DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Make WEP functionality an optional build parameter

Browse source 
WEP should not be used for anything anymore. As a step towards removing
it completely, move all WEP related functionality to be within
CONFIG_WEP blocks. This will be included in builds only if CONFIG_WEP=y
is explicitly set in build configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-02-29 16:52:39 +02:00
parent bca44f4e4e
commit 200c7693c9
48 changed files with 386 additions and 71 deletions
Download patch file Download diff file Expand all files Collapse all files

1
tests/hwsim/example-hostapd.config
View file

@ -110,3 +110,4 @@ CONFIG_FILS_SK_PFS=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y

1
tests/hwsim/example-wpa_supplicant.config
View file

@ -153,3 +153,4 @@ CONFIG_PMKSA_CACHE_EXTERNAL=y
CONFIG_OWE=y
CONFIG_DPP=y
CONFIG_DPP2=y
CONFIG_WEP=y

22
tests/hwsim/test_ap_config.py
View file

@ -429,8 +429,6 @@ def test_ap_config_set_oom(dev, apdev):
tests = [(1, "hostapd_parse_das_client",
"SET radius_das_client 192.168.1.123 pw"),
(1, "hostapd_config_read_wep", "SET wep_key0 \"hello\""),
(1, "hostapd_config_read_wep", "SET wep_key0 0102030405"),
(1, "hostapd_parse_chanlist", "SET chanlist 1 6 11-13"),
(1, "hostapd_config_bss", "SET bss foo"),
(2, "hostapd_config_bss", "SET bss foo"),
@ -486,6 +484,9 @@ def test_ap_config_set_oom(dev, apdev):
(1, "hostapd_parse_intlist", "SET sae_groups 19 25"),
(1, "hostapd_parse_intlist", "SET basic_rates 10 20 55 110"),
(1, "hostapd_parse_intlist", "SET supported_rates 10 20 55 110")]
if "WEP40" in dev[0].get_capability("group"):
tests += [(1, "hostapd_config_read_wep", "SET wep_key0 \"hello\""),
(1, "hostapd_config_read_wep", "SET wep_key0 0102030405")]
for count, func, cmd in tests:
with alloc_fail(hapd, count, func):
if "FAIL" not in hapd.request(cmd):
@ -533,14 +534,15 @@ def test_ap_config_set_oom(dev, apdev):
def test_ap_config_set_errors(dev, apdev):
"""hostapd configuration parsing errors"""
hapd = hostapd.add_ap(apdev[0], {"ssid": "foobar"})
hapd.set("wep_key0", '"hello"')
hapd.set("wep_key1", '"hello"')
hapd.set("wep_key0", '')
hapd.set("wep_key0", '"hello"')
if "FAIL" not in hapd.request("SET wep_key1 \"hello\""):
raise Exception("SET wep_key1 allowed to override existing key")
hapd.set("wep_key1", '')
hapd.set("wep_key1", '"hello"')
if "WEP40" in dev[0].get_capability("group"):
hapd.set("wep_key0", '"hello"')
hapd.set("wep_key1", '"hello"')
hapd.set("wep_key0", '')
hapd.set("wep_key0", '"hello"')
if "FAIL" not in hapd.request("SET wep_key1 \"hello\""):
raise Exception("SET wep_key1 allowed to override existing key")
hapd.set("wep_key1", '')
hapd.set("wep_key1", '"hello"')
hapd.set("auth_server_addr", "127.0.0.1")
hapd.set("acct_server_addr", "127.0.0.1")

5
tests/hwsim/test_ap_hs20.py
View file

@ -2662,8 +2662,9 @@ def test_ap_hs20_osen(dev, apdev):
dev[1].connect("osen", key_mgmt="NONE", scan_freq="2412",
wait_connect=False)
dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"',
scan_freq="2412", wait_connect=False)
if "WEP40" in dev[2].get_capability("group"):
dev[2].connect("osen", key_mgmt="NONE", wep_key0='"hello"',
scan_freq="2412", wait_connect=False)
dev[0].flush_scan_cache()
dev[0].connect("osen", proto="OSEN", key_mgmt="OSEN", pairwise="CCMP",
group="GTK_NOT_USED CCMP",

3
tests/hwsim/test_ap_params.py
View file

@ -16,6 +16,7 @@ import hwsim_utils
import hostapd
from tshark import run_tshark
from utils import alloc_fail, HwsimSkip, parse_ie
from test_wep import check_wep_capa
@remote_compatible
def test_ap_fragmentation_rts_set_high(dev, apdev):
@ -334,6 +335,7 @@ def test_ap_wds_sta_open(dev, apdev):
def test_ap_wds_sta_wep(dev, apdev):
"""WEP AP with STA using 4addr mode"""
check_wep_capa(dev[0])
ssid = "test-wds-wep"
params = {}
params['ssid'] = ssid
@ -658,6 +660,7 @@ def test_ap_beacon_rate_vht(dev, apdev):
def test_ap_wep_to_wpa(dev, apdev):
"""WEP to WPA2-PSK configuration change in hostapd"""
check_wep_capa(dev[0])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-to-wpa",
"wep_key0": '"hello"'})

3
tests/hwsim/test_ap_tdls.py
View file

@ -17,6 +17,7 @@ import hostapd
from utils import HwsimSkip, skip_with_fips
from wlantest import Wlantest
from test_ap_vht import vht_supported
from test_wep import check_wep_capa
def start_ap_wpa2_psk(ap):
params = hostapd.wpa2_params(ssid="test-wpa2-psk", passphrase="12345678")
@ -313,6 +314,8 @@ def test_ap_wpa_mixed_tdls(dev, apdev):
def test_ap_wep_tdls(dev, apdev):
"""WEP AP and two stations using TDLS"""
check_wep_capa(dev[0])
check_wep_capa(dev[1])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "test-wep", "wep_key0": '"hello"'})
wlantest_setup(hapd)

2
tests/hwsim/test_ap_wps.py
View file

@ -45,6 +45,7 @@ from utils import HwsimSkip, alloc_fail, fail_test, skip_with_fips
from utils import wait_fail_trigger, clear_regdom
from test_ap_eap import int_eap_server_params
from test_sae import check_sae_capab
from test_wep import check_wep_capa
def wps_start_ap(apdev, ssid="test-wps-conf"):
params = {"ssid": ssid, "eap_server": "1", "wps_state": "2",
@ -10036,6 +10037,7 @@ def test_ap_wps_ignore_broadcast_ssid(dev, apdev):
def test_ap_wps_wep(dev, apdev):
"""WPS AP trying to enable WEP"""
check_wep_capa(dev[0])
ssid = "test-wps"
hapd = hostapd.add_ap(apdev[0],
{"ssid": ssid, "eap_server": "1", "wps_state": "1",

2
tests/hwsim/test_cfg80211.py
View file

@ -16,6 +16,7 @@ import hwsim_utils
from tshark import run_tshark
from nl80211 import *
from wpasupplicant import WpaSupplicant
from test_wep import check_wep_capa
def nl80211_command(dev, cmd, attr):
res = dev.request("VENDOR ffffffff {} {}".format(nl80211_cmd[cmd],
@ -101,6 +102,7 @@ def test_cfg80211_tx_frame(dev, apdev, params):
@remote_compatible
def test_cfg80211_wep_key_idx_change(dev, apdev):
"""WEP Shared Key authentication and key index change without deauth"""
check_wep_capa(dev[0])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",
"wep_key0": '"hello12345678"',

13
tests/hwsim/test_connect_cmd.py
View file

@ -12,6 +12,7 @@ import hwsim_utils
import hostapd
from wpasupplicant import WpaSupplicant
from p2p_utils import *
from test_wep import check_wep_capa
def test_connect_cmd_open(dev, apdev):
"""Open connection using cfg80211 connect command"""
@ -31,11 +32,13 @@ def test_connect_cmd_open(dev, apdev):
def test_connect_cmd_wep(dev, apdev):
"""WEP Open System using cfg80211 connect command"""
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
check_wep_capa(wpas)
params = {"ssid": "sta-connect-wep", "wep_key0": '"hello"'}
hapd = hostapd.add_ap(apdev[0], params)
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
wpas.connect("sta-connect-wep", key_mgmt="NONE", scan_freq="2412",
wep_key0='"hello"')
wpas.dump_monitor()
@ -46,12 +49,14 @@ def test_connect_cmd_wep(dev, apdev):
def test_connect_cmd_wep_shared(dev, apdev):
"""WEP Shared key using cfg80211 connect command"""
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
check_wep_capa(wpas)
params = {"ssid": "sta-connect-wep", "wep_key0": '"hello"',
"auth_algs": "2"}
hapd = hostapd.add_ap(apdev[0], params)
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
id = wpas.connect("sta-connect-wep", key_mgmt="NONE", scan_freq="2412",
auth_alg="SHARED", wep_key0='"hello"')
wpas.dump_monitor()

4
tests/hwsim/test_ibss.py
View file

@ -13,6 +13,7 @@ import subprocess
import hwsim_utils
from utils import alloc_fail, wait_fail_trigger
from test_wep import check_wep_capa
def connect_ibss_cmd(dev, id, freq=2412):
dev.dump_monitor()
@ -395,6 +396,9 @@ def test_ibss_rsn_tkip(dev):
def test_ibss_wep(dev):
"""IBSS with WEP"""
check_wep_capa(dev[0])
check_wep_capa(dev[1])
ssid = "ibss-wep"
id = add_ibss(dev[0], ssid, key_mgmt="NONE", wep_key0='"hello"')

8
tests/hwsim/test_ieee8021x.py
View file

@ -15,11 +15,13 @@ import hostapd
import hwsim_utils
from utils import skip_with_fips
from tshark import run_tshark
from test_wep import check_wep_capa
logger = logging.getLogger()
def test_ieee8021x_wep104(dev, apdev):
"""IEEE 802.1X connection using dynamic WEP104"""
check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
@ -36,6 +38,7 @@ def test_ieee8021x_wep104(dev, apdev):
def test_ieee8021x_wep40(dev, apdev):
"""IEEE 802.1X connection using dynamic WEP40"""
check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
@ -52,6 +55,7 @@ def test_ieee8021x_wep40(dev, apdev):
def test_ieee8021x_wep_index_workaround(dev, apdev):
"""IEEE 802.1X and EAPOL-Key index workaround"""
check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
@ -100,6 +104,7 @@ def test_ieee8021x_static_wep104(dev, apdev):
run_static_wep(dev, apdev, '"hello-there-/"')
def run_static_wep(dev, apdev, key):
check_wep_capa(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
params["ieee8021x"] = "1"
@ -252,6 +257,7 @@ def send_eapol_key(dev, bssid, signkey, frame_start, frame_end):
def test_ieee8021x_eapol_key(dev, apdev):
"""IEEE 802.1X connection and EAPOL-Key protocol tests"""
check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"
@ -317,6 +323,7 @@ def test_ieee8021x_reauth(dev, apdev):
def test_ieee8021x_reauth_wep(dev, apdev, params):
"""IEEE 802.1X and EAPOL_REAUTH request with WEP"""
check_wep_capa(dev[0])
logdir = params['logdir']
params = hostapd.radius_params()
@ -492,6 +499,7 @@ def test_ieee8021x_open_leap(dev, apdev):
def test_ieee8021x_and_wpa_enabled(dev, apdev):
"""IEEE 802.1X connection using dynamic WEP104 when WPA enabled"""
check_wep_capa(dev[0])
skip_with_fips(dev[0])
params = hostapd.radius_params()
params["ssid"] = "ieee8021x-wep"

2
tests/hwsim/test_radius.py
View file

@ -21,6 +21,7 @@ import hostapd
from utils import HwsimSkip, require_under_vm, skip_with_fips, alloc_fail, fail_test, wait_fail_trigger
from test_ap_hs20 import build_dhcp_ack
from test_ap_ft import ft_params1
from test_wep import check_wep_capa
def connect(dev, ssid, wait_connect=True):
dev.connect(ssid, key_mgmt="WPA-EAP", scan_freq="2412",
@ -442,6 +443,7 @@ def test_radius_acct_ft_psk(dev, apdev):
def test_radius_acct_ieee8021x(dev, apdev):
"""RADIUS Accounting - IEEE 802.1X"""
check_wep_capa(dev[0])
skip_with_fips(dev[0])
as_hapd = hostapd.Hostapd("as")
params = hostapd.radius_params()

2
tests/hwsim/test_scan.py
View file

@ -19,6 +19,7 @@ from utils import HwsimSkip, fail_test, alloc_fail, wait_fail_trigger, parse_ie
from utils import clear_regdom_dev
from tshark import run_tshark
from test_ap_csa import switch_channel, wait_channel_switch, csa_supported
from test_wep import check_wep_capa
def check_scan(dev, params, other_started=False, test_busy=False):
if not other_started:
@ -434,6 +435,7 @@ def test_scan_for_auth_fail(dev, apdev):
@remote_compatible
def test_scan_for_auth_wep(dev, apdev):
"""cfg80211 scan-for-auth workaround with WEP keys"""
check_wep_capa(dev[0])
dev[0].flush_scan_cache()
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep", "wep_key0": '"abcde"',

15
tests/hwsim/test_wep.py
View file

@ -11,11 +11,16 @@ import subprocess
from remotehost import remote_compatible
import hostapd
import hwsim_utils
from utils import clear_regdom
from utils import clear_regdom, HwsimSkip
def check_wep_capa(dev):
if "WEP40" not in dev.get_capability("group"):
raise HwsimSkip("WEP not supported")
@remote_compatible
def test_wep_open_auth(dev, apdev):
"""WEP Open System authentication"""
check_wep_capa(dev[0])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-open",
"wep_key0": '"hello"'})
@ -35,6 +40,8 @@ def test_wep_open_auth(dev, apdev):
@remote_compatible
def test_wep_shared_key_auth(dev, apdev):
"""WEP Shared Key authentication"""
check_wep_capa(dev[0])
check_wep_capa(dev[1])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",
"wep_key0": '"hello12345678"',
@ -50,6 +57,7 @@ def test_wep_shared_key_auth(dev, apdev):
@remote_compatible
def test_wep_shared_key_auth_not_allowed(dev, apdev):
"""WEP Shared Key authentication not allowed"""
check_wep_capa(dev[0])
hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",
"wep_key0": '"hello12345678"',
@ -63,6 +71,9 @@ def test_wep_shared_key_auth_not_allowed(dev, apdev):
def test_wep_shared_key_auth_multi_key(dev, apdev):
"""WEP Shared Key authentication with multiple keys"""
check_wep_capa(dev[0])
check_wep_capa(dev[1])
check_wep_capa(dev[2])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",
"wep_key0": '"hello12345678"',
@ -92,6 +103,7 @@ def test_wep_shared_key_auth_multi_key(dev, apdev):
def test_wep_ht_vht(dev, apdev):
"""WEP and HT/VHT"""
check_wep_capa(dev[0])
dev[0].flush_scan_cache()
try:
hapd = None
@ -124,6 +136,7 @@ def test_wep_ht_vht(dev, apdev):
def test_wep_ifdown(dev, apdev):
"""AP with WEP and external ifconfig down"""
check_wep_capa(dev[0])
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-open",
"wep_key0": '"hello"'})

3
tests/hwsim/test_wext.py
View file

@ -13,6 +13,7 @@ import hwsim_utils
from wpasupplicant import WpaSupplicant
from utils import HwsimSkip, skip_with_fips
from test_rfkill import get_rfkill
from test_wep import check_wep_capa
def get_wext_interface():
if not os.path.exists("/proc/net/wireless"):
@ -149,6 +150,7 @@ def test_wext_pmksa_cache(dev, apdev):
def test_wext_wep_open_auth(dev, apdev):
"""WEP Open System authentication"""
wpas = get_wext_interface()
check_wep_capa(wpas)
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-open",
@ -162,6 +164,7 @@ def test_wext_wep_open_auth(dev, apdev):
def test_wext_wep_shared_key_auth(dev, apdev):
"""WEP Shared Key authentication"""
wpas = get_wext_interface()
check_wep_capa(wpas)
hapd = hostapd.add_ap(apdev[0],
{"ssid": "wep-shared-key",

25
tests/hwsim/test_wpas_ap.py
View file

@ -13,6 +13,7 @@ import hwsim_utils
from utils import HwsimSkip, alloc_fail, clear_regdom_dev
from wpasupplicant import WpaSupplicant
from test_p2p_channel import set_country
from test_wep import check_wep_capa
def wait_ap_ready(dev):
ev = dev.wait_event(["CTRL-EVENT-CONNECTED"])
@ -103,6 +104,7 @@ def test_wpas_ap_open_isolate(dev):
@remote_compatible
def test_wpas_ap_wep(dev):
"""wpa_supplicant AP mode - WEP"""
check_wep_capa(dev[0])
id = dev[0].add_network()
dev[0].set_network(id, "mode", "2")
dev[0].set_network_quoted(id, "ssid", "wpas-ap-wep")
@ -540,17 +542,18 @@ def test_wpas_ap_oom(dev):
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
id = dev[0].add_network()
dev[0].set_network(id, "mode", "2")
dev[0].set_network_quoted(id, "ssid", "wpas-ap")
dev[0].set_network(id, "key_mgmt", "NONE")
dev[0].set_network_quoted(id, "wep_key0", "hello")
dev[0].set_network(id, "frequency", "2412")
dev[0].set_network(id, "scan_freq", "2412")
with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"):
dev[0].select_network(id)
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
if "WEP40" in dev[0].get_capability("group"):
id = dev[0].add_network()
dev[0].set_network(id, "mode", "2")
dev[0].set_network_quoted(id, "ssid", "wpas-ap")
dev[0].set_network(id, "key_mgmt", "NONE")
dev[0].set_network_quoted(id, "wep_key0", "hello")
dev[0].set_network(id, "frequency", "2412")
dev[0].set_network(id, "scan_freq", "2412")
with alloc_fail(dev[0], 1, "=wpa_supplicant_conf_ap"):
dev[0].select_network(id)
dev[0].wait_disconnected()
dev[0].request("REMOVE_NETWORK all")
wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
wpas.interface_add("wlan5")

22
tests/hwsim/test_wpas_ctrl.py
View file

@ -145,11 +145,12 @@ def test_wpas_ctrl_network(dev):
if "FAIL" not in dev[0].request("SET_NETWORK " + str(id) + ' identity 12x3'):
raise Exception("Unexpected success for invalid identity string")
for i in range(0, 4):
if "FAIL" in dev[0].request("SET_NETWORK " + str(id) + ' wep_key' + str(i) + ' aabbccddee'):
raise Exception("Unexpected wep_key set failure")
if dev[0].get_network(id, "wep_key" + str(i)) != '*':
raise Exception("Unexpected wep_key get failure")
if "WEP40" in dev[0].get_capability("group"):
for i in range(0, 4):
if "FAIL" in dev[0].request("SET_NETWORK " + str(id) + ' wep_key' + str(i) + ' aabbccddee'):
raise Exception("Unexpected wep_key set failure")
if dev[0].get_network(id, "wep_key" + str(i)) != '*':
raise Exception("Unexpected wep_key get failure")
if "FAIL" in dev[0].request("SET_NETWORK " + str(id) + ' psk_list P2P-00:11:22:33:44:55-0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef'):
raise Exception("Unexpected failure for psk_list string")
@ -205,11 +206,12 @@ def test_wpas_ctrl_network(dev):
raise Exception("Invalid WEP key accepted")
if "FAIL" not in dev[0].request('SET_NETWORK ' + str(id) + ' wep_key0 "12345678901234567"'):
raise Exception("Too long WEP key accepted")
# too short WEP key is ignored
dev[0].set_network_quoted(id, "wep_key0", "1234")
dev[0].set_network_quoted(id, "wep_key1", "12345")
dev[0].set_network_quoted(id, "wep_key2", "1234567890123")
dev[0].set_network_quoted(id, "wep_key3", "1234567890123456")
if "WEP40" in dev[0].get_capability("group"):
# too short WEP key is ignored
dev[0].set_network_quoted(id, "wep_key0", "1234")
dev[0].set_network_quoted(id, "wep_key1", "12345")
dev[0].set_network_quoted(id, "wep_key2", "1234567890123")
dev[0].set_network_quoted(id, "wep_key3", "1234567890123456")
dev[0].set_network(id, "go_p2p_dev_addr", "any")
if dev[0].get_network(id, "go_p2p_dev_addr") is not None: