]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: sigma_dut with TOD-TOFU
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
CommitLineData
f6f33f8f
JM		 1# Test cases for sigma_dut
2# Copyright (c) 2017, Qualcomm Atheros, Inc.
69805425 3# Copyright (c) 2018-2019, The Linux Foundation
f6f33f8f
JM		 4#
5# This software may be distributed under the terms of the BSD license.
6# See README for more details.
7
dc60d564 8import binascii
69805425 9import hashlib
f6f33f8f
JM		 10import logging
11logger = logging.getLogger()
12import os
13import socket
dc60d564 14import struct
f6f33f8f 15import subprocess
d84c0cf4 16import threading
f6f33f8f
JM		 17import time
18
19import hostapd
20from utils import HwsimSkip
21from hwsim import HWSimRadio
4902eb04 22import hwsim_utils
211b5d1b 23from test_dpp import check_dpp_capab, update_hapd_config
002b49ed 24from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
4068d683 25from test_ap_eap import check_eap_capa, int_eap_server_params
31157568 26from test_ap_hs20 import hs20_ap_params
f6f33f8f
JM		 27
28def check_sigma_dut():
29 if not os.path.exists("./sigma_dut"):
30 raise HwsimSkip("sigma_dut not available")
31
54c58f29
MH		 32def to_hex(s):
33 return binascii.hexlify(s.encode()).decode()
34
e1810300
MH		 35def from_hex(s):
36 return binascii.unhexlify(s).decode()
37
d84c0cf4 38def sigma_dut_cmd(cmd, port=9000, timeout=2):
f6f33f8f
JM		 39 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
40 socket.IPPROTO_TCP)
d84c0cf4 41 sock.settimeout(timeout)
f6f33f8f
JM		 42 addr = ('127.0.0.1', port)
43 sock.connect(addr)
cc02ce96 44 sock.send(cmd.encode() + b"\r\n")
f6f33f8f 45 try:
cc02ce96 46 res = sock.recv(1000).decode()
f6f33f8f
JM		 47 running = False
48 done = False
49 for line in res.splitlines():
50 if line.startswith("status,RUNNING"):
51 running = True
52 elif line.startswith("status,INVALID"):
53 done = True
54 elif line.startswith("status,ERROR"):
55 done = True
56 elif line.startswith("status,COMPLETE"):
57 done = True
58 if running and not done:
59 # Read the actual response
cc02ce96 60 res = sock.recv(1000).decode()
f6f33f8f
JM		 61 except:
62 res = ''
63 pass
64 sock.close()
65 res = res.rstrip()
66 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
67 return res
68
d84c0cf4
JM		 69def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
70 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
f6f33f8f
JM		 71 if "COMPLETE" not in res:
72 raise Exception("sigma_dut command failed: " + cmd)
73 return res
74
4902eb04
JM		 75def start_sigma_dut(ifname, debug=False, hostapd_logdir=None, cert_path=None,
76 bridge=None):
f6f33f8f 77 check_sigma_dut()
fab49f61
JM		 78 cmd = ['./sigma_dut',
79 '-M', ifname,
80 '-S', ifname,
81 '-F', '../../hostapd/hostapd',
82 '-G',
83 '-w', '/var/run/wpa_supplicant/',
84 '-j', ifname]
f6f33f8f 85 if debug:
fab49f61 86 cmd += ['-d']
2ef00a36 87 if hostapd_logdir:
fab49f61 88 cmd += ['-H', hostapd_logdir]
2ef00a36 89 if cert_path:
fab49f61 90 cmd += ['-C', cert_path]
4902eb04 91 if bridge:
fab49f61 92 cmd += ['-b', bridge]
f6f33f8f
JM		 93 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
94 stderr=subprocess.PIPE)
95 for i in range(20):
96 try:
97 res = sigma_dut_cmd("HELLO")
98 break
99 except:
100 time.sleep(0.05)
101 return sigma
102
103def stop_sigma_dut(sigma):
104 sigma.terminate()
105 sigma.wait()
106 out, err = sigma.communicate()
366ada04
JM		 107 logger.debug("sigma_dut stdout: " + str(out.decode()))
108 logger.debug("sigma_dut stderr: " + str(err.decode()))
f6f33f8f
JM		 109
110def sigma_dut_wait_connected(ifname):
111 for i in range(50):
112 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
113 if "connected,1" in res:
114 break
115 time.sleep(0.2)
116 if i == 49:
117 raise Exception("Connection did not complete")
118
119def test_sigma_dut_basic(dev, apdev):
120 """sigma_dut basic functionality"""
121 sigma = start_sigma_dut(dev[0].ifname)
122
123 res = sigma_dut_cmd("UNKNOWN")
124 if "status,INVALID,errorCode,Unknown command" not in res:
125 raise Exception("Unexpected sigma_dut response to unknown command")
126
fab49f61
JM		 127 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
128 ("device_get_info", "status,COMPLETE,vendor"),
129 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
130 ("device_list_interfaces,interfaceType,802.11",
131 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
f6f33f8f
JM		 132 for cmd, response in tests:
133 res = sigma_dut_cmd(cmd)
134 if response not in res:
135 raise Exception("Unexpected %s response: %s" % (cmd, res))
136
137 stop_sigma_dut(sigma)
138
139def test_sigma_dut_open(dev, apdev):
140 """sigma_dut controlled open network association"""
65fa9d96
JM		 141 try:
142 run_sigma_dut_open(dev, apdev)
143 finally:
144 dev[0].set("ignore_old_scan_res", "0")
145
146def run_sigma_dut_open(dev, apdev):
f6f33f8f
JM		 147 ifname = dev[0].ifname
148 sigma = start_sigma_dut(ifname)
149
fab49f61 150 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
f6f33f8f
JM		 151
152 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
153 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
154 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"))
155 sigma_dut_wait_connected(ifname)
156 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
157 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
158 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
159
160 stop_sigma_dut(sigma)
161
162def test_sigma_dut_psk_pmf(dev, apdev):
163 """sigma_dut controlled PSK+PMF association"""
65fa9d96
JM		 164 try:
165 run_sigma_dut_psk_pmf(dev, apdev)
166 finally:
167 dev[0].set("ignore_old_scan_res", "0")
168
169def run_sigma_dut_psk_pmf(dev, apdev):
f6f33f8f
JM		 170 ifname = dev[0].ifname
171 sigma = start_sigma_dut(ifname)
172
173 ssid = "test-pmf-required"
174 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
175 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
176 params["ieee80211w"] = "2"
177 hapd = hostapd.add_ap(apdev[0], params)
178
179 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
180 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
181 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
182 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
183 sigma_dut_wait_connected(ifname)
184 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
185 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
186 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
187
188 stop_sigma_dut(sigma)
189
8cfdca12
JM		 190def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
191 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
192 try:
193 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
194 finally:
195 dev[0].set("ignore_old_scan_res", "0")
196
197def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
198 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
199 try:
200 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
201 finally:
202 dev[0].set("ignore_old_scan_res", "0")
203
204def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
205 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
206 try:
207 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
208 finally:
209 dev[0].set("ignore_old_scan_res", "0")
210
211def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
212 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
213 try:
214 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
215 finally:
216 dev[0].set("ignore_old_scan_res", "0")
217
218def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
219 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
220 try:
221 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
222 failure=True)
223 finally:
224 dev[0].set("ignore_old_scan_res", "0")
225
226def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
227 failure=False):
228 ifname = dev[0].ifname
229 sigma = start_sigma_dut(ifname)
230
231 ssid = "test-pmf-required"
232 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
233 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
234 params["ieee80211w"] = "2"
235 params["group_mgmt_cipher"] = hostapd_cipher
236 hapd = hostapd.add_ap(apdev[0], params)
237
238 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
239 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
240 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
241 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
242 if failure:
243 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
244 "CTRL-EVENT-CONNECTED"], timeout=10)
245 if ev is None:
246 raise Exception("Network selection result not indicated")
247 if "CTRL-EVENT-CONNECTED" in ev:
248 raise Exception("Unexpected connection")
249 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
250 if "connected,1" in res:
251 raise Exception("Connection reported")
252 else:
253 sigma_dut_wait_connected(ifname)
254 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
255
256 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
257 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
258
259 stop_sigma_dut(sigma)
260
1ed508d9
JM		 261def test_sigma_dut_sae(dev, apdev):
262 """sigma_dut controlled SAE association"""
263 if "SAE" not in dev[0].get_capability("auth_alg"):
264 raise HwsimSkip("SAE not supported")
265
266 ifname = dev[0].ifname
267 sigma = start_sigma_dut(ifname)
268
269 ssid = "test-sae"
270 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
271 params['wpa_key_mgmt'] = 'SAE'
7b498eca 272 params["ieee80211w"] = "2"
656f4a3e 273 params['sae_groups'] = '19 20 21'
1ed508d9
JM		 274 hapd = hostapd.add_ap(apdev[0], params)
275
276 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
277 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
278 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
279 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
280 sigma_dut_wait_connected(ifname)
281 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
282 if dev[0].get_status_field('sae_group') != '19':
283 raise Exception("Expected default SAE group not used")
284 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
285
286 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
287
288 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
289 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
290 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
291 sigma_dut_wait_connected(ifname)
292 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
293 if dev[0].get_status_field('sae_group') != '20':
294 raise Exception("Expected SAE group not used")
295 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
296 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
297
298 stop_sigma_dut(sigma)
299
6644069c
JM		 300def test_sigma_dut_sae_password(dev, apdev):
301 """sigma_dut controlled SAE association and long password"""
302 if "SAE" not in dev[0].get_capability("auth_alg"):
303 raise HwsimSkip("SAE not supported")
304
305 ifname = dev[0].ifname
306 sigma = start_sigma_dut(ifname)
307
308 try:
309 ssid = "test-sae"
310 params = hostapd.wpa2_params(ssid=ssid)
311 params['sae_password'] = 100*'B'
312 params['wpa_key_mgmt'] = 'SAE'
7b498eca 313 params["ieee80211w"] = "2"
6644069c
JM		 314 hapd = hostapd.add_ap(apdev[0], params)
315
316 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
317 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
318 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
319 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
320 sigma_dut_wait_connected(ifname)
321 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
322 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
323 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
324 finally:
325 stop_sigma_dut(sigma)
326
1b232c1b
JM		 327def test_sigma_dut_sae_pw_id(dev, apdev):
328 """sigma_dut controlled SAE association with Password Identifier"""
329 if "SAE" not in dev[0].get_capability("auth_alg"):
330 raise HwsimSkip("SAE not supported")
331
332 ifname = dev[0].ifname
333 sigma = start_sigma_dut(ifname, debug=True)
334
335 ssid = "test-sae"
336 params = hostapd.wpa2_params(ssid=ssid)
337 params['wpa_key_mgmt'] = 'SAE'
338 params["ieee80211w"] = "2"
339 params['sae_password'] = 'secret|id=pw id'
340 params['sae_groups'] = '19'
341 hapd = hostapd.add_ap(apdev[0], params)
342
343 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
344 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
345 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
346 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
347 sigma_dut_wait_connected(ifname)
348 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
349 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
350
351 stop_sigma_dut(sigma)
352
43f68853
JM		 353def test_sigma_dut_sae_pw_id_ft(dev, apdev):
354 """sigma_dut controlled SAE association with Password Identifier and FT"""
355 if "SAE" not in dev[0].get_capability("auth_alg"):
356 raise HwsimSkip("SAE not supported")
357
358 ifname = dev[0].ifname
359 sigma = start_sigma_dut(ifname, debug=True)
360
361 ssid = "test-sae"
362 params = hostapd.wpa2_params(ssid=ssid)
363 params['wpa_key_mgmt'] = 'SAE FT-SAE'
364 params["ieee80211w"] = "2"
365 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
366 params['mobility_domain'] = 'aabb'
367 params['ft_over_ds'] = '0'
368 bssid = apdev[0]['bssid'].replace(':', '')
369 params['nas_identifier'] = bssid + '.nas.example.com'
370 params['r1_key_holder'] = bssid
371 params['pmk_r1_push'] = '0'
372 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
373 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
374 hapd = hostapd.add_ap(apdev[0], params)
375
376 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
377 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
378 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
379 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
380 sigma_dut_wait_connected(ifname)
381
382 bssid = apdev[1]['bssid'].replace(':', '')
383 params['nas_identifier'] = bssid + '.nas.example.com'
384 params['r1_key_holder'] = bssid
385 hapd2 = hostapd.add_ap(apdev[1], params)
386 bssid = hapd2.own_addr()
387 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
388 dev[0].wait_connected()
389
390 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
391 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
392
393 stop_sigma_dut(sigma)
394
f6f33f8f
JM		 395def test_sigma_dut_sta_override_rsne(dev, apdev):
396 """sigma_dut and RSNE override on STA"""
65fa9d96
JM		 397 try:
398 run_sigma_dut_sta_override_rsne(dev, apdev)
399 finally:
400 dev[0].set("ignore_old_scan_res", "0")
401
402def run_sigma_dut_sta_override_rsne(dev, apdev):
f6f33f8f
JM		 403 ifname = dev[0].ifname
404 sigma = start_sigma_dut(ifname)
405
406 ssid = "test-psk"
407 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
408 hapd = hostapd.add_ap(apdev[0], params)
409
410 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
411
fab49f61
JM		 412 tests = ["30120100000fac040100000fac040100000fac02",
413 "30140100000fac040100000fac040100000fac02ffff"]
f6f33f8f
JM		 414 for test in tests:
415 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
416 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
417 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
418 sigma_dut_wait_connected(ifname)
419 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
420 dev[0].dump_monitor()
421
422 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
423 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
424 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
425
426 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
427 if ev is None:
428 raise Exception("Association rejection not reported")
429 if "status_code=40" not in ev:
430 raise Exception("Unexpected status code: " + ev)
431
432 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
433
434 stop_sigma_dut(sigma)
435
436def test_sigma_dut_ap_psk(dev, apdev):
437 """sigma_dut controlled AP"""
438 with HWSimRadio() as (radio, iface):
439 sigma = start_sigma_dut(iface)
440 try:
441 sigma_dut_cmd_check("ap_reset_default")
442 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
443 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
444 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
445
446 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
447
448 sigma_dut_cmd_check("ap_reset_default")
449 finally:
450 stop_sigma_dut(sigma)
451
20c18348
JM		 452def test_sigma_dut_ap_pskhex(dev, apdev, params):
453 """sigma_dut controlled AP and PSKHEX"""
454 logdir = os.path.join(params['logdir'],
455 "sigma_dut_ap_pskhex.sigma-hostapd")
456 with HWSimRadio() as (radio, iface):
457 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
458 try:
459 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
460 sigma_dut_cmd_check("ap_reset_default")
461 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
462 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
463 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
464
465 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
466
467 sigma_dut_cmd_check("ap_reset_default")
468 finally:
469 stop_sigma_dut(sigma)
470
63add34e
JM		 471def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
472 """sigma_dut controlled AP PSK SHA256"""
473 logdir = os.path.join(params['logdir'],
474 "sigma_dut_ap_psk_sha256.sigma-hostapd")
475 with HWSimRadio() as (radio, iface):
476 sigma = start_sigma_dut(iface)
477 try:
478 sigma_dut_cmd_check("ap_reset_default")
479 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
480 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
481 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
482
483 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
484 psk="12345678", scan_freq="2412")
485
486 sigma_dut_cmd_check("ap_reset_default")
487 finally:
488 stop_sigma_dut(sigma)
489
69805425
JM		 490def test_sigma_dut_eap_ttls(dev, apdev, params):
491 """sigma_dut controlled STA and EAP-TTLS parameters"""
492 logdir = params['logdir']
493
494 with open("auth_serv/ca.pem", "r") as f:
495 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
496 f2.write(f.read())
497
498 src = "auth_serv/server.pem"
499 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
500 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
501 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
502 "-outform", "DER"],
503 stderr=open('/dev/null', 'w'))
504 with open(dst, "rb") as f:
505 der = f.read()
506 hash = hashlib.sha256(der).digest()
507 with open(hashdst, "w") as f:
508 f.write(binascii.hexlify(hash).decode())
509
510 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
511 with open(dst, "w") as f:
512 f.write(32*"00")
513
514 ssid = "test-wpa2-eap"
515 params = hostapd.wpa2_eap_params(ssid=ssid)
516 hapd = hostapd.add_ap(apdev[0], params)
517
518 ifname = dev[0].ifname
519 sigma = start_sigma_dut(ifname, cert_path=logdir)
520
521 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
522
523 tests = ["",
524 ",Domain,server.w1.fi",
525 ",DomainSuffix,w1.fi",
526 ",DomainSuffix,server.w1.fi",
527 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
528 for extra in tests:
529 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
530 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
531 sigma_dut_cmd_check(cmd + extra)
532 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
533 sigma_dut_wait_connected(ifname)
534 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
535 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
536 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
537 dev[0].dump_monitor()
538
539 tests = [",Domain,w1.fi",
540 ",DomainSuffix,example.com",
541 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
542 for extra in tests:
543 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
544 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
545 sigma_dut_cmd_check(cmd + extra)
546 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
547 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
548 if ev is None:
549 raise Exception("Server certificate error not reported")
550 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
551 if "connected,1" in res:
552 raise Exception("Unexpected connection reported")
553 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
554 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
555 dev[0].dump_monitor()
556
557 stop_sigma_dut(sigma)
558
2ef00a36
JM		 559def test_sigma_dut_suite_b(dev, apdev, params):
560 """sigma_dut controlled STA Suite B"""
561 check_suite_b_192_capa(dev)
562 logdir = params['logdir']
563
564 with open("auth_serv/ec2-ca.pem", "r") as f:
565 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
566 f2.write(f.read())
567
568 with open("auth_serv/ec2-user.pem", "r") as f:
569 with open("auth_serv/ec2-user.key", "r") as f2:
570 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
571 f3.write(f.read())
572 f3.write(f2.read())
573
574 dev[0].flush_scan_cache()
575 params = suite_b_as_params()
576 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
577 params['server_cert'] = 'auth_serv/ec2-server.pem'
578 params['private_key'] = 'auth_serv/ec2-server.key'
579 params['openssl_ciphers'] = 'SUITEB192'
580 hostapd.add_ap(apdev[1], params)
581
fab49f61
JM		 582 params = {"ssid": "test-suite-b",
583 "wpa": "2",
584 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
585 "rsn_pairwise": "GCMP-256",
586 "group_mgmt_cipher": "BIP-GMAC-256",
587 "ieee80211w": "2",
588 "ieee8021x": "1",
589 'auth_server_addr': "127.0.0.1",
590 'auth_server_port': "18129",
591 'auth_server_shared_secret': "radius",
592 'nas_identifier': "nas.w1.fi"}
2ef00a36
JM		 593 hapd = hostapd.add_ap(apdev[0], params)
594
595 ifname = dev[0].ifname
596 sigma = start_sigma_dut(ifname, cert_path=logdir)
597
598 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
599 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
6f90cfd7 600 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
2ef00a36
JM		 601 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
602 sigma_dut_wait_connected(ifname)
603 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
604 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
605 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
606
607 stop_sigma_dut(sigma)
608
002b49ed
JM		 609def test_sigma_dut_suite_b_rsa(dev, apdev, params):
610 """sigma_dut controlled STA Suite B (RSA)"""
611 check_suite_b_192_capa(dev)
612 logdir = params['logdir']
613
614 with open("auth_serv/rsa3072-ca.pem", "r") as f:
615 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
616 f2.write(f.read())
617
618 with open("auth_serv/rsa3072-user.pem", "r") as f:
619 with open("auth_serv/rsa3072-user.key", "r") as f2:
620 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
621 f3.write(f.read())
622 f3.write(f2.read())
623
624 dev[0].flush_scan_cache()
625 params = suite_b_192_rsa_ap_params()
626 hapd = hostapd.add_ap(apdev[0], params)
627
628 ifname = dev[0].ifname
629 sigma = start_sigma_dut(ifname, cert_path=logdir)
630
6f90cfd7 631 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
002b49ed 632
fab49f61
JM		 633 tests = ["",
634 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
635 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
002b49ed
JM		 636 for extra in tests:
637 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
638 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
639 sigma_dut_cmd_check(cmd + extra)
640 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
641 sigma_dut_wait_connected(ifname)
642 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
643 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
644 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
645
646 stop_sigma_dut(sigma)
647
2ef00a36
JM		 648def test_sigma_dut_ap_suite_b(dev, apdev, params):
649 """sigma_dut controlled AP Suite B"""
650 check_suite_b_192_capa(dev)
651 logdir = os.path.join(params['logdir'],
652 "sigma_dut_ap_suite_b.sigma-hostapd")
653 params = suite_b_as_params()
654 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
655 params['server_cert'] = 'auth_serv/ec2-server.pem'
656 params['private_key'] = 'auth_serv/ec2-server.key'
657 params['openssl_ciphers'] = 'SUITEB192'
658 hostapd.add_ap(apdev[1], params)
659 with HWSimRadio() as (radio, iface):
660 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
661 try:
662 sigma_dut_cmd_check("ap_reset_default")
663 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
664 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
6f90cfd7 665 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
2ef00a36
JM		 666 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
667
668 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
669 ieee80211w="2",
670 openssl_ciphers="SUITEB192",
671 eap="TLS", identity="tls user",
672 ca_cert="auth_serv/ec2-ca.pem",
673 client_cert="auth_serv/ec2-user.pem",
674 private_key="auth_serv/ec2-user.key",
675 pairwise="GCMP-256", group="GCMP-256",
676 scan_freq="2412")
677
678 sigma_dut_cmd_check("ap_reset_default")
679 finally:
680 stop_sigma_dut(sigma)
681
682def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
683 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
684 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
685 "GCMP")
686
687def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
688 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
689 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
690 "GCMP-256")
691
692def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
693 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
694 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
695 "CCMP")
696
697def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
698 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
699 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
700 "CCMP-256")
701
6af3b593
JM		 702def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
703 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
704 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
705 "BIP-GMAC-256", "CCMP")
706
707def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
708 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
709 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
710 "BIP-GMAC-256", "GCMP-256", "CCMP")
711
21fd5576
JM		 712def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
713 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
714 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
715 "GCMP-256", "CCMP", "AES-CCMP-128")
716
2ef00a36 717def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
21fd5576 718 sta_cipher, sta_cipher_group=None, ap_group=None):
2ef00a36
JM		 719 check_suite_b_192_capa(dev)
720 logdir = os.path.join(params['logdir'],
721 "sigma_dut_ap_cipher.sigma-hostapd")
722 params = suite_b_as_params()
723 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
724 params['server_cert'] = 'auth_serv/ec2-server.pem'
725 params['private_key'] = 'auth_serv/ec2-server.key'
726 params['openssl_ciphers'] = 'SUITEB192'
727 hostapd.add_ap(apdev[1], params)
728 with HWSimRadio() as (radio, iface):
729 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
730 try:
731 sigma_dut_cmd_check("ap_reset_default")
732 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
733 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
21fd5576
JM		 734 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
735 if ap_group:
736 cmd += ",GroupCipher,%s" % ap_group
737 sigma_dut_cmd_check(cmd)
2ef00a36
JM		 738 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
739
6af3b593
JM		 740 if sta_cipher_group is None:
741 sta_cipher_group = sta_cipher
2ef00a36
JM		 742 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
743 ieee80211w="2",
744 openssl_ciphers="SUITEB192",
745 eap="TLS", identity="tls user",
746 ca_cert="auth_serv/ec2-ca.pem",
747 client_cert="auth_serv/ec2-user.pem",
748 private_key="auth_serv/ec2-user.key",
6af3b593 749 pairwise=sta_cipher, group=sta_cipher_group,
2ef00a36
JM		 750 scan_freq="2412")
751
752 sigma_dut_cmd_check("ap_reset_default")
753 finally:
754 stop_sigma_dut(sigma)
755
f6f33f8f
JM		 756def test_sigma_dut_ap_override_rsne(dev, apdev):
757 """sigma_dut controlled AP overriding RSNE"""
758 with HWSimRadio() as (radio, iface):
759 sigma = start_sigma_dut(iface)
760 try:
761 sigma_dut_cmd_check("ap_reset_default")
762 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
763 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
764 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
765 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
766
767 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
768
769 sigma_dut_cmd_check("ap_reset_default")
770 finally:
771 stop_sigma_dut(sigma)
1ed508d9 772
7b498eca 773def test_sigma_dut_ap_sae(dev, apdev, params):
1ed508d9 774 """sigma_dut controlled AP with SAE"""
7b498eca
JM		 775 logdir = os.path.join(params['logdir'],
776 "sigma_dut_ap_sae.sigma-hostapd")
6e6651d0
JM		 777 if "SAE" not in dev[0].get_capability("auth_alg"):
778 raise HwsimSkip("SAE not supported")
1ed508d9 779 with HWSimRadio() as (radio, iface):
7b498eca 780 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1ed508d9
JM		 781 try:
782 sigma_dut_cmd_check("ap_reset_default")
783 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
784 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
785 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
786
787 dev[0].request("SET sae_groups ")
788 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
7b498eca 789 ieee80211w="2", scan_freq="2412")
1ed508d9
JM		 790 if dev[0].get_status_field('sae_group') != '19':
791 raise Exception("Expected default SAE group not used")
792
793 sigma_dut_cmd_check("ap_reset_default")
6644069c
JM		 794 finally:
795 stop_sigma_dut(sigma)
796
7b498eca 797def test_sigma_dut_ap_sae_password(dev, apdev, params):
6644069c 798 """sigma_dut controlled AP with SAE and long password"""
7b498eca
JM		 799 logdir = os.path.join(params['logdir'],
800 "sigma_dut_ap_sae_password.sigma-hostapd")
6e6651d0
JM		 801 if "SAE" not in dev[0].get_capability("auth_alg"):
802 raise HwsimSkip("SAE not supported")
6644069c 803 with HWSimRadio() as (radio, iface):
7b498eca 804 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
6644069c
JM		 805 try:
806 sigma_dut_cmd_check("ap_reset_default")
807 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
808 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
809 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
810
811 dev[0].request("SET sae_groups ")
812 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
7b498eca 813 ieee80211w="2", scan_freq="2412")
6644069c
JM		 814 if dev[0].get_status_field('sae_group') != '19':
815 raise Exception("Expected default SAE group not used")
816
817 sigma_dut_cmd_check("ap_reset_default")
1ed508d9
JM		 818 finally:
819 stop_sigma_dut(sigma)
820
1b232c1b
JM		 821def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
822 """sigma_dut controlled AP with SAE Password Identifier"""
823 logdir = os.path.join(params['logdir'],
824 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
825 conffile = os.path.join(params['logdir'],
826 "sigma_dut_ap_sae_pw_id.sigma-conf")
827 if "SAE" not in dev[0].get_capability("auth_alg"):
828 raise HwsimSkip("SAE not supported")
829 with HWSimRadio() as (radio, iface):
830 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
831 try:
832 sigma_dut_cmd_check("ap_reset_default")
833 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
834 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
835 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
836
837 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
838 with open(conffile, "wb") as f2:
839 f2.write(f.read())
840
841 dev[0].request("SET sae_groups ")
842 tests = [("pw1", "id1"),
843 ("pw2", "id2"),
844 ("pw3", None),
845 ("pw4", "id4")]
846 for pw, pw_id in tests:
847 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
848 sae_password_id=pw_id,
849 ieee80211w="2", scan_freq="2412")
850 dev[0].request("REMOVE_NETWORK all")
851 dev[0].wait_disconnected()
852
853 sigma_dut_cmd_check("ap_reset_default")
854 finally:
855 stop_sigma_dut(sigma)
856
857def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
858 """sigma_dut controlled AP with SAE Password Identifier and FT"""
859 logdir = os.path.join(params['logdir'],
860 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
861 conffile = os.path.join(params['logdir'],
862 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
863 if "SAE" not in dev[0].get_capability("auth_alg"):
864 raise HwsimSkip("SAE not supported")
865 with HWSimRadio() as (radio, iface):
866 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
867 try:
868 sigma_dut_cmd_check("ap_reset_default")
869 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
870 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
871 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
872
873 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
874 with open(conffile, "wb") as f2:
875 f2.write(f.read())
876
877 dev[0].request("SET sae_groups ")
878 tests = [("pw1", "id1", "SAE"),
879 ("pw2", "id2", "FT-SAE"),
880 ("pw3", None, "FT-SAE"),
881 ("pw4", "id4", "SAE")]
882 for pw, pw_id, key_mgmt in tests:
883 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
884 sae_password_id=pw_id,
885 ieee80211w="2", scan_freq="2412")
886 dev[0].request("REMOVE_NETWORK all")
887 dev[0].wait_disconnected()
888
889 sigma_dut_cmd_check("ap_reset_default")
890 finally:
891 stop_sigma_dut(sigma)
892
7b498eca 893def test_sigma_dut_ap_sae_group(dev, apdev, params):
1ed508d9 894 """sigma_dut controlled AP with SAE and specific group"""
7b498eca
JM		 895 logdir = os.path.join(params['logdir'],
896 "sigma_dut_ap_sae_group.sigma-hostapd")
6e6651d0
JM		 897 if "SAE" not in dev[0].get_capability("auth_alg"):
898 raise HwsimSkip("SAE not supported")
1ed508d9 899 with HWSimRadio() as (radio, iface):
7b498eca 900 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1ed508d9
JM		 901 try:
902 sigma_dut_cmd_check("ap_reset_default")
903 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
904 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
905 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
906
907 dev[0].request("SET sae_groups ")
908 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
7b498eca 909 ieee80211w="2", scan_freq="2412")
1ed508d9
JM		 910 if dev[0].get_status_field('sae_group') != '20':
911 raise Exception("Expected SAE group not used")
912
913 sigma_dut_cmd_check("ap_reset_default")
914 finally:
915 stop_sigma_dut(sigma)
916
7b498eca 917def test_sigma_dut_ap_psk_sae(dev, apdev, params):
1ed508d9 918 """sigma_dut controlled AP with PSK+SAE"""
6e6651d0
JM		 919 if "SAE" not in dev[0].get_capability("auth_alg"):
920 raise HwsimSkip("SAE not supported")
7b498eca
JM		 921 logdir = os.path.join(params['logdir'],
922 "sigma_dut_ap_psk_sae.sigma-hostapd")
1ed508d9 923 with HWSimRadio() as (radio, iface):
7b498eca 924 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1ed508d9
JM		 925 try:
926 sigma_dut_cmd_check("ap_reset_default")
927 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
928 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
929 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
930
7b498eca
JM		 931 dev[2].request("SET sae_groups ")
932 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
933 scan_freq="2412", ieee80211w="0", wait_connect=False)
1ed508d9
JM		 934 dev[0].request("SET sae_groups ")
935 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
7b498eca 936 scan_freq="2412", ieee80211w="2")
1ed508d9
JM		 937 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
938
7b498eca
JM		 939 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
940 dev[2].request("DISCONNECT")
941 if ev is not None:
942 raise Exception("Unexpected connection without PMF")
943
1ed508d9
JM		 944 sigma_dut_cmd_check("ap_reset_default")
945 finally:
946 stop_sigma_dut(sigma)
b9c0e1fa 947
d08ef579
JM		 948def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
949 """sigma_dut controlled AP with PSK, SAE, FT"""
950 logdir = os.path.join(params['logdir'],
951 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
952 conffile = os.path.join(params['logdir'],
953 "sigma_dut_ap_psk_sae_ft.sigma-conf")
954 if "SAE" not in dev[0].get_capability("auth_alg"):
955 raise HwsimSkip("SAE not supported")
956 with HWSimRadio() as (radio, iface):
957 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
958 try:
959 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
960 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
961 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
962 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
963 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
964 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
965
966 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
967 with open(conffile, "wb") as f2:
968 f2.write(f.read())
969
970 dev[0].request("SET sae_groups ")
971 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
972 sae_password="12345678", scan_freq="2412")
973 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
974 psk="12345678", scan_freq="2412")
975 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
976 psk="12345678", scan_freq="2412")
977
978 sigma_dut_cmd_check("ap_reset_default")
979 finally:
980 stop_sigma_dut(sigma)
981
b9c0e1fa
JM		 982def test_sigma_dut_owe(dev, apdev):
983 """sigma_dut controlled OWE station"""
984 try:
985 run_sigma_dut_owe(dev, apdev)
986 finally:
987 dev[0].set("ignore_old_scan_res", "0")
988
989def run_sigma_dut_owe(dev, apdev):
990 if "OWE" not in dev[0].get_capability("key_mgmt"):
991 raise HwsimSkip("OWE not supported")
992
993 ifname = dev[0].ifname
994 sigma = start_sigma_dut(ifname)
995
996 try:
fab49f61
JM		 997 params = {"ssid": "owe",
998 "wpa": "2",
999 "wpa_key_mgmt": "OWE",
1000 "ieee80211w": "2",
1001 "rsn_pairwise": "CCMP"}
b9c0e1fa
JM		 1002 hapd = hostapd.add_ap(apdev[0], params)
1003 bssid = hapd.own_addr()
1004
1005 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1006 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1007 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
1008 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1009 sigma_dut_wait_connected(ifname)
1010 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1011
1012 dev[0].dump_monitor()
1013 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1014 dev[0].wait_connected()
1015 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1016 dev[0].wait_disconnected()
1017 dev[0].dump_monitor()
1018
1019 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1020 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1021 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1022 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1023 sigma_dut_wait_connected(ifname)
1024 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
e30de6c2
JM		 1025 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1026 dev[0].wait_disconnected()
1027 dev[0].dump_monitor()
1028
1029 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1030 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1031 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
1032 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1033 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1034 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1035 if ev is None:
1036 raise Exception("Association not rejected")
1037 if "status_code=77" not in ev:
1038 raise Exception("Unexpected rejection reason: " + ev)
b9c0e1fa
JM		 1039
1040 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1041 finally:
1042 stop_sigma_dut(sigma)
1043
7b498eca 1044def test_sigma_dut_ap_owe(dev, apdev, params):
b9c0e1fa 1045 """sigma_dut controlled AP with OWE"""
7b498eca
JM		 1046 logdir = os.path.join(params['logdir'],
1047 "sigma_dut_ap_owe.sigma-hostapd")
b9c0e1fa
JM		 1048 if "OWE" not in dev[0].get_capability("key_mgmt"):
1049 raise HwsimSkip("OWE not supported")
1050 with HWSimRadio() as (radio, iface):
7b498eca 1051 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
b9c0e1fa
JM		 1052 try:
1053 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1054 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1055 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1056 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1057
7b498eca
JM		 1058 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1059 scan_freq="2412")
b9c0e1fa
JM		 1060
1061 sigma_dut_cmd_check("ap_reset_default")
1062 finally:
1063 stop_sigma_dut(sigma)
7f811be5
JM		 1064
1065def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1066 """sigma_dut controlled AP with OWE and ECGroupID"""
1067 if "OWE" not in dev[0].get_capability("key_mgmt"):
1068 raise HwsimSkip("OWE not supported")
1069 with HWSimRadio() as (radio, iface):
1070 sigma = start_sigma_dut(iface)
1071 try:
1072 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1073 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1074 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1075 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1076
1077 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1078 owe_group="20", scan_freq="2412")
1079 dev[0].request("REMOVE_NETWORK all")
1080 dev[0].wait_disconnected()
1081
1082 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1083 owe_group="21", scan_freq="2412")
1084 dev[0].request("REMOVE_NETWORK all")
1085 dev[0].wait_disconnected()
1086
1087 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1088 owe_group="19", scan_freq="2412", wait_connect=False)
1089 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1090 dev[0].request("DISCONNECT")
1091 if ev is None:
1092 raise Exception("Association not rejected")
1093 if "status_code=77" not in ev:
1094 raise Exception("Unexpected rejection reason: " + ev)
1095 dev[0].dump_monitor()
1096
1097 sigma_dut_cmd_check("ap_reset_default")
1098 finally:
1099 stop_sigma_dut(sigma)
86fd7d70
JM		 1100
1101def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1102 """sigma_dut controlled AP with OWE and transition mode"""
1103 if "OWE" not in dev[0].get_capability("key_mgmt"):
1104 raise HwsimSkip("OWE not supported")
1105 logdir = os.path.join(params['logdir'],
1106 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1107 with HWSimRadio() as (radio, iface):
1108 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1109 try:
1110 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1111 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1112 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1113 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1114 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1115 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1116
89c343e8
JM		 1117 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1118 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1119
7b498eca
JM		 1120 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1121 scan_freq="2412")
86fd7d70 1122 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
89c343e8
JM		 1123 if dev[0].get_status_field('bssid') not in res1:
1124 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1125 if dev[1].get_status_field('bssid') not in res2:
1126 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
86fd7d70
JM		 1127
1128 sigma_dut_cmd_check("ap_reset_default")
1129 finally:
1130 stop_sigma_dut(sigma)
d84c0cf4 1131
c5238c48
JM		 1132def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1133 """sigma_dut controlled AP with OWE and transition mode (2)"""
1134 if "OWE" not in dev[0].get_capability("key_mgmt"):
1135 raise HwsimSkip("OWE not supported")
1136 logdir = os.path.join(params['logdir'],
1137 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1138 with HWSimRadio() as (radio, iface):
1139 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1140 try:
1141 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1142 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1143 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1144 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1145 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1146 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1147
1148 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1149 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1150
1151 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1152 scan_freq="2412")
1153 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1154 if dev[0].get_status_field('bssid') not in res2:
1155 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1156 if dev[1].get_status_field('bssid') not in res1:
1157 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1158
1159 sigma_dut_cmd_check("ap_reset_default")
1160 finally:
1161 stop_sigma_dut(sigma)
1162
d84c0cf4
JM		 1163def dpp_init_enrollee(dev, id1):
1164 logger.info("Starting DPP initiator/enrollee in a thread")
1165 time.sleep(1)
1166 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1167 if "OK" not in dev.request(cmd):
1168 raise Exception("Failed to initiate DPP Authentication")
1169 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1170 if ev is None:
1171 raise Exception("DPP configuration not completed (Enrollee)")
1172 logger.info("DPP initiator/enrollee done")
1173
1174def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1175 """sigma_dut DPP/QR responder (conf index 1)"""
1176 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1177
1178def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1179 """sigma_dut DPP/QR responder (conf index 2)"""
1180 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1181
1182def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1183 """sigma_dut DPP/QR responder (conf index 3)"""
1184 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1185
1186def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1187 """sigma_dut DPP/QR responder (conf index 4)"""
1188 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1189
23c45cd0
JM		 1190def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1191 """sigma_dut DPP/QR responder (conf index 5)"""
1192 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1193
1194def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1195 """sigma_dut DPP/QR responder (conf index 6)"""
1196 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1197
1198def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1199 """sigma_dut DPP/QR responder (conf index 7)"""
1200 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1201
8a3368d7
JM		 1202def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1203 """sigma_dut DPP/QR responder (conf index 8)"""
1204 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1205
b014624b
JM		 1206def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1207 """sigma_dut DPP/QR responder (channel list override)"""
1208 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1209 listen_chan=2)
1210
1211def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1212 listen_chan=None):
d84c0cf4
JM		 1213 check_dpp_capab(dev[0])
1214 check_dpp_capab(dev[1])
1215 sigma = start_sigma_dut(dev[0].ifname)
1216 try:
b014624b
JM		 1217 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1218 if chan_list:
1219 cmd += ",DPPChannelList," + chan_list
1220 res = sigma_dut_cmd(cmd)
d84c0cf4
JM		 1221 if "status,COMPLETE" not in res:
1222 raise Exception("dev_exec_action did not succeed: " + res)
1223 hex = res.split(',')[3]
e1810300 1224 uri = from_hex(hex)
d84c0cf4
JM		 1225 logger.info("URI from sigma_dut: " + uri)
1226
0422d06b 1227 id1 = dev[1].dpp_qr_code(uri)
d84c0cf4
JM		 1228
1229 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1))
1230 t.start()
14f8e081 1231 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
b014624b
JM		 1232 if listen_chan:
1233 cmd += ",DPPListenChannel," + str(listen_chan)
1234 res = sigma_dut_cmd(cmd, timeout=10)
d84c0cf4
JM		 1235 t.join()
1236 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1237 raise Exception("Unexpected result: " + res)
1238 finally:
1239 stop_sigma_dut(sigma)
1240
1241def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1242 """sigma_dut DPP/QR initiator as Enrollee"""
1243 check_dpp_capab(dev[0])
1244 check_dpp_capab(dev[1])
1245
1246 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1247 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1248 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1249 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1250
fab49f61
JM		 1251 params = {"ssid": "DPPNET01",
1252 "wpa": "2",
1253 "ieee80211w": "2",
1254 "wpa_key_mgmt": "DPP",
1255 "rsn_pairwise": "CCMP",
1256 "dpp_connector": ap_connector,
1257 "dpp_csign": csign_pub,
1258 "dpp_netaccesskey": ap_netaccesskey}
d84c0cf4
JM		 1259 try:
1260 hapd = hostapd.add_ap(apdev[0], params)
1261 except:
1262 raise HwsimSkip("DPP not supported")
1263
1264 sigma = start_sigma_dut(dev[0].ifname)
1265 try:
1266 dev[0].set("dpp_config_processing", "2")
1267
1268 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 1269 res = dev[1].request(cmd)
d84c0cf4
JM		 1270 if "FAIL" in res:
1271 raise Exception("Failed to add configurator")
1272 conf_id = int(res)
1273
a5387062 1274 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 1275 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1276
1277 dev[1].set("dpp_configurator_params",
54c58f29 1278 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
d84c0cf4
JM		 1279 cmd = "DPP_LISTEN 2437 role=configurator"
1280 if "OK" not in dev[1].request(cmd):
1281 raise Exception("Failed to start listen operation")
1282
54c58f29 1283 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 1284 if "status,COMPLETE" not in res:
1285 raise Exception("dev_exec_action did not succeed: " + res)
1286
1287 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1288 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1289 raise Exception("Unexpected result: " + res)
1290 finally:
1291 dev[0].set("dpp_config_processing", "0")
1292 stop_sigma_dut(sigma)
1293
1294def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1295 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
33cddd7f
JM		 1296 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1297
1298def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1299 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1300 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1301 extra="DPPAuthDirection,Mutual,")
1302
1303def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
d84c0cf4
JM		 1304 check_dpp_capab(dev[0])
1305 check_dpp_capab(dev[1])
1306
1307 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1308 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1309 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1310 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1311
fab49f61
JM		 1312 params = {"ssid": "DPPNET01",
1313 "wpa": "2",
1314 "ieee80211w": "2",
1315 "wpa_key_mgmt": "DPP",
1316 "rsn_pairwise": "CCMP",
1317 "dpp_connector": ap_connector,
1318 "dpp_csign": csign_pub,
1319 "dpp_netaccesskey": ap_netaccesskey}
d84c0cf4
JM		 1320 try:
1321 hapd = hostapd.add_ap(apdev[0], params)
1322 except:
1323 raise HwsimSkip("DPP not supported")
1324
1325 sigma = start_sigma_dut(dev[0].ifname)
1326 try:
1327 dev[0].set("dpp_config_processing", "2")
1328
1329 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 1330 res = dev[1].request(cmd)
d84c0cf4
JM		 1331 if "FAIL" in res:
1332 raise Exception("Failed to add configurator")
1333 conf_id = int(res)
1334
a5387062 1335 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 1336 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1337
1338 dev[1].set("dpp_configurator_params",
54c58f29 1339 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
d84c0cf4
JM		 1340 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1341 if "OK" not in dev[1].request(cmd):
1342 raise Exception("Failed to start listen operation")
1343
1344 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1345 if "status,COMPLETE" not in res:
1346 raise Exception("dev_exec_action did not succeed: " + res)
1347 hex = res.split(',')[3]
e1810300 1348 uri = from_hex(hex)
d84c0cf4
JM		 1349 logger.info("URI from sigma_dut: " + uri)
1350
0422d06b 1351 id1 = dev[1].dpp_qr_code(uri)
d84c0cf4 1352
54c58f29 1353 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 1354 if "status,COMPLETE" not in res:
1355 raise Exception("dev_exec_action did not succeed: " + res)
1356
33cddd7f 1357 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
d84c0cf4
JM		 1358 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1359 raise Exception("Unexpected result: " + res)
1360 finally:
1361 dev[0].set("dpp_config_processing", "0")
1362 stop_sigma_dut(sigma)
1363
1364def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1365 time.sleep(1)
1366 logger.info("Starting DPP initiator/configurator in a thread")
54c58f29 1367 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
d84c0cf4
JM		 1368 if own_id is not None:
1369 cmd += " own=%d" % own_id
1370 if "OK" not in dev.request(cmd):
1371 raise Exception("Failed to initiate DPP Authentication")
1372 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1373 if ev is None:
1374 raise Exception("DPP configuration not completed (Configurator)")
1375 logger.info("DPP initiator/configurator done")
1376
1377def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1378 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
71db91db
JM		 1379 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1380
1381def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1382 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1383 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1384
1385def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
d84c0cf4
JM		 1386 check_dpp_capab(dev[0])
1387 check_dpp_capab(dev[1])
1388
1389 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1390 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1391 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1392 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1393
fab49f61
JM		 1394 params = {"ssid": "DPPNET01",
1395 "wpa": "2",
1396 "ieee80211w": "2",
1397 "wpa_key_mgmt": "DPP",
1398 "rsn_pairwise": "CCMP",
1399 "dpp_connector": ap_connector,
1400 "dpp_csign": csign_pub,
1401 "dpp_netaccesskey": ap_netaccesskey}
d84c0cf4
JM		 1402 try:
1403 hapd = hostapd.add_ap(apdev[0], params)
1404 except:
1405 raise HwsimSkip("DPP not supported")
1406
1407 sigma = start_sigma_dut(dev[0].ifname)
1408 try:
1409 dev[0].set("dpp_config_processing", "2")
1410
1411 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 1412 res = dev[1].request(cmd)
d84c0cf4
JM		 1413 if "FAIL" in res:
1414 raise Exception("Failed to add configurator")
1415 conf_id = int(res)
1416
a5387062 1417 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 1418 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1419
d84c0cf4
JM		 1420 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1421 if "status,COMPLETE" not in res:
1422 raise Exception("dev_exec_action did not succeed: " + res)
1423 hex = res.split(',')[3]
e1810300 1424 uri = from_hex(hex)
d84c0cf4
JM		 1425 logger.info("URI from sigma_dut: " + uri)
1426
0422d06b 1427 id1 = dev[1].dpp_qr_code(uri)
d84c0cf4 1428
54c58f29 1429 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 1430 if "status,COMPLETE" not in res:
1431 raise Exception("dev_exec_action did not succeed: " + res)
1432
1433 t = threading.Thread(target=dpp_init_conf_mutual,
1434 args=(dev[1], id1, conf_id, id0))
1435 t.start()
1436
71db91db
JM		 1437 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1438 if extra:
1439 cmd += extra
1440 res = sigma_dut_cmd(cmd, timeout=25)
d84c0cf4
JM		 1441 t.join()
1442 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1443 raise Exception("Unexpected result: " + res)
1444 finally:
1445 dev[0].set("dpp_config_processing", "0")
1446 stop_sigma_dut(sigma)
1447
e486e5fd
JM		 1448def dpp_resp_conf_mutual(dev, conf_id, uri):
1449 logger.info("Starting DPP responder/configurator in a thread")
1450 dev.set("dpp_configurator_params",
54c58f29
MH		 1451 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1452 conf_id))
e486e5fd
JM		 1453 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1454 if "OK" not in dev.request(cmd):
1455 raise Exception("Failed to initiate DPP listen")
1456 if uri:
1457 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1458 if ev is None:
1459 raise Exception("QR Code scan for mutual authentication not requested")
0422d06b 1460 dev.dpp_qr_code(uri)
e486e5fd
JM		 1461 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1462 if ev is None:
1463 raise Exception("DPP configuration not completed (Configurator)")
1464 logger.info("DPP responder/configurator done")
1465
1466def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1467 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1468 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1469
1470def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1471 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1472 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1473
1474def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1475 check_dpp_capab(dev[0])
1476 check_dpp_capab(dev[1])
1477
1478 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1479 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1480 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1481 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1482
fab49f61
JM		 1483 params = {"ssid": "DPPNET01",
1484 "wpa": "2",
1485 "ieee80211w": "2",
1486 "wpa_key_mgmt": "DPP",
1487 "rsn_pairwise": "CCMP",
1488 "dpp_connector": ap_connector,
1489 "dpp_csign": csign_pub,
1490 "dpp_netaccesskey": ap_netaccesskey}
e486e5fd
JM		 1491 try:
1492 hapd = hostapd.add_ap(apdev[0], params)
1493 except:
1494 raise HwsimSkip("DPP not supported")
1495
1496 sigma = start_sigma_dut(dev[0].ifname)
1497 try:
1498 dev[0].set("dpp_config_processing", "2")
1499
1500 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 1501 res = dev[1].request(cmd)
e486e5fd
JM		 1502 if "FAIL" in res:
1503 raise Exception("Failed to add configurator")
1504 conf_id = int(res)
1505
a5387062 1506 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
e486e5fd
JM		 1507 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1508
1509 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1510 if "status,COMPLETE" not in res:
1511 raise Exception("dev_exec_action did not succeed: " + res)
1512 hex = res.split(',')[3]
e1810300 1513 uri = from_hex(hex)
e486e5fd
JM		 1514 logger.info("URI from sigma_dut: " + uri)
1515
1516 if not resp_pending:
0422d06b 1517 dev[1].dpp_qr_code(uri)
e486e5fd
JM		 1518 uri = None
1519
54c58f29 1520 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
e486e5fd
JM		 1521 if "status,COMPLETE" not in res:
1522 raise Exception("dev_exec_action did not succeed: " + res)
1523
1524 t = threading.Thread(target=dpp_resp_conf_mutual,
1525 args=(dev[1], conf_id, uri))
1526 t.start()
1527
1528 time.sleep(1)
33cddd7f 1529 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
e486e5fd
JM		 1530 res = sigma_dut_cmd(cmd, timeout=15)
1531 t.join()
1532 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1533 raise Exception("Unexpected result: " + res)
1534 finally:
1535 dev[0].set("dpp_config_processing", "0")
1536 stop_sigma_dut(sigma)
1537
d84c0cf4
JM		 1538def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1539 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1540 check_dpp_capab(dev[0])
1541 check_dpp_capab(dev[1])
1542
1543 params = hostapd.wpa2_params(ssid="DPPNET01",
1544 passphrase="ThisIsDppPassphrase")
1545 hapd = hostapd.add_ap(apdev[0], params)
1546
1547 sigma = start_sigma_dut(dev[0].ifname)
1548 try:
1549 dev[0].set("dpp_config_processing", "2")
1550
1551 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 1552 res = dev[1].request(cmd)
d84c0cf4
JM		 1553 if "FAIL" in res:
1554 raise Exception("Failed to add configurator")
1555 conf_id = int(res)
1556
a5387062 1557 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 1558 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1559
1560 dev[1].set("dpp_configurator_params",
54c58f29 1561 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
d84c0cf4
JM		 1562 cmd = "DPP_LISTEN 2437 role=configurator"
1563 if "OK" not in dev[1].request(cmd):
1564 raise Exception("Failed to start listen operation")
1565
54c58f29 1566 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 1567 if "status,COMPLETE" not in res:
1568 raise Exception("dev_exec_action did not succeed: " + res)
1569
1570 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
3dfccf7c
JM		 1571 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1572 raise Exception("Unexpected result: " + res)
1573 finally:
1574 dev[0].set("dpp_config_processing", "0")
1575 stop_sigma_dut(sigma)
1576
1577def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1578 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1579 check_dpp_capab(dev[0])
1580 check_dpp_capab(dev[1])
1581 if "SAE" not in dev[0].get_capability("auth_alg"):
1582 raise HwsimSkip("SAE not supported")
1583
1584 params = hostapd.wpa2_params(ssid="DPPNET01",
1585 passphrase="ThisIsDppPassphrase")
1586 params['wpa_key_mgmt'] = 'SAE'
1587 params["ieee80211w"] = "2"
1588 hapd = hostapd.add_ap(apdev[0], params)
1589
1590 sigma = start_sigma_dut(dev[0].ifname)
1591 try:
1592 dev[0].set("dpp_config_processing", "2")
7f1eeda2 1593 dev[0].set("sae_groups", "")
3dfccf7c
JM		 1594
1595 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 1596 res = dev[1].request(cmd)
3dfccf7c
JM		 1597 if "FAIL" in res:
1598 raise Exception("Failed to add configurator")
1599 conf_id = int(res)
1600
a5387062 1601 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
3dfccf7c
JM		 1602 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1603
1604 dev[1].set("dpp_configurator_params",
54c58f29 1605 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
3dfccf7c
JM		 1606 cmd = "DPP_LISTEN 2437 role=configurator"
1607 if "OK" not in dev[1].request(cmd):
1608 raise Exception("Failed to start listen operation")
1609
54c58f29 1610 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
3dfccf7c
JM		 1611 if "status,COMPLETE" not in res:
1612 raise Exception("dev_exec_action did not succeed: " + res)
1613
1614 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
d84c0cf4
JM		 1615 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1616 raise Exception("Unexpected result: " + res)
1617 finally:
1618 dev[0].set("dpp_config_processing", "0")
1619 stop_sigma_dut(sigma)
1620
1621def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
1622 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1623 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
1624
1625def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
1626 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1627 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
1628
1629def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
1630 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1631 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
1632
1633def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
1634 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1635 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
1636
23c45cd0
JM		 1637def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
1638 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1639 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
1640
1641def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
1642 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1643 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
1644
1645def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
1646 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1647 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
1648
0e664e0c
JM		 1649def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
1650 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1651 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
1652
cb6b2232
JM		 1653def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
1654 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1655 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
1656
0e664e0c 1657def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
cb6b2232
JM		 1658 prov_role="Configurator",
1659 extra=None):
d84c0cf4
JM		 1660 check_dpp_capab(dev[0])
1661 check_dpp_capab(dev[1])
1662 sigma = start_sigma_dut(dev[0].ifname)
1663 try:
a5387062 1664 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 1665 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1666
1667 cmd = "DPP_LISTEN 2437 role=enrollee"
1668 if "OK" not in dev[1].request(cmd):
1669 raise Exception("Failed to start listen operation")
1670
54c58f29 1671 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 1672 if "status,COMPLETE" not in res:
1673 raise Exception("dev_exec_action did not succeed: " + res)
1674
cb6b2232
JM		 1675 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
1676 if extra:
1677 cmd += "," + extra
1678 res = sigma_dut_cmd(cmd)
d84c0cf4
JM		 1679 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1680 raise Exception("Unexpected result: " + res)
1681 finally:
1682 stop_sigma_dut(sigma)
1683
e129e6bd
JM		 1684def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
1685 """sigma_dut DPP roles incompatible (Initiator)"""
1686 check_dpp_capab(dev[0])
1687 check_dpp_capab(dev[1])
1688 sigma = start_sigma_dut(dev[0].ifname)
1689 try:
1690 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1691 if "status,COMPLETE" not in res:
1692 raise Exception("dev_exec_action did not succeed: " + res)
1693 hex = res.split(',')[3]
e1810300 1694 uri = from_hex(hex)
e129e6bd
JM		 1695 logger.info("URI from sigma_dut: " + uri)
1696
0422d06b 1697 id1 = dev[1].dpp_qr_code(uri)
e129e6bd 1698
a5387062 1699 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
e129e6bd
JM		 1700 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1701
1702 cmd = "DPP_LISTEN 2437 role=enrollee"
1703 if "OK" not in dev[1].request(cmd):
1704 raise Exception("Failed to start listen operation")
1705
54c58f29 1706 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
e129e6bd
JM		 1707 if "status,COMPLETE" not in res:
1708 raise Exception("dev_exec_action did not succeed: " + res)
1709
1710 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1711 res = sigma_dut_cmd(cmd)
1712 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1713 raise Exception("Unexpected result: " + res)
1714 finally:
1715 stop_sigma_dut(sigma)
1716
1717def dpp_init_enrollee_mutual(dev, id1, own_id):
1718 logger.info("Starting DPP initiator/enrollee in a thread")
1719 time.sleep(1)
1720 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
1721 if "OK" not in dev.request(cmd):
1722 raise Exception("Failed to initiate DPP Authentication")
1723 ev = dev.wait_event(["DPP-CONF-RECEIVED",
1724 "DPP-NOT-COMPATIBLE"], timeout=5)
1725 if ev is None:
1726 raise Exception("DPP configuration not completed (Enrollee)")
1727 logger.info("DPP initiator/enrollee done")
1728
1729def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
1730 """sigma_dut DPP roles incompatible (Responder)"""
1731 check_dpp_capab(dev[0])
1732 check_dpp_capab(dev[1])
1733 sigma = start_sigma_dut(dev[0].ifname)
1734 try:
1735 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1736 res = sigma_dut_cmd(cmd)
1737 if "status,COMPLETE" not in res:
1738 raise Exception("dev_exec_action did not succeed: " + res)
1739 hex = res.split(',')[3]
e1810300 1740 uri = from_hex(hex)
e129e6bd
JM		 1741 logger.info("URI from sigma_dut: " + uri)
1742
0422d06b 1743 id1 = dev[1].dpp_qr_code(uri)
e129e6bd 1744
a5387062 1745 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
e129e6bd
JM		 1746 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1747
54c58f29 1748 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
e129e6bd
JM		 1749 if "status,COMPLETE" not in res:
1750 raise Exception("dev_exec_action did not succeed: " + res)
1751
1752 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
1753 t.start()
1754 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1755 res = sigma_dut_cmd(cmd, timeout=10)
1756 t.join()
1757 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1758 raise Exception("Unexpected result: " + res)
1759 finally:
1760 stop_sigma_dut(sigma)
1761
d84c0cf4
JM		 1762def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
1763 """sigma_dut DPP/PKEX initiator as Configurator"""
1764 check_dpp_capab(dev[0])
1765 check_dpp_capab(dev[1])
1766 sigma = start_sigma_dut(dev[0].ifname)
1767 try:
a5387062 1768 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
d84c0cf4
JM		 1769 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
1770 res = dev[1].request(cmd)
1771 if "FAIL" in res:
1772 raise Exception("Failed to set PKEX data (responder)")
1773 cmd = "DPP_LISTEN 2437 role=enrollee"
1774 if "OK" not in dev[1].request(cmd):
1775 raise Exception("Failed to start listen operation")
1776
33cddd7f 1777 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
d84c0cf4
JM		 1778 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1779 raise Exception("Unexpected result: " + res)
1780 finally:
1781 stop_sigma_dut(sigma)
1782
1783def dpp_init_conf(dev, id1, conf, conf_id, extra):
1784 logger.info("Starting DPP initiator/configurator in a thread")
1785 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
1786 if "OK" not in dev.request(cmd):
1787 raise Exception("Failed to initiate DPP Authentication")
1788 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1789 if ev is None:
1790 raise Exception("DPP configuration not completed (Configurator)")
1791 logger.info("DPP initiator/configurator done")
1792
1793def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
1794 """sigma_dut controlled AP (DPP)"""
1795 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
1796
1797def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
1798 """sigma_dut controlled AP (legacy)"""
1799 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
54c58f29 1800 extra="pass=%s" % to_hex("qwertyuiop"))
d84c0cf4
JM		 1801
1802def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
1803 """sigma_dut controlled AP (legacy)"""
1804 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1805 extra="psk=%s" % (32*"12"))
1806
1807def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
6e6651d0 1808 check_dpp_capab(dev[0])
d84c0cf4
JM		 1809 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
1810 with HWSimRadio() as (radio, iface):
1811 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1812 try:
1813 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1814 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1815 if "status,COMPLETE" not in res:
1816 raise Exception("dev_exec_action did not succeed: " + res)
1817 hex = res.split(',')[3]
e1810300 1818 uri = from_hex(hex)
d84c0cf4
JM		 1819 logger.info("URI from sigma_dut: " + uri)
1820
1821 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 1822 res = dev[0].request(cmd)
d84c0cf4
JM		 1823 if "FAIL" in res:
1824 raise Exception("Failed to add configurator")
1825 conf_id = int(res)
1826
0422d06b 1827 id1 = dev[0].dpp_qr_code(uri)
d84c0cf4
JM		 1828
1829 t = threading.Thread(target=dpp_init_conf,
1830 args=(dev[0], id1, ap_conf, conf_id, extra))
1831 t.start()
1832 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
1833 t.join()
1834 if "ConfResult,OK" not in res:
1835 raise Exception("Unexpected result: " + res)
1836
a5387062 1837 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
d84c0cf4
JM		 1838 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1839
0422d06b 1840 id0b = dev[0].dpp_qr_code(uri1)
d84c0cf4
JM		 1841
1842 dev[1].set("dpp_config_processing", "2")
1843 cmd = "DPP_LISTEN 2412"
1844 if "OK" not in dev[1].request(cmd):
1845 raise Exception("Failed to start listen operation")
1846 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
1847 if "OK" not in dev[0].request(cmd):
1848 raise Exception("Failed to initiate DPP Authentication")
1849 dev[1].wait_connected()
1850
1851 sigma_dut_cmd_check("ap_reset_default")
1852 finally:
1853 dev[1].set("dpp_config_processing", "0")
1854 stop_sigma_dut(sigma)
b900fb1a
JM		 1855
1856def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
1857 """sigma_dut controlled AP as DPP PKEX responder"""
6e6651d0 1858 check_dpp_capab(dev[0])
b900fb1a
JM		 1859 logdir = os.path.join(params['logdir'],
1860 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
1861 with HWSimRadio() as (radio, iface):
1862 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1863 try:
1864 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
1865 finally:
1866 stop_sigma_dut(sigma)
1867
a8ec0b8c 1868def dpp_init_conf_pkex(dev, conf_id, check_config=True):
b900fb1a
JM		 1869 logger.info("Starting DPP PKEX initiator/configurator in a thread")
1870 time.sleep(1.5)
a5387062 1871 id = dev.dpp_bootstrap_gen(type="pkex")
b900fb1a
JM		 1872 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
1873 res = dev.request(cmd)
1874 if "FAIL" in res:
1875 raise Exception("Failed to initiate DPP PKEX")
a8ec0b8c
JM		 1876 if not check_config:
1877 return
b900fb1a
JM		 1878 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1879 if ev is None:
1880 raise Exception("DPP configuration not completed (Configurator)")
1881 logger.info("DPP initiator/configurator done")
1882
1883def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
1884 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1885
1886 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 1887 res = dev[0].request(cmd)
b900fb1a
JM		 1888 if "FAIL" in res:
1889 raise Exception("Failed to add configurator")
1890 conf_id = int(res)
1891
1892 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
1893 t.start()
a8ec0b8c 1894 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
b900fb1a
JM		 1895 t.join()
1896 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1897 raise Exception("Unexpected result: " + res)
1898
1899 sigma_dut_cmd_check("ap_reset_default")
8c735316 1900
a8ec0b8c
JM		 1901def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
1902 """sigma_dut controlled STA as DPP PKEX responder and error case"""
1903 check_dpp_capab(dev[0])
1904 sigma = start_sigma_dut(dev[0].ifname)
1905 try:
1906 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
1907 finally:
1908 stop_sigma_dut(sigma)
1909
1910def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
1911 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 1912 res = dev[1].request(cmd)
a8ec0b8c
JM		 1913 if "FAIL" in res:
1914 raise Exception("Failed to add configurator")
1915 conf_id = int(res)
1916
1917 dev[1].set("dpp_test", "44")
1918
1919 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
1920 False))
1921 t.start()
1922 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
1923 t.join()
1924 if "BootstrapResult,Timeout" not in res:
1925 raise Exception("Unexpected result: " + res)
1926
8c735316
JM		 1927def dpp_proto_init(dev, id1):
1928 time.sleep(1)
1929 logger.info("Starting DPP initiator/configurator in a thread")
1930 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 1931 res = dev.request(cmd)
8c735316
JM		 1932 if "FAIL" in res:
1933 raise Exception("Failed to add configurator")
1934 conf_id = int(res)
1935
1936 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
1937 if "OK" not in dev.request(cmd):
1938 raise Exception("Failed to initiate DPP Authentication")
1939
1940def test_sigma_dut_dpp_proto_initiator(dev, apdev):
1941 """sigma_dut DPP protocol testing - Initiator"""
1942 check_dpp_capab(dev[0])
1943 check_dpp_capab(dev[1])
fab49f61
JM		 1944 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
1945 "BootstrapResult,OK,AuthResult,Errorsent",
1946 None),
1947 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
1948 "BootstrapResult,OK,AuthResult,Errorsent",
1949 None),
1950 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
1951 "BootstrapResult,OK,AuthResult,Errorsent",
1952 "Missing or invalid I-capabilities"),
1953 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
1954 "BootstrapResult,OK,AuthResult,Errorsent",
1955 "Mismatching Initiator Authenticating Tag"),
1956 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
1957 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
1958 "Missing or invalid Enrollee Nonce attribute")]
8c735316
JM		 1959 for step, frame, attr, result, fail in tests:
1960 dev[0].request("FLUSH")
1961 dev[1].request("FLUSH")
1962 sigma = start_sigma_dut(dev[0].ifname)
1963 try:
1964 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
1965 fail)
1966 finally:
1967 stop_sigma_dut(sigma)
1968
1969def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
a5387062 1970 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
8c735316
JM		 1971 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1972
1973 cmd = "DPP_LISTEN 2437 role=enrollee"
1974 if "OK" not in dev[1].request(cmd):
1975 raise Exception("Failed to start listen operation")
1976
54c58f29 1977 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
8c735316
JM		 1978 if "status,COMPLETE" not in res:
1979 raise Exception("dev_exec_action did not succeed: " + res)
1980
6333cb81
JM		 1981 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
1982 timeout=10)
8c735316
JM		 1983 if result not in res:
1984 raise Exception("Unexpected result: " + res)
1985 if fail:
1986 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
1987 if ev is None or fail not in ev:
1988 raise Exception("Failure not reported correctly: " + str(ev))
1989
1990 dev[1].request("DPP_STOP_LISTEN")
1991 dev[0].dump_monitor()
1992 dev[1].dump_monitor()
1993
1994def test_sigma_dut_dpp_proto_responder(dev, apdev):
1995 """sigma_dut DPP protocol testing - Responder"""
1996 check_dpp_capab(dev[0])
1997 check_dpp_capab(dev[1])
fab49f61
JM		 1998 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
1999 "BootstrapResult,OK,AuthResult,Errorsent",
2000 "Missing or invalid required DPP Status attribute"),
2001 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2002 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2003 "Missing or invalid Enrollee Nonce attribute")]
8c735316
JM		 2004 for step, frame, attr, result, fail in tests:
2005 dev[0].request("FLUSH")
2006 dev[1].request("FLUSH")
2007 sigma = start_sigma_dut(dev[0].ifname)
2008 try:
2009 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2010 fail)
2011 finally:
2012 stop_sigma_dut(sigma)
2013
2014def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2015 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2016 if "status,COMPLETE" not in res:
2017 raise Exception("dev_exec_action did not succeed: " + res)
2018 hex = res.split(',')[3]
e1810300 2019 uri = from_hex(hex)
8c735316
JM		 2020 logger.info("URI from sigma_dut: " + uri)
2021
0422d06b 2022 id1 = dev[1].dpp_qr_code(uri)
8c735316
JM		 2023
2024 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2025 t.start()
14f8e081 2026 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
8c735316
JM		 2027 t.join()
2028 if result not in res:
2029 raise Exception("Unexpected result: " + res)
2030 if fail:
2031 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2032 if ev is None or fail not in ev:
2033 raise Exception("Failure not reported correctly:" + str(ev))
2034
2035 dev[1].request("DPP_STOP_LISTEN")
2036 dev[0].dump_monitor()
2037 dev[1].dump_monitor()
2038
c79b9db0
JM		 2039def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2040 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2041 check_dpp_capab(dev[0])
2042 check_dpp_capab(dev[1])
fab49f61
JM		 2043 tests = [("AuthenticationResponse",
2044 "BootstrapResult,OK,AuthResult,Errorsent",
2045 None),
2046 ("ConfigurationRequest",
2047 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2048 None)]
c79b9db0
JM		 2049 for frame, result, fail in tests:
2050 dev[0].request("FLUSH")
2051 dev[1].request("FLUSH")
2052 sigma = start_sigma_dut(dev[0].ifname)
2053 try:
2054 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2055 finally:
2056 stop_sigma_dut(sigma)
2057
2058def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
a5387062 2059 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
c79b9db0
JM		 2060 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2061
2062 cmd = "DPP_LISTEN 2437 role=enrollee"
2063 if "OK" not in dev[1].request(cmd):
2064 raise Exception("Failed to start listen operation")
2065
54c58f29 2066 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
c79b9db0
JM		 2067 if "status,COMPLETE" not in res:
2068 raise Exception("dev_exec_action did not succeed: " + res)
2069
2070 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2071 if result not in res:
2072 raise Exception("Unexpected result: " + res)
4ae39c12
JM		 2073 if fail:
2074 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2075 if ev is None or fail not in ev:
2076 raise Exception("Failure not reported correctly: " + str(ev))
2077
2078 dev[1].request("DPP_STOP_LISTEN")
2079 dev[0].dump_monitor()
2080 dev[1].dump_monitor()
2081
2082def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2083 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2084 check_dpp_capab(dev[0])
2085 check_dpp_capab(dev[1])
fab49f61
JM		 2086 tests = [("AuthenticationConfirm",
2087 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2088 None)]
4ae39c12
JM		 2089 for frame, result, fail in tests:
2090 dev[0].request("FLUSH")
2091 dev[1].request("FLUSH")
2092 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2093 try:
2094 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2095 result, fail)
2096 finally:
2097 stop_sigma_dut(sigma)
2098
2099def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2100 fail):
a5387062 2101 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
4ae39c12
JM		 2102 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2103
2104 cmd = "DPP_LISTEN 2437 role=configurator"
2105 if "OK" not in dev[1].request(cmd):
2106 raise Exception("Failed to start listen operation")
2107
54c58f29 2108 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
4ae39c12
JM		 2109 if "status,COMPLETE" not in res:
2110 raise Exception("dev_exec_action did not succeed: " + res)
2111
2112 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2113 if result not in res:
2114 raise Exception("Unexpected result: " + res)
c79b9db0
JM		 2115 if fail:
2116 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2117 if ev is None or fail not in ev:
2118 raise Exception("Failure not reported correctly: " + str(ev))
2119
2120 dev[1].request("DPP_STOP_LISTEN")
2121 dev[0].dump_monitor()
2122 dev[1].dump_monitor()
2123
2124def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2125 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2126 check_dpp_capab(dev[0])
2127 check_dpp_capab(dev[1])
fab49f61
JM		 2128 tests = [("AuthenticationRequest",
2129 "BootstrapResult,OK,AuthResult,Errorsent",
2130 None),
2131 ("AuthenticationConfirm",
2132 "BootstrapResult,OK,AuthResult,Errorsent",
2133 None)]
c79b9db0
JM		 2134 for frame, result, fail in tests:
2135 dev[0].request("FLUSH")
2136 dev[1].request("FLUSH")
2137 sigma = start_sigma_dut(dev[0].ifname)
2138 try:
2139 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2140 finally:
2141 stop_sigma_dut(sigma)
2142
2143def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2144 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2145 if "status,COMPLETE" not in res:
2146 raise Exception("dev_exec_action did not succeed: " + res)
2147 hex = res.split(',')[3]
e1810300 2148 uri = from_hex(hex)
c79b9db0
JM		 2149 logger.info("URI from sigma_dut: " + uri)
2150
0422d06b 2151 id1 = dev[1].dpp_qr_code(uri)
c79b9db0
JM		 2152
2153 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2154 t.start()
2155 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2156 t.join()
2157 if result not in res:
2158 raise Exception("Unexpected result: " + res)
2159 if fail:
2160 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2161 if ev is None or fail not in ev:
2162 raise Exception("Failure not reported correctly:" + str(ev))
2163
2164 dev[1].request("DPP_STOP_LISTEN")
2165 dev[0].dump_monitor()
2166 dev[1].dump_monitor()
2167
8c735316
JM		 2168def dpp_proto_init_pkex(dev):
2169 time.sleep(1)
2170 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2171 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 2172 res = dev.request(cmd)
8c735316
JM		 2173 if "FAIL" in res:
2174 raise Exception("Failed to add configurator")
2175 conf_id = int(res)
2176
a5387062 2177 id = dev.dpp_bootstrap_gen(type="pkex")
8c735316
JM		 2178
2179 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2180 if "FAIL" in dev.request(cmd):
2181 raise Exception("Failed to initiate DPP PKEX")
2182
2183def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2184 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2185 check_dpp_capab(dev[0])
2186 check_dpp_capab(dev[1])
fab49f61
JM		 2187 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2188 "BootstrapResult,Errorsent",
2189 None),
2190 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2191 "BootstrapResult,Errorsent",
2192 "Missing or invalid Finite Cyclic Group attribute"),
2193 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2194 "BootstrapResult,Errorsent",
2195 "No valid peer bootstrapping key found")]
8c735316
JM		 2196 for step, frame, attr, result, fail in tests:
2197 dev[0].request("FLUSH")
2198 dev[1].request("FLUSH")
2199 sigma = start_sigma_dut(dev[0].ifname)
2200 try:
2201 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2202 result, fail)
2203 finally:
2204 stop_sigma_dut(sigma)
2205
2206def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
a5387062 2207 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
8c735316
JM		 2208
2209 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2210 res = dev[1].request(cmd)
2211 if "FAIL" in res:
2212 raise Exception("Failed to set PKEX data (responder)")
2213
2214 cmd = "DPP_LISTEN 2437 role=enrollee"
2215 if "OK" not in dev[1].request(cmd):
2216 raise Exception("Failed to start listen operation")
2217
14f8e081 2218 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
8c735316
JM		 2219 if result not in res:
2220 raise Exception("Unexpected result: " + res)
2221 if fail:
2222 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2223 if ev is None or fail not in ev:
2224 raise Exception("Failure not reported correctly: " + str(ev))
2225
2226 dev[1].request("DPP_STOP_LISTEN")
2227 dev[0].dump_monitor()
2228 dev[1].dump_monitor()
2229
2230def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2231 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2232 check_dpp_capab(dev[0])
2233 check_dpp_capab(dev[1])
fab49f61
JM		 2234 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2235 "BootstrapResult,Errorsent",
2236 None),
2237 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2238 "BootstrapResult,Errorsent",
2239 "No DPP Status attribute"),
2240 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2241 "BootstrapResult,Errorsent",
2242 "No valid peer bootstrapping key found")]
8c735316
JM		 2243 for step, frame, attr, result, fail in tests:
2244 dev[0].request("FLUSH")
2245 dev[1].request("FLUSH")
2246 sigma = start_sigma_dut(dev[0].ifname)
2247 try:
2248 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2249 result, fail)
2250 finally:
2251 stop_sigma_dut(sigma)
2252
2253def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2254 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2255 t.start()
14f8e081 2256 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
8c735316
JM		 2257 t.join()
2258 if result not in res:
2259 raise Exception("Unexpected result: " + res)
2260 if fail:
2261 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2262 if ev is None or fail not in ev:
2263 raise Exception("Failure not reported correctly:" + str(ev))
2264
2265 dev[1].request("DPP_STOP_LISTEN")
2266 dev[0].dump_monitor()
2267 dev[1].dump_monitor()
a0604a42
JM		 2268
2269def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2270 check_dpp_capab(dev[0])
2271 check_dpp_capab(dev[1])
2272
2273 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2274 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2275 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2276 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2277
fab49f61
JM		 2278 params = {"ssid": "DPPNET01",
2279 "wpa": "2",
2280 "ieee80211w": "2",
2281 "wpa_key_mgmt": "DPP",
2282 "rsn_pairwise": "CCMP",
2283 "dpp_connector": ap_connector,
2284 "dpp_csign": csign_pub,
2285 "dpp_netaccesskey": ap_netaccesskey}
a0604a42
JM		 2286 try:
2287 hapd = hostapd.add_ap(apdev[0], params)
2288 except:
2289 raise HwsimSkip("DPP not supported")
2290
2291 dev[0].set("dpp_config_processing", "2")
2292
2293 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 2294 res = dev[1].request(cmd)
a0604a42
JM		 2295 if "FAIL" in res:
2296 raise Exception("Failed to add configurator")
2297 conf_id = int(res)
2298
a5387062 2299 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
a0604a42
JM		 2300 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2301
2302 dev[1].set("dpp_configurator_params",
54c58f29
MH		 2303 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2304 conf_id))
a0604a42
JM		 2305 cmd = "DPP_LISTEN 2437 role=configurator"
2306 if "OK" not in dev[1].request(cmd):
2307 raise Exception("Failed to start listen operation")
2308
54c58f29 2309 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
a0604a42
JM		 2310 if "status,COMPLETE" not in res:
2311 raise Exception("dev_exec_action did not succeed: " + res)
2312
2313def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2314 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2315 sigma = start_sigma_dut(dev[0].ifname)
2316 try:
2317 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2318
2319 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2320 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2321 raise Exception("Unexpected result: " + res)
2322 finally:
2323 dev[0].set("dpp_config_processing", "0")
2324 stop_sigma_dut(sigma)
211b5d1b
JM		 2325
2326def test_sigma_dut_dpp_self_config(dev, apdev):
2327 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2328 check_dpp_capab(dev[0])
2329
fab49f61 2330 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
211b5d1b
JM		 2331 check_dpp_capab(hapd)
2332
2333 sigma = start_sigma_dut(dev[0].ifname)
2334 try:
2335 dev[0].set("dpp_config_processing", "2")
a5387062 2336 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
211b5d1b
JM		 2337 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2338
54c58f29 2339 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
211b5d1b
JM		 2340 if "status,COMPLETE" not in res:
2341 raise Exception("dev_exec_action did not succeed: " + res)
2342
2343 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2344 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2345 raise Exception("Unexpected result: " + res)
2346 update_hapd_config(hapd)
2347
2348 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2349 res = sigma_dut_cmd(cmd, timeout=10)
2350 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2351 raise Exception("Unexpected result: " + res)
2352 finally:
2353 stop_sigma_dut(sigma)
2354 dev[0].set("dpp_config_processing", "0")
8b4adc38
JM		 2355
2356def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2357 """sigma_dut DPP AP Configurator using self-configuration"""
2358 logdir = os.path.join(params['logdir'],
2359 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2360 with HWSimRadio() as (radio, iface):
2361 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2362 try:
2363 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2364 finally:
2365 stop_sigma_dut(sigma)
2366 dev[0].set("dpp_config_processing", "0")
2367
2368def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2369 check_dpp_capab(dev[0])
2370
2371 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2372
2373 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2374 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2375 raise Exception("Unexpected result: " + res)
2376
2377 dev[0].set("dpp_config_processing", "2")
2378
a5387062 2379 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
8b4adc38
JM		 2380 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2381 cmd = "DPP_LISTEN 2462 role=enrollee"
2382 if "OK" not in dev[0].request(cmd):
2383 raise Exception("Failed to start listen operation")
2384
54c58f29 2385 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
8b4adc38
JM		 2386 if "status,COMPLETE" not in res:
2387 raise Exception("dev_exec_action did not succeed: " + res)
2388 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2389 res = sigma_dut_cmd(cmd)
2390 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2391 raise Exception("Unexpected result: " + res)
2392 dev[0].wait_connected()
2393 dev[0].request("DISCONNECT")
2394 dev[0].wait_disconnected()
2395 sigma_dut_cmd_check("ap_reset_default")
6923312d
JM		 2396
2397def test_sigma_dut_preconfigured_profile(dev, apdev):
2398 """sigma_dut controlled connection using preconfigured profile"""
2399 try:
2400 run_sigma_dut_preconfigured_profile(dev, apdev)
2401 finally:
2402 dev[0].set("ignore_old_scan_res", "0")
2403
2404def run_sigma_dut_preconfigured_profile(dev, apdev):
2405 ifname = dev[0].ifname
2406 sigma = start_sigma_dut(ifname)
2407
2408 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2409 hapd = hostapd.add_ap(apdev[0], params)
2410 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2411 only_add_network=True)
2412
2413 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2414 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"))
2415 sigma_dut_wait_connected(ifname)
2416 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2417 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2418 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2419
2420 stop_sigma_dut(sigma)
ce83008c
JM		 2421
2422def test_sigma_dut_wps_pbc(dev, apdev):
2423 """sigma_dut and WPS PBC Enrollee"""
2424 try:
2425 run_sigma_dut_wps_pbc(dev, apdev)
2426 finally:
2427 dev[0].set("ignore_old_scan_res", "0")
2428
2429def run_sigma_dut_wps_pbc(dev, apdev):
2430 ssid = "test-wps-conf"
2431 hapd = hostapd.add_ap(apdev[0],
fab49f61
JM		 2432 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2433 "wpa_passphrase": "12345678", "wpa": "2",
2434 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
ce83008c
JM		 2435 hapd.request("WPS_PBC")
2436
2437 ifname = dev[0].ifname
2438 sigma = start_sigma_dut(ifname)
2439
2440 cmd = "start_wps_registration,interface,%s" % ifname
2441 cmd += ",WpsRole,Enrollee"
2442 cmd += ",WpsConfigMethod,PBC"
2443 sigma_dut_cmd_check(cmd, timeout=15)
2444
2445 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2446 hapd.disable()
2447 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2448 stop_sigma_dut(sigma)
2449 dev[0].flush_scan_cache()
7e526fa7
JM		 2450
2451def test_sigma_dut_sta_scan_bss(dev, apdev):
2452 """sigma_dut sta_scan_bss"""
fab49f61 2453 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
7e526fa7
JM		 2454 sigma = start_sigma_dut(dev[0].ifname)
2455 try:
2456 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2457 hapd.own_addr())
2458 res = sigma_dut_cmd(cmd, timeout=10)
2459 if "ssid,test,bsschannel,1" not in res:
2460 raise Exception("Unexpected result: " + res)
2461 finally:
2462 stop_sigma_dut(sigma)
b1e11877 2463
74cb18c6
JM		 2464def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2465 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2466 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2467 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2468 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2469 try:
2470 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
2471 res = sigma_dut_cmd(cmd, timeout=10)
2472 if "abcdef" not in res or "qwerty" not in res:
2473 raise Exception("Unexpected result: " + res)
2474 finally:
2475 stop_sigma_dut(sigma)
2476
0beb6c2f
JM		 2477def test_sigma_dut_ap_osen(dev, apdev, params):
2478 """sigma_dut controlled AP with OSEN"""
2479 logdir = os.path.join(params['logdir'],
2480 "sigma_dut_ap_osen.sigma-hostapd")
2481 with HWSimRadio() as (radio, iface):
2482 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2483 try:
2484 sigma_dut_cmd_check("ap_reset_default")
2485 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2486 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2487 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2488 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2489
2490 # RSN-OSEN (for OSU)
2491 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2492 pairwise="CCMP", group="GTK_NOT_USED",
2493 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2494 ca_cert="auth_serv/ca.pem", scan_freq="2412")
2495
2496 sigma_dut_cmd_check("ap_reset_default")
2497 finally:
2498 stop_sigma_dut(sigma)
2499
b1e11877
JM		 2500def test_sigma_dut_ap_eap_osen(dev, apdev, params):
2501 """sigma_dut controlled AP with EAP+OSEN"""
2502 logdir = os.path.join(params['logdir'],
2503 "sigma_dut_ap_eap_osen.sigma-hostapd")
2504 with HWSimRadio() as (radio, iface):
4902eb04 2505 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
b1e11877
JM		 2506 try:
2507 sigma_dut_cmd_check("ap_reset_default")
2508 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2509 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2510 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2511 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2512
4902eb04
JM		 2513 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2514 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2515
b1e11877
JM		 2516 # RSN-OSEN (for OSU)
2517 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2518 pairwise="CCMP",
2519 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2520 ca_cert="auth_serv/ca.pem", ieee80211w='2',
2521 scan_freq="2412")
2522 # RSN-EAP (for data connection)
2523 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2524 identity="hs20-test", password="password",
2525 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2526 ieee80211w='2', scan_freq="2412")
2527
4902eb04
JM		 2528 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
2529 success_expected=False, timeout=1)
2530
b1e11877
JM		 2531 sigma_dut_cmd_check("ap_reset_default")
2532 finally:
2533 stop_sigma_dut(sigma)
4902eb04
JM		 2534 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2535 stderr=open('/dev/null', 'w'))
2536 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2537 stderr=open('/dev/null', 'w'))
63add34e
JM		 2538
2539def test_sigma_dut_ap_eap(dev, apdev, params):
2540 """sigma_dut controlled AP WPA2-Enterprise"""
2541 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2542 with HWSimRadio() as (radio, iface):
2543 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2544 try:
2545 sigma_dut_cmd_check("ap_reset_default")
2546 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2547 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2548 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2549 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2550
2551 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
2552 identity="gpsk user",
2553 password="abcdefghijklmnop0123456789abcdef",
2554 scan_freq="2412")
2555
2556 sigma_dut_cmd_check("ap_reset_default")
2557 finally:
2558 stop_sigma_dut(sigma)
2559
2560def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
2561 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2562 logdir = os.path.join(params['logdir'],
2563 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2564 with HWSimRadio() as (radio, iface):
2565 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2566 try:
2567 sigma_dut_cmd_check("ap_reset_default")
2568 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2569 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2570 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2571 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2572
2573 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
2574 identity="gpsk user",
2575 password="abcdefghijklmnop0123456789abcdef",
2576 scan_freq="2412")
2577
2578 sigma_dut_cmd_check("ap_reset_default")
2579 finally:
2580 stop_sigma_dut(sigma)
2581
2582def test_sigma_dut_ap_ft_eap(dev, apdev, params):
2583 """sigma_dut controlled AP FT-EAP"""
2584 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2585 with HWSimRadio() as (radio, iface):
2586 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2587 try:
2588 sigma_dut_cmd_check("ap_reset_default")
2589 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2590 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2591 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2592 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2593
2594 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2595 identity="gpsk user",
2596 password="abcdefghijklmnop0123456789abcdef",
2597 scan_freq="2412")
2598
2599 sigma_dut_cmd_check("ap_reset_default")
2600 finally:
2601 stop_sigma_dut(sigma)
2602
2603def test_sigma_dut_ap_ft_psk(dev, apdev, params):
2604 """sigma_dut controlled AP FT-PSK"""
2605 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2606 with HWSimRadio() as (radio, iface):
2607 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2608 try:
2609 sigma_dut_cmd_check("ap_reset_default")
2610 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2611 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2612 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2613
2614 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2615 scan_freq="2412")
2616
2617 sigma_dut_cmd_check("ap_reset_default")
2618 finally:
2619 stop_sigma_dut(sigma)
2620
2621def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
2622 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2623 logdir = os.path.join(params['logdir'],
2624 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2625 with HWSimRadio() as (radio, iface):
2626 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2627 try:
2628 sigma_dut_cmd_check("ap_reset_default")
2629 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2630 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2631 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2632 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2633
2634 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2635 identity="gpsk user",
2636 password="abcdefghijklmnop0123456789abcdef",
2637 scan_freq="2412")
2638 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
2639 identity="gpsk user",
2640 password="abcdefghijklmnop0123456789abcdef",
2641 scan_freq="2412")
2642
2643 sigma_dut_cmd_check("ap_reset_default")
2644 finally:
2645 stop_sigma_dut(sigma)
dc60d564
JM		 2646
2647def test_sigma_dut_venue_url(dev, apdev):
2648 """sigma_dut controlled Venue URL fetch"""
2649 try:
2650 run_sigma_dut_venue_url(dev, apdev)
2651 finally:
2652 dev[0].set("ignore_old_scan_res", "0")
2653
2654def run_sigma_dut_venue_url(dev, apdev):
2655 ifname = dev[0].ifname
2656 sigma = start_sigma_dut(ifname, debug=True)
2657
2658 ssid = "venue"
2659 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
2660 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
2661 params["ieee80211w"] = "2"
2662
2663 venue_group = 1
2664 venue_type = 13
2665 venue_info = struct.pack('BB', venue_group, venue_type)
2666 lang1 = "eng"
a42ec661 2667 name1 = "Example venue"
dc60d564
JM		 2668 lang2 = "fin"
2669 name2 = "Esimerkkipaikka"
a42ec661
JM		 2670 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
2671 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
dc60d564
JM		 2672 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
2673
2674 url1 = "http://example.com/venue"
2675 url2 = "https://example.org/venue-info/"
2676 params["venue_group"] = str(venue_group)
2677 params["venue_type"] = str(venue_type)
fab49f61
JM		 2678 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
2679 params["venue_url"] = ["1:" + url1, "2:" + url2]
dc60d564
JM		 2680
2681 hapd = hostapd.add_ap(apdev[0], params)
2682
2683 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
2684 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2685 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
2686 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"))
2687 sigma_dut_wait_connected(ifname)
2688 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2689 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
2690 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2691 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2692
2693 stop_sigma_dut(sigma)
31157568
JM		 2694
2695def test_sigma_dut_hs20_assoc_24(dev, apdev):
2696 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
2697 run_sigma_dut_hs20_assoc(dev, apdev, True)
2698
2699def test_sigma_dut_hs20_assoc_5(dev, apdev):
2700 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
2701 run_sigma_dut_hs20_assoc(dev, apdev, False)
2702
2703def run_sigma_dut_hs20_assoc(dev, apdev, band24):
2704 hapd0 = None
2705 hapd1 = None
2706 try:
2707 bssid0 = apdev[0]['bssid']
2708 params = hs20_ap_params()
2709 params['hessid'] = bssid0
2710 hapd0 = hostapd.add_ap(apdev[0], params)
2711
2712 bssid1 = apdev[1]['bssid']
2713 params = hs20_ap_params()
2714 params['hessid'] = bssid0
2715 params["hw_mode"] = "a"
2716 params["channel"] = "36"
2717 params["country_code"] = "US"
2718 hapd1 = hostapd.add_ap(apdev[1], params)
2719
2720 band = "2.4" if band24 else "5"
2721 exp_bssid = bssid0 if band24 else bssid1
2722 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
2723 finally:
2724 dev[0].request("DISCONNECT")
2725 if hapd0:
2726 hapd0.request("DISABLE")
2727 if hapd1:
2728 hapd1.request("DISABLE")
2729 subprocess.call(['iw', 'reg', 'set', '00'])
2730 dev[0].flush_scan_cache()
2731
2732def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
2733 check_eap_capa(dev[0], "MSCHAPV2")
2734 dev[0].flush_scan_cache()
2735
2736 ifname = dev[0].ifname
2737 sigma = start_sigma_dut(ifname, debug=True)
2738
2739 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
2740 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2741 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
2742 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
2743 timeout=15)
2744 sigma_dut_wait_connected(ifname)
2745 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2746 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2747 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2748
2749 stop_sigma_dut(sigma)
2750
2751 if "BSSID," + expect_bssid not in res:
2752 raise Exception("Unexpected BSSID: " + res)
e7869a66
JM		 2753
2754def test_sigma_dut_ap_hs20(dev, apdev, params):
2755 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
2756 logdir = os.path.join(params['logdir'],
2757 "sigma_dut_ap_hs20.sigma-hostapd")
37df1775
JM		 2758 conffile = os.path.join(params['logdir'],
2759 "sigma_dut_ap_hs20.sigma-conf")
e7869a66
JM		 2760 with HWSimRadio() as (radio, iface):
2761 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2762 try:
2763 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
2764 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2765 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2766 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
2767 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
b583907b 2768 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
e7869a66
JM		 2769 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
2770 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
2771 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
2772 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
2773 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
2774 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
524b963c 2775 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
e7869a66
JM		 2776 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2777
37df1775
JM		 2778 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
2779 with open(conffile, "wb") as f2:
2780 f2.write(f.read())
e7869a66
JM		 2781
2782 sigma_dut_cmd_check("ap_reset_default")
2783 finally:
2784 stop_sigma_dut(sigma)
4068d683
JM		 2785
2786def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
2787 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
2788 logdir = params['logdir']
2789
2790 with open("auth_serv/ca.pem", "r") as f:
2791 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
2792 "w") as f2:
2793 f2.write(f.read())
2794
2795 src = "auth_serv/server.pem"
2796 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
2797 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
2798 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
2799 "-outform", "DER"],
2800 stderr=open('/dev/null', 'w'))
2801 with open(dst, "rb") as f:
2802 der = f.read()
2803 hash = hashlib.sha256(der).digest()
2804 with open(hashdst, "w") as f:
2805 f.write(binascii.hexlify(hash).decode())
2806
2807 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
2808 with open(dst, "w") as f:
2809 f.write(32*"00")
2810
2811 ssid = "test-wpa2-eap"
2812 params = hostapd.wpa2_eap_params(ssid=ssid)
2813 hapd = hostapd.add_ap(apdev[0], params)
2814
2815 ifname = dev[0].ifname
2816 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
2817
2818 try:
2819 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
2820
2821 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
2822 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2823 sigma_dut_cmd_check(cmd)
2824 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2825 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
2826 if ev is None:
2827 raise Exception("Server certificate error not reported")
2828
2829 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
2830 if "ServerCertTrustResult,Accepted" not in res:
2831 raise Exception("Server certificate trust was not accepted")
2832 sigma_dut_wait_connected(ifname)
2833 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2834 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2835 dev[0].dump_monitor()
2836 finally:
2837 stop_sigma_dut(sigma)
2838
2839def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
263c0cbd
JM		 2840 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
2841 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
2842
2843def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
2844 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
2845 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
2846
2847def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
4068d683
JM		 2848 logdir = params['logdir']
2849
263c0cbd
JM		 2850 name = "sigma_dut_eap_ttls_uosc_tod"
2851 if tofu:
2852 name += "_tofu"
4068d683 2853 with open("auth_serv/ca.pem", "r") as f:
263c0cbd 2854 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
4068d683
JM		 2855 f2.write(f.read())
2856
263c0cbd
JM		 2857 if tofu:
2858 src = "auth_serv/server-certpol2.pem"
2859 else:
2860 src = "auth_serv/server-certpol.pem"
2861 dst = os.path.join(logdir, name + ".server.der")
2862 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
4068d683
JM		 2863 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
2864 "-outform", "DER"],
2865 stderr=open('/dev/null', 'w'))
2866 with open(dst, "rb") as f:
2867 der = f.read()
2868 hash = hashlib.sha256(der).digest()
2869 with open(hashdst, "w") as f:
2870 f.write(binascii.hexlify(hash).decode())
2871
263c0cbd 2872 dst = os.path.join(logdir, name + ".incorrect.pem.sha256")
4068d683
JM		 2873 with open(dst, "w") as f:
2874 f.write(32*"00")
2875
2876 ssid = "test-wpa2-eap"
2877 params = int_eap_server_params()
2878 params["ssid"] = ssid
263c0cbd
JM		 2879 if tofu:
2880 params["server_cert"] = "auth_serv/server-certpol2.pem"
2881 params["private_key"] = "auth_serv/server-certpol2.key"
2882 else:
2883 params["server_cert"] = "auth_serv/server-certpol.pem"
2884 params["private_key"] = "auth_serv/server-certpol.key"
4068d683
JM		 2885 hapd = hostapd.add_ap(apdev[0], params)
2886
2887 ifname = dev[0].ifname
2888 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
2889
2890 try:
263c0cbd 2891 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
4068d683
JM		 2892 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
2893 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2894 sigma_dut_cmd_check(cmd)
2895 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2896 sigma_dut_wait_connected(ifname)
2897 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2898 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
2899 dev[0].wait_disconnected()
2900 dev[0].dump_monitor()
2901
2902 hapd.disable()
2903 params = hostapd.wpa2_eap_params(ssid=ssid)
2904 hapd = hostapd.add_ap(apdev[0], params)
2905
2906 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2907 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
2908 if ev is None:
2909 raise Exception("Server certificate error not reported")
2910
2911 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
2912 if "ServerCertTrustResult,Accepted" in res:
2913 raise Exception("Server certificate trust override was accepted unexpectedly")
2914 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2915 dev[0].dump_monitor()
2916 finally:
2917 stop_sigma_dut(sigma)
df5dc878
JM		 2918
2919def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
2920 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
2921 logdir = params['logdir']
2922
2923 with open("auth_serv/ca.pem", "r") as f:
2924 with open(os.path.join(logdir,
2925 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
2926 "w") as f2:
2927 f2.write(f.read())
2928
2929 ssid = "test-wpa2-eap"
2930 params = int_eap_server_params()
2931 params["ssid"] = ssid
2932 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
2933 params["server_cert"] = "auth_serv/rsa3072-server.pem"
2934 params["private_key"] = "auth_serv/rsa3072-server.key"
2935 hapd = hostapd.add_ap(apdev[0], params)
2936
2937 ifname = dev[0].ifname
2938 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
2939
2940 try:
2941 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
2942 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
2943 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2944 sigma_dut_cmd_check(cmd)
2945 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2946 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
2947 if ev is None:
2948 raise Exception("Server certificate error not reported")
2949
2950 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
2951 if "ServerCertTrustResult,Accepted" not in res:
2952 raise Exception("Server certificate trust was not accepted")
2953 sigma_dut_wait_connected(ifname)
2954 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2955 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2956 dev[0].dump_monitor()
2957 finally:
2958 stop_sigma_dut(sigma)
Unnamed repository; edit this file 'description' to name the repository.