]> git.ipfire.org Git - thirdparty/hostap.git/blame - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: sigma_dut sta_scan ShortSSID
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
CommitLineData
f6f33f8f
JM		 1# Test cases for sigma_dut
2# Copyright (c) 2017, Qualcomm Atheros, Inc.
69805425 3# Copyright (c) 2018-2019, The Linux Foundation
f6f33f8f
JM		 4#
5# This software may be distributed under the terms of the BSD license.
6# See README for more details.
7
dc60d564 8import binascii
fb0f13fb
JM		 9import errno
10import fcntl
69805425 11import hashlib
f6f33f8f
JM		 12import logging
13logger = logging.getLogger()
14import os
15import socket
dc60d564 16import struct
f6f33f8f 17import subprocess
d84c0cf4 18import threading
f6f33f8f
JM		 19import time
20
21import hostapd
22from utils import HwsimSkip
23from hwsim import HWSimRadio
4902eb04 24import hwsim_utils
1743ddce 25from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
002b49ed 26from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
0c00679b 27from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match
31157568 28from test_ap_hs20 import hs20_ap_params
f6f33f8f
JM		 29
30def check_sigma_dut():
31 if not os.path.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
33
54c58f29
MH		 34def to_hex(s):
35 return binascii.hexlify(s.encode()).decode()
36
e1810300
MH		 37def from_hex(s):
38 return binascii.unhexlify(s).decode()
39
fb0f13fb
JM		 40def sigma_log_output(cmd):
41 try:
42 out = cmd.stdout.read()
43 if out:
44 logger.debug("sigma_dut stdout: " + str(out.decode()))
45 except IOError as e:
46 if e.errno != errno.EAGAIN:
47 raise
48 try:
49 out = cmd.stderr.read()
50 if out:
51 logger.debug("sigma_dut stderr: " + str(out.decode()))
52 except IOError as e:
53 if e.errno != errno.EAGAIN:
54 raise
55
56sigma_prog = None
57
d84c0cf4 58def sigma_dut_cmd(cmd, port=9000, timeout=2):
f6f33f8f
JM		 59 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
60 socket.IPPROTO_TCP)
d84c0cf4 61 sock.settimeout(timeout)
f6f33f8f
JM		 62 addr = ('127.0.0.1', port)
63 sock.connect(addr)
cc02ce96 64 sock.send(cmd.encode() + b"\r\n")
f6f33f8f 65 try:
cc02ce96 66 res = sock.recv(1000).decode()
f6f33f8f
JM		 67 running = False
68 done = False
69 for line in res.splitlines():
70 if line.startswith("status,RUNNING"):
71 running = True
72 elif line.startswith("status,INVALID"):
73 done = True
74 elif line.startswith("status,ERROR"):
75 done = True
76 elif line.startswith("status,COMPLETE"):
77 done = True
78 if running and not done:
79 # Read the actual response
cc02ce96 80 res = sock.recv(1000).decode()
f6f33f8f
JM		 81 except:
82 res = ''
83 pass
84 sock.close()
85 res = res.rstrip()
86 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
fb0f13fb
JM		 87 global sigma_prog
88 if sigma_prog:
89 sigma_log_output(sigma_prog)
f6f33f8f
JM		 90 return res
91
d84c0cf4
JM		 92def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
93 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
f6f33f8f
JM		 94 if "COMPLETE" not in res:
95 raise Exception("sigma_dut command failed: " + cmd)
96 return res
97
f0b6b23f 98def start_sigma_dut(ifname, hostapd_logdir=None, cert_path=None,
bdb2eaf8 99 bridge=None, sae_h2e=False, owe_ptk_workaround=False):
f6f33f8f 100 check_sigma_dut()
fab49f61 101 cmd = ['./sigma_dut',
f0b6b23f 102 '-d',
fab49f61
JM		 103 '-M', ifname,
104 '-S', ifname,
105 '-F', '../../hostapd/hostapd',
106 '-G',
107 '-w', '/var/run/wpa_supplicant/',
108 '-j', ifname]
2ef00a36 109 if hostapd_logdir:
fab49f61 110 cmd += ['-H', hostapd_logdir]
2ef00a36 111 if cert_path:
fab49f61 112 cmd += ['-C', cert_path]
4902eb04 113 if bridge:
fab49f61 114 cmd += ['-b', bridge]
5632b071
JM		 115 if sae_h2e:
116 cmd += ['-2']
bdb2eaf8
JM		 117 if owe_ptk_workaround:
118 cmd += ['-3']
f6f33f8f
JM		 119 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
120 stderr=subprocess.PIPE)
fb0f13fb
JM		 121 for stream in [sigma.stdout, sigma.stderr]:
122 fd = stream.fileno()
123 fl = fcntl.fcntl(fd, fcntl.F_GETFL)
124 fcntl.fcntl(fd, fcntl.F_SETFL, fl | os.O_NONBLOCK)
125
126 global sigma_prog
127 sigma_prog = sigma
a04c153b 128 res = None
f6f33f8f
JM		 129 for i in range(20):
130 try:
131 res = sigma_dut_cmd("HELLO")
132 break
133 except:
134 time.sleep(0.05)
a04c153b
JM		 135 if res is None or "errorCode,Unknown command" not in res:
136 raise Exception("Failed to start sigma_dut")
46cb161a 137 return {'cmd': sigma, 'ifname': ifname}
f6f33f8f
JM		 138
139def stop_sigma_dut(sigma):
fb0f13fb
JM		 140 global sigma_prog
141 sigma_prog = None
46cb161a 142 cmd = sigma['cmd']
fb0f13fb
JM		 143 sigma_log_output(cmd)
144 logger.debug("Terminating sigma_dut process")
46cb161a
JM		 145 cmd.terminate()
146 cmd.wait()
147 out, err = cmd.communicate()
366ada04
JM		 148 logger.debug("sigma_dut stdout: " + str(out.decode()))
149 logger.debug("sigma_dut stderr: " + str(err.decode()))
46cb161a
JM		 150 subprocess.call(["ip", "addr", "del", "dev", sigma['ifname'],
151 "127.0.0.11/24"],
152 stderr=open('/dev/null', 'w'))
f6f33f8f
JM		 153
154def sigma_dut_wait_connected(ifname):
155 for i in range(50):
156 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
157 if "connected,1" in res:
158 break
159 time.sleep(0.2)
160 if i == 49:
161 raise Exception("Connection did not complete")
162
163def test_sigma_dut_basic(dev, apdev):
164 """sigma_dut basic functionality"""
165 sigma = start_sigma_dut(dev[0].ifname)
166
fab49f61
JM		 167 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
168 ("device_get_info", "status,COMPLETE,vendor"),
169 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
170 ("device_list_interfaces,interfaceType,802.11",
171 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
991e6b9e
JM		 172 try:
173 res = sigma_dut_cmd("UNKNOWN")
174 if "status,INVALID,errorCode,Unknown command" not in res:
175 raise Exception("Unexpected sigma_dut response to unknown command")
176
177 for cmd, response in tests:
178 res = sigma_dut_cmd(cmd)
179 if response not in res:
180 raise Exception("Unexpected %s response: %s" % (cmd, res))
181 finally:
182 stop_sigma_dut(sigma)
f6f33f8f
JM		 183
184def test_sigma_dut_open(dev, apdev):
185 """sigma_dut controlled open network association"""
65fa9d96
JM		 186 try:
187 run_sigma_dut_open(dev, apdev)
188 finally:
189 dev[0].set("ignore_old_scan_res", "0")
190
191def run_sigma_dut_open(dev, apdev):
f6f33f8f
JM		 192 ifname = dev[0].ifname
193 sigma = start_sigma_dut(ifname)
194
991e6b9e
JM		 195 try:
196 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
f6f33f8f 197
991e6b9e
JM		 198 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
199 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
2be27869
JM		 200 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"),
201 timeout=10)
991e6b9e
JM		 202 sigma_dut_wait_connected(ifname)
203 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
204 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
205 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
206 finally:
207 stop_sigma_dut(sigma)
f6f33f8f
JM		 208
209def test_sigma_dut_psk_pmf(dev, apdev):
210 """sigma_dut controlled PSK+PMF association"""
65fa9d96
JM		 211 try:
212 run_sigma_dut_psk_pmf(dev, apdev)
213 finally:
214 dev[0].set("ignore_old_scan_res", "0")
215
216def run_sigma_dut_psk_pmf(dev, apdev):
f6f33f8f
JM		 217 ifname = dev[0].ifname
218 sigma = start_sigma_dut(ifname)
219
991e6b9e
JM		 220 try:
221 ssid = "test-pmf-required"
222 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
223 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
224 params["ieee80211w"] = "2"
225 hapd = hostapd.add_ap(apdev[0], params)
f6f33f8f 226
991e6b9e
JM		 227 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
228 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
229 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
2be27869
JM		 230 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
231 timeout=10)
991e6b9e
JM		 232 sigma_dut_wait_connected(ifname)
233 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
234 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
235 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
236 finally:
237 stop_sigma_dut(sigma)
f6f33f8f 238
8cfdca12
JM		 239def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
240 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
241 try:
242 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
243 finally:
244 dev[0].set("ignore_old_scan_res", "0")
245
246def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
247 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
248 try:
249 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
250 finally:
251 dev[0].set("ignore_old_scan_res", "0")
252
253def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
254 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
255 try:
256 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
257 finally:
258 dev[0].set("ignore_old_scan_res", "0")
259
260def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
261 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
262 try:
263 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
264 finally:
265 dev[0].set("ignore_old_scan_res", "0")
266
267def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
268 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
269 try:
270 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
271 failure=True)
272 finally:
273 dev[0].set("ignore_old_scan_res", "0")
274
275def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
276 failure=False):
277 ifname = dev[0].ifname
278 sigma = start_sigma_dut(ifname)
279
991e6b9e
JM		 280 try:
281 ssid = "test-pmf-required"
282 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
283 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
284 params["ieee80211w"] = "2"
285 params["group_mgmt_cipher"] = hostapd_cipher
286 hapd = hostapd.add_ap(apdev[0], params)
8cfdca12 287
991e6b9e
JM		 288 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
289 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
290 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
2be27869
JM		 291 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
292 timeout=2 if failure else 10)
991e6b9e
JM		 293 if failure:
294 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
295 "CTRL-EVENT-CONNECTED"], timeout=10)
296 if ev is None:
297 raise Exception("Network selection result not indicated")
298 if "CTRL-EVENT-CONNECTED" in ev:
299 raise Exception("Unexpected connection")
300 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
301 if "connected,1" in res:
302 raise Exception("Connection reported")
303 else:
304 sigma_dut_wait_connected(ifname)
305 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
8cfdca12 306
991e6b9e
JM		 307 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
308 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
309 finally:
310 stop_sigma_dut(sigma)
8cfdca12 311
1ed508d9
JM		 312def test_sigma_dut_sae(dev, apdev):
313 """sigma_dut controlled SAE association"""
314 if "SAE" not in dev[0].get_capability("auth_alg"):
315 raise HwsimSkip("SAE not supported")
316
317 ifname = dev[0].ifname
318 sigma = start_sigma_dut(ifname)
319
991e6b9e
JM		 320 try:
321 ssid = "test-sae"
322 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
323 params['wpa_key_mgmt'] = 'SAE'
324 params["ieee80211w"] = "2"
325 params['sae_groups'] = '19 20 21'
326 hapd = hostapd.add_ap(apdev[0], params)
1ed508d9 327
991e6b9e
JM		 328 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
329 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
330 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
2be27869
JM		 331 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
332 timeout=10)
991e6b9e
JM		 333 sigma_dut_wait_connected(ifname)
334 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
335 if dev[0].get_status_field('sae_group') != '19':
1ed508d9 336 raise Exception("Expected default SAE group not used")
d57349d4
JM		 337 res = sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname)
338 logger.info("Reported PMK: " + res)
339 if ",PMK," not in res:
340 raise Exception("PMK not reported");
341 if hapd.request("GET_PMK " + dev[0].own_addr()) != res.split(',')[3]:
342 raise Exception("Mismatch in reported PMK")
991e6b9e 343 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1ed508d9 344
991e6b9e 345 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1ed508d9 346
991e6b9e
JM		 347 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
348 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
2be27869
JM		 349 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
350 timeout=10)
991e6b9e
JM		 351 sigma_dut_wait_connected(ifname)
352 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
353 if dev[0].get_status_field('sae_group') != '20':
1ed508d9 354 raise Exception("Expected SAE group not used")
991e6b9e
JM		 355 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
356 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
357 finally:
358 stop_sigma_dut(sigma)
1ed508d9 359
326acce8
JM		 360def test_sigma_dut_sae_groups(dev, apdev):
361 """sigma_dut controlled SAE association with group negotiation"""
362 if "SAE" not in dev[0].get_capability("auth_alg"):
363 raise HwsimSkip("SAE not supported")
364
365 ifname = dev[0].ifname
366 sigma = start_sigma_dut(ifname)
367
991e6b9e
JM		 368 try:
369 ssid = "test-sae"
370 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
371 params['wpa_key_mgmt'] = 'SAE'
372 params["ieee80211w"] = "2"
373 params['sae_groups'] = '19'
374 hapd = hostapd.add_ap(apdev[0], params)
326acce8 375
991e6b9e
JM		 376 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
377 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
378 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname, "test-sae", "12345678"))
2be27869
JM		 379 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
380 timeout=10)
991e6b9e
JM		 381 sigma_dut_wait_connected(ifname)
382 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
383 if dev[0].get_status_field('sae_group') != '19':
326acce8 384 raise Exception("Expected default SAE group not used")
991e6b9e 385 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
326acce8 386
991e6b9e
JM		 387 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
388 finally:
389 stop_sigma_dut(sigma)
326acce8 390
d905c8f7
JM		 391def test_sigma_dut_sae_pmkid_include(dev, apdev):
392 """sigma_dut controlled SAE association with PMKID"""
393 if "SAE" not in dev[0].get_capability("auth_alg"):
394 raise HwsimSkip("SAE not supported")
395
396 ifname = dev[0].ifname
397 sigma = start_sigma_dut(ifname)
398
991e6b9e
JM		 399 try:
400 ssid = "test-sae"
401 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
402 params['wpa_key_mgmt'] = 'SAE'
403 params["ieee80211w"] = "2"
404 params["sae_confirm_immediate"] = "1"
405 hapd = hostapd.add_ap(apdev[0], params)
d905c8f7 406
991e6b9e
JM		 407 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
408 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
409 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname, "test-sae", "12345678"))
2be27869
JM		 410 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
411 timeout=10)
991e6b9e
JM		 412 sigma_dut_wait_connected(ifname)
413 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
414 finally:
415 stop_sigma_dut(sigma)
d905c8f7 416
6644069c
JM		 417def test_sigma_dut_sae_password(dev, apdev):
418 """sigma_dut controlled SAE association and long password"""
419 if "SAE" not in dev[0].get_capability("auth_alg"):
420 raise HwsimSkip("SAE not supported")
421
422 ifname = dev[0].ifname
423 sigma = start_sigma_dut(ifname)
424
425 try:
426 ssid = "test-sae"
427 params = hostapd.wpa2_params(ssid=ssid)
428 params['sae_password'] = 100*'B'
429 params['wpa_key_mgmt'] = 'SAE'
7b498eca 430 params["ieee80211w"] = "2"
6644069c
JM		 431 hapd = hostapd.add_ap(apdev[0], params)
432
433 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
434 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
435 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
2be27869
JM		 436 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
437 timeout=10)
6644069c
JM		 438 sigma_dut_wait_connected(ifname)
439 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
440 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
441 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
442 finally:
443 stop_sigma_dut(sigma)
444
1b232c1b
JM		 445def test_sigma_dut_sae_pw_id(dev, apdev):
446 """sigma_dut controlled SAE association with Password Identifier"""
447 if "SAE" not in dev[0].get_capability("auth_alg"):
448 raise HwsimSkip("SAE not supported")
449
450 ifname = dev[0].ifname
f0b6b23f 451 sigma = start_sigma_dut(ifname)
1b232c1b 452
991e6b9e
JM		 453 try:
454 ssid = "test-sae"
455 params = hostapd.wpa2_params(ssid=ssid)
456 params['wpa_key_mgmt'] = 'SAE'
457 params["ieee80211w"] = "2"
458 params['sae_password'] = 'secret|id=pw id'
459 params['sae_groups'] = '19'
460 hapd = hostapd.add_ap(apdev[0], params)
1b232c1b 461
991e6b9e
JM		 462 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
463 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
464 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
2be27869
JM		 465 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
466 timeout=10)
991e6b9e
JM		 467 sigma_dut_wait_connected(ifname)
468 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
469 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
470 finally:
471 stop_sigma_dut(sigma)
1b232c1b 472
dc054892
JM		 473def test_sigma_dut_sae_pw_id_pwe_loop(dev, apdev):
474 """sigma_dut controlled SAE association with Password Identifier and forced PWE looping"""
475 if "SAE" not in dev[0].get_capability("auth_alg"):
476 raise HwsimSkip("SAE not supported")
477
478 ifname = dev[0].ifname
479 sigma = start_sigma_dut(ifname)
480
481 try:
482 ssid = "test-sae"
483 params = hostapd.wpa2_params(ssid=ssid)
484 params['wpa_key_mgmt'] = 'SAE'
485 params["ieee80211w"] = "2"
486 params['sae_password'] = 'secret|id=pw id'
487 params['sae_groups'] = '19'
488 hapd = hostapd.add_ap(apdev[0], params)
489
490 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
491 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
492 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id,sae_pwe,looping" % (ifname, "test-sae", "secret"))
493 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
494 timeout=10)
495 for i in range(3):
496 ev = dev[0].wait_event(["SME: Trying to authenticate",
497 "CTRL-EVENT-CONNECTED"], timeout=10)
498 if ev is None:
499 raise Exception("Network selection result not indicated")
500 if "CTRL-EVENT-CONNECTED" in ev:
501 raise Exception("Unexpected connection")
502 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
503 if "connected,1" in res:
504 raise Exception("Connection reported")
505 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
506 finally:
507 stop_sigma_dut(sigma)
9bf306f5 508 dev[0].set("sae_pwe", "0")
dc054892 509
43f68853
JM		 510def test_sigma_dut_sae_pw_id_ft(dev, apdev):
511 """sigma_dut controlled SAE association with Password Identifier and FT"""
d11c41bb
JM		 512 run_sigma_dut_sae_pw_id_ft(dev, apdev)
513
514def test_sigma_dut_sae_pw_id_ft_over_ds(dev, apdev):
515 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
516 run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=True)
517
518def run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=False):
43f68853
JM		 519 if "SAE" not in dev[0].get_capability("auth_alg"):
520 raise HwsimSkip("SAE not supported")
521
522 ifname = dev[0].ifname
f0b6b23f 523 sigma = start_sigma_dut(ifname)
43f68853 524
991e6b9e
JM		 525 try:
526 ssid = "test-sae"
527 params = hostapd.wpa2_params(ssid=ssid)
528 params['wpa_key_mgmt'] = 'SAE FT-SAE'
529 params["ieee80211w"] = "2"
530 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
531 params['mobility_domain'] = 'aabb'
532 params['ft_over_ds'] = '1' if over_ds else '0'
533 bssid = apdev[0]['bssid'].replace(':', '')
534 params['nas_identifier'] = bssid + '.nas.example.com'
535 params['r1_key_holder'] = bssid
536 params['pmk_r1_push'] = '0'
537 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
538 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
539 hapd = hostapd.add_ap(apdev[0], params)
43f68853 540
991e6b9e
JM		 541 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
542 if over_ds:
543 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname)
544 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
545 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
2be27869
JM		 546 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
547 timeout=10)
991e6b9e 548 sigma_dut_wait_connected(ifname)
43f68853 549
991e6b9e
JM		 550 bssid = apdev[1]['bssid'].replace(':', '')
551 params['nas_identifier'] = bssid + '.nas.example.com'
552 params['r1_key_holder'] = bssid
553 hapd2 = hostapd.add_ap(apdev[1], params)
554 bssid = hapd2.own_addr()
555 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
556 dev[0].wait_connected()
43f68853 557
991e6b9e
JM		 558 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
559 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
560 finally:
561 stop_sigma_dut(sigma)
43f68853 562
f6f33f8f
JM		 563def test_sigma_dut_sta_override_rsne(dev, apdev):
564 """sigma_dut and RSNE override on STA"""
65fa9d96
JM		 565 try:
566 run_sigma_dut_sta_override_rsne(dev, apdev)
567 finally:
568 dev[0].set("ignore_old_scan_res", "0")
569
570def run_sigma_dut_sta_override_rsne(dev, apdev):
f6f33f8f
JM		 571 ifname = dev[0].ifname
572 sigma = start_sigma_dut(ifname)
573
991e6b9e
JM		 574 try:
575 ssid = "test-psk"
576 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
577 hapd = hostapd.add_ap(apdev[0], params)
f6f33f8f 578
991e6b9e
JM		 579 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
580
581 tests = ["30120100000fac040100000fac040100000fac02",
582 "30140100000fac040100000fac040100000fac02ffff"]
583 for test in tests:
584 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
585 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
2be27869
JM		 586 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
587 timeout=10)
991e6b9e
JM		 588 sigma_dut_wait_connected(ifname)
589 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
590 dev[0].dump_monitor()
f6f33f8f 591
f6f33f8f 592 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
991e6b9e 593 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
2be27869
JM		 594 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
595 timeout=10)
f6f33f8f 596
991e6b9e
JM		 597 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
598 if ev is None:
599 raise Exception("Association rejection not reported")
600 if "status_code=40" not in ev:
601 raise Exception("Unexpected status code: " + ev)
f6f33f8f 602
991e6b9e
JM		 603 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
604 finally:
605 stop_sigma_dut(sigma)
f6f33f8f
JM		 606
607def test_sigma_dut_ap_psk(dev, apdev):
608 """sigma_dut controlled AP"""
609 with HWSimRadio() as (radio, iface):
610 sigma = start_sigma_dut(iface)
611 try:
612 sigma_dut_cmd_check("ap_reset_default")
613 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
614 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
615 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
616
617 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
618
619 sigma_dut_cmd_check("ap_reset_default")
620 finally:
621 stop_sigma_dut(sigma)
622
20c18348
JM		 623def test_sigma_dut_ap_pskhex(dev, apdev, params):
624 """sigma_dut controlled AP and PSKHEX"""
625 logdir = os.path.join(params['logdir'],
626 "sigma_dut_ap_pskhex.sigma-hostapd")
627 with HWSimRadio() as (radio, iface):
628 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
629 try:
630 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
631 sigma_dut_cmd_check("ap_reset_default")
632 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
633 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
634 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
635
636 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
637
638 sigma_dut_cmd_check("ap_reset_default")
639 finally:
640 stop_sigma_dut(sigma)
641
63add34e
JM		 642def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
643 """sigma_dut controlled AP PSK SHA256"""
644 logdir = os.path.join(params['logdir'],
645 "sigma_dut_ap_psk_sha256.sigma-hostapd")
646 with HWSimRadio() as (radio, iface):
5732e574 647 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
63add34e
JM		 648 try:
649 sigma_dut_cmd_check("ap_reset_default")
650 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
651 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
652 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
653
654 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
655 psk="12345678", scan_freq="2412")
656
657 sigma_dut_cmd_check("ap_reset_default")
658 finally:
659 stop_sigma_dut(sigma)
660
9c7ab4c5
JM		 661def test_sigma_dut_ap_psk_deauth(dev, apdev, params):
662 """sigma_dut controlled AP and deauth commands"""
663 logdir = os.path.join(params['logdir'],
664 "sigma_dut_ap_psk_deauth.sigma-hostapd")
665 with HWSimRadio() as (radio, iface):
f0b6b23f 666 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
9c7ab4c5
JM		 667 try:
668 sigma_dut_cmd_check("ap_reset_default")
669 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
670 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
671 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
672
673 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
674 psk="12345678", ieee80211w="2", scan_freq="2412")
675 addr = dev[0].own_addr()
676 dev[0].dump_monitor()
677
678 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr)
679 ev = dev[0].wait_disconnected()
680 dev[0].dump_monitor()
681 if "locally_generated=1" in ev:
682 raise Exception("Unexpected disconnection reason")
683 dev[0].wait_connected()
684 dev[0].dump_monitor()
685
686 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr + ",disconnect,silent")
687 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
688 if ev and "locally_generated=1" not in ev:
689 raise Exception("Unexpected disconnection")
690
691 sigma_dut_cmd_check("ap_reset_default")
692 finally:
693 stop_sigma_dut(sigma)
694
69805425
JM		 695def test_sigma_dut_eap_ttls(dev, apdev, params):
696 """sigma_dut controlled STA and EAP-TTLS parameters"""
0c00679b 697 check_domain_match(dev[0])
69805425
JM		 698 logdir = params['logdir']
699
700 with open("auth_serv/ca.pem", "r") as f:
701 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
702 f2.write(f.read())
703
704 src = "auth_serv/server.pem"
705 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
706 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
707 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
708 "-outform", "DER"],
709 stderr=open('/dev/null', 'w'))
710 with open(dst, "rb") as f:
711 der = f.read()
712 hash = hashlib.sha256(der).digest()
713 with open(hashdst, "w") as f:
714 f.write(binascii.hexlify(hash).decode())
715
716 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
717 with open(dst, "w") as f:
718 f.write(32*"00")
719
720 ssid = "test-wpa2-eap"
721 params = hostapd.wpa2_eap_params(ssid=ssid)
722 hapd = hostapd.add_ap(apdev[0], params)
723
724 ifname = dev[0].ifname
725 sigma = start_sigma_dut(ifname, cert_path=logdir)
726
727 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
728
991e6b9e
JM		 729 try:
730 tests = ["",
731 ",Domain,server.w1.fi",
732 ",DomainSuffix,w1.fi",
733 ",DomainSuffix,server.w1.fi",
734 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
735 for extra in tests:
736 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
737 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
738 sigma_dut_cmd_check(cmd + extra)
2be27869
JM		 739 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
740 timeout=10)
991e6b9e
JM		 741 sigma_dut_wait_connected(ifname)
742 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
743 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
744 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
745 dev[0].dump_monitor()
69805425 746
991e6b9e
JM		 747 tests = [",Domain,w1.fi",
748 ",DomainSuffix,example.com",
749 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
750 for extra in tests:
751 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
752 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
753 sigma_dut_cmd_check(cmd + extra)
2be27869
JM		 754 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
755 timeout=10)
991e6b9e
JM		 756 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
757 if ev is None:
758 raise Exception("Server certificate error not reported")
759 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
760 if "connected,1" in res:
761 raise Exception("Unexpected connection reported")
762 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
763 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
764 dev[0].dump_monitor()
765 finally:
766 stop_sigma_dut(sigma)
69805425 767
2ef00a36
JM		 768def test_sigma_dut_suite_b(dev, apdev, params):
769 """sigma_dut controlled STA Suite B"""
770 check_suite_b_192_capa(dev)
771 logdir = params['logdir']
772
773 with open("auth_serv/ec2-ca.pem", "r") as f:
774 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
775 f2.write(f.read())
776
777 with open("auth_serv/ec2-user.pem", "r") as f:
778 with open("auth_serv/ec2-user.key", "r") as f2:
779 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
780 f3.write(f.read())
781 f3.write(f2.read())
782
783 dev[0].flush_scan_cache()
784 params = suite_b_as_params()
785 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
786 params['server_cert'] = 'auth_serv/ec2-server.pem'
787 params['private_key'] = 'auth_serv/ec2-server.key'
788 params['openssl_ciphers'] = 'SUITEB192'
789 hostapd.add_ap(apdev[1], params)
790
fab49f61
JM		 791 params = {"ssid": "test-suite-b",
792 "wpa": "2",
793 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
794 "rsn_pairwise": "GCMP-256",
795 "group_mgmt_cipher": "BIP-GMAC-256",
796 "ieee80211w": "2",
797 "ieee8021x": "1",
798 'auth_server_addr': "127.0.0.1",
799 'auth_server_port': "18129",
800 'auth_server_shared_secret': "radius",
801 'nas_identifier': "nas.w1.fi"}
2ef00a36
JM		 802 hapd = hostapd.add_ap(apdev[0], params)
803
804 ifname = dev[0].ifname
805 sigma = start_sigma_dut(ifname, cert_path=logdir)
806
991e6b9e
JM		 807 try:
808 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
809 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
810 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
2be27869
JM		 811 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
812 timeout=10)
991e6b9e
JM		 813 sigma_dut_wait_connected(ifname)
814 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
815 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
816 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
817 finally:
818 stop_sigma_dut(sigma)
2ef00a36 819
002b49ed
JM		 820def test_sigma_dut_suite_b_rsa(dev, apdev, params):
821 """sigma_dut controlled STA Suite B (RSA)"""
822 check_suite_b_192_capa(dev)
823 logdir = params['logdir']
824
825 with open("auth_serv/rsa3072-ca.pem", "r") as f:
826 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
827 f2.write(f.read())
828
829 with open("auth_serv/rsa3072-user.pem", "r") as f:
830 with open("auth_serv/rsa3072-user.key", "r") as f2:
831 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
832 f3.write(f.read())
833 f3.write(f2.read())
834
835 dev[0].flush_scan_cache()
836 params = suite_b_192_rsa_ap_params()
837 hapd = hostapd.add_ap(apdev[0], params)
838
839 ifname = dev[0].ifname
840 sigma = start_sigma_dut(ifname, cert_path=logdir)
841
6f90cfd7 842 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
002b49ed 843
991e6b9e
JM		 844 try:
845 tests = ["",
846 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
847 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
848 for extra in tests:
849 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
850 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
851 sigma_dut_cmd_check(cmd + extra)
2be27869
JM		 852 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
853 timeout=10)
991e6b9e
JM		 854 sigma_dut_wait_connected(ifname)
855 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
856 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
857 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
858 finally:
859 stop_sigma_dut(sigma)
002b49ed 860
2ef00a36
JM		 861def test_sigma_dut_ap_suite_b(dev, apdev, params):
862 """sigma_dut controlled AP Suite B"""
863 check_suite_b_192_capa(dev)
864 logdir = os.path.join(params['logdir'],
865 "sigma_dut_ap_suite_b.sigma-hostapd")
866 params = suite_b_as_params()
867 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
868 params['server_cert'] = 'auth_serv/ec2-server.pem'
869 params['private_key'] = 'auth_serv/ec2-server.key'
870 params['openssl_ciphers'] = 'SUITEB192'
871 hostapd.add_ap(apdev[1], params)
872 with HWSimRadio() as (radio, iface):
873 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
874 try:
875 sigma_dut_cmd_check("ap_reset_default")
876 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
877 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
6f90cfd7 878 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
2ef00a36
JM		 879 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
880
881 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
882 ieee80211w="2",
883 openssl_ciphers="SUITEB192",
884 eap="TLS", identity="tls user",
885 ca_cert="auth_serv/ec2-ca.pem",
886 client_cert="auth_serv/ec2-user.pem",
887 private_key="auth_serv/ec2-user.key",
888 pairwise="GCMP-256", group="GCMP-256",
889 scan_freq="2412")
890
891 sigma_dut_cmd_check("ap_reset_default")
892 finally:
893 stop_sigma_dut(sigma)
894
895def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
896 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
897 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
898 "GCMP")
899
900def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
901 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
902 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
903 "GCMP-256")
904
905def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
906 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
907 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
908 "CCMP")
909
910def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
911 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
912 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
913 "CCMP-256")
914
6af3b593
JM		 915def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
916 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
917 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
918 "BIP-GMAC-256", "CCMP")
919
920def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
921 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
922 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
923 "BIP-GMAC-256", "GCMP-256", "CCMP")
924
21fd5576
JM		 925def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
926 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
927 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
928 "GCMP-256", "CCMP", "AES-CCMP-128")
929
2ef00a36 930def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
21fd5576 931 sta_cipher, sta_cipher_group=None, ap_group=None):
2ef00a36
JM		 932 check_suite_b_192_capa(dev)
933 logdir = os.path.join(params['logdir'],
934 "sigma_dut_ap_cipher.sigma-hostapd")
935 params = suite_b_as_params()
936 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
937 params['server_cert'] = 'auth_serv/ec2-server.pem'
938 params['private_key'] = 'auth_serv/ec2-server.key'
939 params['openssl_ciphers'] = 'SUITEB192'
940 hostapd.add_ap(apdev[1], params)
941 with HWSimRadio() as (radio, iface):
942 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
943 try:
944 sigma_dut_cmd_check("ap_reset_default")
945 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
946 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
21fd5576
JM		 947 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
948 if ap_group:
949 cmd += ",GroupCipher,%s" % ap_group
950 sigma_dut_cmd_check(cmd)
2ef00a36
JM		 951 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
952
6af3b593
JM		 953 if sta_cipher_group is None:
954 sta_cipher_group = sta_cipher
2ef00a36
JM		 955 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
956 ieee80211w="2",
957 openssl_ciphers="SUITEB192",
958 eap="TLS", identity="tls user",
959 ca_cert="auth_serv/ec2-ca.pem",
960 client_cert="auth_serv/ec2-user.pem",
961 private_key="auth_serv/ec2-user.key",
6af3b593 962 pairwise=sta_cipher, group=sta_cipher_group,
2ef00a36
JM		 963 scan_freq="2412")
964
965 sigma_dut_cmd_check("ap_reset_default")
966 finally:
967 stop_sigma_dut(sigma)
968
f6f33f8f
JM		 969def test_sigma_dut_ap_override_rsne(dev, apdev):
970 """sigma_dut controlled AP overriding RSNE"""
971 with HWSimRadio() as (radio, iface):
972 sigma = start_sigma_dut(iface)
973 try:
974 sigma_dut_cmd_check("ap_reset_default")
975 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
976 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
977 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
978 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
979
980 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
981
982 sigma_dut_cmd_check("ap_reset_default")
983 finally:
984 stop_sigma_dut(sigma)
1ed508d9 985
7b498eca 986def test_sigma_dut_ap_sae(dev, apdev, params):
1ed508d9 987 """sigma_dut controlled AP with SAE"""
7b498eca
JM		 988 logdir = os.path.join(params['logdir'],
989 "sigma_dut_ap_sae.sigma-hostapd")
6e6651d0
JM		 990 if "SAE" not in dev[0].get_capability("auth_alg"):
991 raise HwsimSkip("SAE not supported")
1ed508d9 992 with HWSimRadio() as (radio, iface):
7b498eca 993 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1ed508d9
JM		 994 try:
995 sigma_dut_cmd_check("ap_reset_default")
996 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
997 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
998 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
999
4dda07ba 1000 dev[0].request("SET sae_groups ")
d57349d4
JM		 1001 id = dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1002 ieee80211w="2", scan_freq="2412")
4dda07ba
JM		 1003 if dev[0].get_status_field('sae_group') != '19':
1004 raise Exception("Expected default SAE group not used")
1005
d57349d4
JM		 1006 res = sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev[0].own_addr())
1007 logger.info("Reported PMK: " + res)
1008 if ",PMK," not in res:
1009 raise Exception("PMK not reported");
1010 if dev[0].get_pmk(id) != res.split(',')[3]:
1011 raise Exception("Mismatch in reported PMK")
1012
4dda07ba
JM		 1013 sigma_dut_cmd_check("ap_reset_default")
1014 finally:
1015 stop_sigma_dut(sigma)
1016
1017def test_sigma_dut_ap_sae_confirm_immediate(dev, apdev, params):
1018 """sigma_dut controlled AP with SAE Confirm immediate"""
1019 logdir = os.path.join(params['logdir'],
1020 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
1021 if "SAE" not in dev[0].get_capability("auth_alg"):
1022 raise HwsimSkip("SAE not supported")
1023 with HWSimRadio() as (radio, iface):
1024 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1025 try:
1026 sigma_dut_cmd_check("ap_reset_default")
1027 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1028 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
1029 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1030
1ed508d9
JM		 1031 dev[0].request("SET sae_groups ")
1032 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
7b498eca 1033 ieee80211w="2", scan_freq="2412")
1ed508d9
JM		 1034 if dev[0].get_status_field('sae_group') != '19':
1035 raise Exception("Expected default SAE group not used")
1036
1037 sigma_dut_cmd_check("ap_reset_default")
6644069c
JM		 1038 finally:
1039 stop_sigma_dut(sigma)
1040
7b498eca 1041def test_sigma_dut_ap_sae_password(dev, apdev, params):
6644069c 1042 """sigma_dut controlled AP with SAE and long password"""
7b498eca
JM		 1043 logdir = os.path.join(params['logdir'],
1044 "sigma_dut_ap_sae_password.sigma-hostapd")
6e6651d0
JM		 1045 if "SAE" not in dev[0].get_capability("auth_alg"):
1046 raise HwsimSkip("SAE not supported")
6644069c 1047 with HWSimRadio() as (radio, iface):
7b498eca 1048 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
6644069c
JM		 1049 try:
1050 sigma_dut_cmd_check("ap_reset_default")
1051 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1052 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1053 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1054
1055 dev[0].request("SET sae_groups ")
1056 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
7b498eca 1057 ieee80211w="2", scan_freq="2412")
6644069c
JM		 1058 if dev[0].get_status_field('sae_group') != '19':
1059 raise Exception("Expected default SAE group not used")
1060
1061 sigma_dut_cmd_check("ap_reset_default")
1ed508d9
JM		 1062 finally:
1063 stop_sigma_dut(sigma)
1064
1b232c1b
JM		 1065def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
1066 """sigma_dut controlled AP with SAE Password Identifier"""
1067 logdir = os.path.join(params['logdir'],
1068 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1069 conffile = os.path.join(params['logdir'],
1070 "sigma_dut_ap_sae_pw_id.sigma-conf")
1071 if "SAE" not in dev[0].get_capability("auth_alg"):
1072 raise HwsimSkip("SAE not supported")
1073 with HWSimRadio() as (radio, iface):
f0b6b23f 1074 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1b232c1b
JM		 1075 try:
1076 sigma_dut_cmd_check("ap_reset_default")
1077 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1078 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1079 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1080
1081 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1082 with open(conffile, "wb") as f2:
1083 f2.write(f.read())
1084
1085 dev[0].request("SET sae_groups ")
1086 tests = [("pw1", "id1"),
1087 ("pw2", "id2"),
1088 ("pw3", None),
1089 ("pw4", "id4")]
1090 for pw, pw_id in tests:
1091 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
1092 sae_password_id=pw_id,
1093 ieee80211w="2", scan_freq="2412")
1094 dev[0].request("REMOVE_NETWORK all")
1095 dev[0].wait_disconnected()
1096
1097 sigma_dut_cmd_check("ap_reset_default")
1098 finally:
1099 stop_sigma_dut(sigma)
1100
dc054892
JM		 1101def test_sigma_dut_ap_sae_pw_id_pwe_loop(dev, apdev, params):
1102 """sigma_dut controlled AP with SAE Password Identifier and forced PWE looping"""
1103 logdir = os.path.join(params['logdir'],
1104 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-hostapd")
1105 conffile = os.path.join(params['logdir'],
1106 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-conf")
1107 if "SAE" not in dev[0].get_capability("auth_alg"):
1108 raise HwsimSkip("SAE not supported")
1109 with HWSimRadio() as (radio, iface):
1110 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1111 try:
1112 sigma_dut_cmd_check("ap_reset_default")
1113 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1114 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,12345678:pwid,PMF,Required,sae_pwe,looping")
1115 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1116
1117 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1118 with open(conffile, "wb") as f2:
1119 f2.write(f.read())
1120
1121 dev[0].set("sae_groups", "")
1122 dev[0].connect("test-sae", key_mgmt="SAE", sae_password="12345678",
1123 sae_password_id="pwid",
1124 ieee80211w="2", scan_freq="2412", wait_connect=False)
1125 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
1126 "CTRL-EVENT-CONNECTED"], timeout=10)
1127 if ev is None:
1128 raise Exception("Network selection result not indicated")
1129 if "CTRL-EVENT-CONNECTED" in ev:
1130 raise Exception("Unexpected connection")
1131 dev[0].request("REMOVE_NETWORK all")
1132
1133 sigma_dut_cmd_check("ap_reset_default")
1134 finally:
1135 stop_sigma_dut(sigma)
1136
1b232c1b
JM		 1137def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
1138 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1139 logdir = os.path.join(params['logdir'],
1140 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1141 conffile = os.path.join(params['logdir'],
1142 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1143 if "SAE" not in dev[0].get_capability("auth_alg"):
1144 raise HwsimSkip("SAE not supported")
1145 with HWSimRadio() as (radio, iface):
f0b6b23f 1146 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1b232c1b
JM		 1147 try:
1148 sigma_dut_cmd_check("ap_reset_default")
1149 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1150 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1151 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1152
1153 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1154 with open(conffile, "wb") as f2:
1155 f2.write(f.read())
1156
1157 dev[0].request("SET sae_groups ")
1158 tests = [("pw1", "id1", "SAE"),
1159 ("pw2", "id2", "FT-SAE"),
1160 ("pw3", None, "FT-SAE"),
1161 ("pw4", "id4", "SAE")]
1162 for pw, pw_id, key_mgmt in tests:
1163 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
1164 sae_password_id=pw_id,
1165 ieee80211w="2", scan_freq="2412")
1166 dev[0].request("REMOVE_NETWORK all")
1167 dev[0].wait_disconnected()
1168
1169 sigma_dut_cmd_check("ap_reset_default")
1170 finally:
1171 stop_sigma_dut(sigma)
1172
7b498eca 1173def test_sigma_dut_ap_sae_group(dev, apdev, params):
1ed508d9 1174 """sigma_dut controlled AP with SAE and specific group"""
7b498eca
JM		 1175 logdir = os.path.join(params['logdir'],
1176 "sigma_dut_ap_sae_group.sigma-hostapd")
6e6651d0
JM		 1177 if "SAE" not in dev[0].get_capability("auth_alg"):
1178 raise HwsimSkip("SAE not supported")
1ed508d9 1179 with HWSimRadio() as (radio, iface):
7b498eca 1180 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1ed508d9
JM		 1181 try:
1182 sigma_dut_cmd_check("ap_reset_default")
1183 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1184 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1185 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1186
1187 dev[0].request("SET sae_groups ")
1188 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
7b498eca 1189 ieee80211w="2", scan_freq="2412")
1ed508d9
JM		 1190 if dev[0].get_status_field('sae_group') != '20':
1191 raise Exception("Expected SAE group not used")
1192
1193 sigma_dut_cmd_check("ap_reset_default")
1194 finally:
1195 stop_sigma_dut(sigma)
1196
7b498eca 1197def test_sigma_dut_ap_psk_sae(dev, apdev, params):
1ed508d9 1198 """sigma_dut controlled AP with PSK+SAE"""
6e6651d0
JM		 1199 if "SAE" not in dev[0].get_capability("auth_alg"):
1200 raise HwsimSkip("SAE not supported")
7b498eca
JM		 1201 logdir = os.path.join(params['logdir'],
1202 "sigma_dut_ap_psk_sae.sigma-hostapd")
1ed508d9 1203 with HWSimRadio() as (radio, iface):
7b498eca 1204 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1ed508d9
JM		 1205 try:
1206 sigma_dut_cmd_check("ap_reset_default")
1207 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1208 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1209 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1210
7b498eca
JM		 1211 dev[2].request("SET sae_groups ")
1212 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
1213 scan_freq="2412", ieee80211w="0", wait_connect=False)
1ed508d9
JM		 1214 dev[0].request("SET sae_groups ")
1215 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
7b498eca 1216 scan_freq="2412", ieee80211w="2")
1ed508d9
JM		 1217 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
1218
7b498eca
JM		 1219 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1220 dev[2].request("DISCONNECT")
1221 if ev is not None:
1222 raise Exception("Unexpected connection without PMF")
1223
1ed508d9
JM		 1224 sigma_dut_cmd_check("ap_reset_default")
1225 finally:
1226 stop_sigma_dut(sigma)
b9c0e1fa 1227
d08ef579
JM		 1228def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
1229 """sigma_dut controlled AP with PSK, SAE, FT"""
1230 logdir = os.path.join(params['logdir'],
1231 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1232 conffile = os.path.join(params['logdir'],
1233 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1234 if "SAE" not in dev[0].get_capability("auth_alg"):
1235 raise HwsimSkip("SAE not supported")
1236 with HWSimRadio() as (radio, iface):
f0b6b23f 1237 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
d08ef579
JM		 1238 try:
1239 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1240 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1241 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1242 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1243 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
1244 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1245
1246 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1247 with open(conffile, "wb") as f2:
1248 f2.write(f.read())
1249
1250 dev[0].request("SET sae_groups ")
1251 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
1252 sae_password="12345678", scan_freq="2412")
1253 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
1254 psk="12345678", scan_freq="2412")
1255 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
1256 psk="12345678", scan_freq="2412")
1257
1258 sigma_dut_cmd_check("ap_reset_default")
1259 finally:
1260 stop_sigma_dut(sigma)
1261
b9c0e1fa
JM		 1262def test_sigma_dut_owe(dev, apdev):
1263 """sigma_dut controlled OWE station"""
1264 try:
1265 run_sigma_dut_owe(dev, apdev)
1266 finally:
1267 dev[0].set("ignore_old_scan_res", "0")
1268
1269def run_sigma_dut_owe(dev, apdev):
1270 if "OWE" not in dev[0].get_capability("key_mgmt"):
1271 raise HwsimSkip("OWE not supported")
1272
1273 ifname = dev[0].ifname
1274 sigma = start_sigma_dut(ifname)
1275
1276 try:
fab49f61
JM		 1277 params = {"ssid": "owe",
1278 "wpa": "2",
1279 "wpa_key_mgmt": "OWE",
1280 "ieee80211w": "2",
1281 "rsn_pairwise": "CCMP"}
b9c0e1fa
JM		 1282 hapd = hostapd.add_ap(apdev[0], params)
1283 bssid = hapd.own_addr()
1284
1285 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1286 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1287 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
2be27869
JM		 1288 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1289 timeout=10)
b9c0e1fa
JM		 1290 sigma_dut_wait_connected(ifname)
1291 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
d57349d4
JM		 1292 res = sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname)
1293 logger.info("Reported PMK: " + res)
1294 if ",PMK," not in res:
1295 raise Exception("PMK not reported");
1296 if hapd.request("GET_PMK " + dev[0].own_addr()) != res.split(',')[3]:
1297 raise Exception("Mismatch in reported PMK")
b9c0e1fa
JM		 1298
1299 dev[0].dump_monitor()
1300 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1301 dev[0].wait_connected()
1302 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1303 dev[0].wait_disconnected()
1304 dev[0].dump_monitor()
1305
1306 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1307 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1308 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
2be27869
JM		 1309 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1310 timeout=10)
b9c0e1fa
JM		 1311 sigma_dut_wait_connected(ifname)
1312 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
e30de6c2
JM		 1313 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1314 dev[0].wait_disconnected()
1315 dev[0].dump_monitor()
1316
1317 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1318 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1319 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
2be27869
JM		 1320 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1321 timeout=10)
e30de6c2
JM		 1322 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1323 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1324 if ev is None:
1325 raise Exception("Association not rejected")
1326 if "status_code=77" not in ev:
1327 raise Exception("Unexpected rejection reason: " + ev)
b9c0e1fa
JM		 1328
1329 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1330 finally:
1331 stop_sigma_dut(sigma)
1332
bdb2eaf8
JM		 1333def test_sigma_dut_owe_ptk_workaround(dev, apdev):
1334 """sigma_dut controlled OWE station with PTK workaround"""
1335 if "OWE" not in dev[0].get_capability("key_mgmt"):
1336 raise HwsimSkip("OWE not supported")
1337
1338 params = {"ssid": "owe",
1339 "wpa": "2",
1340 "wpa_key_mgmt": "OWE",
1341 "owe_ptk_workaround": "1",
1342 "owe_groups": "20",
1343 "ieee80211w": "2",
1344 "rsn_pairwise": "CCMP"}
1345 hapd = hostapd.add_ap(apdev[0], params)
1346
1347 ifname = dev[0].ifname
1348 sigma = start_sigma_dut(ifname, owe_ptk_workaround=True)
1349
1350 try:
1351 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1352 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1353 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1354 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1355 timeout=10)
1356 sigma_dut_wait_connected(ifname)
1357 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1358 finally:
1359 stop_sigma_dut(sigma)
1360 dev[0].set("ignore_old_scan_res", "0")
1361
7b498eca 1362def test_sigma_dut_ap_owe(dev, apdev, params):
b9c0e1fa 1363 """sigma_dut controlled AP with OWE"""
7b498eca
JM		 1364 logdir = os.path.join(params['logdir'],
1365 "sigma_dut_ap_owe.sigma-hostapd")
b9c0e1fa
JM		 1366 if "OWE" not in dev[0].get_capability("key_mgmt"):
1367 raise HwsimSkip("OWE not supported")
1368 with HWSimRadio() as (radio, iface):
7b498eca 1369 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
b9c0e1fa
JM		 1370 try:
1371 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1372 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1373 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1374 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1375
d57349d4
JM		 1376 id = dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1377 scan_freq="2412")
1378
1379 res = sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev[0].own_addr())
1380 logger.info("Reported PMK: " + res)
1381 if ",PMK," not in res:
1382 raise Exception("PMK not reported");
1383 if dev[0].get_pmk(id) != res.split(',')[3]:
1384 raise Exception("Mismatch in reported PMK")
b9c0e1fa
JM		 1385
1386 sigma_dut_cmd_check("ap_reset_default")
1387 finally:
1388 stop_sigma_dut(sigma)
7f811be5
JM		 1389
1390def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1391 """sigma_dut controlled AP with OWE and ECGroupID"""
1392 if "OWE" not in dev[0].get_capability("key_mgmt"):
1393 raise HwsimSkip("OWE not supported")
1394 with HWSimRadio() as (radio, iface):
1395 sigma = start_sigma_dut(iface)
1396 try:
1397 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1398 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1399 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1400 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1401
1402 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1403 owe_group="20", scan_freq="2412")
1404 dev[0].request("REMOVE_NETWORK all")
1405 dev[0].wait_disconnected()
1406
1407 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1408 owe_group="21", scan_freq="2412")
1409 dev[0].request("REMOVE_NETWORK all")
1410 dev[0].wait_disconnected()
1411
1412 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1413 owe_group="19", scan_freq="2412", wait_connect=False)
1414 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1415 dev[0].request("DISCONNECT")
1416 if ev is None:
1417 raise Exception("Association not rejected")
1418 if "status_code=77" not in ev:
1419 raise Exception("Unexpected rejection reason: " + ev)
1420 dev[0].dump_monitor()
1421
1422 sigma_dut_cmd_check("ap_reset_default")
1423 finally:
1424 stop_sigma_dut(sigma)
86fd7d70 1425
bdb2eaf8
JM		 1426def test_sigma_dut_ap_owe_ptk_workaround(dev, apdev):
1427 """sigma_dut controlled AP with OWE PTK workaround"""
1428 if "OWE" not in dev[0].get_capability("key_mgmt"):
1429 raise HwsimSkip("OWE not supported")
1430 with HWSimRadio() as (radio, iface):
1431 sigma = start_sigma_dut(iface, owe_ptk_workaround=True)
1432 try:
1433 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1434 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1435 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20,PMF,Required")
1436 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1437
1438 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1439 owe_group="20", owe_ptk_workaround="1",
1440 scan_freq="2412")
1441 sigma_dut_cmd_check("ap_reset_default")
1442 finally:
1443 stop_sigma_dut(sigma)
1444
86fd7d70
JM		 1445def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1446 """sigma_dut controlled AP with OWE and transition mode"""
1447 if "OWE" not in dev[0].get_capability("key_mgmt"):
1448 raise HwsimSkip("OWE not supported")
1449 logdir = os.path.join(params['logdir'],
1450 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1451 with HWSimRadio() as (radio, iface):
1452 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1453 try:
1454 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1455 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1456 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1457 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1458 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1459 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1460
89c343e8
JM		 1461 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1462 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1463
7b498eca
JM		 1464 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1465 scan_freq="2412")
86fd7d70 1466 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
89c343e8
JM		 1467 if dev[0].get_status_field('bssid') not in res1:
1468 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1469 if dev[1].get_status_field('bssid') not in res2:
1470 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
86fd7d70
JM		 1471
1472 sigma_dut_cmd_check("ap_reset_default")
1473 finally:
1474 stop_sigma_dut(sigma)
d84c0cf4 1475
c5238c48
JM		 1476def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1477 """sigma_dut controlled AP with OWE and transition mode (2)"""
1478 if "OWE" not in dev[0].get_capability("key_mgmt"):
1479 raise HwsimSkip("OWE not supported")
1480 logdir = os.path.join(params['logdir'],
1481 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1482 with HWSimRadio() as (radio, iface):
1483 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1484 try:
1485 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1486 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1487 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1488 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1489 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1490 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1491
1492 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1493 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1494
1495 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1496 scan_freq="2412")
1497 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1498 if dev[0].get_status_field('bssid') not in res2:
1499 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1500 if dev[1].get_status_field('bssid') not in res1:
1501 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1502
1503 sigma_dut_cmd_check("ap_reset_default")
1504 finally:
1505 stop_sigma_dut(sigma)
1506
39a757c4 1507def dpp_init_enrollee(dev, id1, enrollee_role):
d84c0cf4
JM		 1508 logger.info("Starting DPP initiator/enrollee in a thread")
1509 time.sleep(1)
1510 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
39a757c4
JM		 1511 if enrollee_role == "Configurator":
1512 cmd += " netrole=configurator"
d84c0cf4
JM		 1513 if "OK" not in dev.request(cmd):
1514 raise Exception("Failed to initiate DPP Authentication")
1515 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1516 if ev is None:
1517 raise Exception("DPP configuration not completed (Enrollee)")
1518 logger.info("DPP initiator/enrollee done")
1519
1520def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1521 """sigma_dut DPP/QR responder (conf index 1)"""
1522 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1523
1524def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1525 """sigma_dut DPP/QR responder (conf index 2)"""
1526 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1527
1528def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1529 """sigma_dut DPP/QR responder (conf index 3)"""
1530 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1531
1532def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1533 """sigma_dut DPP/QR responder (conf index 4)"""
1534 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1535
23c45cd0
JM		 1536def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1537 """sigma_dut DPP/QR responder (conf index 5)"""
1538 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1539
1540def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1541 """sigma_dut DPP/QR responder (conf index 6)"""
1542 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1543
1544def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1545 """sigma_dut DPP/QR responder (conf index 7)"""
1546 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1547
8a3368d7
JM		 1548def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1549 """sigma_dut DPP/QR responder (conf index 8)"""
1550 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1551
cefcbcdb
JM		 1552def test_sigma_dut_dpp_qr_resp_9(dev, apdev):
1553 """sigma_dut DPP/QR responder (conf index 9)"""
1554 run_sigma_dut_dpp_qr_resp(dev, apdev, 9)
1555
1556def test_sigma_dut_dpp_qr_resp_10(dev, apdev):
1557 """sigma_dut DPP/QR responder (conf index 10)"""
1558 run_sigma_dut_dpp_qr_resp(dev, apdev, 10)
1559
b014624b
JM		 1560def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1561 """sigma_dut DPP/QR responder (channel list override)"""
1562 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1563 listen_chan=2)
1564
656b07c1
JM		 1565def test_sigma_dut_dpp_qr_resp_status_query(dev, apdev):
1566 """sigma_dut DPP/QR responder status query"""
5bf51d38 1567 check_dpp_capab(dev[1])
656b07c1
JM		 1568 params = hostapd.wpa2_params(ssid="DPPNET01",
1569 passphrase="ThisIsDppPassphrase")
1570 hapd = hostapd.add_ap(apdev[0], params)
1571
1572 try:
1573 dev[1].set("dpp_config_processing", "2")
1574 run_sigma_dut_dpp_qr_resp(dev, apdev, 3, status_query=True)
1575 finally:
5bf51d38 1576 dev[1].set("dpp_config_processing", "0", allow_fail=True)
656b07c1 1577
39a757c4
JM		 1578def test_sigma_dut_dpp_qr_resp_configurator(dev, apdev):
1579 """sigma_dut DPP/QR responder (configurator provisioning)"""
1580 run_sigma_dut_dpp_qr_resp(dev, apdev, -1, enrollee_role="Configurator")
1581
b014624b 1582def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
39a757c4
JM		 1583 listen_chan=None, status_query=False,
1584 enrollee_role="STA"):
d84c0cf4
JM		 1585 check_dpp_capab(dev[0])
1586 check_dpp_capab(dev[1])
1587 sigma = start_sigma_dut(dev[0].ifname)
1588 try:
b014624b
JM		 1589 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1590 if chan_list:
1591 cmd += ",DPPChannelList," + chan_list
1592 res = sigma_dut_cmd(cmd)
d84c0cf4
JM		 1593 if "status,COMPLETE" not in res:
1594 raise Exception("dev_exec_action did not succeed: " + res)
1595 hex = res.split(',')[3]
e1810300 1596 uri = from_hex(hex)
d84c0cf4
JM		 1597 logger.info("URI from sigma_dut: " + uri)
1598
0422d06b 1599 id1 = dev[1].dpp_qr_code(uri)
d84c0cf4 1600
39a757c4
JM		 1601 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1,
1602 enrollee_role))
d84c0cf4 1603 t.start()
39a757c4
JM		 1604 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
1605 if conf_idx is not None:
1606 cmd += ",DPPConfIndex,%d" % conf_idx
b014624b
JM		 1607 if listen_chan:
1608 cmd += ",DPPListenChannel," + str(listen_chan)
656b07c1
JM		 1609 if status_query:
1610 cmd += ",DPPStatusQuery,Yes"
b014624b 1611 res = sigma_dut_cmd(cmd, timeout=10)
d84c0cf4
JM		 1612 t.join()
1613 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1614 raise Exception("Unexpected result: " + res)
656b07c1
JM		 1615 if status_query and "StatusResult,0" not in res:
1616 raise Exception("Status query did not succeed: " + res)
d84c0cf4
JM		 1617 finally:
1618 stop_sigma_dut(sigma)
1619
1620def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1621 """sigma_dut DPP/QR initiator as Enrollee"""
1622 check_dpp_capab(dev[0])
1623 check_dpp_capab(dev[1])
1624
1625 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1626 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1627 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1628 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1629
fab49f61
JM		 1630 params = {"ssid": "DPPNET01",
1631 "wpa": "2",
1632 "ieee80211w": "2",
1633 "wpa_key_mgmt": "DPP",
1634 "rsn_pairwise": "CCMP",
1635 "dpp_connector": ap_connector,
1636 "dpp_csign": csign_pub,
1637 "dpp_netaccesskey": ap_netaccesskey}
d84c0cf4
JM		 1638 try:
1639 hapd = hostapd.add_ap(apdev[0], params)
1640 except:
1641 raise HwsimSkip("DPP not supported")
1642
1643 sigma = start_sigma_dut(dev[0].ifname)
1644 try:
1645 dev[0].set("dpp_config_processing", "2")
1646
1647 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 1648 res = dev[1].request(cmd)
d84c0cf4
JM		 1649 if "FAIL" in res:
1650 raise Exception("Failed to add configurator")
1651 conf_id = int(res)
1652
a5387062 1653 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 1654 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1655
1656 dev[1].set("dpp_configurator_params",
54c58f29 1657 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
d84c0cf4
JM		 1658 cmd = "DPP_LISTEN 2437 role=configurator"
1659 if "OK" not in dev[1].request(cmd):
1660 raise Exception("Failed to start listen operation")
1661
54c58f29 1662 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 1663 if "status,COMPLETE" not in res:
1664 raise Exception("dev_exec_action did not succeed: " + res)
1665
1666 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1667 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1668 raise Exception("Unexpected result: " + res)
1669 finally:
1670 dev[0].set("dpp_config_processing", "0")
1671 stop_sigma_dut(sigma)
1672
39a757c4
JM		 1673def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev, apdev):
1674 """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
1675 check_dpp_capab(dev[0])
1676 check_dpp_capab(dev[1])
1677
1678 sigma = start_sigma_dut(dev[0].ifname)
1679 try:
1680 cmd = "DPP_CONFIGURATOR_ADD"
1681 res = dev[1].request(cmd)
1682 if "FAIL" in res:
1683 raise Exception("Failed to add configurator")
1684 conf_id = int(res)
1685
1686 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1687 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1688
1689 dev[1].set("dpp_configurator_params",
1690 " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1691 cmd = "DPP_LISTEN 2437 role=configurator"
1692 if "OK" not in dev[1].request(cmd):
1693 raise Exception("Failed to start listen operation")
1694
1695 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1696 if "status,COMPLETE" not in res:
1697 raise Exception("dev_exec_action did not succeed: " + res)
1698
1699 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout=10)
1700 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1701 raise Exception("Unexpected result: " + res)
1702 finally:
1703 dev[0].set("dpp_config_processing", "0")
1704 stop_sigma_dut(sigma)
1705
d84c0cf4
JM		 1706def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1707 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
33cddd7f
JM		 1708 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1709
1710def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1711 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1712 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1713 extra="DPPAuthDirection,Mutual,")
1714
1715def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
d84c0cf4
JM		 1716 check_dpp_capab(dev[0])
1717 check_dpp_capab(dev[1])
1718
1719 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1720 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1721 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1722 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1723
fab49f61
JM		 1724 params = {"ssid": "DPPNET01",
1725 "wpa": "2",
1726 "ieee80211w": "2",
1727 "wpa_key_mgmt": "DPP",
1728 "rsn_pairwise": "CCMP",
1729 "dpp_connector": ap_connector,
1730 "dpp_csign": csign_pub,
1731 "dpp_netaccesskey": ap_netaccesskey}
d84c0cf4
JM		 1732 try:
1733 hapd = hostapd.add_ap(apdev[0], params)
1734 except:
1735 raise HwsimSkip("DPP not supported")
1736
1737 sigma = start_sigma_dut(dev[0].ifname)
1738 try:
1739 dev[0].set("dpp_config_processing", "2")
1740
1741 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 1742 res = dev[1].request(cmd)
d84c0cf4
JM		 1743 if "FAIL" in res:
1744 raise Exception("Failed to add configurator")
1745 conf_id = int(res)
1746
a5387062 1747 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 1748 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1749
1750 dev[1].set("dpp_configurator_params",
54c58f29 1751 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
d84c0cf4
JM		 1752 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1753 if "OK" not in dev[1].request(cmd):
1754 raise Exception("Failed to start listen operation")
1755
1756 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1757 if "status,COMPLETE" not in res:
1758 raise Exception("dev_exec_action did not succeed: " + res)
1759 hex = res.split(',')[3]
e1810300 1760 uri = from_hex(hex)
d84c0cf4
JM		 1761 logger.info("URI from sigma_dut: " + uri)
1762
0422d06b 1763 id1 = dev[1].dpp_qr_code(uri)
d84c0cf4 1764
54c58f29 1765 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 1766 if "status,COMPLETE" not in res:
1767 raise Exception("dev_exec_action did not succeed: " + res)
1768
33cddd7f 1769 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
d84c0cf4
JM		 1770 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1771 raise Exception("Unexpected result: " + res)
1772 finally:
1773 dev[0].set("dpp_config_processing", "0")
1774 stop_sigma_dut(sigma)
1775
1776def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1777 time.sleep(1)
1778 logger.info("Starting DPP initiator/configurator in a thread")
54c58f29 1779 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
d84c0cf4
JM		 1780 if own_id is not None:
1781 cmd += " own=%d" % own_id
1782 if "OK" not in dev.request(cmd):
1783 raise Exception("Failed to initiate DPP Authentication")
1784 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1785 if ev is None:
1786 raise Exception("DPP configuration not completed (Configurator)")
1787 logger.info("DPP initiator/configurator done")
1788
1789def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1790 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
71db91db
JM		 1791 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1792
1793def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1794 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1795 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1796
1797def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
d84c0cf4
JM		 1798 check_dpp_capab(dev[0])
1799 check_dpp_capab(dev[1])
1800
1801 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1802 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1803 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1804 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1805
fab49f61
JM		 1806 params = {"ssid": "DPPNET01",
1807 "wpa": "2",
1808 "ieee80211w": "2",
1809 "wpa_key_mgmt": "DPP",
1810 "rsn_pairwise": "CCMP",
1811 "dpp_connector": ap_connector,
1812 "dpp_csign": csign_pub,
1813 "dpp_netaccesskey": ap_netaccesskey}
d84c0cf4
JM		 1814 try:
1815 hapd = hostapd.add_ap(apdev[0], params)
1816 except:
1817 raise HwsimSkip("DPP not supported")
1818
1819 sigma = start_sigma_dut(dev[0].ifname)
1820 try:
1821 dev[0].set("dpp_config_processing", "2")
1822
1823 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 1824 res = dev[1].request(cmd)
d84c0cf4
JM		 1825 if "FAIL" in res:
1826 raise Exception("Failed to add configurator")
1827 conf_id = int(res)
1828
a5387062 1829 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 1830 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1831
d84c0cf4
JM		 1832 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1833 if "status,COMPLETE" not in res:
1834 raise Exception("dev_exec_action did not succeed: " + res)
1835 hex = res.split(',')[3]
e1810300 1836 uri = from_hex(hex)
d84c0cf4
JM		 1837 logger.info("URI from sigma_dut: " + uri)
1838
0422d06b 1839 id1 = dev[1].dpp_qr_code(uri)
d84c0cf4 1840
54c58f29 1841 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 1842 if "status,COMPLETE" not in res:
1843 raise Exception("dev_exec_action did not succeed: " + res)
1844
1845 t = threading.Thread(target=dpp_init_conf_mutual,
1846 args=(dev[1], id1, conf_id, id0))
1847 t.start()
1848
71db91db
JM		 1849 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1850 if extra:
1851 cmd += extra
1852 res = sigma_dut_cmd(cmd, timeout=25)
d84c0cf4
JM		 1853 t.join()
1854 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1855 raise Exception("Unexpected result: " + res)
1856 finally:
1857 dev[0].set("dpp_config_processing", "0")
1858 stop_sigma_dut(sigma)
1859
e486e5fd
JM		 1860def dpp_resp_conf_mutual(dev, conf_id, uri):
1861 logger.info("Starting DPP responder/configurator in a thread")
1862 dev.set("dpp_configurator_params",
54c58f29
MH		 1863 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1864 conf_id))
e486e5fd
JM		 1865 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1866 if "OK" not in dev.request(cmd):
1867 raise Exception("Failed to initiate DPP listen")
1868 if uri:
1869 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1870 if ev is None:
1871 raise Exception("QR Code scan for mutual authentication not requested")
0422d06b 1872 dev.dpp_qr_code(uri)
e486e5fd
JM		 1873 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1874 if ev is None:
1875 raise Exception("DPP configuration not completed (Configurator)")
1876 logger.info("DPP responder/configurator done")
1877
1878def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1879 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1880 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1881
1882def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1883 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1884 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1885
1886def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1887 check_dpp_capab(dev[0])
1888 check_dpp_capab(dev[1])
1889
1890 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1891 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1892 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1893 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1894
fab49f61
JM		 1895 params = {"ssid": "DPPNET01",
1896 "wpa": "2",
1897 "ieee80211w": "2",
1898 "wpa_key_mgmt": "DPP",
1899 "rsn_pairwise": "CCMP",
1900 "dpp_connector": ap_connector,
1901 "dpp_csign": csign_pub,
1902 "dpp_netaccesskey": ap_netaccesskey}
e486e5fd
JM		 1903 try:
1904 hapd = hostapd.add_ap(apdev[0], params)
1905 except:
1906 raise HwsimSkip("DPP not supported")
1907
1908 sigma = start_sigma_dut(dev[0].ifname)
1909 try:
1910 dev[0].set("dpp_config_processing", "2")
1911
1912 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 1913 res = dev[1].request(cmd)
e486e5fd
JM		 1914 if "FAIL" in res:
1915 raise Exception("Failed to add configurator")
1916 conf_id = int(res)
1917
a5387062 1918 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
e486e5fd
JM		 1919 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1920
1921 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1922 if "status,COMPLETE" not in res:
1923 raise Exception("dev_exec_action did not succeed: " + res)
1924 hex = res.split(',')[3]
e1810300 1925 uri = from_hex(hex)
e486e5fd
JM		 1926 logger.info("URI from sigma_dut: " + uri)
1927
1928 if not resp_pending:
0422d06b 1929 dev[1].dpp_qr_code(uri)
e486e5fd
JM		 1930 uri = None
1931
54c58f29 1932 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
e486e5fd
JM		 1933 if "status,COMPLETE" not in res:
1934 raise Exception("dev_exec_action did not succeed: " + res)
1935
1936 t = threading.Thread(target=dpp_resp_conf_mutual,
1937 args=(dev[1], conf_id, uri))
1938 t.start()
1939
1940 time.sleep(1)
33cddd7f 1941 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
e486e5fd
JM		 1942 res = sigma_dut_cmd(cmd, timeout=15)
1943 t.join()
1944 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1945 raise Exception("Unexpected result: " + res)
1946 finally:
1947 dev[0].set("dpp_config_processing", "0")
1948 stop_sigma_dut(sigma)
1949
d84c0cf4
JM		 1950def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1951 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1952 check_dpp_capab(dev[0])
1953 check_dpp_capab(dev[1])
1954
1955 params = hostapd.wpa2_params(ssid="DPPNET01",
1956 passphrase="ThisIsDppPassphrase")
1957 hapd = hostapd.add_ap(apdev[0], params)
1958
1959 sigma = start_sigma_dut(dev[0].ifname)
1960 try:
1961 dev[0].set("dpp_config_processing", "2")
1962
1963 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 1964 res = dev[1].request(cmd)
d84c0cf4
JM		 1965 if "FAIL" in res:
1966 raise Exception("Failed to add configurator")
1967 conf_id = int(res)
1968
a5387062 1969 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 1970 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1971
1972 dev[1].set("dpp_configurator_params",
54c58f29 1973 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
d84c0cf4
JM		 1974 cmd = "DPP_LISTEN 2437 role=configurator"
1975 if "OK" not in dev[1].request(cmd):
1976 raise Exception("Failed to start listen operation")
1977
54c58f29 1978 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 1979 if "status,COMPLETE" not in res:
1980 raise Exception("dev_exec_action did not succeed: " + res)
1981
1982 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
3dfccf7c
JM		 1983 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1984 raise Exception("Unexpected result: " + res)
1985 finally:
1986 dev[0].set("dpp_config_processing", "0")
1987 stop_sigma_dut(sigma)
1988
1989def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1990 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1991 check_dpp_capab(dev[0])
1992 check_dpp_capab(dev[1])
1993 if "SAE" not in dev[0].get_capability("auth_alg"):
1994 raise HwsimSkip("SAE not supported")
1995
1996 params = hostapd.wpa2_params(ssid="DPPNET01",
1997 passphrase="ThisIsDppPassphrase")
1998 params['wpa_key_mgmt'] = 'SAE'
1999 params["ieee80211w"] = "2"
2000 hapd = hostapd.add_ap(apdev[0], params)
2001
2002 sigma = start_sigma_dut(dev[0].ifname)
2003 try:
2004 dev[0].set("dpp_config_processing", "2")
7f1eeda2 2005 dev[0].set("sae_groups", "")
3dfccf7c
JM		 2006
2007 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 2008 res = dev[1].request(cmd)
3dfccf7c
JM		 2009 if "FAIL" in res:
2010 raise Exception("Failed to add configurator")
2011 conf_id = int(res)
2012
a5387062 2013 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
3dfccf7c
JM		 2014 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2015
2016 dev[1].set("dpp_configurator_params",
54c58f29 2017 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
3dfccf7c
JM		 2018 cmd = "DPP_LISTEN 2437 role=configurator"
2019 if "OK" not in dev[1].request(cmd):
2020 raise Exception("Failed to start listen operation")
2021
54c58f29 2022 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
3dfccf7c
JM		 2023 if "status,COMPLETE" not in res:
2024 raise Exception("dev_exec_action did not succeed: " + res)
2025
2026 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
d84c0cf4
JM		 2027 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
2028 raise Exception("Unexpected result: " + res)
2029 finally:
2030 dev[0].set("dpp_config_processing", "0")
2031 stop_sigma_dut(sigma)
2032
2033def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
2034 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
2035 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
2036
2037def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
2038 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
2039 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
2040
2041def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
2042 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
2043 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
2044
2045def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
2046 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
2047 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
2048
23c45cd0
JM		 2049def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
2050 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
2051 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
2052
2053def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
2054 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
2055 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
2056
2057def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
2058 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
2059 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
2060
0e664e0c
JM		 2061def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
2062 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
2063 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
2064
cb6b2232
JM		 2065def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
2066 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
2067 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
2068
0e664e0c 2069def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
cb6b2232
JM		 2070 prov_role="Configurator",
2071 extra=None):
d84c0cf4
JM		 2072 check_dpp_capab(dev[0])
2073 check_dpp_capab(dev[1])
2074 sigma = start_sigma_dut(dev[0].ifname)
2075 try:
a5387062 2076 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
d84c0cf4
JM		 2077 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2078
2079 cmd = "DPP_LISTEN 2437 role=enrollee"
2080 if "OK" not in dev[1].request(cmd):
2081 raise Exception("Failed to start listen operation")
2082
54c58f29 2083 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
d84c0cf4
JM		 2084 if "status,COMPLETE" not in res:
2085 raise Exception("dev_exec_action did not succeed: " + res)
2086
cb6b2232
JM		 2087 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
2088 if extra:
2089 cmd += "," + extra
2090 res = sigma_dut_cmd(cmd)
d84c0cf4
JM		 2091 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2092 raise Exception("Unexpected result: " + res)
2093 finally:
2094 stop_sigma_dut(sigma)
2095
e129e6bd
JM		 2096def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
2097 """sigma_dut DPP roles incompatible (Initiator)"""
2098 check_dpp_capab(dev[0])
2099 check_dpp_capab(dev[1])
2100 sigma = start_sigma_dut(dev[0].ifname)
2101 try:
2102 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2103 if "status,COMPLETE" not in res:
2104 raise Exception("dev_exec_action did not succeed: " + res)
2105 hex = res.split(',')[3]
e1810300 2106 uri = from_hex(hex)
e129e6bd
JM		 2107 logger.info("URI from sigma_dut: " + uri)
2108
0422d06b 2109 id1 = dev[1].dpp_qr_code(uri)
e129e6bd 2110
a5387062 2111 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
e129e6bd
JM		 2112 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2113
2114 cmd = "DPP_LISTEN 2437 role=enrollee"
2115 if "OK" not in dev[1].request(cmd):
2116 raise Exception("Failed to start listen operation")
2117
54c58f29 2118 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
e129e6bd
JM		 2119 if "status,COMPLETE" not in res:
2120 raise Exception("dev_exec_action did not succeed: " + res)
2121
2122 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2123 res = sigma_dut_cmd(cmd)
2124 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
2125 raise Exception("Unexpected result: " + res)
2126 finally:
2127 stop_sigma_dut(sigma)
2128
2129def dpp_init_enrollee_mutual(dev, id1, own_id):
2130 logger.info("Starting DPP initiator/enrollee in a thread")
2131 time.sleep(1)
2132 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
2133 if "OK" not in dev.request(cmd):
2134 raise Exception("Failed to initiate DPP Authentication")
2135 ev = dev.wait_event(["DPP-CONF-RECEIVED",
2136 "DPP-NOT-COMPATIBLE"], timeout=5)
2137 if ev is None:
2138 raise Exception("DPP configuration not completed (Enrollee)")
2139 logger.info("DPP initiator/enrollee done")
2140
2141def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
2142 """sigma_dut DPP roles incompatible (Responder)"""
2143 check_dpp_capab(dev[0])
2144 check_dpp_capab(dev[1])
2145 sigma = start_sigma_dut(dev[0].ifname)
2146 try:
2147 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2148 res = sigma_dut_cmd(cmd)
2149 if "status,COMPLETE" not in res:
2150 raise Exception("dev_exec_action did not succeed: " + res)
2151 hex = res.split(',')[3]
e1810300 2152 uri = from_hex(hex)
e129e6bd
JM		 2153 logger.info("URI from sigma_dut: " + uri)
2154
0422d06b 2155 id1 = dev[1].dpp_qr_code(uri)
e129e6bd 2156
a5387062 2157 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
e129e6bd
JM		 2158 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2159
54c58f29 2160 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
e129e6bd
JM		 2161 if "status,COMPLETE" not in res:
2162 raise Exception("dev_exec_action did not succeed: " + res)
2163
2164 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
2165 t.start()
2166 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2167 res = sigma_dut_cmd(cmd, timeout=10)
2168 t.join()
2169 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
2170 raise Exception("Unexpected result: " + res)
2171 finally:
2172 stop_sigma_dut(sigma)
2173
d84c0cf4
JM		 2174def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
2175 """sigma_dut DPP/PKEX initiator as Configurator"""
2176 check_dpp_capab(dev[0])
2177 check_dpp_capab(dev[1])
2178 sigma = start_sigma_dut(dev[0].ifname)
2179 try:
a5387062 2180 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
d84c0cf4
JM		 2181 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
2182 res = dev[1].request(cmd)
2183 if "FAIL" in res:
2184 raise Exception("Failed to set PKEX data (responder)")
2185 cmd = "DPP_LISTEN 2437 role=enrollee"
2186 if "OK" not in dev[1].request(cmd):
2187 raise Exception("Failed to start listen operation")
2188
33cddd7f 2189 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
d84c0cf4
JM		 2190 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2191 raise Exception("Unexpected result: " + res)
2192 finally:
2193 stop_sigma_dut(sigma)
2194
2195def dpp_init_conf(dev, id1, conf, conf_id, extra):
2196 logger.info("Starting DPP initiator/configurator in a thread")
2197 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
2198 if "OK" not in dev.request(cmd):
2199 raise Exception("Failed to initiate DPP Authentication")
2200 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2201 if ev is None:
2202 raise Exception("DPP configuration not completed (Configurator)")
2203 logger.info("DPP initiator/configurator done")
2204
2205def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
2206 """sigma_dut controlled AP (DPP)"""
2207 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
2208
2209def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
2210 """sigma_dut controlled AP (legacy)"""
2211 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
54c58f29 2212 extra="pass=%s" % to_hex("qwertyuiop"))
d84c0cf4
JM		 2213
2214def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
2215 """sigma_dut controlled AP (legacy)"""
2216 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
2217 extra="psk=%s" % (32*"12"))
2218
2219def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
6e6651d0 2220 check_dpp_capab(dev[0])
d84c0cf4
JM		 2221 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2222 with HWSimRadio() as (radio, iface):
2223 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2224 try:
2225 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2226 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2227 if "status,COMPLETE" not in res:
2228 raise Exception("dev_exec_action did not succeed: " + res)
2229 hex = res.split(',')[3]
e1810300 2230 uri = from_hex(hex)
d84c0cf4
JM		 2231 logger.info("URI from sigma_dut: " + uri)
2232
2233 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 2234 res = dev[0].request(cmd)
d84c0cf4
JM		 2235 if "FAIL" in res:
2236 raise Exception("Failed to add configurator")
2237 conf_id = int(res)
2238
0422d06b 2239 id1 = dev[0].dpp_qr_code(uri)
d84c0cf4
JM		 2240
2241 t = threading.Thread(target=dpp_init_conf,
2242 args=(dev[0], id1, ap_conf, conf_id, extra))
2243 t.start()
2244 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2245 t.join()
2246 if "ConfResult,OK" not in res:
2247 raise Exception("Unexpected result: " + res)
2248
a5387062 2249 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
d84c0cf4
JM		 2250 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2251
0422d06b 2252 id0b = dev[0].dpp_qr_code(uri1)
d84c0cf4
JM		 2253
2254 dev[1].set("dpp_config_processing", "2")
2255 cmd = "DPP_LISTEN 2412"
2256 if "OK" not in dev[1].request(cmd):
2257 raise Exception("Failed to start listen operation")
2258 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
2259 if "OK" not in dev[0].request(cmd):
2260 raise Exception("Failed to initiate DPP Authentication")
2261 dev[1].wait_connected()
2262
2263 sigma_dut_cmd_check("ap_reset_default")
2264 finally:
2265 dev[1].set("dpp_config_processing", "0")
2266 stop_sigma_dut(sigma)
b900fb1a
JM		 2267
2268def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
2269 """sigma_dut controlled AP as DPP PKEX responder"""
6e6651d0 2270 check_dpp_capab(dev[0])
b900fb1a
JM		 2271 logdir = os.path.join(params['logdir'],
2272 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2273 with HWSimRadio() as (radio, iface):
2274 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2275 try:
2276 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
2277 finally:
2278 stop_sigma_dut(sigma)
2279
a8ec0b8c 2280def dpp_init_conf_pkex(dev, conf_id, check_config=True):
b900fb1a
JM		 2281 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2282 time.sleep(1.5)
a5387062 2283 id = dev.dpp_bootstrap_gen(type="pkex")
b900fb1a
JM		 2284 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
2285 res = dev.request(cmd)
2286 if "FAIL" in res:
2287 raise Exception("Failed to initiate DPP PKEX")
a8ec0b8c
JM		 2288 if not check_config:
2289 return
b900fb1a
JM		 2290 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2291 if ev is None:
2292 raise Exception("DPP configuration not completed (Configurator)")
2293 logger.info("DPP initiator/configurator done")
2294
2295def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
2296 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2297
2298 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 2299 res = dev[0].request(cmd)
b900fb1a
JM		 2300 if "FAIL" in res:
2301 raise Exception("Failed to add configurator")
2302 conf_id = int(res)
2303
2304 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
2305 t.start()
a8ec0b8c 2306 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
b900fb1a
JM		 2307 t.join()
2308 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2309 raise Exception("Unexpected result: " + res)
2310
2311 sigma_dut_cmd_check("ap_reset_default")
8c735316 2312
a8ec0b8c
JM		 2313def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2314 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2315 check_dpp_capab(dev[0])
2316 sigma = start_sigma_dut(dev[0].ifname)
2317 try:
2318 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
2319 finally:
2320 stop_sigma_dut(sigma)
2321
2322def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2323 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 2324 res = dev[1].request(cmd)
a8ec0b8c
JM		 2325 if "FAIL" in res:
2326 raise Exception("Failed to add configurator")
2327 conf_id = int(res)
2328
2329 dev[1].set("dpp_test", "44")
2330
2331 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
2332 False))
2333 t.start()
2334 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
2335 t.join()
2336 if "BootstrapResult,Timeout" not in res:
2337 raise Exception("Unexpected result: " + res)
2338
8c735316
JM		 2339def dpp_proto_init(dev, id1):
2340 time.sleep(1)
2341 logger.info("Starting DPP initiator/configurator in a thread")
2342 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 2343 res = dev.request(cmd)
8c735316
JM		 2344 if "FAIL" in res:
2345 raise Exception("Failed to add configurator")
2346 conf_id = int(res)
2347
2348 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
2349 if "OK" not in dev.request(cmd):
2350 raise Exception("Failed to initiate DPP Authentication")
2351
2352def test_sigma_dut_dpp_proto_initiator(dev, apdev):
2353 """sigma_dut DPP protocol testing - Initiator"""
2354 check_dpp_capab(dev[0])
2355 check_dpp_capab(dev[1])
fab49f61
JM		 2356 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
2357 "BootstrapResult,OK,AuthResult,Errorsent",
2358 None),
2359 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2360 "BootstrapResult,OK,AuthResult,Errorsent",
2361 None),
2362 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2363 "BootstrapResult,OK,AuthResult,Errorsent",
2364 "Missing or invalid I-capabilities"),
2365 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2366 "BootstrapResult,OK,AuthResult,Errorsent",
2367 "Mismatching Initiator Authenticating Tag"),
2368 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2369 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2370 "Missing or invalid Enrollee Nonce attribute")]
8c735316
JM		 2371 for step, frame, attr, result, fail in tests:
2372 dev[0].request("FLUSH")
2373 dev[1].request("FLUSH")
2374 sigma = start_sigma_dut(dev[0].ifname)
2375 try:
2376 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
2377 fail)
2378 finally:
2379 stop_sigma_dut(sigma)
2380
2381def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
a5387062 2382 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
8c735316
JM		 2383 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2384
2385 cmd = "DPP_LISTEN 2437 role=enrollee"
2386 if "OK" not in dev[1].request(cmd):
2387 raise Exception("Failed to start listen operation")
2388
54c58f29 2389 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
8c735316
JM		 2390 if "status,COMPLETE" not in res:
2391 raise Exception("dev_exec_action did not succeed: " + res)
2392
6333cb81
JM		 2393 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
2394 timeout=10)
8c735316
JM		 2395 if result not in res:
2396 raise Exception("Unexpected result: " + res)
2397 if fail:
2398 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2399 if ev is None or fail not in ev:
2400 raise Exception("Failure not reported correctly: " + str(ev))
2401
2402 dev[1].request("DPP_STOP_LISTEN")
2403 dev[0].dump_monitor()
2404 dev[1].dump_monitor()
2405
2406def test_sigma_dut_dpp_proto_responder(dev, apdev):
2407 """sigma_dut DPP protocol testing - Responder"""
2408 check_dpp_capab(dev[0])
2409 check_dpp_capab(dev[1])
fab49f61
JM		 2410 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2411 "BootstrapResult,OK,AuthResult,Errorsent",
2412 "Missing or invalid required DPP Status attribute"),
2413 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2414 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2415 "Missing or invalid Enrollee Nonce attribute")]
8c735316
JM		 2416 for step, frame, attr, result, fail in tests:
2417 dev[0].request("FLUSH")
2418 dev[1].request("FLUSH")
2419 sigma = start_sigma_dut(dev[0].ifname)
2420 try:
2421 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2422 fail)
2423 finally:
2424 stop_sigma_dut(sigma)
2425
2426def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2427 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2428 if "status,COMPLETE" not in res:
2429 raise Exception("dev_exec_action did not succeed: " + res)
2430 hex = res.split(',')[3]
e1810300 2431 uri = from_hex(hex)
8c735316
JM		 2432 logger.info("URI from sigma_dut: " + uri)
2433
0422d06b 2434 id1 = dev[1].dpp_qr_code(uri)
8c735316
JM		 2435
2436 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2437 t.start()
14f8e081 2438 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
8c735316
JM		 2439 t.join()
2440 if result not in res:
2441 raise Exception("Unexpected result: " + res)
2442 if fail:
2443 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2444 if ev is None or fail not in ev:
2445 raise Exception("Failure not reported correctly:" + str(ev))
2446
2447 dev[1].request("DPP_STOP_LISTEN")
2448 dev[0].dump_monitor()
2449 dev[1].dump_monitor()
2450
c79b9db0
JM		 2451def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2452 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2453 check_dpp_capab(dev[0])
2454 check_dpp_capab(dev[1])
fab49f61
JM		 2455 tests = [("AuthenticationResponse",
2456 "BootstrapResult,OK,AuthResult,Errorsent",
2457 None),
2458 ("ConfigurationRequest",
2459 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2460 None)]
c79b9db0
JM		 2461 for frame, result, fail in tests:
2462 dev[0].request("FLUSH")
2463 dev[1].request("FLUSH")
2464 sigma = start_sigma_dut(dev[0].ifname)
2465 try:
2466 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2467 finally:
2468 stop_sigma_dut(sigma)
2469
2470def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
a5387062 2471 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
c79b9db0
JM		 2472 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2473
2474 cmd = "DPP_LISTEN 2437 role=enrollee"
2475 if "OK" not in dev[1].request(cmd):
2476 raise Exception("Failed to start listen operation")
2477
54c58f29 2478 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
c79b9db0
JM		 2479 if "status,COMPLETE" not in res:
2480 raise Exception("dev_exec_action did not succeed: " + res)
2481
2482 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2483 if result not in res:
2484 raise Exception("Unexpected result: " + res)
4ae39c12
JM		 2485 if fail:
2486 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2487 if ev is None or fail not in ev:
2488 raise Exception("Failure not reported correctly: " + str(ev))
2489
2490 dev[1].request("DPP_STOP_LISTEN")
2491 dev[0].dump_monitor()
2492 dev[1].dump_monitor()
2493
2494def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2495 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2496 check_dpp_capab(dev[0])
2497 check_dpp_capab(dev[1])
fab49f61
JM		 2498 tests = [("AuthenticationConfirm",
2499 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2500 None)]
4ae39c12
JM		 2501 for frame, result, fail in tests:
2502 dev[0].request("FLUSH")
2503 dev[1].request("FLUSH")
f0b6b23f 2504 sigma = start_sigma_dut(dev[0].ifname)
4ae39c12
JM		 2505 try:
2506 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2507 result, fail)
2508 finally:
2509 stop_sigma_dut(sigma)
2510
2511def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2512 fail):
a5387062 2513 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
4ae39c12
JM		 2514 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2515
2516 cmd = "DPP_LISTEN 2437 role=configurator"
2517 if "OK" not in dev[1].request(cmd):
2518 raise Exception("Failed to start listen operation")
2519
54c58f29 2520 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
4ae39c12
JM		 2521 if "status,COMPLETE" not in res:
2522 raise Exception("dev_exec_action did not succeed: " + res)
2523
2524 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2525 if result not in res:
2526 raise Exception("Unexpected result: " + res)
c79b9db0
JM		 2527 if fail:
2528 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2529 if ev is None or fail not in ev:
2530 raise Exception("Failure not reported correctly: " + str(ev))
2531
2532 dev[1].request("DPP_STOP_LISTEN")
2533 dev[0].dump_monitor()
2534 dev[1].dump_monitor()
2535
2536def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2537 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2538 check_dpp_capab(dev[0])
2539 check_dpp_capab(dev[1])
fab49f61
JM		 2540 tests = [("AuthenticationRequest",
2541 "BootstrapResult,OK,AuthResult,Errorsent",
2542 None),
2543 ("AuthenticationConfirm",
2544 "BootstrapResult,OK,AuthResult,Errorsent",
2545 None)]
c79b9db0
JM		 2546 for frame, result, fail in tests:
2547 dev[0].request("FLUSH")
2548 dev[1].request("FLUSH")
2549 sigma = start_sigma_dut(dev[0].ifname)
2550 try:
2551 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2552 finally:
2553 stop_sigma_dut(sigma)
2554
2555def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2556 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2557 if "status,COMPLETE" not in res:
2558 raise Exception("dev_exec_action did not succeed: " + res)
2559 hex = res.split(',')[3]
e1810300 2560 uri = from_hex(hex)
c79b9db0
JM		 2561 logger.info("URI from sigma_dut: " + uri)
2562
0422d06b 2563 id1 = dev[1].dpp_qr_code(uri)
c79b9db0
JM		 2564
2565 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2566 t.start()
2567 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2568 t.join()
2569 if result not in res:
2570 raise Exception("Unexpected result: " + res)
2571 if fail:
2572 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2573 if ev is None or fail not in ev:
2574 raise Exception("Failure not reported correctly:" + str(ev))
2575
2576 dev[1].request("DPP_STOP_LISTEN")
2577 dev[0].dump_monitor()
2578 dev[1].dump_monitor()
2579
8c735316
JM		 2580def dpp_proto_init_pkex(dev):
2581 time.sleep(1)
2582 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2583 cmd = "DPP_CONFIGURATOR_ADD"
58be42b2 2584 res = dev.request(cmd)
8c735316
JM		 2585 if "FAIL" in res:
2586 raise Exception("Failed to add configurator")
2587 conf_id = int(res)
2588
a5387062 2589 id = dev.dpp_bootstrap_gen(type="pkex")
8c735316
JM		 2590
2591 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2592 if "FAIL" in dev.request(cmd):
2593 raise Exception("Failed to initiate DPP PKEX")
2594
2595def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2596 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2597 check_dpp_capab(dev[0])
2598 check_dpp_capab(dev[1])
fab49f61
JM		 2599 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2600 "BootstrapResult,Errorsent",
2601 None),
2602 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2603 "BootstrapResult,Errorsent",
2604 "Missing or invalid Finite Cyclic Group attribute"),
2605 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2606 "BootstrapResult,Errorsent",
2607 "No valid peer bootstrapping key found")]
8c735316
JM		 2608 for step, frame, attr, result, fail in tests:
2609 dev[0].request("FLUSH")
2610 dev[1].request("FLUSH")
2611 sigma = start_sigma_dut(dev[0].ifname)
2612 try:
2613 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2614 result, fail)
2615 finally:
2616 stop_sigma_dut(sigma)
2617
2618def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
a5387062 2619 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
8c735316
JM		 2620
2621 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2622 res = dev[1].request(cmd)
2623 if "FAIL" in res:
2624 raise Exception("Failed to set PKEX data (responder)")
2625
2626 cmd = "DPP_LISTEN 2437 role=enrollee"
2627 if "OK" not in dev[1].request(cmd):
2628 raise Exception("Failed to start listen operation")
2629
14f8e081 2630 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
8c735316
JM		 2631 if result not in res:
2632 raise Exception("Unexpected result: " + res)
2633 if fail:
2634 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2635 if ev is None or fail not in ev:
2636 raise Exception("Failure not reported correctly: " + str(ev))
2637
2638 dev[1].request("DPP_STOP_LISTEN")
2639 dev[0].dump_monitor()
2640 dev[1].dump_monitor()
2641
2642def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2643 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2644 check_dpp_capab(dev[0])
2645 check_dpp_capab(dev[1])
fab49f61
JM		 2646 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2647 "BootstrapResult,Errorsent",
2648 None),
2649 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2650 "BootstrapResult,Errorsent",
2651 "No DPP Status attribute"),
2652 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2653 "BootstrapResult,Errorsent",
2654 "No valid peer bootstrapping key found")]
8c735316
JM		 2655 for step, frame, attr, result, fail in tests:
2656 dev[0].request("FLUSH")
2657 dev[1].request("FLUSH")
2658 sigma = start_sigma_dut(dev[0].ifname)
2659 try:
2660 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2661 result, fail)
2662 finally:
2663 stop_sigma_dut(sigma)
2664
2665def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2666 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2667 t.start()
14f8e081 2668 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
8c735316
JM		 2669 t.join()
2670 if result not in res:
2671 raise Exception("Unexpected result: " + res)
2672 if fail:
2673 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2674 if ev is None or fail not in ev:
2675 raise Exception("Failure not reported correctly:" + str(ev))
2676
2677 dev[1].request("DPP_STOP_LISTEN")
2678 dev[0].dump_monitor()
2679 dev[1].dump_monitor()
a0604a42
JM		 2680
2681def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2682 check_dpp_capab(dev[0])
2683 check_dpp_capab(dev[1])
2684
2685 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2686 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2687 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2688 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2689
fab49f61
JM		 2690 params = {"ssid": "DPPNET01",
2691 "wpa": "2",
2692 "ieee80211w": "2",
2693 "wpa_key_mgmt": "DPP",
2694 "rsn_pairwise": "CCMP",
2695 "dpp_connector": ap_connector,
2696 "dpp_csign": csign_pub,
2697 "dpp_netaccesskey": ap_netaccesskey}
a0604a42
JM		 2698 try:
2699 hapd = hostapd.add_ap(apdev[0], params)
2700 except:
2701 raise HwsimSkip("DPP not supported")
2702
2703 dev[0].set("dpp_config_processing", "2")
2704
2705 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
58be42b2 2706 res = dev[1].request(cmd)
a0604a42
JM		 2707 if "FAIL" in res:
2708 raise Exception("Failed to add configurator")
2709 conf_id = int(res)
2710
a5387062 2711 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
a0604a42
JM		 2712 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2713
2714 dev[1].set("dpp_configurator_params",
54c58f29
MH		 2715 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2716 conf_id))
a0604a42
JM		 2717 cmd = "DPP_LISTEN 2437 role=configurator"
2718 if "OK" not in dev[1].request(cmd):
2719 raise Exception("Failed to start listen operation")
2720
54c58f29 2721 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
a0604a42
JM		 2722 if "status,COMPLETE" not in res:
2723 raise Exception("dev_exec_action did not succeed: " + res)
2724
2725def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2726 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2727 sigma = start_sigma_dut(dev[0].ifname)
2728 try:
2729 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2730
2731 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2732 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2733 raise Exception("Unexpected result: " + res)
2734 finally:
5bf51d38 2735 dev[0].set("dpp_config_processing", "0", allow_fail=True)
a0604a42 2736 stop_sigma_dut(sigma)
211b5d1b
JM		 2737
2738def test_sigma_dut_dpp_self_config(dev, apdev):
2739 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2740 check_dpp_capab(dev[0])
2741
fab49f61 2742 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
211b5d1b
JM		 2743 check_dpp_capab(hapd)
2744
2745 sigma = start_sigma_dut(dev[0].ifname)
2746 try:
2747 dev[0].set("dpp_config_processing", "2")
a5387062 2748 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
211b5d1b
JM		 2749 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2750
54c58f29 2751 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
211b5d1b
JM		 2752 if "status,COMPLETE" not in res:
2753 raise Exception("dev_exec_action did not succeed: " + res)
2754
2755 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2756 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2757 raise Exception("Unexpected result: " + res)
2758 update_hapd_config(hapd)
2759
2760 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2761 res = sigma_dut_cmd(cmd, timeout=10)
2762 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2763 raise Exception("Unexpected result: " + res)
2764 finally:
2765 stop_sigma_dut(sigma)
2766 dev[0].set("dpp_config_processing", "0")
8b4adc38
JM		 2767
2768def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2769 """sigma_dut DPP AP Configurator using self-configuration"""
2770 logdir = os.path.join(params['logdir'],
2771 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2772 with HWSimRadio() as (radio, iface):
2773 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2774 try:
2775 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2776 finally:
2777 stop_sigma_dut(sigma)
5bf51d38 2778 dev[0].set("dpp_config_processing", "0", allow_fail=True)
8b4adc38
JM		 2779
2780def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2781 check_dpp_capab(dev[0])
2782
2783 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2784
2785 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2786 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2787 raise Exception("Unexpected result: " + res)
2788
2789 dev[0].set("dpp_config_processing", "2")
2790
a5387062 2791 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
8b4adc38
JM		 2792 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2793 cmd = "DPP_LISTEN 2462 role=enrollee"
2794 if "OK" not in dev[0].request(cmd):
2795 raise Exception("Failed to start listen operation")
2796
54c58f29 2797 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
8b4adc38
JM		 2798 if "status,COMPLETE" not in res:
2799 raise Exception("dev_exec_action did not succeed: " + res)
2800 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2801 res = sigma_dut_cmd(cmd)
2802 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2803 raise Exception("Unexpected result: " + res)
2804 dev[0].wait_connected()
2805 dev[0].request("DISCONNECT")
2806 dev[0].wait_disconnected()
2807 sigma_dut_cmd_check("ap_reset_default")
6923312d 2808
1743ddce
JM		 2809
2810def test_sigma_dut_ap_dpp_relay(dev, apdev, params):
2811 """sigma_dut DPP AP as Relay to Controller"""
2812 logdir = os.path.join(params['logdir'],
2813 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2814 with HWSimRadio() as (radio, iface):
2815 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2816 try:
2817 run_sigma_dut_ap_dpp_relay(dev, apdev)
2818 finally:
2819 stop_sigma_dut(sigma)
2820 dev[1].request("DPP_CONTROLLER_STOP")
2821
2822def run_sigma_dut_ap_dpp_relay(dev, apdev):
2823 check_dpp_capab(dev[0])
2824 check_dpp_capab(dev[1])
2825
2826 # Controller
2827 conf_id = dev[1].dpp_configurator_add()
2828 dev[1].set("dpp_configurator_params",
2829 " conf=sta-dpp configurator=%d" % conf_id)
2830 id_c = dev[1].dpp_bootstrap_gen()
2831 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2832 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
2833 pkhash = None
2834 for line in res.splitlines():
2835 name, value = line.split('=')
2836 if name == "pkhash":
2837 pkhash = value
2838 break
2839 if not pkhash:
2840 raise Exception("Could not fetch public key hash from Controller")
2841 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2842 raise Exception("Failed to start Controller")
2843
2844 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2845 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash)
2846 res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2847
2848 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
2849 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0])
2850
2851 sigma_dut_cmd_check("ap_reset_default")
2852
377d5f7c
JM		 2853def dpp_init_tcp_enrollee(dev, id1):
2854 logger.info("Starting DPP initiator/enrollee (TCP) in a thread")
2855 time.sleep(1)
2856 cmd = "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2857 if "OK" not in dev.request(cmd):
2858 raise Exception("Failed to initiate DPP Authentication")
2859 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2860 if ev is None:
2861 raise Exception("DPP configuration not completed (Enrollee)")
2862 logger.info("DPP initiator/enrollee done")
2863
2864def test_sigma_dut_dpp_tcp_conf_resp(dev, apdev):
2865 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2866 run_sigma_dut_dpp_tcp_conf_resp(dev)
2867
2868def run_sigma_dut_dpp_tcp_conf_resp(dev, status_query=False):
2869 check_dpp_capab(dev[0])
2870 check_dpp_capab(dev[1])
2871 sigma = start_sigma_dut(dev[0].ifname)
2872 try:
2873 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2874 res = sigma_dut_cmd(cmd)
2875 if "status,COMPLETE" not in res:
2876 raise Exception("dev_exec_action did not succeed: " + res)
2877 hex = res.split(',')[3]
2878 uri = from_hex(hex)
2879 logger.info("URI from sigma_dut: " + uri)
2880
2881 id1 = dev[1].dpp_qr_code(uri)
2882
2883 t = threading.Thread(target=dpp_init_tcp_enrollee, args=(dev[1], id1))
2884 t.start()
2885 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2886 if status_query:
2887 cmd += ",DPPStatusQuery,Yes"
2888 res = sigma_dut_cmd(cmd, timeout=10)
2889 t.join()
2890 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2891 raise Exception("Unexpected result: " + res)
2892 if status_query and "StatusResult,0" not in res:
2893 raise Exception("Status query did not succeed: " + res)
2894 finally:
2895 stop_sigma_dut(sigma)
2896
131c2600
JM		 2897def test_sigma_dut_dpp_tcp_enrollee_init(dev, apdev):
2898 """sigma_dut DPP TCP Enrollee as initiator"""
2899 check_dpp_capab(dev[0])
2900 check_dpp_capab(dev[1])
2901 sigma = start_sigma_dut(dev[0].ifname)
2902 try:
2903 # Controller
2904 conf_id = dev[1].dpp_configurator_add()
2905 dev[1].set("dpp_configurator_params",
2906 " conf=sta-dpp configurator=%d" % conf_id)
2907 id_c = dev[1].dpp_bootstrap_gen()
2908 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2909 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2910 raise Exception("Failed to start Controller")
2911
2912 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
2913 if "status,COMPLETE" not in res:
2914 raise Exception("dev_exec_action did not succeed: " + res)
2915
2916 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2917 res = sigma_dut_cmd(cmd, timeout=10)
2918 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2919 raise Exception("Unexpected result: " + res)
2920 finally:
2921 stop_sigma_dut(sigma)
2922 dev[1].request("DPP_CONTROLLER_STOP")
2923
6923312d
JM		 2924def test_sigma_dut_preconfigured_profile(dev, apdev):
2925 """sigma_dut controlled connection using preconfigured profile"""
2926 try:
2927 run_sigma_dut_preconfigured_profile(dev, apdev)
2928 finally:
2929 dev[0].set("ignore_old_scan_res", "0")
2930
2931def run_sigma_dut_preconfigured_profile(dev, apdev):
2932 ifname = dev[0].ifname
2933 sigma = start_sigma_dut(ifname)
2934
991e6b9e
JM		 2935 try:
2936 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2937 hapd = hostapd.add_ap(apdev[0], params)
2938 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2939 only_add_network=True)
6923312d 2940
991e6b9e 2941 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2be27869
JM		 2942 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"),
2943 timeout=10)
991e6b9e
JM		 2944 sigma_dut_wait_connected(ifname)
2945 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2946 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2947 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2948 finally:
2949 stop_sigma_dut(sigma)
ce83008c
JM		 2950
2951def test_sigma_dut_wps_pbc(dev, apdev):
2952 """sigma_dut and WPS PBC Enrollee"""
2953 try:
2954 run_sigma_dut_wps_pbc(dev, apdev)
2955 finally:
2956 dev[0].set("ignore_old_scan_res", "0")
2957
2958def run_sigma_dut_wps_pbc(dev, apdev):
2959 ssid = "test-wps-conf"
2960 hapd = hostapd.add_ap(apdev[0],
fab49f61
JM		 2961 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2962 "wpa_passphrase": "12345678", "wpa": "2",
2963 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
ce83008c
JM		 2964 hapd.request("WPS_PBC")
2965
2966 ifname = dev[0].ifname
2967 sigma = start_sigma_dut(ifname)
2968
991e6b9e
JM		 2969 try:
2970 cmd = "start_wps_registration,interface,%s" % ifname
2971 cmd += ",WpsRole,Enrollee"
2972 cmd += ",WpsConfigMethod,PBC"
2973 sigma_dut_cmd_check(cmd, timeout=15)
ce83008c 2974
991e6b9e
JM		 2975 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2976 hapd.disable()
2977 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2978 finally:
2979 stop_sigma_dut(sigma)
ce83008c 2980 dev[0].flush_scan_cache()
7e526fa7
JM		 2981
2982def test_sigma_dut_sta_scan_bss(dev, apdev):
2983 """sigma_dut sta_scan_bss"""
fab49f61 2984 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
7e526fa7
JM		 2985 sigma = start_sigma_dut(dev[0].ifname)
2986 try:
2987 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2988 hapd.own_addr())
2989 res = sigma_dut_cmd(cmd, timeout=10)
2990 if "ssid,test,bsschannel,1" not in res:
2991 raise Exception("Unexpected result: " + res)
2992 finally:
2993 stop_sigma_dut(sigma)
b1e11877 2994
74cb18c6
JM		 2995def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2996 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2997 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2998 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
f0b6b23f 2999 sigma = start_sigma_dut(dev[0].ifname)
74cb18c6
JM		 3000 try:
3001 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
3002 res = sigma_dut_cmd(cmd, timeout=10)
3003 if "abcdef" not in res or "qwerty" not in res:
3004 raise Exception("Unexpected result: " + res)
3005 finally:
3006 stop_sigma_dut(sigma)
3007
634bc4e6
JM		 3008def test_sigma_dut_sta_scan_short_ssid(dev, apdev):
3009 """sigma_dut sta_scan ShortSSID"""
3010 dev[0].flush_scan_cache()
3011 ssid = "test-short-ssid-list"
3012 hapd = hostapd.add_ap(apdev[0], {"ssid": ssid,
3013 "ignore_broadcast_ssid": "1"})
3014 bssid = apdev[0]['bssid']
3015 payload = struct.pack('>L', binascii.crc32(ssid.encode()))
3016 val = binascii.hexlify(payload).decode()
3017 sigma = start_sigma_dut(dev[0].ifname)
3018 found = False
3019 try:
3020 cmd = "sta_scan,Interface,%s,ChnlFreq,2412,ShortSSID,%s" % (dev[0].ifname, val)
3021 for i in range(10):
3022 sigma_dut_cmd_check(cmd, timeout=5)
3023 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
3024 if ev is None:
3025 raise Exception("Scan did not complete")
3026 if bssid in dev[0].request("SCAN_RESULTS"):
3027 found = True
3028 break
3029 finally:
3030 stop_sigma_dut(sigma)
3031 dev[0].request("VENDOR_ELEM_REMOVE 14 *")
3032
3033 if not found:
3034 raise Exception("AP not found in scan results")
3035
0beb6c2f
JM		 3036def test_sigma_dut_ap_osen(dev, apdev, params):
3037 """sigma_dut controlled AP with OSEN"""
3038 logdir = os.path.join(params['logdir'],
3039 "sigma_dut_ap_osen.sigma-hostapd")
3040 with HWSimRadio() as (radio, iface):
3041 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3042 try:
3043 sigma_dut_cmd_check("ap_reset_default")
3044 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3045 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3046 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
3047 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3048
3049 # RSN-OSEN (for OSU)
3050 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
3051 pairwise="CCMP", group="GTK_NOT_USED",
3052 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
3053 ca_cert="auth_serv/ca.pem", scan_freq="2412")
3054
3055 sigma_dut_cmd_check("ap_reset_default")
3056 finally:
3057 stop_sigma_dut(sigma)
3058
b1e11877
JM		 3059def test_sigma_dut_ap_eap_osen(dev, apdev, params):
3060 """sigma_dut controlled AP with EAP+OSEN"""
3061 logdir = os.path.join(params['logdir'],
3062 "sigma_dut_ap_eap_osen.sigma-hostapd")
3063 with HWSimRadio() as (radio, iface):
4902eb04 3064 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
b1e11877
JM		 3065 try:
3066 sigma_dut_cmd_check("ap_reset_default")
3067 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3068 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3069 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
3070 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3071
4902eb04
JM		 3072 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
3073 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
3074
b1e11877
JM		 3075 # RSN-OSEN (for OSU)
3076 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
3077 pairwise="CCMP",
3078 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
3079 ca_cert="auth_serv/ca.pem", ieee80211w='2',
3080 scan_freq="2412")
3081 # RSN-EAP (for data connection)
3082 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
3083 identity="hs20-test", password="password",
3084 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
3085 ieee80211w='2', scan_freq="2412")
3086
4902eb04
JM		 3087 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
3088 success_expected=False, timeout=1)
3089
b1e11877
JM		 3090 sigma_dut_cmd_check("ap_reset_default")
3091 finally:
3092 stop_sigma_dut(sigma)
4902eb04
JM		 3093 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3094 stderr=open('/dev/null', 'w'))
3095 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3096 stderr=open('/dev/null', 'w'))
63add34e
JM		 3097
3098def test_sigma_dut_ap_eap(dev, apdev, params):
3099 """sigma_dut controlled AP WPA2-Enterprise"""
3100 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
3101 with HWSimRadio() as (radio, iface):
f0b6b23f 3102 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
63add34e
JM		 3103 try:
3104 sigma_dut_cmd_check("ap_reset_default")
3105 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3106 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3107 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
3108 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3109
3110 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
3111 identity="gpsk user",
3112 password="abcdefghijklmnop0123456789abcdef",
3113 scan_freq="2412")
3114
3115 sigma_dut_cmd_check("ap_reset_default")
3116 finally:
3117 stop_sigma_dut(sigma)
3118
3119def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
3120 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
3121 logdir = os.path.join(params['logdir'],
3122 "sigma_dut_ap_eap_sha256.sigma-hostapd")
3123 with HWSimRadio() as (radio, iface):
f0b6b23f 3124 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
63add34e
JM		 3125 try:
3126 sigma_dut_cmd_check("ap_reset_default")
3127 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3128 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3129 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
3130 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3131
3132 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
3133 identity="gpsk user",
3134 password="abcdefghijklmnop0123456789abcdef",
3135 scan_freq="2412")
3136
3137 sigma_dut_cmd_check("ap_reset_default")
3138 finally:
3139 stop_sigma_dut(sigma)
3140
3141def test_sigma_dut_ap_ft_eap(dev, apdev, params):
3142 """sigma_dut controlled AP FT-EAP"""
3143 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
3144 with HWSimRadio() as (radio, iface):
f0b6b23f 3145 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
63add34e
JM		 3146 try:
3147 sigma_dut_cmd_check("ap_reset_default")
3148 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3149 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3150 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
3151 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3152
3153 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
3154 identity="gpsk user",
3155 password="abcdefghijklmnop0123456789abcdef",
3156 scan_freq="2412")
3157
3158 sigma_dut_cmd_check("ap_reset_default")
3159 finally:
3160 stop_sigma_dut(sigma)
3161
3162def test_sigma_dut_ap_ft_psk(dev, apdev, params):
3163 """sigma_dut controlled AP FT-PSK"""
3164 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
3165 with HWSimRadio() as (radio, iface):
f0b6b23f 3166 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
63add34e
JM		 3167 try:
3168 sigma_dut_cmd_check("ap_reset_default")
3169 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3170 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3171 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3172
3173 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
3174 scan_freq="2412")
3175
3176 sigma_dut_cmd_check("ap_reset_default")
3177 finally:
3178 stop_sigma_dut(sigma)
3179
5a7af3a3
JM		 3180def test_sigma_dut_ap_ft_over_ds_psk(dev, apdev, params):
3181 """sigma_dut controlled AP FT-PSK (over-DS)"""
3182 logdir = os.path.join(params['logdir'],
3183 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
3184 conffile = os.path.join(params['logdir'],
3185 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
3186 with HWSimRadio() as (radio, iface):
f0b6b23f 3187 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
5a7af3a3
JM		 3188 try:
3189 sigma_dut_cmd_check("ap_reset_default")
3190 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
3191 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3192 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3193
3194 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3195 with open(conffile, "wb") as f2:
3196 f2.write(f.read())
3197
3198 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
3199 scan_freq="2412")
3200
3201 sigma_dut_cmd_check("ap_reset_default")
3202 finally:
3203 stop_sigma_dut(sigma)
3204
63add34e
JM		 3205def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
3206 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
3207 logdir = os.path.join(params['logdir'],
3208 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
3209 with HWSimRadio() as (radio, iface):
f0b6b23f 3210 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
63add34e
JM		 3211 try:
3212 sigma_dut_cmd_check("ap_reset_default")
3213 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3214 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3215 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
3216 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3217
3218 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
3219 identity="gpsk user",
3220 password="abcdefghijklmnop0123456789abcdef",
3221 scan_freq="2412")
3222 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
3223 identity="gpsk user",
3224 password="abcdefghijklmnop0123456789abcdef",
3225 scan_freq="2412")
3226
3227 sigma_dut_cmd_check("ap_reset_default")
3228 finally:
3229 stop_sigma_dut(sigma)
dc60d564
JM		 3230
3231def test_sigma_dut_venue_url(dev, apdev):
3232 """sigma_dut controlled Venue URL fetch"""
3233 try:
3234 run_sigma_dut_venue_url(dev, apdev)
3235 finally:
3236 dev[0].set("ignore_old_scan_res", "0")
3237
3238def run_sigma_dut_venue_url(dev, apdev):
3239 ifname = dev[0].ifname
f0b6b23f 3240 sigma = start_sigma_dut(ifname)
dc60d564 3241
991e6b9e
JM		 3242 try:
3243 ssid = "venue"
3244 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3245 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3246 params["ieee80211w"] = "2"
dc60d564 3247
991e6b9e
JM		 3248 venue_group = 1
3249 venue_type = 13
3250 venue_info = struct.pack('BB', venue_group, venue_type)
3251 lang1 = "eng"
3252 name1 = "Example venue"
3253 lang2 = "fin"
3254 name2 = "Esimerkkipaikka"
3255 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
3256 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
3257 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
3258
3259 url1 = "http://example.com/venue"
3260 url2 = "https://example.org/venue-info/"
3261 params["venue_group"] = str(venue_group)
3262 params["venue_type"] = str(venue_type)
3263 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
3264 params["venue_url"] = ["1:" + url1, "2:" + url2]
dc60d564 3265
991e6b9e 3266 hapd = hostapd.add_ap(apdev[0], params)
dc60d564 3267
991e6b9e
JM		 3268 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
3269 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3270 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
2be27869
JM		 3271 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"),
3272 timeout=10)
991e6b9e
JM		 3273 sigma_dut_wait_connected(ifname)
3274 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3275 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
3276 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3277 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3278 finally:
3279 stop_sigma_dut(sigma)
31157568
JM		 3280
3281def test_sigma_dut_hs20_assoc_24(dev, apdev):
3282 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3283 run_sigma_dut_hs20_assoc(dev, apdev, True)
3284
3285def test_sigma_dut_hs20_assoc_5(dev, apdev):
3286 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3287 run_sigma_dut_hs20_assoc(dev, apdev, False)
3288
3289def run_sigma_dut_hs20_assoc(dev, apdev, band24):
3290 hapd0 = None
3291 hapd1 = None
3292 try:
3293 bssid0 = apdev[0]['bssid']
3294 params = hs20_ap_params()
3295 params['hessid'] = bssid0
3296 hapd0 = hostapd.add_ap(apdev[0], params)
3297
3298 bssid1 = apdev[1]['bssid']
3299 params = hs20_ap_params()
3300 params['hessid'] = bssid0
3301 params["hw_mode"] = "a"
3302 params["channel"] = "36"
3303 params["country_code"] = "US"
3304 hapd1 = hostapd.add_ap(apdev[1], params)
3305
3306 band = "2.4" if band24 else "5"
3307 exp_bssid = bssid0 if band24 else bssid1
3308 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
3309 finally:
3310 dev[0].request("DISCONNECT")
3311 if hapd0:
3312 hapd0.request("DISABLE")
3313 if hapd1:
3314 hapd1.request("DISABLE")
3315 subprocess.call(['iw', 'reg', 'set', '00'])
3316 dev[0].flush_scan_cache()
3317
3318def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
3319 check_eap_capa(dev[0], "MSCHAPV2")
3320 dev[0].flush_scan_cache()
3321
3322 ifname = dev[0].ifname
f0b6b23f 3323 sigma = start_sigma_dut(ifname)
31157568 3324
991e6b9e
JM		 3325 try:
3326 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
3327 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3328 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
3329 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
3330 timeout=15)
3331 sigma_dut_wait_connected(ifname)
3332 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3333 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3334 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3335 finally:
3336 stop_sigma_dut(sigma)
31157568
JM		 3337
3338 if "BSSID," + expect_bssid not in res:
3339 raise Exception("Unexpected BSSID: " + res)
e7869a66
JM		 3340
3341def test_sigma_dut_ap_hs20(dev, apdev, params):
3342 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3343 logdir = os.path.join(params['logdir'],
3344 "sigma_dut_ap_hs20.sigma-hostapd")
37df1775
JM		 3345 conffile = os.path.join(params['logdir'],
3346 "sigma_dut_ap_hs20.sigma-conf")
e7869a66 3347 with HWSimRadio() as (radio, iface):
f0b6b23f 3348 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
e7869a66
JM		 3349 try:
3350 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3351 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3352 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3353 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3354 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
b583907b 3355 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
e7869a66
JM		 3356 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3357 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3358 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3359 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3360 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3361 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
524b963c 3362 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
e7869a66
JM		 3363 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3364
37df1775
JM		 3365 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3366 with open(conffile, "wb") as f2:
3367 f2.write(f.read())
e7869a66
JM		 3368
3369 sigma_dut_cmd_check("ap_reset_default")
3370 finally:
3371 stop_sigma_dut(sigma)
4068d683
JM		 3372
3373def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
3374 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3375 logdir = params['logdir']
3376
3377 with open("auth_serv/ca.pem", "r") as f:
3378 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
3379 "w") as f2:
3380 f2.write(f.read())
3381
3382 src = "auth_serv/server.pem"
3383 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
3384 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3385 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3386 "-outform", "DER"],
3387 stderr=open('/dev/null', 'w'))
3388 with open(dst, "rb") as f:
3389 der = f.read()
3390 hash = hashlib.sha256(der).digest()
3391 with open(hashdst, "w") as f:
3392 f.write(binascii.hexlify(hash).decode())
3393
3394 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3395 with open(dst, "w") as f:
3396 f.write(32*"00")
3397
3398 ssid = "test-wpa2-eap"
3399 params = hostapd.wpa2_eap_params(ssid=ssid)
3400 hapd = hostapd.add_ap(apdev[0], params)
3401
3402 ifname = dev[0].ifname
f0b6b23f 3403 sigma = start_sigma_dut(ifname, cert_path=logdir)
4068d683
JM		 3404
3405 try:
3406 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
3407
3408 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3409 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3410 sigma_dut_cmd_check(cmd)
2be27869
JM		 3411 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3412 timeout=10)
4068d683
JM		 3413 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3414 if ev is None:
3415 raise Exception("Server certificate error not reported")
3416
3417 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3418 if "ServerCertTrustResult,Accepted" not in res:
3419 raise Exception("Server certificate trust was not accepted")
3420 sigma_dut_wait_connected(ifname)
3421 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3422 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3423 dev[0].dump_monitor()
3424 finally:
3425 stop_sigma_dut(sigma)
3426
3427def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
263c0cbd
JM		 3428 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3429 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
3430
3431def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
3432 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3433 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
3434
3435def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
4068d683
JM		 3436 logdir = params['logdir']
3437
263c0cbd
JM		 3438 name = "sigma_dut_eap_ttls_uosc_tod"
3439 if tofu:
3440 name += "_tofu"
4068d683 3441 with open("auth_serv/ca.pem", "r") as f:
263c0cbd 3442 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
4068d683
JM		 3443 f2.write(f.read())
3444
263c0cbd
JM		 3445 if tofu:
3446 src = "auth_serv/server-certpol2.pem"
3447 else:
3448 src = "auth_serv/server-certpol.pem"
3449 dst = os.path.join(logdir, name + ".server.der")
3450 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
4068d683
JM		 3451 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3452 "-outform", "DER"],
3453 stderr=open('/dev/null', 'w'))
3454 with open(dst, "rb") as f:
3455 der = f.read()
3456 hash = hashlib.sha256(der).digest()
3457 with open(hashdst, "w") as f:
3458 f.write(binascii.hexlify(hash).decode())
3459
4068d683
JM		 3460 ssid = "test-wpa2-eap"
3461 params = int_eap_server_params()
3462 params["ssid"] = ssid
263c0cbd
JM		 3463 if tofu:
3464 params["server_cert"] = "auth_serv/server-certpol2.pem"
3465 params["private_key"] = "auth_serv/server-certpol2.key"
3466 else:
3467 params["server_cert"] = "auth_serv/server-certpol.pem"
3468 params["private_key"] = "auth_serv/server-certpol.key"
4068d683
JM		 3469 hapd = hostapd.add_ap(apdev[0], params)
3470
3471 ifname = dev[0].ifname
f0b6b23f 3472 sigma = start_sigma_dut(ifname, cert_path=logdir)
4068d683
JM		 3473
3474 try:
263c0cbd 3475 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
4068d683
JM		 3476 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3477 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3478 sigma_dut_cmd_check(cmd)
2be27869
JM		 3479 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3480 timeout=10)
4068d683
JM		 3481 sigma_dut_wait_connected(ifname)
3482 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3483 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
3484 dev[0].wait_disconnected()
3485 dev[0].dump_monitor()
3486
3487 hapd.disable()
3488 params = hostapd.wpa2_eap_params(ssid=ssid)
3489 hapd = hostapd.add_ap(apdev[0], params)
3490
2be27869
JM		 3491 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3492 timeout=10)
4068d683
JM		 3493 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3494 if ev is None:
3495 raise Exception("Server certificate error not reported")
3496
3497 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3498 if "ServerCertTrustResult,Accepted" in res:
3499 raise Exception("Server certificate trust override was accepted unexpectedly")
3500 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3501 dev[0].dump_monitor()
3502 finally:
3503 stop_sigma_dut(sigma)
df5dc878 3504
35337b44
JM		 3505def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
3506 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3507 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
3508
3509def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
3510 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3511 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
3512
3513def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
3514 logdir = params['logdir']
3515
3516 name = "sigma_dut_eap_ttls_uosc_initial_tod"
3517 if tofu:
3518 name += "_tofu"
3519 with open("auth_serv/rsa3072-ca.pem", "r") as f:
3520 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3521 f2.write(f.read())
3522
3523 if tofu:
3524 src = "auth_serv/server-certpol2.pem"
3525 else:
3526 src = "auth_serv/server-certpol.pem"
3527 dst = os.path.join(logdir, name + ".server.der")
3528 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3529 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3530 "-outform", "DER"],
3531 stderr=open('/dev/null', 'w'))
3532 with open(dst, "rb") as f:
3533 der = f.read()
3534 hash = hashlib.sha256(der).digest()
3535 with open(hashdst, "w") as f:
3536 f.write(binascii.hexlify(hash).decode())
3537
3538 ssid = "test-wpa2-eap"
3539 params = int_eap_server_params()
3540 params["ssid"] = ssid
3541 if tofu:
3542 params["server_cert"] = "auth_serv/server-certpol2.pem"
3543 params["private_key"] = "auth_serv/server-certpol2.key"
3544 else:
3545 params["server_cert"] = "auth_serv/server-certpol.pem"
3546 params["private_key"] = "auth_serv/server-certpol.key"
3547 hapd = hostapd.add_ap(apdev[0], params)
3548
3549 ifname = dev[0].ifname
f0b6b23f 3550 sigma = start_sigma_dut(ifname, cert_path=logdir)
35337b44
JM		 3551
3552 try:
3553 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
3554 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3555 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3556 sigma_dut_cmd_check(cmd)
2be27869
JM		 3557 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3558 timeout=10)
35337b44
JM		 3559 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
3560 if ev is None:
3561 raise Exception("Server certificate validation failure not reported")
3562
3563 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3564 if not tofu and "ServerCertTrustResult,Accepted" in res:
3565 raise Exception("Server certificate trust override was accepted unexpectedly")
3566 if tofu and "ServerCertTrustResult,Accepted" not in res:
3567 raise Exception("Server certificate trust override was not accepted")
3568 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3569 dev[0].dump_monitor()
3570 finally:
3571 stop_sigma_dut(sigma)
3572
df5dc878
JM		 3573def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
3574 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
0c00679b 3575 check_domain_suffix_match(dev[0])
df5dc878
JM		 3576 logdir = params['logdir']
3577
3578 with open("auth_serv/ca.pem", "r") as f:
3579 with open(os.path.join(logdir,
3580 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3581 "w") as f2:
3582 f2.write(f.read())
3583
3584 ssid = "test-wpa2-eap"
3585 params = int_eap_server_params()
3586 params["ssid"] = ssid
3587 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3588 params["server_cert"] = "auth_serv/rsa3072-server.pem"
3589 params["private_key"] = "auth_serv/rsa3072-server.key"
3590 hapd = hostapd.add_ap(apdev[0], params)
3591
3592 ifname = dev[0].ifname
f0b6b23f 3593 sigma = start_sigma_dut(ifname, cert_path=logdir)
df5dc878
JM		 3594
3595 try:
3596 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
3597 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3598 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3599 sigma_dut_cmd_check(cmd)
2be27869
JM		 3600 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3601 timeout=10)
df5dc878
JM		 3602 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3603 if ev is None:
3604 raise Exception("Server certificate error not reported")
3605
3606 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3607 if "ServerCertTrustResult,Accepted" not in res:
3608 raise Exception("Server certificate trust was not accepted")
3609 sigma_dut_wait_connected(ifname)
3610 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3611 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3612 dev[0].dump_monitor()
3613 finally:
3614 stop_sigma_dut(sigma)
5632b071
JM		 3615
3616def start_sae_pwe_ap(apdev, sae_pwe):
3617 ssid = "test-sae"
3618 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3619 params['wpa_key_mgmt'] = 'SAE'
3620 params["ieee80211w"] = "2"
3621 params['sae_groups'] = '19'
3622 params['sae_pwe'] = str(sae_pwe)
3623 return hostapd.add_ap(apdev, params)
3624
3625def connect_sae_pwe_sta(dev, ifname, extra=None):
3626 dev.dump_monitor()
3627 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3628 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3629 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3630 if extra:
3631 cmd += "," + extra
3632 sigma_dut_cmd_check(cmd)
2be27869
JM		 3633 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3634 timeout=10)
5632b071
JM		 3635 sigma_dut_wait_connected(ifname)
3636 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3637 dev.wait_disconnected()
3638 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3639 dev.dump_monitor()
3640
3641def no_connect_sae_pwe_sta(dev, ifname, extra=None):
3642 dev.dump_monitor()
3643 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3644 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3645 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3646 if extra:
3647 cmd += "," + extra
3648 sigma_dut_cmd_check(cmd)
2be27869
JM		 3649 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3650 timeout=10)
5632b071
JM		 3651 ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
3652 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3653 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3654 raise Exception("Unexpected connection result")
3655 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3656 dev.dump_monitor()
3657
3658def test_sigma_dut_sae_h2e(dev, apdev):
3659 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3660 if "SAE" not in dev[0].get_capability("auth_alg"):
3661 raise HwsimSkip("SAE not supported")
3662
3663 start_sae_pwe_ap(apdev[0], 2)
3664
3665 ifname = dev[0].ifname
f0b6b23f 3666 sigma = start_sigma_dut(ifname, sae_h2e=True)
5632b071
JM		 3667 try:
3668 connect_sae_pwe_sta(dev[0], ifname)
3669 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3670 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3671 res = sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname, "test-sae", "12345678"))
3672 if res != "status,ERROR,errorCode,Unsupported sae_pwe value":
3673 raise Exception("Unexpected error result: " + res)
3674 finally:
3675 stop_sigma_dut(sigma)
ee275671 3676 dev[0].set("sae_pwe", "0")
5632b071
JM		 3677
3678def test_sigma_dut_sae_h2e_ap_loop(dev, apdev):
3679 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3680 if "SAE" not in dev[0].get_capability("auth_alg"):
3681 raise HwsimSkip("SAE not supported")
3682
3683 start_sae_pwe_ap(apdev[0], 0)
3684
3685 ifname = dev[0].ifname
f0b6b23f 3686 sigma = start_sigma_dut(ifname, sae_h2e=True)
5632b071
JM		 3687 try:
3688 connect_sae_pwe_sta(dev[0], ifname)
3689 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3690 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3691 finally:
3692 stop_sigma_dut(sigma)
ee275671 3693 dev[0].set("sae_pwe", "0")
5632b071
JM		 3694
3695def test_sigma_dut_sae_h2e_ap_h2e(dev, apdev):
3696 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3697 if "SAE" not in dev[0].get_capability("auth_alg"):
3698 raise HwsimSkip("SAE not supported")
3699
3700 start_sae_pwe_ap(apdev[0], 1)
3701
3702 ifname = dev[0].ifname
f0b6b23f 3703 sigma = start_sigma_dut(ifname, sae_h2e=True)
5632b071
JM		 3704 try:
3705 connect_sae_pwe_sta(dev[0], ifname)
3706 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3707 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3708 finally:
3709 stop_sigma_dut(sigma)
ee275671 3710 dev[0].set("sae_pwe", "0")
5632b071
JM		 3711
3712def test_sigma_dut_ap_sae_h2e(dev, apdev, params):
3713 """sigma_dut controlled AP with SAE H2E"""
3714 logdir = os.path.join(params['logdir'],
3715 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3716 if "SAE" not in dev[0].get_capability("auth_alg"):
3717 raise HwsimSkip("SAE not supported")
3718 with HWSimRadio() as (radio, iface):
f0b6b23f 3719 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
5632b071
JM		 3720 try:
3721 sigma_dut_cmd_check("ap_reset_default")
3722 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3723 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3724 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3725
3726 for sae_pwe in [0, 1, 2]:
3727 dev[0].request("SET sae_groups ")
3728 dev[0].set("sae_pwe", str(sae_pwe))
3729 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3730 ieee80211w="2", scan_freq="2412")
3731 dev[0].request("REMOVE_NETWORK all")
3732 dev[0].wait_disconnected()
3733 dev[0].dump_monitor()
3734
3735 sigma_dut_cmd_check("ap_reset_default")
3736 finally:
3737 stop_sigma_dut(sigma)
3738 dev[0].set("sae_pwe", "0")
3739
3740def test_sigma_dut_ap_sae_h2e_only(dev, apdev, params):
3741 """sigma_dut controlled AP with SAE H2E-only"""
3742 logdir = os.path.join(params['logdir'],
3743 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3744 if "SAE" not in dev[0].get_capability("auth_alg"):
3745 raise HwsimSkip("SAE not supported")
3746 with HWSimRadio() as (radio, iface):
f0b6b23f 3747 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
5632b071
JM		 3748 try:
3749 sigma_dut_cmd_check("ap_reset_default")
3750 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3751 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3752 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3753
3754 dev[0].request("SET sae_groups ")
3755 dev[0].set("sae_pwe", "1")
3756 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3757 ieee80211w="2", scan_freq="2412")
3758 dev[0].request("REMOVE_NETWORK all")
3759 dev[0].wait_disconnected()
3760 dev[0].dump_monitor()
3761
3762 dev[0].set("sae_pwe", "0")
3763 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3764 ieee80211w="2", scan_freq="2412", wait_connect=False)
3765 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3766 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3767 dev[0].request("DISCONNECT")
3768 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3769 raise Exception("Unexpected connection result")
3770
3771 sigma_dut_cmd_check("ap_reset_default")
3772 finally:
3773 stop_sigma_dut(sigma)
3774 dev[0].set("sae_pwe", "0")
3775
3776def test_sigma_dut_ap_sae_loop_only(dev, apdev, params):
3777 """sigma_dut controlled AP with SAE looping-only"""
3778 logdir = os.path.join(params['logdir'],
3779 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3780 if "SAE" not in dev[0].get_capability("auth_alg"):
3781 raise HwsimSkip("SAE not supported")
3782 with HWSimRadio() as (radio, iface):
f0b6b23f 3783 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
5632b071
JM		 3784 try:
3785 sigma_dut_cmd_check("ap_reset_default")
3786 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3787 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3788 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3789
3790 dev[0].request("SET sae_groups ")
3791 dev[0].set("sae_pwe", "0")
3792 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3793 ieee80211w="2", scan_freq="2412")
3794 dev[0].request("REMOVE_NETWORK all")
3795 dev[0].wait_disconnected()
3796 dev[0].dump_monitor()
3797
3798 dev[0].set("sae_pwe", "1")
3799 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3800 ieee80211w="2", scan_freq="2412", wait_connect=False)
3801 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3802 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3803 dev[0].request("DISCONNECT")
3804 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3805 raise Exception("Unexpected connection result")
3806
3807 sigma_dut_cmd_check("ap_reset_default")
3808 finally:
3809 stop_sigma_dut(sigma)
3810 dev[0].set("sae_pwe", "0")
4d16d7cc
JM		 3811
3812def test_sigma_dut_sae_h2e_loop_forcing(dev, apdev):
3813 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3814 if "SAE" not in dev[0].get_capability("auth_alg"):
3815 raise HwsimSkip("SAE not supported")
3816
3817 ssid = "test-sae"
3818 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3819 params['wpa_key_mgmt'] = 'SAE'
3820 params["ieee80211w"] = "2"
3821 params['sae_pwe'] = '1'
3822 hapd = hostapd.add_ap(apdev[0], params)
3823
3824 ifname = dev[0].ifname
7327f0fa 3825 sigma = start_sigma_dut(ifname)
4d16d7cc 3826 try:
4d16d7cc
JM		 3827 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3828 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3829 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname, "test-sae", "12345678"))
2be27869
JM		 3830 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3831 timeout=10)
4d16d7cc
JM		 3832 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3833 if ev is None:
3834 raise Exception("No authentication attempt reported")
3835 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3836 if ev is not None:
3837 raise Exception("Unexpected connection reported")
3838 finally:
3839 stop_sigma_dut(sigma)
dedd8f33
JM		 3840
3841def test_sigma_dut_sae_h2e_enabled_group_rejected(dev, apdev):
3842 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3843 if "SAE" not in dev[0].get_capability("auth_alg"):
3844 raise HwsimSkip("SAE not supported")
3845
3846 ssid = "test-sae"
3847 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3848 params['wpa_key_mgmt'] = 'SAE'
3849 params["ieee80211w"] = "2"
3850 params['sae_groups'] = "19 20"
3851 params['sae_pwe'] = '1'
3852 hapd = hostapd.add_ap(apdev[0], params)
3853
3854 ifname = dev[0].ifname
7327f0fa 3855 sigma = start_sigma_dut(ifname, sae_h2e=True)
dedd8f33 3856 try:
dedd8f33
JM		 3857 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3858 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3859 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname, "test-sae", "12345678"))
2be27869
JM		 3860 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3861 timeout=10)
dedd8f33
JM		 3862 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3863 if ev is None:
3864 raise Exception("No authentication attempt reported")
3865 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3866 if ev is not None:
3867 raise Exception("Unexpected connection reported")
3868 finally:
3869 stop_sigma_dut(sigma)
49ac2466
JM		 3870
3871def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev, apdev):
3872 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3873 if "SAE" not in dev[0].get_capability("auth_alg"):
3874 raise HwsimSkip("SAE not supported")
3875
3876 ssid = "test-sae"
3877 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3878 params['wpa_key_mgmt'] = 'SAE'
3879 params["ieee80211w"] = "2"
3880 params['sae_groups'] = "19"
3881 params['sae_pwe'] = '1'
3882 hapd = hostapd.add_ap(apdev[0], params)
3883
3884 ifname = dev[0].ifname
7327f0fa 3885 sigma = start_sigma_dut(ifname, sae_h2e=True)
49ac2466 3886 try:
49ac2466
JM		 3887 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3888 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3889 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname, "test-sae", "12345678"))
2be27869
JM		 3890 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3891 timeout=10)
49ac2466
JM		 3892 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3893 if ev is None:
3894 raise Exception("No authentication attempt reported")
3895 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3896 if ev is not None:
3897 raise Exception("Unexpected connection reported")
3898 finally:
3899 stop_sigma_dut(sigma)
78e931e7 3900 dev[0].set("sae_pwe", "0")
2ca63f58
JM		 3901
3902def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev, apdev, params):
3903 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3904 logdir = os.path.join(params['logdir'],
3905 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3906 if "SAE" not in dev[0].get_capability("auth_alg"):
3907 raise HwsimSkip("SAE not supported")
3908 with HWSimRadio() as (radio, iface):
f0b6b23f 3909 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
2ca63f58
JM		 3910 try:
3911 sigma_dut_cmd_check("ap_reset_default")
3912 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3913 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3914 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3915
3916 dev[0].request("SET sae_groups ")
3917 dev[0].set("sae_pwe", "1")
3918 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3919 ieee80211w="2", scan_freq="2412", wait_connect=False)
3920 ev = dev[0].wait_event(["Associated with"], timeout=10)
3921 if ev is None:
3922 raise Exception("No indication of association seen")
3923 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3924 "CTRL-EVENT-DISCONNECTED"], timeout=10)
3925 dev[0].request("DISCONNECT")
3926 if ev is None:
3927 raise Exception("No disconnection seen")
3928 if "CTRL-EVENT-DISCONNECTED" not in ev:
3929 raise Exception("Unexpected connection")
3930
3931 sigma_dut_cmd_check("ap_reset_default")
3932 finally:
3933 stop_sigma_dut(sigma)
3934 dev[0].set("sae_pwe", "0")
fb3ef06d
JM		 3935
3936def test_sigma_dut_ap_sae_h2e_group_rejection(dev, apdev, params):
3937 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3938 logdir = os.path.join(params['logdir'],
3939 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3940 if "SAE" not in dev[0].get_capability("auth_alg"):
3941 raise HwsimSkip("SAE not supported")
3942 with HWSimRadio() as (radio, iface):
f0b6b23f 3943 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
fb3ef06d
JM		 3944 try:
3945 sigma_dut_cmd_check("ap_reset_default")
3946 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3947 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3948 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3949
3950 dev[0].request("SET sae_groups 21 20 19")
3951 dev[0].set("sae_pwe", "1")
3952 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3953 ieee80211w="2", scan_freq="2412")
3954 addr = dev[0].own_addr()
3955 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr)
3956 if "DHGroupVerResult,21 20" not in res:
3957 raise Exception("Unexpected dev_exec_action response: " + res)
3958
3959 sigma_dut_cmd_check("ap_reset_default")
3960 finally:
3961 stop_sigma_dut(sigma)
3962 dev[0].set("sae_pwe", "0")
54bc5db1
JM		 3963
3964def test_sigma_dut_ap_sae_h2e_anti_clogging(dev, apdev, params):
3965 """sigma_dut controlled AP with SAE H2E and anti-clogging token"""
3966 logdir = os.path.join(params['logdir'],
3967 "sigma_dut_ap_sae_h2e_anti_clogging.sigma-hostapd")
3968 if "SAE" not in dev[0].get_capability("auth_alg"):
3969 raise HwsimSkip("SAE not supported")
3970 with HWSimRadio() as (radio, iface):
3971 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3972 try:
3973 sigma_dut_cmd_check("ap_reset_default")
3974 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3975 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SAE,PSK,12345678,AntiCloggingThreshold,0")
3976 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3977
3978 dev[0].set("sae_groups", "")
3979 dev[0].set("sae_pwe", "2")
3980 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3981 ieee80211w="2", scan_freq="2412")
3982
3983 sigma_dut_cmd_check("ap_reset_default")
3984 finally:
3985 stop_sigma_dut(sigma)
3986 dev[0].set("sae_pwe", "0")
c557720e
JM		 3987
3988def test_sigma_dut_ap_5ghz(dev, apdev, params):
3989 """sigma_dut controlled AP on 5 GHz"""
3990 run_sigma_dut_ap_channel(dev, apdev, params, 36, '11na', 5180,
3991 check_signal="WIDTH=20 MHz")
3992
3993def test_sigma_dut_ap_ht40plus(dev, apdev, params):
3994 """sigma_dut controlled AP and HT40+"""
3995 run_sigma_dut_ap_channel(dev, apdev, params, 36, '11na', 5180,
3996 extra="width,40", check_signal="WIDTH=40 MHz")
3997
3998def test_sigma_dut_ap_ht40minus(dev, apdev, params):
3999 """sigma_dut controlled AP and HT40-"""
4000 run_sigma_dut_ap_channel(dev, apdev, params, 40, '11na', 5200,
4001 extra="width,40", check_signal="WIDTH=40 MHz")
4002
4003def test_sigma_dut_ap_vht40(dev, apdev, params):
4004 """sigma_dut controlled AP and VHT40"""
4005 run_sigma_dut_ap_channel(dev, apdev, params, 36, '11ac', 5180,
4006 extra="width,40", check_signal="WIDTH=40 MHz",
4007 program="VHT")
4008
4009def test_sigma_dut_ap_vht80(dev, apdev, params):
4010 """sigma_dut controlled AP and VHT80"""
4011 run_sigma_dut_ap_channel(dev, apdev, params, 36, '11ac', 5180,
4012 extra="width,80", check_signal="WIDTH=80 MHz",
4013 program="VHT")
4014
4015def run_sigma_dut_ap_channel(dev, apdev, params, channel, mode, scan_freq,
4016 extra=None, check_signal=None, program=None):
4017 logdir = params['prefix'] + ".sigma-hostapd"
4018 with HWSimRadio() as (radio, iface):
4019 subprocess.call(['iw', 'reg', 'set', 'US'])
4020 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
4021 try:
4022 cmd = "ap_reset_default"
4023 if program:
4024 cmd += ",program," + program
4025 sigma_dut_cmd_check(cmd)
4026 cmd = "ap_set_wireless,NAME,AP,CHANNEL,%d,SSID,test-psk,MODE,%s" % (channel, mode)
4027 if extra:
4028 cmd += "," + extra
4029 sigma_dut_cmd_check(cmd)
4030 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
4031 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
4032
4033 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
4034 with open(params['prefix'] + ".sigma-conf", "wb") as f2:
4035 f2.write(f.read())
4036
4037 dev[0].connect("test-psk", psk="12345678", scan_freq=str(scan_freq))
4038 sig = dev[0].request("SIGNAL_POLL")
4039 logger.info("SIGNAL_POLL:\n" + sig.strip())
4040 dev[0].request("DISCONNECT")
4041 dev[0].wait_disconnected()
4042
4043 sigma_dut_cmd_check("ap_reset_default")
4044
4045 if check_signal and check_signal not in sig:
4046 raise Exception("Unexpected SIGNAL_POLL data")
4047 finally:
4048 stop_sigma_dut(sigma)
4049 subprocess.call(['iw', 'reg', 'set', '00'])
4050 dev[0].flush_scan_cache()
Unnamed repository; edit this file 'description' to name the repository.