1# wpa_supplicant config file 2# Copyright (c) 2014, Jouni Malinen <j@w1.fi> 3# 4# This software may be distributed under the terms of the BSD license. 5# See README for more details. 6 7import logging 8logger = logging.getLogger() 9import os 10 11from wpasupplicant import WpaSupplicant 12import hostapd 13from utils import * 14 15config_checks = [("ap_scan", "0"), 16 ("update_config", "1"), 17 ("device_name", "name"), 18 ("eapol_version", "2"), 19 ("wps_priority", "5"), 20 ("ip_addr_go", "192.168.1.1"), 21 ("ip_addr_mask", "255.255.255.0"), 22 ("ip_addr_start", "192.168.1.10"), 23 ("ip_addr_end", "192.168.1.20"), 24 ("disable_scan_offload", "1"), 25 ("fast_reauth", "0"), 26 ("uuid", "6aeae5e3-c1fc-4e76-8293-7346e1d1459d"), 27 ("manufacturer", "MANUF"), 28 ("model_name", "MODEL"), 29 ("model_number", "MODEL NUM"), 30 ("serial_number", "123qwerty"), 31 ("device_type", "1234-0050F204-4321"), 32 ("os_version", "01020304"), 33 ("config_methods", "label push_button"), 34 ("wps_cred_processing", "1"), 35 ("wps_vendor_ext_m1", "000137100100020001"), 36 ("p2p_listen_reg_class", "81"), 37 ("p2p_listen_channel", "6"), 38 ("p2p_oper_reg_class", "82"), 39 ("p2p_oper_channel", "14"), 40 ("p2p_go_intent", "14"), 41 ("p2p_ssid_postfix", "foobar"), 42 ("persistent_reconnect", "1"), 43 ("p2p_intra_bss", "0"), 44 ("p2p_group_idle", "2"), 45 ("p2p_passphrase_len", "63"), 46 ("p2p_pref_chan", "81:1,82:14,81:11"), 47 ("p2p_no_go_freq", "2412-2432,2462,5000-6000"), 48 ("p2p_add_cli_chan", "1"), 49 ("p2p_optimize_listen_chan", "1"), 50 ("p2p_go_ht40", "1"), 51 ("p2p_go_vht", "1"), 52 ("p2p_go_ctwindow", "1"), 53 ("p2p_disabled", "1"), 54 ("p2p_no_group_iface", "1"), 55 ("p2p_ignore_shared_freq", "1"), 56 ("p2p_cli_probe", "1"), 57 ("p2p_go_freq_change_policy", "0"), 58 ("country", "FI"), 59 ("bss_max_count", "123"), 60 ("bss_expiration_age", "45"), 61 ("bss_expiration_scan_count", "17"), 62 ("filter_ssids", "1"), 63 ("filter_rssi", "-10"), 64 ("max_num_sta", "3"), 65 ("disassoc_low_ack", "1"), 66 ("hs20", "1"), 67 ("interworking", "1"), 68 ("hessid", "02:03:04:05:06:07"), 69 ("access_network_type", "7"), 70 ("pbc_in_m1", "1"), 71 ("wps_nfc_dev_pw_id", "12345"), 72 ("wps_nfc_dh_pubkey", "1234567890ABCDEF"), 73 ("wps_nfc_dh_privkey", "FF1234567890ABCDEFFF"), 74 ("ext_password_backend", "test"), 75 ("p2p_go_max_inactivity", "9"), 76 ("auto_interworking", "1"), 77 ("okc", "1"), 78 ("pmf", "1"), 79 ("dtim_period", "3"), 80 ("beacon_int", "102"), 81 ("sae_groups", "5 19"), 82 ("ap_vendor_elements", "dd0411223301"), 83 ("ignore_old_scan_res", "1"), 84 ("freq_list", "2412 2437"), 85 ("scan_cur_freq", "1"), 86 ("sched_scan_interval", "13"), 87 ("external_sim", "1"), 88 ("tdls_external_control", "1"), 89 ("wowlan_triggers", "any"), 90 ("bgscan", '"simple:30:-45:300"'), 91 ("p2p_search_delay", "123"), 92 ("mac_addr", "2"), 93 ("rand_addr_lifetime", "123456789"), 94 ("preassoc_mac_addr", "1"), 95 ("gas_rand_addr_lifetime", "567"), 96 ("gas_rand_mac_addr", "2"), 97 ("key_mgmt_offload", "0"), 98 ("user_mpm", "0"), 99 ("max_peer_links", "17"), 100 ("cert_in_cb", "0"), 101 ("mesh_max_inactivity", "31"), 102 ("dot11RSNASAERetransPeriod", "19"), 103 ("passive_scan", "1"), 104 ("reassoc_same_bss_optim", "1"), 105 ("wpa_rsc_relaxation", "0"), 106 ("sched_scan_plans", "10:100 20:200 30"), 107 ("non_pref_chan", "81:5:10:2 81:1:0:2 81:9:0:2"), 108 ("mbo_cell_capa", "1"), 109 ("gas_address3", "1"), 110 ("ftm_responder", "1"), 111 ("ftm_initiator", "1"), 112 ("pcsc_reader", "foo"), 113 ("pcsc_pin", "1234"), 114 ("driver_param", "testing"), 115 ("dot11RSNAConfigPMKLifetime", "43201"), 116 ("dot11RSNAConfigPMKReauthThreshold", "71"), 117 ("dot11RSNAConfigSATimeout", "61"), 118 ("sec_device_type", "12345-0050F204-54321"), 119 ("autoscan", "exponential:3:300"), 120 ("fst_group_id", "bond0"), 121 ("fst_priority", "5"), 122 ("fst_llt", "7"), 123 ("go_interworking", "1"), 124 ("go_access_network_type", "2"), 125 ("go_internet", "1"), 126 ("go_venue_group", "3"), 127 ("go_venue_type", "4"), 128 ("p2p_device_random_mac_addr", "1"), 129 ("p2p_device_persistent_mac_addr", "02:12:34:56:78:9a"), 130 ("p2p_interface_random_mac_addr", "1"), 131 ("openssl_ciphers", "DEFAULT")] 132 133def supported_param(capa, field): 134 mesh_params = ["user_mpm", "max_peer_links", "mesh_max_inactivity"] 135 if field in mesh_params and not capa['mesh']: 136 return False 137 138 sae_params = ["dot11RSNASAERetransPeriod"] 139 if field in sae_params and not capa['sae']: 140 return False 141 142 return True 143 144def check_config(capa, config): 145 with open(config, "r") as f: 146 data = f.read() 147 if "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=" not in data: 148 raise Exception("Missing ctrl_interface") 149 if "blob-base64-foo={" not in data: 150 raise Exception("Missing blob") 151 if "cred={" not in data: 152 raise Exception("Missing cred") 153 if "network={" not in data: 154 raise Exception("Missing network") 155 for field, value in config_checks: 156 if supported_param(capa, field): 157 if "\n" + field + "=" + value + "\n" not in data: 158 raise Exception("Missing value: " + field) 159 return data 160 161def test_wpas_config_file(dev, apdev, params): 162 """wpa_supplicant config file parsing/writing""" 163 config = os.path.join(params['logdir'], 'wpas_config_file.conf') 164 if os.path.exists(config): 165 try: 166 os.remove(config) 167 except: 168 pass 169 try: 170 os.rmdir(config) 171 except: 172 pass 173 174 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 175 try: 176 wpas.interface_add("wlan5", config=config) 177 initialized = True 178 except: 179 initialized = False 180 if initialized: 181 raise Exception("Missing config file did not result in an error") 182 183 try: 184 with open(config, "w") as f: 185 f.write("update_config=1 \t\r\n") 186 f.write("# foo\n") 187 f.write("\n") 188 f.write(" \t\reapol_version=2") 189 for i in range(0, 100): 190 f.write(" ") 191 f.write("foo\n") 192 f.write("device_name=name#foo\n") 193 f.write("network={\n") 194 f.write("\tkey_mgmt=NONE\n") 195 f.write('\tssid="hello"\n') 196 f.write('\tgroup=GCMP # "foo"\n') 197 f.write("}\n") 198 f.write("network={\n") 199 f.write("\tdisabled=2\n") 200 f.write("\tkey_mgmt=NONE\n") 201 f.write("\tp2p2_client_list=1 4 7 9 900\n") 202 f.write("}\n") 203 204 wpas.interface_add("wlan5", config=config) 205 capa = {} 206 capa['mesh'] = "MESH" in wpas.get_capability("modes") 207 capa['sae'] = "SAE" in wpas.get_capability("auth_alg") 208 209 id = wpas.add_network() 210 wpas.set_network_quoted(id, "ssid", "foo") 211 wpas.set_network_quoted(id, "psk", "12345678") 212 wpas.set_network(id, "bssid", "00:11:22:33:44:55") 213 wpas.set_network(id, "proto", "RSN") 214 wpas.set_network(id, "key_mgmt", "WPA-PSK-SHA256") 215 wpas.set_network(id, "pairwise", "CCMP") 216 wpas.set_network(id, "group", "CCMP") 217 wpas.set_network(id, "auth_alg", "OPEN") 218 219 id = wpas.add_cred() 220 wpas.set_cred(id, "priority", "3") 221 wpas.set_cred(id, "sp_priority", "6") 222 wpas.set_cred(id, "update_identifier", "4") 223 wpas.set_cred(id, "ocsp", "1") 224 wpas.set_cred(id, "eap", "TTLS") 225 wpas.set_cred(id, "req_conn_capab", "6:1234") 226 wpas.set_cred_quoted(id, "realm", "example.com") 227 wpas.set_cred_quoted(id, "provisioning_sp", "example.com") 228 wpas.set_cred_quoted(id, "domain", "example.com") 229 wpas.set_cred_quoted(id, "domain_suffix_match", "example.com") 230 wpas.set_cred_quoted(id, "home_ois", "112233,445566") 231 wpas.set_cred_quoted(id, "required_home_ois", "112233") 232 wpas.set_cred_quoted(id, "roaming_consortiums", 233 "112233,aabbccddee,445566") 234 wpas.set_cred_quoted(id, "roaming_partner", 235 "roaming.example.net,1,127,*") 236 wpas.set_cred_quoted(id, "ca_cert", "/tmp/ca.pem") 237 wpas.set_cred_quoted(id, "username", "user") 238 wpas.set_cred_quoted(id, "password", "secret") 239 ev = wpas.wait_event(["CRED-MODIFIED 0 password"]) 240 241 wpas.request("SET blob foo 12345678") 242 243 for field, value in config_checks: 244 if supported_param(capa, field): 245 wpas.set(field, value) 246 247 if "OK" not in wpas.request("SAVE_CONFIG"): 248 raise Exception("Failed to save configuration file") 249 if "OK" not in wpas.global_request("SAVE_CONFIG"): 250 raise Exception("Failed to save configuration file") 251 252 wpas.interface_remove("wlan5") 253 data1 = check_config(capa, config) 254 if "group=GCMP" not in data1: 255 raise Exception("Network block group parameter with a comment not present") 256 if "p2p2_client_list=1 4 7 9 900" not in data1: 257 raise Exception("p2p2_client_list was not present") 258 259 wpas.interface_add("wlan5", config=config) 260 if len(wpas.list_networks()) != 3: 261 raise Exception("Unexpected number of networks") 262 res = wpas.request("LIST_CREDS") 263 logger.info("Credentials:\n" + res) 264 if len(res.splitlines()) != 2: 265 raise Exception("Unexpected number of credentials") 266 267 val = wpas.get_cred(0, "roaming_consortiums") 268 if val != "112233,aabbccddee,445566": 269 raise Exception("Unexpected roaming_consortiums value: " + val) 270 271 if "OK" not in wpas.request("SAVE_CONFIG"): 272 raise Exception("Failed to save configuration file") 273 data2 = check_config(capa, config) 274 275 if data1 != data2: 276 logger.debug(data1) 277 logger.debug(data2) 278 raise Exception("Unexpected configuration change") 279 280 wpas.request("SET update_config 0") 281 wpas.global_request("SET update_config 0") 282 if "OK" in wpas.request("SAVE_CONFIG"): 283 raise Exception("SAVE_CONFIG succeeded unexpectedly") 284 if "OK" in wpas.global_request("SAVE_CONFIG"): 285 raise Exception("SAVE_CONFIG (global) succeeded unexpectedly") 286 287 # replace the config file with a directory to break writing/renaming 288 os.remove(config) 289 os.mkdir(config) 290 wpas.request("SET update_config 1") 291 wpas.global_request("SET update_config 1") 292 if "OK" in wpas.request("SAVE_CONFIG"): 293 raise Exception("SAVE_CONFIG succeeded unexpectedly") 294 if "OK" in wpas.global_request("SAVE_CONFIG"): 295 raise Exception("SAVE_CONFIG (global) succeeded unexpectedly") 296 297 finally: 298 try: 299 os.rmdir(config) 300 except: 301 pass 302 if not wpas.ifname: 303 wpas.interface_add("wlan5") 304 wpas.dump_monitor() 305 wpas.request("SET country 00") 306 wpas.wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1) 307 308 country = False 309 for i in range(5): 310 ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1) 311 if ev is None: 312 break 313 if "alpha2=FI" in ev: 314 country = True 315 if country and "type=WORLD" in ev: 316 break 317 318def test_wpas_config_file_wps(dev, apdev): 319 """wpa_supplicant config file parsing/writing with WPS""" 320 config = "/tmp/test_wpas_config_file.conf" 321 if os.path.exists(config): 322 os.remove(config) 323 324 params = {"ssid": "test-wps", "eap_server": "1", "wps_state": "2", 325 "skip_cred_build": "1", "extra_cred": "wps-ctrl-cred"} 326 hapd = hostapd.add_ap(apdev[0], params) 327 328 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 329 330 try: 331 with open(config, "w") as f: 332 f.write("update_config=1\n") 333 334 wpas.interface_add("wlan5", config=config) 335 336 hapd.request("WPS_PIN any 12345670") 337 wpas.scan_for_bss(apdev[0]['bssid'], freq="2412") 338 wpas.request("WPS_PIN " + apdev[0]['bssid'] + " 12345670") 339 ev = wpas.wait_event(["WPS-FAIL"], timeout=10) 340 if ev is None: 341 raise Exception("WPS-FAIL event timed out") 342 343 with open(config, "r") as f: 344 data = f.read() 345 logger.info("Configuration file contents: " + data) 346 if "network=" in data: 347 raise Exception("Unexpected network block in configuration data") 348 349 finally: 350 try: 351 os.remove(config) 352 except: 353 pass 354 try: 355 os.remove(config + ".tmp") 356 except: 357 pass 358 try: 359 os.rmdir(config) 360 except: 361 pass 362 363def test_wpas_config_file_wps2(dev, apdev): 364 """wpa_supplicant config file parsing/writing with WPS (2)""" 365 config = "/tmp/test_wpas_config_file.conf" 366 if os.path.exists(config): 367 os.remove(config) 368 369 params = {"ssid": "test-wps", "eap_server": "1", "wps_state": "2", 370 "skip_cred_build": "1", "extra_cred": "wps-ctrl-cred2"} 371 hapd = hostapd.add_ap(apdev[0], params) 372 373 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 374 375 try: 376 with open(config, "w") as f: 377 f.write("update_config=1\n") 378 379 wpas.interface_add("wlan5", config=config) 380 381 hapd.request("WPS_PIN any 12345670") 382 wpas.scan_for_bss(apdev[0]['bssid'], freq="2412") 383 wpas.request("WPS_PIN " + apdev[0]['bssid'] + " 12345670") 384 ev = wpas.wait_event(["WPS-SUCCESS"], timeout=10) 385 if ev is None: 386 raise Exception("WPS-SUCCESS event timed out") 387 388 with open(config, "r") as f: 389 data = f.read() 390 logger.info("Configuration file contents: " + data) 391 392 with open(config, "r") as f: 393 data = f.read() 394 if "network=" not in data: 395 raise Exception("Missing network block in configuration data") 396 if "ssid=410a420d430044" not in data: 397 raise Exception("Unexpected ssid parameter value") 398 399 finally: 400 try: 401 os.remove(config) 402 except: 403 pass 404 try: 405 os.remove(config + ".tmp") 406 except: 407 pass 408 try: 409 os.rmdir(config) 410 except: 411 pass 412 413def test_wpas_config_file_set_psk(dev): 414 """wpa_supplicant config file parsing/writing with arbitrary PSK value""" 415 config = "/tmp/test_wpas_config_file.conf" 416 if os.path.exists(config): 417 os.remove(config) 418 419 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 420 421 try: 422 with open(config, "w") as f: 423 f.write("update_config=1\n") 424 425 wpas.interface_add("wlan5", config=config) 426 427 id = wpas.add_network() 428 wpas.set_network_quoted(id, "ssid", "foo") 429 if "OK" in wpas.request('SET_NETWORK %d psk "12345678"\n}\nmodel_name=foobar\nnetwork={\n#\"' % id): 430 raise Exception("Invalid psk value accepted") 431 432 if "OK" not in wpas.request("SAVE_CONFIG"): 433 raise Exception("Failed to save configuration file") 434 435 with open(config, "r") as f: 436 data = f.read() 437 logger.info("Configuration file contents: " + data) 438 if "model_name" in data: 439 raise Exception("Unexpected parameter added to configuration") 440 441 wpas.interface_remove("wlan5") 442 wpas.interface_add("wlan5", config=config) 443 444 finally: 445 try: 446 os.remove(config) 447 except: 448 pass 449 try: 450 os.remove(config + ".tmp") 451 except: 452 pass 453 try: 454 os.rmdir(config) 455 except: 456 pass 457 458def test_wpas_config_file_set_cred(dev): 459 """wpa_supplicant config file parsing/writing with arbitrary cred values""" 460 config = "/tmp/test_wpas_config_file.conf" 461 if os.path.exists(config): 462 os.remove(config) 463 464 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 465 466 try: 467 with open(config, "w") as f: 468 f.write("update_config=1\n") 469 470 wpas.interface_add("wlan5", config=config) 471 472 id = wpas.add_cred() 473 wpas.set_cred_quoted(id, "username", "hello") 474 fields = ["username", "milenage", "imsi", "password", "realm", 475 "phase1", "phase2", "provisioning_sp"] 476 for field in fields: 477 if "FAIL" not in wpas.request('SET_CRED %d %s "hello"\n}\nmodel_name=foobar\ncred={\n#\"' % (id, field)): 478 raise Exception("Invalid %s value accepted" % field) 479 480 if "OK" not in wpas.request("SAVE_CONFIG"): 481 raise Exception("Failed to save configuration file") 482 483 with open(config, "r") as f: 484 data = f.read() 485 logger.info("Configuration file contents: " + data) 486 if "model_name" in data: 487 raise Exception("Unexpected parameter added to configuration") 488 489 wpas.interface_remove("wlan5") 490 wpas.interface_add("wlan5", config=config) 491 492 finally: 493 try: 494 os.remove(config) 495 except: 496 pass 497 try: 498 os.remove(config + ".tmp") 499 except: 500 pass 501 try: 502 os.rmdir(config) 503 except: 504 pass 505 506def test_wpas_config_file_set_global(dev): 507 """wpa_supplicant config file parsing/writing with arbitrary global values""" 508 config = "/tmp/test_wpas_config_file.conf" 509 if os.path.exists(config): 510 os.remove(config) 511 512 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 513 514 try: 515 with open(config, "w") as f: 516 f.write("update_config=1\n") 517 518 wpas.interface_add("wlan5", config=config) 519 520 fields = ["model_name", "device_name", "ctrl_interface_group", 521 "opensc_engine_path", "pkcs11_engine_path", 522 "pkcs11_module_path", "openssl_ciphers", "pcsc_reader", 523 "pcsc_pin", "driver_param", "manufacturer", "model_name", 524 "model_number", "serial_number", "config_methods", 525 "p2p_ssid_postfix", "autoscan", "ext_password_backend", 526 "wowlan_triggers", "fst_group_id", 527 "sched_scan_plans", "non_pref_chan"] 528 for field in fields: 529 if "FAIL" not in wpas.request('SET %s hello\nmodel_name=foobar' % field): 530 raise Exception("Invalid %s value accepted" % field) 531 532 if "OK" not in wpas.request("SAVE_CONFIG"): 533 raise Exception("Failed to save configuration file") 534 535 with open(config, "r") as f: 536 data = f.read() 537 logger.info("Configuration file contents: " + data) 538 if "model_name" in data: 539 raise Exception("Unexpected parameter added to configuration") 540 541 wpas.interface_remove("wlan5") 542 wpas.interface_add("wlan5", config=config) 543 544 finally: 545 try: 546 os.remove(config) 547 except: 548 pass 549 try: 550 os.remove(config + ".tmp") 551 except: 552 pass 553 try: 554 os.rmdir(config) 555 except: 556 pass 557 558def test_wpas_config_file_key_mgmt(dev, apdev, params): 559 """wpa_supplicant config file writing and key_mgmt values""" 560 check_fils_capa(dev[0]) 561 config = os.path.join(params['logdir'], 562 'wpas_config_file_key_mgmt.conf') 563 if os.path.exists(config): 564 os.remove(config) 565 566 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 567 568 with open(config, "w") as f: 569 f.write("update_config=1\n") 570 571 wpas.interface_add("wlan5", config=config) 572 573 from test_dpp import params1_csign, params1_sta_connector, params1_sta_netaccesskey, check_dpp_capab 574 575 check_dpp_capab(wpas) 576 577 id = wpas.add_network() 578 wpas.set_network_quoted(id, "ssid", "foo") 579 wpas.set_network(id, "key_mgmt", "DPP") 580 wpas.set_network(id, "ieee80211w", "2") 581 wpas.set_network_quoted(id, "dpp_csign", params1_csign) 582 wpas.set_network_quoted(id, "dpp_connector", params1_sta_connector) 583 wpas.set_network_quoted(id, "dpp_netaccesskey", params1_sta_netaccesskey) 584 if "OK" not in wpas.request("SAVE_CONFIG"): 585 raise Exception("Failed to save configuration file") 586 587 with open(config, "r") as f: 588 data = f.read() 589 logger.info("Configuration file contents: " + data) 590 if "key_mgmt=DPP" not in data: 591 raise Exception("Missing key_mgmt") 592 if 'dpp_connector="' + params1_sta_connector + '"' not in data: 593 raise Exception("Missing dpp_connector") 594 if 'dpp_netaccesskey="' + params1_sta_netaccesskey + '"' not in data: 595 raise Exception("Missing dpp_netaccesskey") 596 if 'dpp_csign="' + params1_csign + '"' not in data: 597 raise Exception("Missing dpp_csign") 598 599 wpas.set_network(id, "dpp_csign", "NULL") 600 wpas.set_network(id, "dpp_connector", "NULL") 601 wpas.set_network(id, "dpp_netaccesskey", "NULL") 602 wpas.set_network_quoted(id, "psk", "12345678") 603 wpas.set_network(id, "ieee80211w", "0") 604 605 tests = ["WPA-PSK", "WPA-EAP", "IEEE8021X", "NONE", "WPA-NONE", "FT-PSK", 606 "FT-EAP", "FT-EAP-SHA384", "WPA-PSK-SHA256", "WPA-EAP-SHA256", 607 "SAE", "FT-SAE", "WPA-EAP-SUITE-B", 608 "WPA-EAP-SUITE-B-192", "FILS-SHA256", "FILS-SHA384", 609 "FT-FILS-SHA256", "FT-FILS-SHA384", "OWE", "DPP"] 610 supported_key_mgmts = dev[0].get_capability("key_mgmt") 611 for key_mgmt in tests: 612 if key_mgmt == "WPA-EAP-SUITE-B-192" and key_mgmt not in supported_key_mgmts: 613 logger.info("Skip unsupported " + key_mgmt) 614 continue 615 wpas.set_network(id, "key_mgmt", key_mgmt) 616 if "OK" not in wpas.request("SAVE_CONFIG"): 617 raise Exception("Failed to save configuration file") 618 with open(config, "r") as f: 619 data = f.read() 620 logger.info("Configuration file contents: " + data) 621 if "key_mgmt=" + key_mgmt not in data: 622 raise Exception("Missing key_mgmt " + key_mgmt) 623 624 wpas.interface_remove("wlan5") 625 wpas.interface_add("wlan5", config=config) 626 627def check_network_config(config, network_expected, check=None): 628 with open(config, "r") as f: 629 data = f.read() 630 logger.info("Configuration file contents:\n" + data.rstrip()) 631 if network_expected and "network=" not in data: 632 raise Exception("Missing network block in configuration data") 633 if not network_expected and "network=" in data: 634 raise Exception("Unexpected network block in configuration data") 635 if check and check not in data: 636 raise Exception("Missing " + check) 637 638def test_wpas_config_file_sae(dev, apdev, params): 639 """wpa_supplicant config file writing with SAE""" 640 config = os.path.join(params['logdir'], 'wpas_config_file_sae.conf') 641 with open(config, "w") as f: 642 f.write("update_config=1\n") 643 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 644 wpas.interface_add("wlan5", config=config) 645 check_sae_capab(wpas) 646 647 # Valid SAE configuration with sae_password 648 wpas.connect("test-sae", sae_password="sae-password", key_mgmt="SAE", 649 only_add_network=True) 650 wpas.save_config() 651 check_network_config(config, True, check="key_mgmt=SAE") 652 653 wpas.request("REMOVE_NETWORK all") 654 wpas.save_config() 655 check_network_config(config, False) 656 657 # Valid SAE configuration with psk 658 wpas.connect("test-sae", psk="sae-password", key_mgmt="SAE", 659 only_add_network=True) 660 wpas.save_config() 661 check_network_config(config, True, check="key_mgmt=SAE") 662 wpas.request("REMOVE_NETWORK all") 663 664 # Invalid PSK configuration with sae_password 665 wpas.connect("test-psk", sae_password="sae-password", key_mgmt="WPA-PSK", 666 only_add_network=True) 667 wpas.save_config() 668 check_network_config(config, False) 669 670 # Invalid SAE configuration with raw_psk 671 wpas.connect("test-sae", raw_psk=32*"00", key_mgmt="SAE", 672 only_add_network=True) 673 wpas.save_config() 674 check_network_config(config, False) 675 676def test_wpas_config_update_without_file(dev, apdev): 677 """wpa_supplicant SAVE_CONFIG without config file""" 678 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 679 wpas.interface_add("wlan5") 680 wpas.set("update_config", "1") 681 if "FAIL" not in wpas.request("SAVE_CONFIG"): 682 raise Exception("SAVE_CONFIG accepted unexpectedly") 683 684def test_wpas_config_file_invalid_network(dev, apdev, params): 685 """wpa_supplicant config file parsing of an invalid network""" 686 config = params['prefix'] + '.conf.wlan5' 687 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 688 with open(config, "w") as f: 689 f.write("network={\n") 690 f.write("\tunknown=UNKNOWN\n") 691 f.write("}\n") 692 success = False 693 try: 694 wpas.interface_add("wlan5", config=config) 695 success = True 696 except Exception as e: 697 if str(e) != "Failed to add a dynamic wpa_supplicant interface": 698 raise 699 700 if success: 701 raise Exception("Interface addition succeeded with invalid configuration") 702 703def test_wpas_config_range_check(dev, apdev): 704 """wpa_supplicant configuration parser range checking""" 705 tests = [("eapol_version", 0, 4), 706 ("max_peer_links", -1, 256), 707 ("mesh_fwding", -1, 2), 708 ("auto_uuid", -1, 2), 709 ("device_name", 33*'A', None), 710 ("manufacturer", 65*'A', None), 711 ("model_name", 33*'A', None), 712 ("model_number", 33*'A', None), 713 ("serial_number", 33*'A', None), 714 ("wps_cred_processing", -1, 3), 715 ("wps_cred_add_sae", -1, 2), 716 ("p2p_go_intent", -1, 16), 717 ("persistent_reconnect", -1, 2), 718 ("p2p_intra_bss", -1, 2), 719 ("p2p_go_freq_change_policy", -1, 4), 720 ("p2p_passphrase_len", 7, 64), 721 ("p2p_add_cli_chan", -1, 2), 722 ("p2p_optimize_listen_chan", -1, 2), 723 ("p2p_go_ctwindow", -1, 128), 724 ("p2p_ignore_shared_freq", -1, 2), 725 ("p2p_cli_probe", -1, 2), 726 ("filter_ssids", -1, 2), 727 ("filter_rssi", -101, 1), 728 ("ap_isolate", -1, 2), 729 ("disassoc_low_ack", -1, 2), 730 ("hs20", -1, 2), 731 ("interworking", -1, 2), 732 ("access_network_type", -1, 16), 733 ("go_interworking", -1, 2), 734 ("go_access_network_type", -1, 16), 735 ("go_internet", -1, 2), 736 ("go_venue_group", -1, 256), 737 ("go_venue_type", -1, 256), 738 ("pbc_in_m1", -1, 2), 739 ("wps_nfc_dev_pw_id", 15, 65536), 740 ("auto_interworking", -1, 2), 741 ("sae_check_mfp", -1, 2), 742 ("sae_pwe", -1, 4), 743 ("sae_pmkid_in_assoc", -1, 2), 744 ("ignore_old_scan_res", -1, 2), 745 ("mac_addr", -1, 3), 746 ("preassoc_mac_addr", -1, 3), 747 ("fst_group_id", "", 129*"A"), 748 ("fst_priority", 0, 256), 749 ("fst_llt", 0, 2**32), 750 ("cert_in_cb", -1, 2), 751 ("wpa_rsc_relaxation", -1, 2), 752 ("mbo_cell_capa", 0, 4), 753 ("disassoc_imminent_rssi_threshold", -121, 1), 754 ("oce", -1, 4), 755 ("ftm_responder", -1, 2), 756 ("ftm_initiator", -1, 2), 757 ("gas_rand_mac_addr", -1, 3), 758 ("dpp_config_processing", -1, 3), 759 ("dpp_connector_privacy_default", -1, 2), 760 ("coloc_intf_reporting", -1, 2), 761 ("disable_btm", -1, 2), 762 ("extended_key_id", -1, 2), 763 ("wowlan_disconnect_on_deinit", -1, 2), 764 ("force_kdk_derivation", -1, 2), 765 ("pasn_corrupt_mic", -1, 2), 766 ("mld_force_single_link", -1, 2), 767 ("mld_connect_band_pref", -1, 5), 768 ("ft_prepend_pmkid", -1, 2)] 769 for name, value1, value2 in tests: 770 if "OK" in dev[0].request(f"SET {name} {value1}"): 771 raise Exception(f"Invalid SET command accepted: {name}={value1}") 772 if value2 is not None: 773 if "OK" in dev[0].request(f"SET {name} {value2}"): 774 raise Exception(f"Invalid SET command accepted: {name}={value2}") 775 776 id = dev[0].add_network() 777 tests = [("ssid", '"' + 33*"A" + '"', None), 778 ("scan_ssid", -1, 2), 779 ("ht", -1, 2), 780 ("vht", -1, 2), 781 ("he", -1, 2), 782 ("ht40", -2, 2), 783 ("max_oper_chwidth", -2, 10), 784 ("mode", -1, 6), 785 ("no_auto_peer", -1, 2), 786 ("mesh_fwding", -1, 2), 787 ("mesh_rssi_threshold", -256, 2), 788 ("proactive_key_caching", -2, 2), 789 ("disabled", -1, 3), 790 ("ieee80211w", -1, 3), 791 ("mixed_cell", -1, 2), 792 ("frequency", -1, 70201), 793 ("fixed_freq", -1, 2), 794 ("enable_edmg", -1, 2), 795 ("edmg_channel", 8, 14), 796 ("acs", -1, 2), 797 ("wpa_deny_ptk0_rekey", -1, 3), 798 ("ignore_broadcast_ssid", -1, 3), 799 ("disable_ht", -1, 2), 800 ("disable_ht40", -1, 2), 801 ("disable_sgi", -1, 2), 802 ("disable_ldpc", -1, 2), 803 ("ht40_intolerant", -1, 2), 804 ("tx_stbc", -2, 2), 805 ("rx_stbc", -2, 4), 806 ("disable_max_amsdu", -2, 2), 807 ("ampdu_factor", -2, 4), 808 ("ampdu_density", -2, 8), 809 ("disable_vht", -1, 2), 810 ("vht_rx_mcs_nss_1", -2, 4), 811 ("vht_rx_mcs_nss_2", -2, 4), 812 ("vht_rx_mcs_nss_3", -2, 4), 813 ("vht_rx_mcs_nss_4", -2, 4), 814 ("vht_rx_mcs_nss_5", -2, 4), 815 ("vht_rx_mcs_nss_6", -2, 4), 816 ("vht_rx_mcs_nss_7", -2, 4), 817 ("vht_rx_mcs_nss_8", -2, 4), 818 ("vht_tx_mcs_nss_1", -2, 4), 819 ("vht_tx_mcs_nss_2", -2, 4), 820 ("vht_tx_mcs_nss_3", -2, 4), 821 ("vht_tx_mcs_nss_4", -2, 4), 822 ("vht_tx_mcs_nss_5", -2, 4), 823 ("vht_tx_mcs_nss_6", -2, 4), 824 ("vht_tx_mcs_nss_7", -2, 4), 825 ("vht_tx_mcs_nss_8", -2, 4), 826 ("disable_he", -1, 2), 827 ("macsec_policy", -1, 2), 828 ("macsec_integ_only", -1, 2), 829 ("macsec_replay_protect", -1, 2), 830 ("macsec_offload", -1, 3), 831 ("macsec_port", -1, 65535), 832 ("mka_priority", -1, 256), 833 ("macsec_csindex", -1, 2), 834 ("roaming_consortium_selection", 16*"00", None), 835 ("mac_addr", -2, 4), 836 ("pbss", -1, 3), 837 ("wps_disabled", -1, 2), 838 ("fils_dh_group", -1, 65536), 839 ("dpp_pfs", -1, 3), 840 ("dpp_connector_privacy", -1, 2), 841 ("owe_group", -1, 65536), 842 ("owe_only", -1, 2), 843 ("owe_ptk_workaround", -1, 2), 844 ("multi_ap_backhaul_sta", -1, 2), 845 ("ft_eap_pmksa_caching", -1, 2), 846 ("beacon_prot", -1, 2), 847 ("transition_disable", -1, 256), 848 ("sae_pk", -1, 3), 849 ("disable_eht", -1, 2), 850 ("enable_4addr_mode", -1, 2)] 851 for name, value1, value2 in tests: 852 if "OK" in dev[0].request(f"SET_NETWORK {id} {name} {value1}"): 853 raise Exception(f"Invalid SET_NETWORK command accepted: {name}={value1}") 854 if value2 is not None: 855 if "OK" in dev[0].request(f"SET_NETWORK {id} {name} {value2}"): 856 raise Exception(f"Invalid SET_NETWORK command accepted: {name}={value2}") 857