2014-01-07 19:44:41 +01:00
|
|
|
# External password storage
|
|
|
|
# Copyright (c) 2014, Jouni Malinen <j@w1.fi>
|
|
|
|
#
|
|
|
|
# This software may be distributed under the terms of the BSD license.
|
|
|
|
# See README for more details.
|
|
|
|
|
2016-06-23 19:16:36 +02:00
|
|
|
from remotehost import remote_compatible
|
2014-01-07 19:44:41 +01:00
|
|
|
import logging
|
|
|
|
logger = logging.getLogger()
|
2021-02-15 22:26:32 +01:00
|
|
|
import os
|
|
|
|
import tempfile
|
2014-01-07 19:44:41 +01:00
|
|
|
|
|
|
|
import hostapd
|
2022-11-07 12:23:14 +01:00
|
|
|
from utils import *
|
2014-04-12 15:25:18 +02:00
|
|
|
from wpasupplicant import WpaSupplicant
|
2014-01-07 19:44:41 +01:00
|
|
|
from test_ap_hs20 import hs20_ap_params
|
|
|
|
from test_ap_hs20 import interworking_select
|
|
|
|
from test_ap_hs20 import interworking_connect
|
|
|
|
|
2016-06-23 19:16:36 +02:00
|
|
|
@remote_compatible
|
2014-01-07 19:44:41 +01:00
|
|
|
def test_ext_password_psk(dev, apdev):
|
|
|
|
"""External password storage for PSK"""
|
|
|
|
params = hostapd.wpa2_params(ssid="ext-pw-psk", passphrase="12345678")
|
2016-03-30 10:55:56 +02:00
|
|
|
hostapd.add_ap(apdev[0], params)
|
2014-01-07 19:44:41 +01:00
|
|
|
dev[0].request("SET ext_password_backend test:psk1=12345678")
|
|
|
|
dev[0].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412")
|
|
|
|
|
2014-04-12 15:25:18 +02:00
|
|
|
def test_ext_password_psk_not_found(dev, apdev):
|
|
|
|
"""External password storage for PSK and PSK not found"""
|
|
|
|
params = hostapd.wpa2_params(ssid="ext-pw-psk", passphrase="12345678")
|
2016-03-30 10:55:56 +02:00
|
|
|
hostapd.add_ap(apdev[0], params)
|
2014-04-12 15:25:18 +02:00
|
|
|
dev[0].request("SET ext_password_backend test:psk1=12345678")
|
|
|
|
dev[0].connect("ext-pw-psk", raw_psk="ext:psk2", scan_freq="2412",
|
|
|
|
wait_connect=False)
|
|
|
|
dev[1].request("SET ext_password_backend test:psk1=1234567")
|
|
|
|
dev[1].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
|
|
|
|
wait_connect=False)
|
|
|
|
dev[2].request("SET ext_password_backend test:psk1=1234567890123456789012345678901234567890123456789012345678901234567890")
|
|
|
|
dev[2].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
|
|
|
|
wait_connect=False)
|
|
|
|
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
|
|
|
|
wpas.interface_add("wlan5")
|
|
|
|
wpas.request("SET ext_password_backend test:psk1=123456789012345678901234567890123456789012345678901234567890123q")
|
|
|
|
wpas.connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
|
|
|
|
wait_connect=False)
|
|
|
|
|
|
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
|
|
|
|
if ev is not None:
|
|
|
|
raise Exception("Unexpected association")
|
|
|
|
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
|
|
|
|
if ev is not None:
|
|
|
|
raise Exception("Unexpected association")
|
|
|
|
ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
|
|
|
|
if ev is not None:
|
|
|
|
raise Exception("Unexpected association")
|
|
|
|
ev = wpas.wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
|
|
|
|
if ev is not None:
|
|
|
|
raise Exception("Unexpected association")
|
|
|
|
|
2014-01-07 19:44:41 +01:00
|
|
|
def test_ext_password_eap(dev, apdev):
|
|
|
|
"""External password storage for EAP password"""
|
|
|
|
params = hostapd.wpa2_eap_params(ssid="ext-pw-eap")
|
2016-03-30 10:55:56 +02:00
|
|
|
hostapd.add_ap(apdev[0], params)
|
2014-01-07 19:44:41 +01:00
|
|
|
dev[0].request("SET ext_password_backend test:pw0=hello|pw1=password|pw2=secret")
|
|
|
|
dev[0].connect("ext-pw-eap", key_mgmt="WPA-EAP", eap="PEAP",
|
|
|
|
identity="user", password_hex="ext:pw1",
|
|
|
|
ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
|
|
|
|
scan_freq="2412")
|
|
|
|
|
|
|
|
def test_ext_password_interworking(dev, apdev):
|
|
|
|
"""External password storage for Interworking network selection"""
|
2015-08-01 17:48:49 +02:00
|
|
|
skip_with_fips(dev[0])
|
2014-01-07 19:44:41 +01:00
|
|
|
bssid = apdev[0]['bssid']
|
|
|
|
params = hs20_ap_params()
|
2016-03-30 10:55:56 +02:00
|
|
|
hostapd.add_ap(apdev[0], params)
|
2014-01-07 19:44:41 +01:00
|
|
|
|
|
|
|
dev[0].hs20_enable()
|
|
|
|
dev[0].request("SET ext_password_backend test:pw1=password")
|
2019-03-15 11:10:37 +01:00
|
|
|
id = dev[0].add_cred_values({'realm': "example.com",
|
|
|
|
'username': "hs20-test"})
|
2014-01-07 19:44:41 +01:00
|
|
|
dev[0].set_cred(id, "password", "ext:pw1")
|
|
|
|
interworking_select(dev[0], bssid, freq="2412")
|
|
|
|
interworking_connect(dev[0], bssid, "TTLS")
|
2021-02-15 22:26:32 +01:00
|
|
|
|
|
|
|
def test_ext_password_file_psk(dev, apdev):
|
|
|
|
"""External password (file) storage for PSK"""
|
|
|
|
params = hostapd.wpa2_params(ssid="ext-pw-psk", passphrase="12345678")
|
|
|
|
hostapd.add_ap(apdev[0], params)
|
|
|
|
fd, fn = tempfile.mkstemp()
|
|
|
|
with open(fn, "w") as f:
|
|
|
|
f.write("psk1=12345678\n")
|
|
|
|
os.close(fd)
|
|
|
|
dev[0].request("SET ext_password_backend file:%s" % fn)
|
|
|
|
dev[0].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412")
|
|
|
|
for i in range(2):
|
|
|
|
dev[0].request("REMOVE_NETWORK all")
|
|
|
|
if i == 0:
|
|
|
|
dev[0].wait_disconnected()
|
|
|
|
dev[0].connect("ext-pw-psk", raw_psk="ext:psk2", scan_freq="2412",
|
|
|
|
wait_connect=False)
|
|
|
|
else:
|
|
|
|
dev[0].connect("ext-pw-psk", raw_psk="ext:psk1", scan_freq="2412",
|
|
|
|
wait_connect=False)
|
|
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
|
|
|
|
"EXT PW: No PSK found from external storage"],
|
|
|
|
timeout=10)
|
|
|
|
if i == 0:
|
|
|
|
os.unlink(fn)
|
|
|
|
if ev is None:
|
|
|
|
raise Exception("No connection result reported")
|
|
|
|
if "CTRL-EVENT-CONNECTED" in ev:
|
|
|
|
raise Exception("Unexpected connection")
|
2022-11-07 12:23:14 +01:00
|
|
|
|
|
|
|
@remote_compatible
|
|
|
|
def test_ext_password_sae(dev, apdev):
|
|
|
|
"""External password storage for SAE"""
|
|
|
|
check_sae_capab(dev[0])
|
|
|
|
params = hostapd.wpa2_params(ssid="ext-pw-sae", passphrase="12345678")
|
|
|
|
params['wpa_key_mgmt'] = 'SAE'
|
|
|
|
hapd = hostapd.add_ap(apdev[0], params)
|
|
|
|
|
|
|
|
dev[0].set("ext_password_backend", "test:sae1=12345678")
|
|
|
|
dev[0].set("sae_groups", "")
|
|
|
|
dev[0].connect("ext-pw-sae", raw_psk="ext:sae1", key_mgmt="SAE",
|
|
|
|
scan_freq="2412")
|