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].remove_cred(id)
+
+ id = dev[0].add_cred_values({ 'roaming_consortium': "112233",
+ 'domain': "example.com",
+ 'realm': "example.com",
+ 'username': "user",
+ 'password': "password",
+ 'eap': "TTLS" })
+ interworking_select(dev[0], bssid, "home", freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE wpa_config_set_quoted(identity) (second)")
+ with alloc_fail(dev[0], 2, "=wpa_config_set_quoted;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set_quoted(password)")
+ with alloc_fail(dev[0], 3, "=wpa_config_set_quoted;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ with alloc_fail(dev[0], 1, "wpa_config_add_network;interworking_connect_roaming_consortium"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ with alloc_fail(dev[0], 1, "=interworking_connect_roaming_consortium"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].remove_cred(id)
+
+ id = dev[0].add_cred_values({ 'roaming_consortium': "112233",
+ 'domain': "example.com",
+ 'realm': "example.com",
+ 'username': "user",
+ 'eap': "PEAP" })
+ dev[0].set_cred(id, "password", "ext:password");
+ interworking_select(dev[0], bssid, "home", freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE wpa_config_set(password)")
+ with alloc_fail(dev[0], 3, "wpa_config_set;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ with alloc_fail(dev[0], 1, "interworking_set_hs20_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].remove_cred(id)
+
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'domain': "example.com",
+ 'username': "certificate-user",
+ 'phase1': "include_tls_length=0",
+ 'domain_suffix_match': "example.com",
+ 'ca_cert': "auth_serv/ca.pem",
+ 'client_cert': "auth_serv/user.pem",
+ 'private_key': "auth_serv/user.key",
+ 'private_key_passwd': "secret" })
+ interworking_select(dev[0], bssid, "home", freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE wpa_config_set_quoted(client_cert)")
+ with alloc_fail(dev[0], 2, "=wpa_config_set_quoted;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set_quoted(private_key)")
+ with alloc_fail(dev[0], 3, "=wpa_config_set_quoted;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set_quoted(private_key_passwd)")
+ with alloc_fail(dev[0], 4, "=wpa_config_set_quoted;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set_quoted(ca_cert)")
+ with alloc_fail(dev[0], 5, "=wpa_config_set_quoted;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set_quoted(domain_suffix_match)")
+ with alloc_fail(dev[0], 6, "=wpa_config_set_quoted;interworking_set_eap_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ with alloc_fail(dev[0], 1, "interworking_set_hs20_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].remove_cred(id)
+
+ id = dev[0].add_cred_values({ 'imsi': "555444-333222111", 'eap': "SIM",
+ 'milenage': "5122250214c33e723a5dd523fc145fc0:981d464c7c52eb6e5036234984ad0bcf:000000000123"})
+ interworking_select(dev[0], bssid, freq=2412)
+ dev[0].dump_monitor()
+ with alloc_fail(dev[0], 1, "interworking_set_hs20_params"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set_quoted(password;milenage)")
+ with alloc_fail(dev[0], 2, "=wpa_config_set_quoted;interworking_connect_3gpp"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set(eap)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_eap;wpa_config_set;interworking_connect_3gpp"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE set_root_nai:wpa_config_set(identity)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_str;interworking_connect_3gpp"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].remove_cred(id)
+
+ id = dev[0].add_cred_values({ 'roaming_consortium': "112233",
+ 'username': "user@example.com",
+ 'password': "password" })
+ interworking_select(dev[0], bssid, freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE Interworking: No EAP method set for credential using roaming consortium")
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ dev[0].remove_cred(id)
+
+ hapd.disable()
+ params = hs20_ap_params()
+ params['nai_realm'] = "0,example.com,25[3:26]"
+ hapd = hostapd.add_ap(apdev[0], params)
+ id = dev[0].add_cred_values({ 'realm': "example.com",
+ 'domain': "example.com",
+ 'username': "hs20-test",
+ 'password': "password" })
+ interworking_select(dev[0], bssid, freq=2412)
+ dev[0].dump_monitor()
+ dev[0].request("NOTE wpa_config_set(PEAP/FAST-phase1)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set(PEAP/FAST-pac_interworking)")
+ with alloc_fail(dev[0], 2, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+ dev[0].request("NOTE wpa_config_set(PEAP/FAST-phase2)")
+ with alloc_fail(dev[0], 3, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+
+ hapd.disable()
+ params = hs20_ap_params()
+ params['nai_realm'] = "0,example.com,21"
+ hapd = hostapd.add_ap(apdev[0], params)
+ interworking_select(dev[0], bssid, freq=2412)
+ dev[0].request("NOTE wpa_config_set(TTLS-defaults-phase2)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+
+ hapd.disable()
+ params = hs20_ap_params()
+ params['nai_realm'] = "0,example.com,21[2:3]"
+ hapd = hostapd.add_ap(apdev[0], params)
+ interworking_select(dev[0], bssid, freq=2412)
+ dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_MSCHAP-phase2)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+
+ hapd.disable()
+ params = hs20_ap_params()
+ params['nai_realm'] = "0,example.com,21[2:2]"
+ hapd = hostapd.add_ap(apdev[0], params)
+ interworking_select(dev[0], bssid, freq=2412)
+ dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_CHAP-phase2)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+
+ hapd.disable()
+ params = hs20_ap_params()
+ params['nai_realm'] = "0,example.com,21[2:1]"
+ hapd = hostapd.add_ap(apdev[0], params)
+ interworking_select(dev[0], bssid, freq=2412)
+ dev[0].request("NOTE wpa_config_set(TTLS-NON_EAP_PAP-phase2)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+
+ hapd.disable()
+ params = hs20_ap_params()
+ params['nai_realm'] = "0,example.com,21[3:26]"
+ hapd = hostapd.add_ap(apdev[0], params)
+ interworking_select(dev[0], bssid, freq=2412)
+ dev[0].request("NOTE wpa_config_set(TTLS-EAP-MSCHAPV2-phase2)")
+ with alloc_fail(dev[0], 1, "wpa_config_parse_str;wpa_config_set;interworking_connect"):
+ dev[0].request("INTERWORKING_CONNECT " + bssid)
+ wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
+
+ dev[0].remove_cred(id)
+
+def test_ap_hs20_unexpected(dev, apdev):
+ """Unexpected Hotspot 2.0 AP configuration"""
+ check_eap_capa(dev[0], "MSCHAPV2")
+ bssid = apdev[0]['bssid']
+ params = hostapd.wpa_eap_params(ssid="test-hs20-fake")
+ params['wpa'] = "3"
+ params['wpa_pairwise'] = "TKIP CCMP"
+ params['rsn_pairwise'] = "CCMP"
+ #params['vendor_elements'] = 'dd07506f9a10140000'
+ params['vendor_elements'] = 'dd04506f9a10'
+ hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dev[0].scan_for_bss(bssid, freq="2412")
+ dev[0].connect("test-hs20-fake", key_mgmt="WPA-EAP", eap="TTLS",
+ pairwise="TKIP",
+ identity="hs20-test", password="password",
+ ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
+ scan_freq="2412")
+
+ dev[1].hs20_enable()
+ dev[1].scan_for_bss(bssid, freq="2412")
+ dev[1].connect("test-hs20-fake", key_mgmt="WPA-EAP", eap="TTLS",
+ proto="WPA",
+ identity="hs20-test", password="password",
+ ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
+ scan_freq="2412")
+
+ dev[2].hs20_enable()
+ dev[2].scan_for_bss(bssid, freq="2412")
+ dev[2].connect("test-hs20-fake", key_mgmt="WPA-EAP", eap="TTLS",
+ proto="RSN", pairwise="CCMP",
+ identity="hs20-test", password="password",
+ ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
+ scan_freq="2412")
+
+def test_ap_interworking_element_update(dev, apdev):
+ """Dynamic Interworking element update"""
+ bssid = apdev[0]['bssid']
+ params = hs20_ap_params()
+ params['hessid'] = bssid
+ hapd = hostapd.add_ap(apdev[0], params)
+
+ dev[0].hs20_enable()
+ dev[0].scan_for_bss(bssid, freq="2412")
+ bss = dev[0].get_bss(bssid)
+ logger.info("Before update: " + str(bss))
+ if '6b091e0701020000000300' not in bss['ie']:
+ raise Exception("Expected Interworking element not seen before update")
+
+ # Update configuration parameters related to Interworking element
+ hapd.set('access_network_type', '2')
+ hapd.set('asra', '1')
+ hapd.set('esr', '1')
+ hapd.set('uesa', '1')
+ hapd.set('venue_group', '2')
+ hapd.set('venue_type', '8')
+ if "OK" not in hapd.request("UPDATE_BEACON"):
+ raise Exception("UPDATE_BEACON failed")
+ dev[0].request("BSS_FLUSH 0")
+ dev[0].scan_for_bss(bssid, freq="2412", force_scan=True)
+ bss = dev[0].get_bss(bssid)
+ logger.info("After update: " + str(bss))
+ if '6b09f20208020000000300' not in bss['ie']:
+ raise Exception("Expected Interworking element not seen after update")