]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: sigma_dut and initial UOSC with TOD-STRICT/TOFU
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import binascii
9 import hashlib
10 import logging
11 logger = logging.getLogger()
12 import os
13 import socket
14 import struct
15 import subprocess
16 import threading
17 import time
18
19 import hostapd
20 from utils import HwsimSkip
21 from hwsim import HWSimRadio
22 import hwsim_utils
23 from test_dpp import check_dpp_capab, update_hapd_config
24 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
25 from test_ap_eap import check_eap_capa, int_eap_server_params
26 from test_ap_hs20 import hs20_ap_params
27
28 def check_sigma_dut():
29 if not os.path.exists("./sigma_dut"):
30 raise HwsimSkip("sigma_dut not available")
31
32 def to_hex(s):
33 return binascii.hexlify(s.encode()).decode()
34
35 def from_hex(s):
36 return binascii.unhexlify(s).decode()
37
38 def sigma_dut_cmd(cmd, port=9000, timeout=2):
39 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
40 socket.IPPROTO_TCP)
41 sock.settimeout(timeout)
42 addr = ('127.0.0.1', port)
43 sock.connect(addr)
44 sock.send(cmd.encode() + b"\r\n")
45 try:
46 res = sock.recv(1000).decode()
47 running = False
48 done = False
49 for line in res.splitlines():
50 if line.startswith("status,RUNNING"):
51 running = True
52 elif line.startswith("status,INVALID"):
53 done = True
54 elif line.startswith("status,ERROR"):
55 done = True
56 elif line.startswith("status,COMPLETE"):
57 done = True
58 if running and not done:
59 # Read the actual response
60 res = sock.recv(1000).decode()
61 except:
62 res = ''
63 pass
64 sock.close()
65 res = res.rstrip()
66 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
67 return res
68
69 def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
70 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
71 if "COMPLETE" not in res:
72 raise Exception("sigma_dut command failed: " + cmd)
73 return res
74
75 def start_sigma_dut(ifname, debug=False, hostapd_logdir=None, cert_path=None,
76 bridge=None):
77 check_sigma_dut()
78 cmd = ['./sigma_dut',
79 '-M', ifname,
80 '-S', ifname,
81 '-F', '../../hostapd/hostapd',
82 '-G',
83 '-w', '/var/run/wpa_supplicant/',
84 '-j', ifname]
85 if debug:
86 cmd += ['-d']
87 if hostapd_logdir:
88 cmd += ['-H', hostapd_logdir]
89 if cert_path:
90 cmd += ['-C', cert_path]
91 if bridge:
92 cmd += ['-b', bridge]
93 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
94 stderr=subprocess.PIPE)
95 for i in range(20):
96 try:
97 res = sigma_dut_cmd("HELLO")
98 break
99 except:
100 time.sleep(0.05)
101 return sigma
102
103 def stop_sigma_dut(sigma):
104 sigma.terminate()
105 sigma.wait()
106 out, err = sigma.communicate()
107 logger.debug("sigma_dut stdout: " + str(out.decode()))
108 logger.debug("sigma_dut stderr: " + str(err.decode()))
109
110 def sigma_dut_wait_connected(ifname):
111 for i in range(50):
112 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
113 if "connected,1" in res:
114 break
115 time.sleep(0.2)
116 if i == 49:
117 raise Exception("Connection did not complete")
118
119 def test_sigma_dut_basic(dev, apdev):
120 """sigma_dut basic functionality"""
121 sigma = start_sigma_dut(dev[0].ifname)
122
123 res = sigma_dut_cmd("UNKNOWN")
124 if "status,INVALID,errorCode,Unknown command" not in res:
125 raise Exception("Unexpected sigma_dut response to unknown command")
126
127 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
128 ("device_get_info", "status,COMPLETE,vendor"),
129 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
130 ("device_list_interfaces,interfaceType,802.11",
131 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
132 for cmd, response in tests:
133 res = sigma_dut_cmd(cmd)
134 if response not in res:
135 raise Exception("Unexpected %s response: %s" % (cmd, res))
136
137 stop_sigma_dut(sigma)
138
139 def test_sigma_dut_open(dev, apdev):
140 """sigma_dut controlled open network association"""
141 try:
142 run_sigma_dut_open(dev, apdev)
143 finally:
144 dev[0].set("ignore_old_scan_res", "0")
145
146 def run_sigma_dut_open(dev, apdev):
147 ifname = dev[0].ifname
148 sigma = start_sigma_dut(ifname)
149
150 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
151
152 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
153 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
154 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"))
155 sigma_dut_wait_connected(ifname)
156 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
157 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
158 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
159
160 stop_sigma_dut(sigma)
161
162 def test_sigma_dut_psk_pmf(dev, apdev):
163 """sigma_dut controlled PSK+PMF association"""
164 try:
165 run_sigma_dut_psk_pmf(dev, apdev)
166 finally:
167 dev[0].set("ignore_old_scan_res", "0")
168
169 def run_sigma_dut_psk_pmf(dev, apdev):
170 ifname = dev[0].ifname
171 sigma = start_sigma_dut(ifname)
172
173 ssid = "test-pmf-required"
174 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
175 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
176 params["ieee80211w"] = "2"
177 hapd = hostapd.add_ap(apdev[0], params)
178
179 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
180 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
181 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
182 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
183 sigma_dut_wait_connected(ifname)
184 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
185 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
186 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
187
188 stop_sigma_dut(sigma)
189
190 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
191 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
192 try:
193 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
194 finally:
195 dev[0].set("ignore_old_scan_res", "0")
196
197 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
198 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
199 try:
200 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
201 finally:
202 dev[0].set("ignore_old_scan_res", "0")
203
204 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
205 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
206 try:
207 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
208 finally:
209 dev[0].set("ignore_old_scan_res", "0")
210
211 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
212 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
213 try:
214 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
215 finally:
216 dev[0].set("ignore_old_scan_res", "0")
217
218 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
219 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
220 try:
221 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
222 failure=True)
223 finally:
224 dev[0].set("ignore_old_scan_res", "0")
225
226 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
227 failure=False):
228 ifname = dev[0].ifname
229 sigma = start_sigma_dut(ifname)
230
231 ssid = "test-pmf-required"
232 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
233 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
234 params["ieee80211w"] = "2"
235 params["group_mgmt_cipher"] = hostapd_cipher
236 hapd = hostapd.add_ap(apdev[0], params)
237
238 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
239 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
240 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
241 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
242 if failure:
243 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
244 "CTRL-EVENT-CONNECTED"], timeout=10)
245 if ev is None:
246 raise Exception("Network selection result not indicated")
247 if "CTRL-EVENT-CONNECTED" in ev:
248 raise Exception("Unexpected connection")
249 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
250 if "connected,1" in res:
251 raise Exception("Connection reported")
252 else:
253 sigma_dut_wait_connected(ifname)
254 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
255
256 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
257 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
258
259 stop_sigma_dut(sigma)
260
261 def test_sigma_dut_sae(dev, apdev):
262 """sigma_dut controlled SAE association"""
263 if "SAE" not in dev[0].get_capability("auth_alg"):
264 raise HwsimSkip("SAE not supported")
265
266 ifname = dev[0].ifname
267 sigma = start_sigma_dut(ifname)
268
269 ssid = "test-sae"
270 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
271 params['wpa_key_mgmt'] = 'SAE'
272 params["ieee80211w"] = "2"
273 params['sae_groups'] = '19 20 21'
274 hapd = hostapd.add_ap(apdev[0], params)
275
276 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
277 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
278 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
279 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
280 sigma_dut_wait_connected(ifname)
281 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
282 if dev[0].get_status_field('sae_group') != '19':
283 raise Exception("Expected default SAE group not used")
284 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
285
286 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
287
288 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
289 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
290 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
291 sigma_dut_wait_connected(ifname)
292 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
293 if dev[0].get_status_field('sae_group') != '20':
294 raise Exception("Expected SAE group not used")
295 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
296 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
297
298 stop_sigma_dut(sigma)
299
300 def test_sigma_dut_sae_password(dev, apdev):
301 """sigma_dut controlled SAE association and long password"""
302 if "SAE" not in dev[0].get_capability("auth_alg"):
303 raise HwsimSkip("SAE not supported")
304
305 ifname = dev[0].ifname
306 sigma = start_sigma_dut(ifname)
307
308 try:
309 ssid = "test-sae"
310 params = hostapd.wpa2_params(ssid=ssid)
311 params['sae_password'] = 100*'B'
312 params['wpa_key_mgmt'] = 'SAE'
313 params["ieee80211w"] = "2"
314 hapd = hostapd.add_ap(apdev[0], params)
315
316 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
317 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
318 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
319 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
320 sigma_dut_wait_connected(ifname)
321 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
322 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
323 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
324 finally:
325 stop_sigma_dut(sigma)
326
327 def test_sigma_dut_sae_pw_id(dev, apdev):
328 """sigma_dut controlled SAE association with Password Identifier"""
329 if "SAE" not in dev[0].get_capability("auth_alg"):
330 raise HwsimSkip("SAE not supported")
331
332 ifname = dev[0].ifname
333 sigma = start_sigma_dut(ifname, debug=True)
334
335 ssid = "test-sae"
336 params = hostapd.wpa2_params(ssid=ssid)
337 params['wpa_key_mgmt'] = 'SAE'
338 params["ieee80211w"] = "2"
339 params['sae_password'] = 'secret|id=pw id'
340 params['sae_groups'] = '19'
341 hapd = hostapd.add_ap(apdev[0], params)
342
343 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
344 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
345 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
346 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
347 sigma_dut_wait_connected(ifname)
348 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
349 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
350
351 stop_sigma_dut(sigma)
352
353 def test_sigma_dut_sae_pw_id_ft(dev, apdev):
354 """sigma_dut controlled SAE association with Password Identifier and FT"""
355 if "SAE" not in dev[0].get_capability("auth_alg"):
356 raise HwsimSkip("SAE not supported")
357
358 ifname = dev[0].ifname
359 sigma = start_sigma_dut(ifname, debug=True)
360
361 ssid = "test-sae"
362 params = hostapd.wpa2_params(ssid=ssid)
363 params['wpa_key_mgmt'] = 'SAE FT-SAE'
364 params["ieee80211w"] = "2"
365 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
366 params['mobility_domain'] = 'aabb'
367 params['ft_over_ds'] = '0'
368 bssid = apdev[0]['bssid'].replace(':', '')
369 params['nas_identifier'] = bssid + '.nas.example.com'
370 params['r1_key_holder'] = bssid
371 params['pmk_r1_push'] = '0'
372 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
373 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
374 hapd = hostapd.add_ap(apdev[0], params)
375
376 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
377 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
378 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
379 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
380 sigma_dut_wait_connected(ifname)
381
382 bssid = apdev[1]['bssid'].replace(':', '')
383 params['nas_identifier'] = bssid + '.nas.example.com'
384 params['r1_key_holder'] = bssid
385 hapd2 = hostapd.add_ap(apdev[1], params)
386 bssid = hapd2.own_addr()
387 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
388 dev[0].wait_connected()
389
390 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
391 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
392
393 stop_sigma_dut(sigma)
394
395 def test_sigma_dut_sta_override_rsne(dev, apdev):
396 """sigma_dut and RSNE override on STA"""
397 try:
398 run_sigma_dut_sta_override_rsne(dev, apdev)
399 finally:
400 dev[0].set("ignore_old_scan_res", "0")
401
402 def run_sigma_dut_sta_override_rsne(dev, apdev):
403 ifname = dev[0].ifname
404 sigma = start_sigma_dut(ifname)
405
406 ssid = "test-psk"
407 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
408 hapd = hostapd.add_ap(apdev[0], params)
409
410 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
411
412 tests = ["30120100000fac040100000fac040100000fac02",
413 "30140100000fac040100000fac040100000fac02ffff"]
414 for test in tests:
415 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
416 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
417 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
418 sigma_dut_wait_connected(ifname)
419 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
420 dev[0].dump_monitor()
421
422 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
423 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
424 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
425
426 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
427 if ev is None:
428 raise Exception("Association rejection not reported")
429 if "status_code=40" not in ev:
430 raise Exception("Unexpected status code: " + ev)
431
432 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
433
434 stop_sigma_dut(sigma)
435
436 def test_sigma_dut_ap_psk(dev, apdev):
437 """sigma_dut controlled AP"""
438 with HWSimRadio() as (radio, iface):
439 sigma = start_sigma_dut(iface)
440 try:
441 sigma_dut_cmd_check("ap_reset_default")
442 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
443 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
444 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
445
446 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
447
448 sigma_dut_cmd_check("ap_reset_default")
449 finally:
450 stop_sigma_dut(sigma)
451
452 def test_sigma_dut_ap_pskhex(dev, apdev, params):
453 """sigma_dut controlled AP and PSKHEX"""
454 logdir = os.path.join(params['logdir'],
455 "sigma_dut_ap_pskhex.sigma-hostapd")
456 with HWSimRadio() as (radio, iface):
457 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
458 try:
459 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
460 sigma_dut_cmd_check("ap_reset_default")
461 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
462 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
463 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
464
465 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
466
467 sigma_dut_cmd_check("ap_reset_default")
468 finally:
469 stop_sigma_dut(sigma)
470
471 def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
472 """sigma_dut controlled AP PSK SHA256"""
473 logdir = os.path.join(params['logdir'],
474 "sigma_dut_ap_psk_sha256.sigma-hostapd")
475 with HWSimRadio() as (radio, iface):
476 sigma = start_sigma_dut(iface)
477 try:
478 sigma_dut_cmd_check("ap_reset_default")
479 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
480 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
481 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
482
483 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
484 psk="12345678", scan_freq="2412")
485
486 sigma_dut_cmd_check("ap_reset_default")
487 finally:
488 stop_sigma_dut(sigma)
489
490 def test_sigma_dut_eap_ttls(dev, apdev, params):
491 """sigma_dut controlled STA and EAP-TTLS parameters"""
492 logdir = params['logdir']
493
494 with open("auth_serv/ca.pem", "r") as f:
495 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
496 f2.write(f.read())
497
498 src = "auth_serv/server.pem"
499 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
500 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
501 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
502 "-outform", "DER"],
503 stderr=open('/dev/null', 'w'))
504 with open(dst, "rb") as f:
505 der = f.read()
506 hash = hashlib.sha256(der).digest()
507 with open(hashdst, "w") as f:
508 f.write(binascii.hexlify(hash).decode())
509
510 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
511 with open(dst, "w") as f:
512 f.write(32*"00")
513
514 ssid = "test-wpa2-eap"
515 params = hostapd.wpa2_eap_params(ssid=ssid)
516 hapd = hostapd.add_ap(apdev[0], params)
517
518 ifname = dev[0].ifname
519 sigma = start_sigma_dut(ifname, cert_path=logdir)
520
521 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
522
523 tests = ["",
524 ",Domain,server.w1.fi",
525 ",DomainSuffix,w1.fi",
526 ",DomainSuffix,server.w1.fi",
527 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
528 for extra in tests:
529 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
530 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
531 sigma_dut_cmd_check(cmd + extra)
532 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
533 sigma_dut_wait_connected(ifname)
534 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
535 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
536 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
537 dev[0].dump_monitor()
538
539 tests = [",Domain,w1.fi",
540 ",DomainSuffix,example.com",
541 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
542 for extra in tests:
543 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
544 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
545 sigma_dut_cmd_check(cmd + extra)
546 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
547 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
548 if ev is None:
549 raise Exception("Server certificate error not reported")
550 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
551 if "connected,1" in res:
552 raise Exception("Unexpected connection reported")
553 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
554 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
555 dev[0].dump_monitor()
556
557 stop_sigma_dut(sigma)
558
559 def test_sigma_dut_suite_b(dev, apdev, params):
560 """sigma_dut controlled STA Suite B"""
561 check_suite_b_192_capa(dev)
562 logdir = params['logdir']
563
564 with open("auth_serv/ec2-ca.pem", "r") as f:
565 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
566 f2.write(f.read())
567
568 with open("auth_serv/ec2-user.pem", "r") as f:
569 with open("auth_serv/ec2-user.key", "r") as f2:
570 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
571 f3.write(f.read())
572 f3.write(f2.read())
573
574 dev[0].flush_scan_cache()
575 params = suite_b_as_params()
576 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
577 params['server_cert'] = 'auth_serv/ec2-server.pem'
578 params['private_key'] = 'auth_serv/ec2-server.key'
579 params['openssl_ciphers'] = 'SUITEB192'
580 hostapd.add_ap(apdev[1], params)
581
582 params = {"ssid": "test-suite-b",
583 "wpa": "2",
584 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
585 "rsn_pairwise": "GCMP-256",
586 "group_mgmt_cipher": "BIP-GMAC-256",
587 "ieee80211w": "2",
588 "ieee8021x": "1",
589 'auth_server_addr': "127.0.0.1",
590 'auth_server_port': "18129",
591 'auth_server_shared_secret': "radius",
592 'nas_identifier': "nas.w1.fi"}
593 hapd = hostapd.add_ap(apdev[0], params)
594
595 ifname = dev[0].ifname
596 sigma = start_sigma_dut(ifname, cert_path=logdir)
597
598 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
599 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
600 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
601 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
602 sigma_dut_wait_connected(ifname)
603 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
604 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
605 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
606
607 stop_sigma_dut(sigma)
608
609 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
610 """sigma_dut controlled STA Suite B (RSA)"""
611 check_suite_b_192_capa(dev)
612 logdir = params['logdir']
613
614 with open("auth_serv/rsa3072-ca.pem", "r") as f:
615 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
616 f2.write(f.read())
617
618 with open("auth_serv/rsa3072-user.pem", "r") as f:
619 with open("auth_serv/rsa3072-user.key", "r") as f2:
620 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
621 f3.write(f.read())
622 f3.write(f2.read())
623
624 dev[0].flush_scan_cache()
625 params = suite_b_192_rsa_ap_params()
626 hapd = hostapd.add_ap(apdev[0], params)
627
628 ifname = dev[0].ifname
629 sigma = start_sigma_dut(ifname, cert_path=logdir)
630
631 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
632
633 tests = ["",
634 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
635 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
636 for extra in tests:
637 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
638 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
639 sigma_dut_cmd_check(cmd + extra)
640 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
641 sigma_dut_wait_connected(ifname)
642 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
643 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
644 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
645
646 stop_sigma_dut(sigma)
647
648 def test_sigma_dut_ap_suite_b(dev, apdev, params):
649 """sigma_dut controlled AP Suite B"""
650 check_suite_b_192_capa(dev)
651 logdir = os.path.join(params['logdir'],
652 "sigma_dut_ap_suite_b.sigma-hostapd")
653 params = suite_b_as_params()
654 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
655 params['server_cert'] = 'auth_serv/ec2-server.pem'
656 params['private_key'] = 'auth_serv/ec2-server.key'
657 params['openssl_ciphers'] = 'SUITEB192'
658 hostapd.add_ap(apdev[1], params)
659 with HWSimRadio() as (radio, iface):
660 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
661 try:
662 sigma_dut_cmd_check("ap_reset_default")
663 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
664 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
665 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
666 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
667
668 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
669 ieee80211w="2",
670 openssl_ciphers="SUITEB192",
671 eap="TLS", identity="tls user",
672 ca_cert="auth_serv/ec2-ca.pem",
673 client_cert="auth_serv/ec2-user.pem",
674 private_key="auth_serv/ec2-user.key",
675 pairwise="GCMP-256", group="GCMP-256",
676 scan_freq="2412")
677
678 sigma_dut_cmd_check("ap_reset_default")
679 finally:
680 stop_sigma_dut(sigma)
681
682 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
683 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
684 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
685 "GCMP")
686
687 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
688 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
689 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
690 "GCMP-256")
691
692 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
693 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
694 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
695 "CCMP")
696
697 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
698 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
699 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
700 "CCMP-256")
701
702 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
703 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
704 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
705 "BIP-GMAC-256", "CCMP")
706
707 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
708 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
709 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
710 "BIP-GMAC-256", "GCMP-256", "CCMP")
711
712 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
713 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
714 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
715 "GCMP-256", "CCMP", "AES-CCMP-128")
716
717 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
718 sta_cipher, sta_cipher_group=None, ap_group=None):
719 check_suite_b_192_capa(dev)
720 logdir = os.path.join(params['logdir'],
721 "sigma_dut_ap_cipher.sigma-hostapd")
722 params = suite_b_as_params()
723 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
724 params['server_cert'] = 'auth_serv/ec2-server.pem'
725 params['private_key'] = 'auth_serv/ec2-server.key'
726 params['openssl_ciphers'] = 'SUITEB192'
727 hostapd.add_ap(apdev[1], params)
728 with HWSimRadio() as (radio, iface):
729 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
730 try:
731 sigma_dut_cmd_check("ap_reset_default")
732 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
733 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
734 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
735 if ap_group:
736 cmd += ",GroupCipher,%s" % ap_group
737 sigma_dut_cmd_check(cmd)
738 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
739
740 if sta_cipher_group is None:
741 sta_cipher_group = sta_cipher
742 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
743 ieee80211w="2",
744 openssl_ciphers="SUITEB192",
745 eap="TLS", identity="tls user",
746 ca_cert="auth_serv/ec2-ca.pem",
747 client_cert="auth_serv/ec2-user.pem",
748 private_key="auth_serv/ec2-user.key",
749 pairwise=sta_cipher, group=sta_cipher_group,
750 scan_freq="2412")
751
752 sigma_dut_cmd_check("ap_reset_default")
753 finally:
754 stop_sigma_dut(sigma)
755
756 def test_sigma_dut_ap_override_rsne(dev, apdev):
757 """sigma_dut controlled AP overriding RSNE"""
758 with HWSimRadio() as (radio, iface):
759 sigma = start_sigma_dut(iface)
760 try:
761 sigma_dut_cmd_check("ap_reset_default")
762 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
763 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
764 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
765 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
766
767 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
768
769 sigma_dut_cmd_check("ap_reset_default")
770 finally:
771 stop_sigma_dut(sigma)
772
773 def test_sigma_dut_ap_sae(dev, apdev, params):
774 """sigma_dut controlled AP with SAE"""
775 logdir = os.path.join(params['logdir'],
776 "sigma_dut_ap_sae.sigma-hostapd")
777 if "SAE" not in dev[0].get_capability("auth_alg"):
778 raise HwsimSkip("SAE not supported")
779 with HWSimRadio() as (radio, iface):
780 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
781 try:
782 sigma_dut_cmd_check("ap_reset_default")
783 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
784 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
785 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
786
787 dev[0].request("SET sae_groups ")
788 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
789 ieee80211w="2", scan_freq="2412")
790 if dev[0].get_status_field('sae_group') != '19':
791 raise Exception("Expected default SAE group not used")
792
793 sigma_dut_cmd_check("ap_reset_default")
794 finally:
795 stop_sigma_dut(sigma)
796
797 def test_sigma_dut_ap_sae_password(dev, apdev, params):
798 """sigma_dut controlled AP with SAE and long password"""
799 logdir = os.path.join(params['logdir'],
800 "sigma_dut_ap_sae_password.sigma-hostapd")
801 if "SAE" not in dev[0].get_capability("auth_alg"):
802 raise HwsimSkip("SAE not supported")
803 with HWSimRadio() as (radio, iface):
804 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
805 try:
806 sigma_dut_cmd_check("ap_reset_default")
807 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
808 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
809 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
810
811 dev[0].request("SET sae_groups ")
812 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
813 ieee80211w="2", scan_freq="2412")
814 if dev[0].get_status_field('sae_group') != '19':
815 raise Exception("Expected default SAE group not used")
816
817 sigma_dut_cmd_check("ap_reset_default")
818 finally:
819 stop_sigma_dut(sigma)
820
821 def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
822 """sigma_dut controlled AP with SAE Password Identifier"""
823 logdir = os.path.join(params['logdir'],
824 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
825 conffile = os.path.join(params['logdir'],
826 "sigma_dut_ap_sae_pw_id.sigma-conf")
827 if "SAE" not in dev[0].get_capability("auth_alg"):
828 raise HwsimSkip("SAE not supported")
829 with HWSimRadio() as (radio, iface):
830 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
831 try:
832 sigma_dut_cmd_check("ap_reset_default")
833 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
834 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
835 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
836
837 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
838 with open(conffile, "wb") as f2:
839 f2.write(f.read())
840
841 dev[0].request("SET sae_groups ")
842 tests = [("pw1", "id1"),
843 ("pw2", "id2"),
844 ("pw3", None),
845 ("pw4", "id4")]
846 for pw, pw_id in tests:
847 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
848 sae_password_id=pw_id,
849 ieee80211w="2", scan_freq="2412")
850 dev[0].request("REMOVE_NETWORK all")
851 dev[0].wait_disconnected()
852
853 sigma_dut_cmd_check("ap_reset_default")
854 finally:
855 stop_sigma_dut(sigma)
856
857 def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
858 """sigma_dut controlled AP with SAE Password Identifier and FT"""
859 logdir = os.path.join(params['logdir'],
860 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
861 conffile = os.path.join(params['logdir'],
862 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
863 if "SAE" not in dev[0].get_capability("auth_alg"):
864 raise HwsimSkip("SAE not supported")
865 with HWSimRadio() as (radio, iface):
866 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
867 try:
868 sigma_dut_cmd_check("ap_reset_default")
869 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
870 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
871 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
872
873 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
874 with open(conffile, "wb") as f2:
875 f2.write(f.read())
876
877 dev[0].request("SET sae_groups ")
878 tests = [("pw1", "id1", "SAE"),
879 ("pw2", "id2", "FT-SAE"),
880 ("pw3", None, "FT-SAE"),
881 ("pw4", "id4", "SAE")]
882 for pw, pw_id, key_mgmt in tests:
883 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
884 sae_password_id=pw_id,
885 ieee80211w="2", scan_freq="2412")
886 dev[0].request("REMOVE_NETWORK all")
887 dev[0].wait_disconnected()
888
889 sigma_dut_cmd_check("ap_reset_default")
890 finally:
891 stop_sigma_dut(sigma)
892
893 def test_sigma_dut_ap_sae_group(dev, apdev, params):
894 """sigma_dut controlled AP with SAE and specific group"""
895 logdir = os.path.join(params['logdir'],
896 "sigma_dut_ap_sae_group.sigma-hostapd")
897 if "SAE" not in dev[0].get_capability("auth_alg"):
898 raise HwsimSkip("SAE not supported")
899 with HWSimRadio() as (radio, iface):
900 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
901 try:
902 sigma_dut_cmd_check("ap_reset_default")
903 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
904 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
905 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
906
907 dev[0].request("SET sae_groups ")
908 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
909 ieee80211w="2", scan_freq="2412")
910 if dev[0].get_status_field('sae_group') != '20':
911 raise Exception("Expected SAE group not used")
912
913 sigma_dut_cmd_check("ap_reset_default")
914 finally:
915 stop_sigma_dut(sigma)
916
917 def test_sigma_dut_ap_psk_sae(dev, apdev, params):
918 """sigma_dut controlled AP with PSK+SAE"""
919 if "SAE" not in dev[0].get_capability("auth_alg"):
920 raise HwsimSkip("SAE not supported")
921 logdir = os.path.join(params['logdir'],
922 "sigma_dut_ap_psk_sae.sigma-hostapd")
923 with HWSimRadio() as (radio, iface):
924 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
925 try:
926 sigma_dut_cmd_check("ap_reset_default")
927 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
928 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
929 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
930
931 dev[2].request("SET sae_groups ")
932 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
933 scan_freq="2412", ieee80211w="0", wait_connect=False)
934 dev[0].request("SET sae_groups ")
935 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
936 scan_freq="2412", ieee80211w="2")
937 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
938
939 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
940 dev[2].request("DISCONNECT")
941 if ev is not None:
942 raise Exception("Unexpected connection without PMF")
943
944 sigma_dut_cmd_check("ap_reset_default")
945 finally:
946 stop_sigma_dut(sigma)
947
948 def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
949 """sigma_dut controlled AP with PSK, SAE, FT"""
950 logdir = os.path.join(params['logdir'],
951 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
952 conffile = os.path.join(params['logdir'],
953 "sigma_dut_ap_psk_sae_ft.sigma-conf")
954 if "SAE" not in dev[0].get_capability("auth_alg"):
955 raise HwsimSkip("SAE not supported")
956 with HWSimRadio() as (radio, iface):
957 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
958 try:
959 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
960 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
961 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
962 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
963 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
964 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
965
966 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
967 with open(conffile, "wb") as f2:
968 f2.write(f.read())
969
970 dev[0].request("SET sae_groups ")
971 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
972 sae_password="12345678", scan_freq="2412")
973 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
974 psk="12345678", scan_freq="2412")
975 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
976 psk="12345678", scan_freq="2412")
977
978 sigma_dut_cmd_check("ap_reset_default")
979 finally:
980 stop_sigma_dut(sigma)
981
982 def test_sigma_dut_owe(dev, apdev):
983 """sigma_dut controlled OWE station"""
984 try:
985 run_sigma_dut_owe(dev, apdev)
986 finally:
987 dev[0].set("ignore_old_scan_res", "0")
988
989 def run_sigma_dut_owe(dev, apdev):
990 if "OWE" not in dev[0].get_capability("key_mgmt"):
991 raise HwsimSkip("OWE not supported")
992
993 ifname = dev[0].ifname
994 sigma = start_sigma_dut(ifname)
995
996 try:
997 params = {"ssid": "owe",
998 "wpa": "2",
999 "wpa_key_mgmt": "OWE",
1000 "ieee80211w": "2",
1001 "rsn_pairwise": "CCMP"}
1002 hapd = hostapd.add_ap(apdev[0], params)
1003 bssid = hapd.own_addr()
1004
1005 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1006 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1007 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
1008 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1009 sigma_dut_wait_connected(ifname)
1010 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1011
1012 dev[0].dump_monitor()
1013 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1014 dev[0].wait_connected()
1015 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1016 dev[0].wait_disconnected()
1017 dev[0].dump_monitor()
1018
1019 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1020 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1021 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1022 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1023 sigma_dut_wait_connected(ifname)
1024 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1025 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1026 dev[0].wait_disconnected()
1027 dev[0].dump_monitor()
1028
1029 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1030 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1031 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
1032 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1033 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1034 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1035 if ev is None:
1036 raise Exception("Association not rejected")
1037 if "status_code=77" not in ev:
1038 raise Exception("Unexpected rejection reason: " + ev)
1039
1040 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1041 finally:
1042 stop_sigma_dut(sigma)
1043
1044 def test_sigma_dut_ap_owe(dev, apdev, params):
1045 """sigma_dut controlled AP with OWE"""
1046 logdir = os.path.join(params['logdir'],
1047 "sigma_dut_ap_owe.sigma-hostapd")
1048 if "OWE" not in dev[0].get_capability("key_mgmt"):
1049 raise HwsimSkip("OWE not supported")
1050 with HWSimRadio() as (radio, iface):
1051 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1052 try:
1053 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1054 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1055 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1056 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1057
1058 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1059 scan_freq="2412")
1060
1061 sigma_dut_cmd_check("ap_reset_default")
1062 finally:
1063 stop_sigma_dut(sigma)
1064
1065 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1066 """sigma_dut controlled AP with OWE and ECGroupID"""
1067 if "OWE" not in dev[0].get_capability("key_mgmt"):
1068 raise HwsimSkip("OWE not supported")
1069 with HWSimRadio() as (radio, iface):
1070 sigma = start_sigma_dut(iface)
1071 try:
1072 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1073 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1074 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1075 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1076
1077 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1078 owe_group="20", scan_freq="2412")
1079 dev[0].request("REMOVE_NETWORK all")
1080 dev[0].wait_disconnected()
1081
1082 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1083 owe_group="21", scan_freq="2412")
1084 dev[0].request("REMOVE_NETWORK all")
1085 dev[0].wait_disconnected()
1086
1087 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1088 owe_group="19", scan_freq="2412", wait_connect=False)
1089 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1090 dev[0].request("DISCONNECT")
1091 if ev is None:
1092 raise Exception("Association not rejected")
1093 if "status_code=77" not in ev:
1094 raise Exception("Unexpected rejection reason: " + ev)
1095 dev[0].dump_monitor()
1096
1097 sigma_dut_cmd_check("ap_reset_default")
1098 finally:
1099 stop_sigma_dut(sigma)
1100
1101 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1102 """sigma_dut controlled AP with OWE and transition mode"""
1103 if "OWE" not in dev[0].get_capability("key_mgmt"):
1104 raise HwsimSkip("OWE not supported")
1105 logdir = os.path.join(params['logdir'],
1106 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1107 with HWSimRadio() as (radio, iface):
1108 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1109 try:
1110 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1111 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1112 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1113 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1114 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1115 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1116
1117 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1118 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1119
1120 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1121 scan_freq="2412")
1122 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1123 if dev[0].get_status_field('bssid') not in res1:
1124 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1125 if dev[1].get_status_field('bssid') not in res2:
1126 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
1127
1128 sigma_dut_cmd_check("ap_reset_default")
1129 finally:
1130 stop_sigma_dut(sigma)
1131
1132 def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1133 """sigma_dut controlled AP with OWE and transition mode (2)"""
1134 if "OWE" not in dev[0].get_capability("key_mgmt"):
1135 raise HwsimSkip("OWE not supported")
1136 logdir = os.path.join(params['logdir'],
1137 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1138 with HWSimRadio() as (radio, iface):
1139 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1140 try:
1141 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1142 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1143 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1144 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1145 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1146 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1147
1148 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1149 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1150
1151 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1152 scan_freq="2412")
1153 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1154 if dev[0].get_status_field('bssid') not in res2:
1155 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1156 if dev[1].get_status_field('bssid') not in res1:
1157 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1158
1159 sigma_dut_cmd_check("ap_reset_default")
1160 finally:
1161 stop_sigma_dut(sigma)
1162
1163 def dpp_init_enrollee(dev, id1):
1164 logger.info("Starting DPP initiator/enrollee in a thread")
1165 time.sleep(1)
1166 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1167 if "OK" not in dev.request(cmd):
1168 raise Exception("Failed to initiate DPP Authentication")
1169 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1170 if ev is None:
1171 raise Exception("DPP configuration not completed (Enrollee)")
1172 logger.info("DPP initiator/enrollee done")
1173
1174 def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1175 """sigma_dut DPP/QR responder (conf index 1)"""
1176 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1177
1178 def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1179 """sigma_dut DPP/QR responder (conf index 2)"""
1180 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1181
1182 def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1183 """sigma_dut DPP/QR responder (conf index 3)"""
1184 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1185
1186 def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1187 """sigma_dut DPP/QR responder (conf index 4)"""
1188 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1189
1190 def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1191 """sigma_dut DPP/QR responder (conf index 5)"""
1192 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1193
1194 def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1195 """sigma_dut DPP/QR responder (conf index 6)"""
1196 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1197
1198 def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1199 """sigma_dut DPP/QR responder (conf index 7)"""
1200 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1201
1202 def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1203 """sigma_dut DPP/QR responder (conf index 8)"""
1204 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1205
1206 def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1207 """sigma_dut DPP/QR responder (channel list override)"""
1208 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1209 listen_chan=2)
1210
1211 def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1212 listen_chan=None):
1213 check_dpp_capab(dev[0])
1214 check_dpp_capab(dev[1])
1215 sigma = start_sigma_dut(dev[0].ifname)
1216 try:
1217 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1218 if chan_list:
1219 cmd += ",DPPChannelList," + chan_list
1220 res = sigma_dut_cmd(cmd)
1221 if "status,COMPLETE" not in res:
1222 raise Exception("dev_exec_action did not succeed: " + res)
1223 hex = res.split(',')[3]
1224 uri = from_hex(hex)
1225 logger.info("URI from sigma_dut: " + uri)
1226
1227 id1 = dev[1].dpp_qr_code(uri)
1228
1229 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1))
1230 t.start()
1231 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1232 if listen_chan:
1233 cmd += ",DPPListenChannel," + str(listen_chan)
1234 res = sigma_dut_cmd(cmd, timeout=10)
1235 t.join()
1236 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1237 raise Exception("Unexpected result: " + res)
1238 finally:
1239 stop_sigma_dut(sigma)
1240
1241 def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1242 """sigma_dut DPP/QR initiator as Enrollee"""
1243 check_dpp_capab(dev[0])
1244 check_dpp_capab(dev[1])
1245
1246 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1247 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1248 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1249 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1250
1251 params = {"ssid": "DPPNET01",
1252 "wpa": "2",
1253 "ieee80211w": "2",
1254 "wpa_key_mgmt": "DPP",
1255 "rsn_pairwise": "CCMP",
1256 "dpp_connector": ap_connector,
1257 "dpp_csign": csign_pub,
1258 "dpp_netaccesskey": ap_netaccesskey}
1259 try:
1260 hapd = hostapd.add_ap(apdev[0], params)
1261 except:
1262 raise HwsimSkip("DPP not supported")
1263
1264 sigma = start_sigma_dut(dev[0].ifname)
1265 try:
1266 dev[0].set("dpp_config_processing", "2")
1267
1268 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1269 res = dev[1].request(cmd)
1270 if "FAIL" in res:
1271 raise Exception("Failed to add configurator")
1272 conf_id = int(res)
1273
1274 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1275 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1276
1277 dev[1].set("dpp_configurator_params",
1278 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1279 cmd = "DPP_LISTEN 2437 role=configurator"
1280 if "OK" not in dev[1].request(cmd):
1281 raise Exception("Failed to start listen operation")
1282
1283 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1284 if "status,COMPLETE" not in res:
1285 raise Exception("dev_exec_action did not succeed: " + res)
1286
1287 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1288 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1289 raise Exception("Unexpected result: " + res)
1290 finally:
1291 dev[0].set("dpp_config_processing", "0")
1292 stop_sigma_dut(sigma)
1293
1294 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1295 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1296 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1297
1298 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1299 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1300 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1301 extra="DPPAuthDirection,Mutual,")
1302
1303 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
1304 check_dpp_capab(dev[0])
1305 check_dpp_capab(dev[1])
1306
1307 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1308 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1309 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1310 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1311
1312 params = {"ssid": "DPPNET01",
1313 "wpa": "2",
1314 "ieee80211w": "2",
1315 "wpa_key_mgmt": "DPP",
1316 "rsn_pairwise": "CCMP",
1317 "dpp_connector": ap_connector,
1318 "dpp_csign": csign_pub,
1319 "dpp_netaccesskey": ap_netaccesskey}
1320 try:
1321 hapd = hostapd.add_ap(apdev[0], params)
1322 except:
1323 raise HwsimSkip("DPP not supported")
1324
1325 sigma = start_sigma_dut(dev[0].ifname)
1326 try:
1327 dev[0].set("dpp_config_processing", "2")
1328
1329 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1330 res = dev[1].request(cmd)
1331 if "FAIL" in res:
1332 raise Exception("Failed to add configurator")
1333 conf_id = int(res)
1334
1335 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1336 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1337
1338 dev[1].set("dpp_configurator_params",
1339 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1340 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1341 if "OK" not in dev[1].request(cmd):
1342 raise Exception("Failed to start listen operation")
1343
1344 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1345 if "status,COMPLETE" not in res:
1346 raise Exception("dev_exec_action did not succeed: " + res)
1347 hex = res.split(',')[3]
1348 uri = from_hex(hex)
1349 logger.info("URI from sigma_dut: " + uri)
1350
1351 id1 = dev[1].dpp_qr_code(uri)
1352
1353 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1354 if "status,COMPLETE" not in res:
1355 raise Exception("dev_exec_action did not succeed: " + res)
1356
1357 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
1358 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1359 raise Exception("Unexpected result: " + res)
1360 finally:
1361 dev[0].set("dpp_config_processing", "0")
1362 stop_sigma_dut(sigma)
1363
1364 def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1365 time.sleep(1)
1366 logger.info("Starting DPP initiator/configurator in a thread")
1367 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
1368 if own_id is not None:
1369 cmd += " own=%d" % own_id
1370 if "OK" not in dev.request(cmd):
1371 raise Exception("Failed to initiate DPP Authentication")
1372 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1373 if ev is None:
1374 raise Exception("DPP configuration not completed (Configurator)")
1375 logger.info("DPP initiator/configurator done")
1376
1377 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1378 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1379 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1380
1381 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1382 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1383 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1384
1385 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
1386 check_dpp_capab(dev[0])
1387 check_dpp_capab(dev[1])
1388
1389 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1390 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1391 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1392 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1393
1394 params = {"ssid": "DPPNET01",
1395 "wpa": "2",
1396 "ieee80211w": "2",
1397 "wpa_key_mgmt": "DPP",
1398 "rsn_pairwise": "CCMP",
1399 "dpp_connector": ap_connector,
1400 "dpp_csign": csign_pub,
1401 "dpp_netaccesskey": ap_netaccesskey}
1402 try:
1403 hapd = hostapd.add_ap(apdev[0], params)
1404 except:
1405 raise HwsimSkip("DPP not supported")
1406
1407 sigma = start_sigma_dut(dev[0].ifname)
1408 try:
1409 dev[0].set("dpp_config_processing", "2")
1410
1411 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1412 res = dev[1].request(cmd)
1413 if "FAIL" in res:
1414 raise Exception("Failed to add configurator")
1415 conf_id = int(res)
1416
1417 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1418 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1419
1420 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1421 if "status,COMPLETE" not in res:
1422 raise Exception("dev_exec_action did not succeed: " + res)
1423 hex = res.split(',')[3]
1424 uri = from_hex(hex)
1425 logger.info("URI from sigma_dut: " + uri)
1426
1427 id1 = dev[1].dpp_qr_code(uri)
1428
1429 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1430 if "status,COMPLETE" not in res:
1431 raise Exception("dev_exec_action did not succeed: " + res)
1432
1433 t = threading.Thread(target=dpp_init_conf_mutual,
1434 args=(dev[1], id1, conf_id, id0))
1435 t.start()
1436
1437 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1438 if extra:
1439 cmd += extra
1440 res = sigma_dut_cmd(cmd, timeout=25)
1441 t.join()
1442 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1443 raise Exception("Unexpected result: " + res)
1444 finally:
1445 dev[0].set("dpp_config_processing", "0")
1446 stop_sigma_dut(sigma)
1447
1448 def dpp_resp_conf_mutual(dev, conf_id, uri):
1449 logger.info("Starting DPP responder/configurator in a thread")
1450 dev.set("dpp_configurator_params",
1451 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1452 conf_id))
1453 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1454 if "OK" not in dev.request(cmd):
1455 raise Exception("Failed to initiate DPP listen")
1456 if uri:
1457 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1458 if ev is None:
1459 raise Exception("QR Code scan for mutual authentication not requested")
1460 dev.dpp_qr_code(uri)
1461 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1462 if ev is None:
1463 raise Exception("DPP configuration not completed (Configurator)")
1464 logger.info("DPP responder/configurator done")
1465
1466 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1467 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1468 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1469
1470 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1471 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1472 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1473
1474 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1475 check_dpp_capab(dev[0])
1476 check_dpp_capab(dev[1])
1477
1478 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1479 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1480 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1481 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1482
1483 params = {"ssid": "DPPNET01",
1484 "wpa": "2",
1485 "ieee80211w": "2",
1486 "wpa_key_mgmt": "DPP",
1487 "rsn_pairwise": "CCMP",
1488 "dpp_connector": ap_connector,
1489 "dpp_csign": csign_pub,
1490 "dpp_netaccesskey": ap_netaccesskey}
1491 try:
1492 hapd = hostapd.add_ap(apdev[0], params)
1493 except:
1494 raise HwsimSkip("DPP not supported")
1495
1496 sigma = start_sigma_dut(dev[0].ifname)
1497 try:
1498 dev[0].set("dpp_config_processing", "2")
1499
1500 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1501 res = dev[1].request(cmd)
1502 if "FAIL" in res:
1503 raise Exception("Failed to add configurator")
1504 conf_id = int(res)
1505
1506 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1507 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1508
1509 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1510 if "status,COMPLETE" not in res:
1511 raise Exception("dev_exec_action did not succeed: " + res)
1512 hex = res.split(',')[3]
1513 uri = from_hex(hex)
1514 logger.info("URI from sigma_dut: " + uri)
1515
1516 if not resp_pending:
1517 dev[1].dpp_qr_code(uri)
1518 uri = None
1519
1520 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1521 if "status,COMPLETE" not in res:
1522 raise Exception("dev_exec_action did not succeed: " + res)
1523
1524 t = threading.Thread(target=dpp_resp_conf_mutual,
1525 args=(dev[1], conf_id, uri))
1526 t.start()
1527
1528 time.sleep(1)
1529 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1530 res = sigma_dut_cmd(cmd, timeout=15)
1531 t.join()
1532 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1533 raise Exception("Unexpected result: " + res)
1534 finally:
1535 dev[0].set("dpp_config_processing", "0")
1536 stop_sigma_dut(sigma)
1537
1538 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1539 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1540 check_dpp_capab(dev[0])
1541 check_dpp_capab(dev[1])
1542
1543 params = hostapd.wpa2_params(ssid="DPPNET01",
1544 passphrase="ThisIsDppPassphrase")
1545 hapd = hostapd.add_ap(apdev[0], params)
1546
1547 sigma = start_sigma_dut(dev[0].ifname)
1548 try:
1549 dev[0].set("dpp_config_processing", "2")
1550
1551 cmd = "DPP_CONFIGURATOR_ADD"
1552 res = dev[1].request(cmd)
1553 if "FAIL" in res:
1554 raise Exception("Failed to add configurator")
1555 conf_id = int(res)
1556
1557 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1558 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1559
1560 dev[1].set("dpp_configurator_params",
1561 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1562 cmd = "DPP_LISTEN 2437 role=configurator"
1563 if "OK" not in dev[1].request(cmd):
1564 raise Exception("Failed to start listen operation")
1565
1566 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1567 if "status,COMPLETE" not in res:
1568 raise Exception("dev_exec_action did not succeed: " + res)
1569
1570 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1571 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1572 raise Exception("Unexpected result: " + res)
1573 finally:
1574 dev[0].set("dpp_config_processing", "0")
1575 stop_sigma_dut(sigma)
1576
1577 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1578 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1579 check_dpp_capab(dev[0])
1580 check_dpp_capab(dev[1])
1581 if "SAE" not in dev[0].get_capability("auth_alg"):
1582 raise HwsimSkip("SAE not supported")
1583
1584 params = hostapd.wpa2_params(ssid="DPPNET01",
1585 passphrase="ThisIsDppPassphrase")
1586 params['wpa_key_mgmt'] = 'SAE'
1587 params["ieee80211w"] = "2"
1588 hapd = hostapd.add_ap(apdev[0], params)
1589
1590 sigma = start_sigma_dut(dev[0].ifname)
1591 try:
1592 dev[0].set("dpp_config_processing", "2")
1593 dev[0].set("sae_groups", "")
1594
1595 cmd = "DPP_CONFIGURATOR_ADD"
1596 res = dev[1].request(cmd)
1597 if "FAIL" in res:
1598 raise Exception("Failed to add configurator")
1599 conf_id = int(res)
1600
1601 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1602 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1603
1604 dev[1].set("dpp_configurator_params",
1605 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1606 cmd = "DPP_LISTEN 2437 role=configurator"
1607 if "OK" not in dev[1].request(cmd):
1608 raise Exception("Failed to start listen operation")
1609
1610 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1611 if "status,COMPLETE" not in res:
1612 raise Exception("dev_exec_action did not succeed: " + res)
1613
1614 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1615 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1616 raise Exception("Unexpected result: " + res)
1617 finally:
1618 dev[0].set("dpp_config_processing", "0")
1619 stop_sigma_dut(sigma)
1620
1621 def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
1622 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1623 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
1624
1625 def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
1626 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1627 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
1628
1629 def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
1630 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1631 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
1632
1633 def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
1634 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1635 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
1636
1637 def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
1638 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1639 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
1640
1641 def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
1642 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1643 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
1644
1645 def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
1646 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1647 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
1648
1649 def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
1650 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1651 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
1652
1653 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
1654 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1655 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
1656
1657 def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
1658 prov_role="Configurator",
1659 extra=None):
1660 check_dpp_capab(dev[0])
1661 check_dpp_capab(dev[1])
1662 sigma = start_sigma_dut(dev[0].ifname)
1663 try:
1664 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1665 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1666
1667 cmd = "DPP_LISTEN 2437 role=enrollee"
1668 if "OK" not in dev[1].request(cmd):
1669 raise Exception("Failed to start listen operation")
1670
1671 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1672 if "status,COMPLETE" not in res:
1673 raise Exception("dev_exec_action did not succeed: " + res)
1674
1675 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
1676 if extra:
1677 cmd += "," + extra
1678 res = sigma_dut_cmd(cmd)
1679 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1680 raise Exception("Unexpected result: " + res)
1681 finally:
1682 stop_sigma_dut(sigma)
1683
1684 def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
1685 """sigma_dut DPP roles incompatible (Initiator)"""
1686 check_dpp_capab(dev[0])
1687 check_dpp_capab(dev[1])
1688 sigma = start_sigma_dut(dev[0].ifname)
1689 try:
1690 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1691 if "status,COMPLETE" not in res:
1692 raise Exception("dev_exec_action did not succeed: " + res)
1693 hex = res.split(',')[3]
1694 uri = from_hex(hex)
1695 logger.info("URI from sigma_dut: " + uri)
1696
1697 id1 = dev[1].dpp_qr_code(uri)
1698
1699 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1700 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1701
1702 cmd = "DPP_LISTEN 2437 role=enrollee"
1703 if "OK" not in dev[1].request(cmd):
1704 raise Exception("Failed to start listen operation")
1705
1706 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1707 if "status,COMPLETE" not in res:
1708 raise Exception("dev_exec_action did not succeed: " + res)
1709
1710 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1711 res = sigma_dut_cmd(cmd)
1712 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1713 raise Exception("Unexpected result: " + res)
1714 finally:
1715 stop_sigma_dut(sigma)
1716
1717 def dpp_init_enrollee_mutual(dev, id1, own_id):
1718 logger.info("Starting DPP initiator/enrollee in a thread")
1719 time.sleep(1)
1720 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
1721 if "OK" not in dev.request(cmd):
1722 raise Exception("Failed to initiate DPP Authentication")
1723 ev = dev.wait_event(["DPP-CONF-RECEIVED",
1724 "DPP-NOT-COMPATIBLE"], timeout=5)
1725 if ev is None:
1726 raise Exception("DPP configuration not completed (Enrollee)")
1727 logger.info("DPP initiator/enrollee done")
1728
1729 def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
1730 """sigma_dut DPP roles incompatible (Responder)"""
1731 check_dpp_capab(dev[0])
1732 check_dpp_capab(dev[1])
1733 sigma = start_sigma_dut(dev[0].ifname)
1734 try:
1735 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1736 res = sigma_dut_cmd(cmd)
1737 if "status,COMPLETE" not in res:
1738 raise Exception("dev_exec_action did not succeed: " + res)
1739 hex = res.split(',')[3]
1740 uri = from_hex(hex)
1741 logger.info("URI from sigma_dut: " + uri)
1742
1743 id1 = dev[1].dpp_qr_code(uri)
1744
1745 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1746 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1747
1748 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1749 if "status,COMPLETE" not in res:
1750 raise Exception("dev_exec_action did not succeed: " + res)
1751
1752 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
1753 t.start()
1754 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1755 res = sigma_dut_cmd(cmd, timeout=10)
1756 t.join()
1757 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1758 raise Exception("Unexpected result: " + res)
1759 finally:
1760 stop_sigma_dut(sigma)
1761
1762 def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
1763 """sigma_dut DPP/PKEX initiator as Configurator"""
1764 check_dpp_capab(dev[0])
1765 check_dpp_capab(dev[1])
1766 sigma = start_sigma_dut(dev[0].ifname)
1767 try:
1768 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
1769 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
1770 res = dev[1].request(cmd)
1771 if "FAIL" in res:
1772 raise Exception("Failed to set PKEX data (responder)")
1773 cmd = "DPP_LISTEN 2437 role=enrollee"
1774 if "OK" not in dev[1].request(cmd):
1775 raise Exception("Failed to start listen operation")
1776
1777 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1778 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1779 raise Exception("Unexpected result: " + res)
1780 finally:
1781 stop_sigma_dut(sigma)
1782
1783 def dpp_init_conf(dev, id1, conf, conf_id, extra):
1784 logger.info("Starting DPP initiator/configurator in a thread")
1785 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
1786 if "OK" not in dev.request(cmd):
1787 raise Exception("Failed to initiate DPP Authentication")
1788 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1789 if ev is None:
1790 raise Exception("DPP configuration not completed (Configurator)")
1791 logger.info("DPP initiator/configurator done")
1792
1793 def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
1794 """sigma_dut controlled AP (DPP)"""
1795 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
1796
1797 def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
1798 """sigma_dut controlled AP (legacy)"""
1799 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1800 extra="pass=%s" % to_hex("qwertyuiop"))
1801
1802 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
1803 """sigma_dut controlled AP (legacy)"""
1804 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1805 extra="psk=%s" % (32*"12"))
1806
1807 def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
1808 check_dpp_capab(dev[0])
1809 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
1810 with HWSimRadio() as (radio, iface):
1811 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1812 try:
1813 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1814 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1815 if "status,COMPLETE" not in res:
1816 raise Exception("dev_exec_action did not succeed: " + res)
1817 hex = res.split(',')[3]
1818 uri = from_hex(hex)
1819 logger.info("URI from sigma_dut: " + uri)
1820
1821 cmd = "DPP_CONFIGURATOR_ADD"
1822 res = dev[0].request(cmd)
1823 if "FAIL" in res:
1824 raise Exception("Failed to add configurator")
1825 conf_id = int(res)
1826
1827 id1 = dev[0].dpp_qr_code(uri)
1828
1829 t = threading.Thread(target=dpp_init_conf,
1830 args=(dev[0], id1, ap_conf, conf_id, extra))
1831 t.start()
1832 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
1833 t.join()
1834 if "ConfResult,OK" not in res:
1835 raise Exception("Unexpected result: " + res)
1836
1837 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
1838 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1839
1840 id0b = dev[0].dpp_qr_code(uri1)
1841
1842 dev[1].set("dpp_config_processing", "2")
1843 cmd = "DPP_LISTEN 2412"
1844 if "OK" not in dev[1].request(cmd):
1845 raise Exception("Failed to start listen operation")
1846 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
1847 if "OK" not in dev[0].request(cmd):
1848 raise Exception("Failed to initiate DPP Authentication")
1849 dev[1].wait_connected()
1850
1851 sigma_dut_cmd_check("ap_reset_default")
1852 finally:
1853 dev[1].set("dpp_config_processing", "0")
1854 stop_sigma_dut(sigma)
1855
1856 def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
1857 """sigma_dut controlled AP as DPP PKEX responder"""
1858 check_dpp_capab(dev[0])
1859 logdir = os.path.join(params['logdir'],
1860 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
1861 with HWSimRadio() as (radio, iface):
1862 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1863 try:
1864 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
1865 finally:
1866 stop_sigma_dut(sigma)
1867
1868 def dpp_init_conf_pkex(dev, conf_id, check_config=True):
1869 logger.info("Starting DPP PKEX initiator/configurator in a thread")
1870 time.sleep(1.5)
1871 id = dev.dpp_bootstrap_gen(type="pkex")
1872 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
1873 res = dev.request(cmd)
1874 if "FAIL" in res:
1875 raise Exception("Failed to initiate DPP PKEX")
1876 if not check_config:
1877 return
1878 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1879 if ev is None:
1880 raise Exception("DPP configuration not completed (Configurator)")
1881 logger.info("DPP initiator/configurator done")
1882
1883 def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
1884 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1885
1886 cmd = "DPP_CONFIGURATOR_ADD"
1887 res = dev[0].request(cmd)
1888 if "FAIL" in res:
1889 raise Exception("Failed to add configurator")
1890 conf_id = int(res)
1891
1892 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
1893 t.start()
1894 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
1895 t.join()
1896 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1897 raise Exception("Unexpected result: " + res)
1898
1899 sigma_dut_cmd_check("ap_reset_default")
1900
1901 def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
1902 """sigma_dut controlled STA as DPP PKEX responder and error case"""
1903 check_dpp_capab(dev[0])
1904 sigma = start_sigma_dut(dev[0].ifname)
1905 try:
1906 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
1907 finally:
1908 stop_sigma_dut(sigma)
1909
1910 def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
1911 cmd = "DPP_CONFIGURATOR_ADD"
1912 res = dev[1].request(cmd)
1913 if "FAIL" in res:
1914 raise Exception("Failed to add configurator")
1915 conf_id = int(res)
1916
1917 dev[1].set("dpp_test", "44")
1918
1919 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
1920 False))
1921 t.start()
1922 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
1923 t.join()
1924 if "BootstrapResult,Timeout" not in res:
1925 raise Exception("Unexpected result: " + res)
1926
1927 def dpp_proto_init(dev, id1):
1928 time.sleep(1)
1929 logger.info("Starting DPP initiator/configurator in a thread")
1930 cmd = "DPP_CONFIGURATOR_ADD"
1931 res = dev.request(cmd)
1932 if "FAIL" in res:
1933 raise Exception("Failed to add configurator")
1934 conf_id = int(res)
1935
1936 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
1937 if "OK" not in dev.request(cmd):
1938 raise Exception("Failed to initiate DPP Authentication")
1939
1940 def test_sigma_dut_dpp_proto_initiator(dev, apdev):
1941 """sigma_dut DPP protocol testing - Initiator"""
1942 check_dpp_capab(dev[0])
1943 check_dpp_capab(dev[1])
1944 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
1945 "BootstrapResult,OK,AuthResult,Errorsent",
1946 None),
1947 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
1948 "BootstrapResult,OK,AuthResult,Errorsent",
1949 None),
1950 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
1951 "BootstrapResult,OK,AuthResult,Errorsent",
1952 "Missing or invalid I-capabilities"),
1953 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
1954 "BootstrapResult,OK,AuthResult,Errorsent",
1955 "Mismatching Initiator Authenticating Tag"),
1956 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
1957 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
1958 "Missing or invalid Enrollee Nonce attribute")]
1959 for step, frame, attr, result, fail in tests:
1960 dev[0].request("FLUSH")
1961 dev[1].request("FLUSH")
1962 sigma = start_sigma_dut(dev[0].ifname)
1963 try:
1964 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
1965 fail)
1966 finally:
1967 stop_sigma_dut(sigma)
1968
1969 def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
1970 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1971 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1972
1973 cmd = "DPP_LISTEN 2437 role=enrollee"
1974 if "OK" not in dev[1].request(cmd):
1975 raise Exception("Failed to start listen operation")
1976
1977 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1978 if "status,COMPLETE" not in res:
1979 raise Exception("dev_exec_action did not succeed: " + res)
1980
1981 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
1982 timeout=10)
1983 if result not in res:
1984 raise Exception("Unexpected result: " + res)
1985 if fail:
1986 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
1987 if ev is None or fail not in ev:
1988 raise Exception("Failure not reported correctly: " + str(ev))
1989
1990 dev[1].request("DPP_STOP_LISTEN")
1991 dev[0].dump_monitor()
1992 dev[1].dump_monitor()
1993
1994 def test_sigma_dut_dpp_proto_responder(dev, apdev):
1995 """sigma_dut DPP protocol testing - Responder"""
1996 check_dpp_capab(dev[0])
1997 check_dpp_capab(dev[1])
1998 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
1999 "BootstrapResult,OK,AuthResult,Errorsent",
2000 "Missing or invalid required DPP Status attribute"),
2001 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2002 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2003 "Missing or invalid Enrollee Nonce attribute")]
2004 for step, frame, attr, result, fail in tests:
2005 dev[0].request("FLUSH")
2006 dev[1].request("FLUSH")
2007 sigma = start_sigma_dut(dev[0].ifname)
2008 try:
2009 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2010 fail)
2011 finally:
2012 stop_sigma_dut(sigma)
2013
2014 def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2015 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2016 if "status,COMPLETE" not in res:
2017 raise Exception("dev_exec_action did not succeed: " + res)
2018 hex = res.split(',')[3]
2019 uri = from_hex(hex)
2020 logger.info("URI from sigma_dut: " + uri)
2021
2022 id1 = dev[1].dpp_qr_code(uri)
2023
2024 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2025 t.start()
2026 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2027 t.join()
2028 if result not in res:
2029 raise Exception("Unexpected result: " + res)
2030 if fail:
2031 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2032 if ev is None or fail not in ev:
2033 raise Exception("Failure not reported correctly:" + str(ev))
2034
2035 dev[1].request("DPP_STOP_LISTEN")
2036 dev[0].dump_monitor()
2037 dev[1].dump_monitor()
2038
2039 def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2040 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2041 check_dpp_capab(dev[0])
2042 check_dpp_capab(dev[1])
2043 tests = [("AuthenticationResponse",
2044 "BootstrapResult,OK,AuthResult,Errorsent",
2045 None),
2046 ("ConfigurationRequest",
2047 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2048 None)]
2049 for frame, result, fail in tests:
2050 dev[0].request("FLUSH")
2051 dev[1].request("FLUSH")
2052 sigma = start_sigma_dut(dev[0].ifname)
2053 try:
2054 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2055 finally:
2056 stop_sigma_dut(sigma)
2057
2058 def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
2059 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2060 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2061
2062 cmd = "DPP_LISTEN 2437 role=enrollee"
2063 if "OK" not in dev[1].request(cmd):
2064 raise Exception("Failed to start listen operation")
2065
2066 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2067 if "status,COMPLETE" not in res:
2068 raise Exception("dev_exec_action did not succeed: " + res)
2069
2070 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2071 if result not in res:
2072 raise Exception("Unexpected result: " + res)
2073 if fail:
2074 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2075 if ev is None or fail not in ev:
2076 raise Exception("Failure not reported correctly: " + str(ev))
2077
2078 dev[1].request("DPP_STOP_LISTEN")
2079 dev[0].dump_monitor()
2080 dev[1].dump_monitor()
2081
2082 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2083 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2084 check_dpp_capab(dev[0])
2085 check_dpp_capab(dev[1])
2086 tests = [("AuthenticationConfirm",
2087 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2088 None)]
2089 for frame, result, fail in tests:
2090 dev[0].request("FLUSH")
2091 dev[1].request("FLUSH")
2092 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2093 try:
2094 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2095 result, fail)
2096 finally:
2097 stop_sigma_dut(sigma)
2098
2099 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2100 fail):
2101 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2102 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2103
2104 cmd = "DPP_LISTEN 2437 role=configurator"
2105 if "OK" not in dev[1].request(cmd):
2106 raise Exception("Failed to start listen operation")
2107
2108 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2109 if "status,COMPLETE" not in res:
2110 raise Exception("dev_exec_action did not succeed: " + res)
2111
2112 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2113 if result not in res:
2114 raise Exception("Unexpected result: " + res)
2115 if fail:
2116 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2117 if ev is None or fail not in ev:
2118 raise Exception("Failure not reported correctly: " + str(ev))
2119
2120 dev[1].request("DPP_STOP_LISTEN")
2121 dev[0].dump_monitor()
2122 dev[1].dump_monitor()
2123
2124 def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2125 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2126 check_dpp_capab(dev[0])
2127 check_dpp_capab(dev[1])
2128 tests = [("AuthenticationRequest",
2129 "BootstrapResult,OK,AuthResult,Errorsent",
2130 None),
2131 ("AuthenticationConfirm",
2132 "BootstrapResult,OK,AuthResult,Errorsent",
2133 None)]
2134 for frame, result, fail in tests:
2135 dev[0].request("FLUSH")
2136 dev[1].request("FLUSH")
2137 sigma = start_sigma_dut(dev[0].ifname)
2138 try:
2139 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2140 finally:
2141 stop_sigma_dut(sigma)
2142
2143 def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2144 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2145 if "status,COMPLETE" not in res:
2146 raise Exception("dev_exec_action did not succeed: " + res)
2147 hex = res.split(',')[3]
2148 uri = from_hex(hex)
2149 logger.info("URI from sigma_dut: " + uri)
2150
2151 id1 = dev[1].dpp_qr_code(uri)
2152
2153 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2154 t.start()
2155 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2156 t.join()
2157 if result not in res:
2158 raise Exception("Unexpected result: " + res)
2159 if fail:
2160 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2161 if ev is None or fail not in ev:
2162 raise Exception("Failure not reported correctly:" + str(ev))
2163
2164 dev[1].request("DPP_STOP_LISTEN")
2165 dev[0].dump_monitor()
2166 dev[1].dump_monitor()
2167
2168 def dpp_proto_init_pkex(dev):
2169 time.sleep(1)
2170 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2171 cmd = "DPP_CONFIGURATOR_ADD"
2172 res = dev.request(cmd)
2173 if "FAIL" in res:
2174 raise Exception("Failed to add configurator")
2175 conf_id = int(res)
2176
2177 id = dev.dpp_bootstrap_gen(type="pkex")
2178
2179 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2180 if "FAIL" in dev.request(cmd):
2181 raise Exception("Failed to initiate DPP PKEX")
2182
2183 def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2184 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2185 check_dpp_capab(dev[0])
2186 check_dpp_capab(dev[1])
2187 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2188 "BootstrapResult,Errorsent",
2189 None),
2190 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2191 "BootstrapResult,Errorsent",
2192 "Missing or invalid Finite Cyclic Group attribute"),
2193 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2194 "BootstrapResult,Errorsent",
2195 "No valid peer bootstrapping key found")]
2196 for step, frame, attr, result, fail in tests:
2197 dev[0].request("FLUSH")
2198 dev[1].request("FLUSH")
2199 sigma = start_sigma_dut(dev[0].ifname)
2200 try:
2201 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2202 result, fail)
2203 finally:
2204 stop_sigma_dut(sigma)
2205
2206 def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
2207 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2208
2209 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2210 res = dev[1].request(cmd)
2211 if "FAIL" in res:
2212 raise Exception("Failed to set PKEX data (responder)")
2213
2214 cmd = "DPP_LISTEN 2437 role=enrollee"
2215 if "OK" not in dev[1].request(cmd):
2216 raise Exception("Failed to start listen operation")
2217
2218 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
2219 if result not in res:
2220 raise Exception("Unexpected result: " + res)
2221 if fail:
2222 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2223 if ev is None or fail not in ev:
2224 raise Exception("Failure not reported correctly: " + str(ev))
2225
2226 dev[1].request("DPP_STOP_LISTEN")
2227 dev[0].dump_monitor()
2228 dev[1].dump_monitor()
2229
2230 def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2231 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2232 check_dpp_capab(dev[0])
2233 check_dpp_capab(dev[1])
2234 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2235 "BootstrapResult,Errorsent",
2236 None),
2237 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2238 "BootstrapResult,Errorsent",
2239 "No DPP Status attribute"),
2240 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2241 "BootstrapResult,Errorsent",
2242 "No valid peer bootstrapping key found")]
2243 for step, frame, attr, result, fail in tests:
2244 dev[0].request("FLUSH")
2245 dev[1].request("FLUSH")
2246 sigma = start_sigma_dut(dev[0].ifname)
2247 try:
2248 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2249 result, fail)
2250 finally:
2251 stop_sigma_dut(sigma)
2252
2253 def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2254 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2255 t.start()
2256 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2257 t.join()
2258 if result not in res:
2259 raise Exception("Unexpected result: " + res)
2260 if fail:
2261 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2262 if ev is None or fail not in ev:
2263 raise Exception("Failure not reported correctly:" + str(ev))
2264
2265 dev[1].request("DPP_STOP_LISTEN")
2266 dev[0].dump_monitor()
2267 dev[1].dump_monitor()
2268
2269 def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2270 check_dpp_capab(dev[0])
2271 check_dpp_capab(dev[1])
2272
2273 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2274 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2275 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2276 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2277
2278 params = {"ssid": "DPPNET01",
2279 "wpa": "2",
2280 "ieee80211w": "2",
2281 "wpa_key_mgmt": "DPP",
2282 "rsn_pairwise": "CCMP",
2283 "dpp_connector": ap_connector,
2284 "dpp_csign": csign_pub,
2285 "dpp_netaccesskey": ap_netaccesskey}
2286 try:
2287 hapd = hostapd.add_ap(apdev[0], params)
2288 except:
2289 raise HwsimSkip("DPP not supported")
2290
2291 dev[0].set("dpp_config_processing", "2")
2292
2293 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2294 res = dev[1].request(cmd)
2295 if "FAIL" in res:
2296 raise Exception("Failed to add configurator")
2297 conf_id = int(res)
2298
2299 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2300 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2301
2302 dev[1].set("dpp_configurator_params",
2303 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2304 conf_id))
2305 cmd = "DPP_LISTEN 2437 role=configurator"
2306 if "OK" not in dev[1].request(cmd):
2307 raise Exception("Failed to start listen operation")
2308
2309 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2310 if "status,COMPLETE" not in res:
2311 raise Exception("dev_exec_action did not succeed: " + res)
2312
2313 def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2314 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2315 sigma = start_sigma_dut(dev[0].ifname)
2316 try:
2317 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2318
2319 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2320 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2321 raise Exception("Unexpected result: " + res)
2322 finally:
2323 dev[0].set("dpp_config_processing", "0")
2324 stop_sigma_dut(sigma)
2325
2326 def test_sigma_dut_dpp_self_config(dev, apdev):
2327 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2328 check_dpp_capab(dev[0])
2329
2330 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2331 check_dpp_capab(hapd)
2332
2333 sigma = start_sigma_dut(dev[0].ifname)
2334 try:
2335 dev[0].set("dpp_config_processing", "2")
2336 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2337 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2338
2339 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2340 if "status,COMPLETE" not in res:
2341 raise Exception("dev_exec_action did not succeed: " + res)
2342
2343 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2344 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2345 raise Exception("Unexpected result: " + res)
2346 update_hapd_config(hapd)
2347
2348 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2349 res = sigma_dut_cmd(cmd, timeout=10)
2350 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2351 raise Exception("Unexpected result: " + res)
2352 finally:
2353 stop_sigma_dut(sigma)
2354 dev[0].set("dpp_config_processing", "0")
2355
2356 def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2357 """sigma_dut DPP AP Configurator using self-configuration"""
2358 logdir = os.path.join(params['logdir'],
2359 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2360 with HWSimRadio() as (radio, iface):
2361 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2362 try:
2363 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2364 finally:
2365 stop_sigma_dut(sigma)
2366 dev[0].set("dpp_config_processing", "0")
2367
2368 def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2369 check_dpp_capab(dev[0])
2370
2371 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2372
2373 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2374 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2375 raise Exception("Unexpected result: " + res)
2376
2377 dev[0].set("dpp_config_processing", "2")
2378
2379 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
2380 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2381 cmd = "DPP_LISTEN 2462 role=enrollee"
2382 if "OK" not in dev[0].request(cmd):
2383 raise Exception("Failed to start listen operation")
2384
2385 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2386 if "status,COMPLETE" not in res:
2387 raise Exception("dev_exec_action did not succeed: " + res)
2388 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2389 res = sigma_dut_cmd(cmd)
2390 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2391 raise Exception("Unexpected result: " + res)
2392 dev[0].wait_connected()
2393 dev[0].request("DISCONNECT")
2394 dev[0].wait_disconnected()
2395 sigma_dut_cmd_check("ap_reset_default")
2396
2397 def test_sigma_dut_preconfigured_profile(dev, apdev):
2398 """sigma_dut controlled connection using preconfigured profile"""
2399 try:
2400 run_sigma_dut_preconfigured_profile(dev, apdev)
2401 finally:
2402 dev[0].set("ignore_old_scan_res", "0")
2403
2404 def run_sigma_dut_preconfigured_profile(dev, apdev):
2405 ifname = dev[0].ifname
2406 sigma = start_sigma_dut(ifname)
2407
2408 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2409 hapd = hostapd.add_ap(apdev[0], params)
2410 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2411 only_add_network=True)
2412
2413 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2414 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"))
2415 sigma_dut_wait_connected(ifname)
2416 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2417 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2418 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2419
2420 stop_sigma_dut(sigma)
2421
2422 def test_sigma_dut_wps_pbc(dev, apdev):
2423 """sigma_dut and WPS PBC Enrollee"""
2424 try:
2425 run_sigma_dut_wps_pbc(dev, apdev)
2426 finally:
2427 dev[0].set("ignore_old_scan_res", "0")
2428
2429 def run_sigma_dut_wps_pbc(dev, apdev):
2430 ssid = "test-wps-conf"
2431 hapd = hostapd.add_ap(apdev[0],
2432 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2433 "wpa_passphrase": "12345678", "wpa": "2",
2434 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2435 hapd.request("WPS_PBC")
2436
2437 ifname = dev[0].ifname
2438 sigma = start_sigma_dut(ifname)
2439
2440 cmd = "start_wps_registration,interface,%s" % ifname
2441 cmd += ",WpsRole,Enrollee"
2442 cmd += ",WpsConfigMethod,PBC"
2443 sigma_dut_cmd_check(cmd, timeout=15)
2444
2445 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2446 hapd.disable()
2447 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2448 stop_sigma_dut(sigma)
2449 dev[0].flush_scan_cache()
2450
2451 def test_sigma_dut_sta_scan_bss(dev, apdev):
2452 """sigma_dut sta_scan_bss"""
2453 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
2454 sigma = start_sigma_dut(dev[0].ifname)
2455 try:
2456 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2457 hapd.own_addr())
2458 res = sigma_dut_cmd(cmd, timeout=10)
2459 if "ssid,test,bsschannel,1" not in res:
2460 raise Exception("Unexpected result: " + res)
2461 finally:
2462 stop_sigma_dut(sigma)
2463
2464 def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2465 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2466 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2467 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2468 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2469 try:
2470 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
2471 res = sigma_dut_cmd(cmd, timeout=10)
2472 if "abcdef" not in res or "qwerty" not in res:
2473 raise Exception("Unexpected result: " + res)
2474 finally:
2475 stop_sigma_dut(sigma)
2476
2477 def test_sigma_dut_ap_osen(dev, apdev, params):
2478 """sigma_dut controlled AP with OSEN"""
2479 logdir = os.path.join(params['logdir'],
2480 "sigma_dut_ap_osen.sigma-hostapd")
2481 with HWSimRadio() as (radio, iface):
2482 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2483 try:
2484 sigma_dut_cmd_check("ap_reset_default")
2485 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2486 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2487 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2488 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2489
2490 # RSN-OSEN (for OSU)
2491 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2492 pairwise="CCMP", group="GTK_NOT_USED",
2493 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2494 ca_cert="auth_serv/ca.pem", scan_freq="2412")
2495
2496 sigma_dut_cmd_check("ap_reset_default")
2497 finally:
2498 stop_sigma_dut(sigma)
2499
2500 def test_sigma_dut_ap_eap_osen(dev, apdev, params):
2501 """sigma_dut controlled AP with EAP+OSEN"""
2502 logdir = os.path.join(params['logdir'],
2503 "sigma_dut_ap_eap_osen.sigma-hostapd")
2504 with HWSimRadio() as (radio, iface):
2505 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
2506 try:
2507 sigma_dut_cmd_check("ap_reset_default")
2508 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2509 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2510 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2511 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2512
2513 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2514 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2515
2516 # RSN-OSEN (for OSU)
2517 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2518 pairwise="CCMP",
2519 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2520 ca_cert="auth_serv/ca.pem", ieee80211w='2',
2521 scan_freq="2412")
2522 # RSN-EAP (for data connection)
2523 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2524 identity="hs20-test", password="password",
2525 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2526 ieee80211w='2', scan_freq="2412")
2527
2528 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
2529 success_expected=False, timeout=1)
2530
2531 sigma_dut_cmd_check("ap_reset_default")
2532 finally:
2533 stop_sigma_dut(sigma)
2534 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2535 stderr=open('/dev/null', 'w'))
2536 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2537 stderr=open('/dev/null', 'w'))
2538
2539 def test_sigma_dut_ap_eap(dev, apdev, params):
2540 """sigma_dut controlled AP WPA2-Enterprise"""
2541 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2542 with HWSimRadio() as (radio, iface):
2543 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2544 try:
2545 sigma_dut_cmd_check("ap_reset_default")
2546 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2547 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2548 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2549 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2550
2551 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
2552 identity="gpsk user",
2553 password="abcdefghijklmnop0123456789abcdef",
2554 scan_freq="2412")
2555
2556 sigma_dut_cmd_check("ap_reset_default")
2557 finally:
2558 stop_sigma_dut(sigma)
2559
2560 def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
2561 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2562 logdir = os.path.join(params['logdir'],
2563 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2564 with HWSimRadio() as (radio, iface):
2565 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2566 try:
2567 sigma_dut_cmd_check("ap_reset_default")
2568 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2569 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2570 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2571 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2572
2573 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
2574 identity="gpsk user",
2575 password="abcdefghijklmnop0123456789abcdef",
2576 scan_freq="2412")
2577
2578 sigma_dut_cmd_check("ap_reset_default")
2579 finally:
2580 stop_sigma_dut(sigma)
2581
2582 def test_sigma_dut_ap_ft_eap(dev, apdev, params):
2583 """sigma_dut controlled AP FT-EAP"""
2584 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2585 with HWSimRadio() as (radio, iface):
2586 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2587 try:
2588 sigma_dut_cmd_check("ap_reset_default")
2589 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2590 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2591 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2592 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2593
2594 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2595 identity="gpsk user",
2596 password="abcdefghijklmnop0123456789abcdef",
2597 scan_freq="2412")
2598
2599 sigma_dut_cmd_check("ap_reset_default")
2600 finally:
2601 stop_sigma_dut(sigma)
2602
2603 def test_sigma_dut_ap_ft_psk(dev, apdev, params):
2604 """sigma_dut controlled AP FT-PSK"""
2605 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2606 with HWSimRadio() as (radio, iface):
2607 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2608 try:
2609 sigma_dut_cmd_check("ap_reset_default")
2610 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2611 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2612 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2613
2614 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2615 scan_freq="2412")
2616
2617 sigma_dut_cmd_check("ap_reset_default")
2618 finally:
2619 stop_sigma_dut(sigma)
2620
2621 def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
2622 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2623 logdir = os.path.join(params['logdir'],
2624 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2625 with HWSimRadio() as (radio, iface):
2626 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2627 try:
2628 sigma_dut_cmd_check("ap_reset_default")
2629 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2630 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2631 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2632 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2633
2634 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2635 identity="gpsk user",
2636 password="abcdefghijklmnop0123456789abcdef",
2637 scan_freq="2412")
2638 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
2639 identity="gpsk user",
2640 password="abcdefghijklmnop0123456789abcdef",
2641 scan_freq="2412")
2642
2643 sigma_dut_cmd_check("ap_reset_default")
2644 finally:
2645 stop_sigma_dut(sigma)
2646
2647 def test_sigma_dut_venue_url(dev, apdev):
2648 """sigma_dut controlled Venue URL fetch"""
2649 try:
2650 run_sigma_dut_venue_url(dev, apdev)
2651 finally:
2652 dev[0].set("ignore_old_scan_res", "0")
2653
2654 def run_sigma_dut_venue_url(dev, apdev):
2655 ifname = dev[0].ifname
2656 sigma = start_sigma_dut(ifname, debug=True)
2657
2658 ssid = "venue"
2659 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
2660 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
2661 params["ieee80211w"] = "2"
2662
2663 venue_group = 1
2664 venue_type = 13
2665 venue_info = struct.pack('BB', venue_group, venue_type)
2666 lang1 = "eng"
2667 name1 = "Example venue"
2668 lang2 = "fin"
2669 name2 = "Esimerkkipaikka"
2670 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
2671 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
2672 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
2673
2674 url1 = "http://example.com/venue"
2675 url2 = "https://example.org/venue-info/"
2676 params["venue_group"] = str(venue_group)
2677 params["venue_type"] = str(venue_type)
2678 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
2679 params["venue_url"] = ["1:" + url1, "2:" + url2]
2680
2681 hapd = hostapd.add_ap(apdev[0], params)
2682
2683 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
2684 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2685 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
2686 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"))
2687 sigma_dut_wait_connected(ifname)
2688 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2689 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
2690 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2691 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2692
2693 stop_sigma_dut(sigma)
2694
2695 def test_sigma_dut_hs20_assoc_24(dev, apdev):
2696 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
2697 run_sigma_dut_hs20_assoc(dev, apdev, True)
2698
2699 def test_sigma_dut_hs20_assoc_5(dev, apdev):
2700 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
2701 run_sigma_dut_hs20_assoc(dev, apdev, False)
2702
2703 def run_sigma_dut_hs20_assoc(dev, apdev, band24):
2704 hapd0 = None
2705 hapd1 = None
2706 try:
2707 bssid0 = apdev[0]['bssid']
2708 params = hs20_ap_params()
2709 params['hessid'] = bssid0
2710 hapd0 = hostapd.add_ap(apdev[0], params)
2711
2712 bssid1 = apdev[1]['bssid']
2713 params = hs20_ap_params()
2714 params['hessid'] = bssid0
2715 params["hw_mode"] = "a"
2716 params["channel"] = "36"
2717 params["country_code"] = "US"
2718 hapd1 = hostapd.add_ap(apdev[1], params)
2719
2720 band = "2.4" if band24 else "5"
2721 exp_bssid = bssid0 if band24 else bssid1
2722 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
2723 finally:
2724 dev[0].request("DISCONNECT")
2725 if hapd0:
2726 hapd0.request("DISABLE")
2727 if hapd1:
2728 hapd1.request("DISABLE")
2729 subprocess.call(['iw', 'reg', 'set', '00'])
2730 dev[0].flush_scan_cache()
2731
2732 def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
2733 check_eap_capa(dev[0], "MSCHAPV2")
2734 dev[0].flush_scan_cache()
2735
2736 ifname = dev[0].ifname
2737 sigma = start_sigma_dut(ifname, debug=True)
2738
2739 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
2740 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2741 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
2742 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
2743 timeout=15)
2744 sigma_dut_wait_connected(ifname)
2745 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2746 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2747 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2748
2749 stop_sigma_dut(sigma)
2750
2751 if "BSSID," + expect_bssid not in res:
2752 raise Exception("Unexpected BSSID: " + res)
2753
2754 def test_sigma_dut_ap_hs20(dev, apdev, params):
2755 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
2756 logdir = os.path.join(params['logdir'],
2757 "sigma_dut_ap_hs20.sigma-hostapd")
2758 conffile = os.path.join(params['logdir'],
2759 "sigma_dut_ap_hs20.sigma-conf")
2760 with HWSimRadio() as (radio, iface):
2761 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2762 try:
2763 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
2764 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2765 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2766 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
2767 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
2768 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
2769 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
2770 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
2771 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
2772 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
2773 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
2774 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
2775 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
2776 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2777
2778 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
2779 with open(conffile, "wb") as f2:
2780 f2.write(f.read())
2781
2782 sigma_dut_cmd_check("ap_reset_default")
2783 finally:
2784 stop_sigma_dut(sigma)
2785
2786 def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
2787 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
2788 logdir = params['logdir']
2789
2790 with open("auth_serv/ca.pem", "r") as f:
2791 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
2792 "w") as f2:
2793 f2.write(f.read())
2794
2795 src = "auth_serv/server.pem"
2796 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
2797 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
2798 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
2799 "-outform", "DER"],
2800 stderr=open('/dev/null', 'w'))
2801 with open(dst, "rb") as f:
2802 der = f.read()
2803 hash = hashlib.sha256(der).digest()
2804 with open(hashdst, "w") as f:
2805 f.write(binascii.hexlify(hash).decode())
2806
2807 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
2808 with open(dst, "w") as f:
2809 f.write(32*"00")
2810
2811 ssid = "test-wpa2-eap"
2812 params = hostapd.wpa2_eap_params(ssid=ssid)
2813 hapd = hostapd.add_ap(apdev[0], params)
2814
2815 ifname = dev[0].ifname
2816 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
2817
2818 try:
2819 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
2820
2821 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
2822 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2823 sigma_dut_cmd_check(cmd)
2824 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2825 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
2826 if ev is None:
2827 raise Exception("Server certificate error not reported")
2828
2829 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
2830 if "ServerCertTrustResult,Accepted" not in res:
2831 raise Exception("Server certificate trust was not accepted")
2832 sigma_dut_wait_connected(ifname)
2833 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2834 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2835 dev[0].dump_monitor()
2836 finally:
2837 stop_sigma_dut(sigma)
2838
2839 def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
2840 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
2841 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
2842
2843 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
2844 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
2845 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
2846
2847 def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
2848 logdir = params['logdir']
2849
2850 name = "sigma_dut_eap_ttls_uosc_tod"
2851 if tofu:
2852 name += "_tofu"
2853 with open("auth_serv/ca.pem", "r") as f:
2854 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
2855 f2.write(f.read())
2856
2857 if tofu:
2858 src = "auth_serv/server-certpol2.pem"
2859 else:
2860 src = "auth_serv/server-certpol.pem"
2861 dst = os.path.join(logdir, name + ".server.der")
2862 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
2863 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
2864 "-outform", "DER"],
2865 stderr=open('/dev/null', 'w'))
2866 with open(dst, "rb") as f:
2867 der = f.read()
2868 hash = hashlib.sha256(der).digest()
2869 with open(hashdst, "w") as f:
2870 f.write(binascii.hexlify(hash).decode())
2871
2872 ssid = "test-wpa2-eap"
2873 params = int_eap_server_params()
2874 params["ssid"] = ssid
2875 if tofu:
2876 params["server_cert"] = "auth_serv/server-certpol2.pem"
2877 params["private_key"] = "auth_serv/server-certpol2.key"
2878 else:
2879 params["server_cert"] = "auth_serv/server-certpol.pem"
2880 params["private_key"] = "auth_serv/server-certpol.key"
2881 hapd = hostapd.add_ap(apdev[0], params)
2882
2883 ifname = dev[0].ifname
2884 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
2885
2886 try:
2887 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
2888 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
2889 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2890 sigma_dut_cmd_check(cmd)
2891 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2892 sigma_dut_wait_connected(ifname)
2893 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2894 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
2895 dev[0].wait_disconnected()
2896 dev[0].dump_monitor()
2897
2898 hapd.disable()
2899 params = hostapd.wpa2_eap_params(ssid=ssid)
2900 hapd = hostapd.add_ap(apdev[0], params)
2901
2902 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2903 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
2904 if ev is None:
2905 raise Exception("Server certificate error not reported")
2906
2907 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
2908 if "ServerCertTrustResult,Accepted" in res:
2909 raise Exception("Server certificate trust override was accepted unexpectedly")
2910 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2911 dev[0].dump_monitor()
2912 finally:
2913 stop_sigma_dut(sigma)
2914
2915 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
2916 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
2917 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
2918
2919 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
2920 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
2921 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
2922
2923 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
2924 logdir = params['logdir']
2925
2926 name = "sigma_dut_eap_ttls_uosc_initial_tod"
2927 if tofu:
2928 name += "_tofu"
2929 with open("auth_serv/rsa3072-ca.pem", "r") as f:
2930 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
2931 f2.write(f.read())
2932
2933 if tofu:
2934 src = "auth_serv/server-certpol2.pem"
2935 else:
2936 src = "auth_serv/server-certpol.pem"
2937 dst = os.path.join(logdir, name + ".server.der")
2938 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
2939 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
2940 "-outform", "DER"],
2941 stderr=open('/dev/null', 'w'))
2942 with open(dst, "rb") as f:
2943 der = f.read()
2944 hash = hashlib.sha256(der).digest()
2945 with open(hashdst, "w") as f:
2946 f.write(binascii.hexlify(hash).decode())
2947
2948 ssid = "test-wpa2-eap"
2949 params = int_eap_server_params()
2950 params["ssid"] = ssid
2951 if tofu:
2952 params["server_cert"] = "auth_serv/server-certpol2.pem"
2953 params["private_key"] = "auth_serv/server-certpol2.key"
2954 else:
2955 params["server_cert"] = "auth_serv/server-certpol.pem"
2956 params["private_key"] = "auth_serv/server-certpol.key"
2957 hapd = hostapd.add_ap(apdev[0], params)
2958
2959 ifname = dev[0].ifname
2960 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
2961
2962 try:
2963 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
2964 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
2965 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2966 sigma_dut_cmd_check(cmd)
2967 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2968 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
2969 if ev is None:
2970 raise Exception("Server certificate validation failure not reported")
2971
2972 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
2973 if not tofu and "ServerCertTrustResult,Accepted" in res:
2974 raise Exception("Server certificate trust override was accepted unexpectedly")
2975 if tofu and "ServerCertTrustResult,Accepted" not in res:
2976 raise Exception("Server certificate trust override was not accepted")
2977 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2978 dev[0].dump_monitor()
2979 finally:
2980 stop_sigma_dut(sigma)
2981
2982 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
2983 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
2984 logdir = params['logdir']
2985
2986 with open("auth_serv/ca.pem", "r") as f:
2987 with open(os.path.join(logdir,
2988 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
2989 "w") as f2:
2990 f2.write(f.read())
2991
2992 ssid = "test-wpa2-eap"
2993 params = int_eap_server_params()
2994 params["ssid"] = ssid
2995 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
2996 params["server_cert"] = "auth_serv/rsa3072-server.pem"
2997 params["private_key"] = "auth_serv/rsa3072-server.key"
2998 hapd = hostapd.add_ap(apdev[0], params)
2999
3000 ifname = dev[0].ifname
3001 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3002
3003 try:
3004 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
3005 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3006 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3007 sigma_dut_cmd_check(cmd)
3008 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3009 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3010 if ev is None:
3011 raise Exception("Server certificate error not reported")
3012
3013 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3014 if "ServerCertTrustResult,Accepted" not in res:
3015 raise Exception("Server certificate trust was not accepted")
3016 sigma_dut_wait_connected(ifname)
3017 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3018 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3019 dev[0].dump_monitor()
3020 finally:
3021 stop_sigma_dut(sigma)
Unnamed repository; edit this file 'description' to name the repository.