1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
13 logger
= logging
.getLogger()
22 from utils
import HwsimSkip
23 from hwsim
import HWSimRadio
25 from wlantest
import Wlantest
26 from test_dpp
import check_dpp_capab
, update_hapd_config
, wait_auth_success
27 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
28 from test_ap_eap
import check_eap_capa
, int_eap_server_params
, check_domain_match
, check_domain_suffix_match
29 from test_ap_hs20
import hs20_ap_params
30 from test_ap_pmf
import check_mac80211_bigtk
32 def check_sigma_dut():
33 if not os
.path
.exists("./sigma_dut"):
34 raise HwsimSkip("sigma_dut not available")
37 return binascii
.hexlify(s
.encode()).decode()
40 return binascii
.unhexlify(s
).decode()
42 def sigma_log_output(cmd
):
44 out
= cmd
.stdout
.read()
46 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
48 if e
.errno
!= errno
.EAGAIN
:
51 out
= cmd
.stderr
.read()
53 logger
.debug("sigma_dut stderr: " + str(out
.decode()))
55 if e
.errno
!= errno
.EAGAIN
:
60 def sigma_dut_cmd(cmd
, port
=9000, timeout
=2):
61 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
63 sock
.settimeout(timeout
)
64 addr
= ('127.0.0.1', port
)
66 sock
.send(cmd
.encode() + b
"\r\n")
68 res
= sock
.recv(1000).decode()
71 for line
in res
.splitlines():
72 if line
.startswith("status,RUNNING"):
74 elif line
.startswith("status,INVALID"):
76 elif line
.startswith("status,ERROR"):
78 elif line
.startswith("status,COMPLETE"):
80 if running
and not done
:
81 # Read the actual response
82 res
= sock
.recv(1000).decode()
88 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
91 sigma_log_output(sigma_prog
)
94 def sigma_dut_cmd_check(cmd
, port
=9000, timeout
=2):
95 res
= sigma_dut_cmd(cmd
, port
=port
, timeout
=timeout
)
96 if "COMPLETE" not in res
:
97 raise Exception("sigma_dut command failed: " + cmd
)
100 def start_sigma_dut(ifname
, hostapd_logdir
=None, cert_path
=None,
101 bridge
=None, sae_h2e
=False, owe_ptk_workaround
=False):
103 cmd
= ['./sigma_dut',
107 '-F', '../../hostapd/hostapd',
109 '-w', '/var/run/wpa_supplicant/',
112 cmd
+= ['-H', hostapd_logdir
]
114 cmd
+= ['-C', cert_path
]
116 cmd
+= ['-b', bridge
]
119 if owe_ptk_workaround
:
121 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
122 stderr
=subprocess
.PIPE
)
123 for stream
in [sigma
.stdout
, sigma
.stderr
]:
125 fl
= fcntl
.fcntl(fd
, fcntl
.F_GETFL
)
126 fcntl
.fcntl(fd
, fcntl
.F_SETFL
, fl | os
.O_NONBLOCK
)
133 res
= sigma_dut_cmd("HELLO")
137 if res
is None or "errorCode,Unknown command" not in res
:
138 raise Exception("Failed to start sigma_dut")
139 return {'cmd': sigma
, 'ifname': ifname
}
141 def stop_sigma_dut(sigma
):
145 sigma_log_output(cmd
)
146 logger
.debug("Terminating sigma_dut process")
149 out
, err
= cmd
.communicate()
150 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
151 logger
.debug("sigma_dut stderr: " + str(err
.decode()))
152 subprocess
.call(["ip", "addr", "del", "dev", sigma
['ifname'],
154 stderr
=open('/dev/null', 'w'))
156 def sigma_dut_wait_connected(ifname
):
158 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
159 if "connected,1" in res
:
163 raise Exception("Connection did not complete")
165 def test_sigma_dut_basic(dev
, apdev
):
166 """sigma_dut basic functionality"""
167 sigma
= start_sigma_dut(dev
[0].ifname
)
169 tests
= [("ca_get_version", "status,COMPLETE,version,1.0"),
170 ("device_get_info", "status,COMPLETE,vendor"),
171 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
172 ("device_list_interfaces,interfaceType,802.11",
173 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
)]
175 res
= sigma_dut_cmd("UNKNOWN")
176 if "status,INVALID,errorCode,Unknown command" not in res
:
177 raise Exception("Unexpected sigma_dut response to unknown command")
179 for cmd
, response
in tests
:
180 res
= sigma_dut_cmd(cmd
)
181 if response
not in res
:
182 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
184 stop_sigma_dut(sigma
)
186 def test_sigma_dut_open(dev
, apdev
):
187 """sigma_dut controlled open network association"""
189 run_sigma_dut_open(dev
, apdev
)
191 dev
[0].set("ignore_old_scan_res", "0")
193 def run_sigma_dut_open(dev
, apdev
):
194 ifname
= dev
[0].ifname
195 sigma
= start_sigma_dut(ifname
)
198 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "open"})
200 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
201 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
202 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"),
204 sigma_dut_wait_connected(ifname
)
205 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
206 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
207 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
209 stop_sigma_dut(sigma
)
211 def test_sigma_dut_psk_pmf(dev
, apdev
):
212 """sigma_dut controlled PSK+PMF association"""
214 run_sigma_dut_psk_pmf(dev
, apdev
)
216 dev
[0].set("ignore_old_scan_res", "0")
218 def run_sigma_dut_psk_pmf(dev
, apdev
):
219 ifname
= dev
[0].ifname
220 sigma
= start_sigma_dut(ifname
)
223 ssid
= "test-pmf-required"
224 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
225 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
226 params
["ieee80211w"] = "2"
227 hapd
= hostapd
.add_ap(apdev
[0], params
)
229 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
230 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
231 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
232 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
234 sigma_dut_wait_connected(ifname
)
235 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
236 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
237 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
239 stop_sigma_dut(sigma
)
241 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
242 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
244 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
246 dev
[0].set("ignore_old_scan_res", "0")
248 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
249 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
251 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
253 dev
[0].set("ignore_old_scan_res", "0")
255 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
256 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
258 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
260 dev
[0].set("ignore_old_scan_res", "0")
262 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
263 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
265 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
267 dev
[0].set("ignore_old_scan_res", "0")
269 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
270 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
272 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
275 dev
[0].set("ignore_old_scan_res", "0")
277 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
279 ifname
= dev
[0].ifname
280 sigma
= start_sigma_dut(ifname
)
283 ssid
= "test-pmf-required"
284 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
285 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
286 params
["ieee80211w"] = "2"
287 params
["group_mgmt_cipher"] = hostapd_cipher
288 hapd
= hostapd
.add_ap(apdev
[0], params
)
290 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
291 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
292 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
293 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
294 timeout
=2 if failure
else 10)
296 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
297 "CTRL-EVENT-CONNECTED"], timeout
=10)
299 raise Exception("Network selection result not indicated")
300 if "CTRL-EVENT-CONNECTED" in ev
:
301 raise Exception("Unexpected connection")
302 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
303 if "connected,1" in res
:
304 raise Exception("Connection reported")
306 sigma_dut_wait_connected(ifname
)
307 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
309 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
310 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
312 stop_sigma_dut(sigma
)
314 def test_sigma_dut_sae(dev
, apdev
):
315 """sigma_dut controlled SAE association"""
316 if "SAE" not in dev
[0].get_capability("auth_alg"):
317 raise HwsimSkip("SAE not supported")
319 ifname
= dev
[0].ifname
320 sigma
= start_sigma_dut(ifname
)
324 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
325 params
['wpa_key_mgmt'] = 'SAE'
326 params
["ieee80211w"] = "2"
327 params
['sae_groups'] = '19 20 21'
328 hapd
= hostapd
.add_ap(apdev
[0], params
)
330 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
331 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
332 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
333 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
335 sigma_dut_wait_connected(ifname
)
336 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
337 if dev
[0].get_status_field('sae_group') != '19':
338 raise Exception("Expected default SAE group not used")
339 res
= sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname
)
340 logger
.info("Reported PMK: " + res
)
341 if ",PMK," not in res
:
342 raise Exception("PMK not reported");
343 if hapd
.request("GET_PMK " + dev
[0].own_addr()) != res
.split(',')[3]:
344 raise Exception("Mismatch in reported PMK")
345 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
347 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
349 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
350 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
351 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
353 sigma_dut_wait_connected(ifname
)
354 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
355 if dev
[0].get_status_field('sae_group') != '20':
356 raise Exception("Expected SAE group not used")
357 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
358 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
360 stop_sigma_dut(sigma
)
362 def test_sigma_dut_sae_groups(dev
, apdev
):
363 """sigma_dut controlled SAE association with group negotiation"""
364 if "SAE" not in dev
[0].get_capability("auth_alg"):
365 raise HwsimSkip("SAE not supported")
367 ifname
= dev
[0].ifname
368 sigma
= start_sigma_dut(ifname
)
372 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
373 params
['wpa_key_mgmt'] = 'SAE'
374 params
["ieee80211w"] = "2"
375 params
['sae_groups'] = '19'
376 hapd
= hostapd
.add_ap(apdev
[0], params
)
378 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
379 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
380 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname
, "test-sae", "12345678"))
381 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
383 sigma_dut_wait_connected(ifname
)
384 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
385 if dev
[0].get_status_field('sae_group') != '19':
386 raise Exception("Expected default SAE group not used")
387 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
389 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
391 stop_sigma_dut(sigma
)
393 def test_sigma_dut_sae_pmkid_include(dev
, apdev
):
394 """sigma_dut controlled SAE association with PMKID"""
395 if "SAE" not in dev
[0].get_capability("auth_alg"):
396 raise HwsimSkip("SAE not supported")
398 ifname
= dev
[0].ifname
399 sigma
= start_sigma_dut(ifname
)
403 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
404 params
['wpa_key_mgmt'] = 'SAE'
405 params
["ieee80211w"] = "2"
406 params
["sae_confirm_immediate"] = "1"
407 hapd
= hostapd
.add_ap(apdev
[0], params
)
409 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
410 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
411 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname
, "test-sae", "12345678"))
412 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
414 sigma_dut_wait_connected(ifname
)
415 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
417 stop_sigma_dut(sigma
)
419 def test_sigma_dut_sae_password(dev
, apdev
):
420 """sigma_dut controlled SAE association and long password"""
421 if "SAE" not in dev
[0].get_capability("auth_alg"):
422 raise HwsimSkip("SAE not supported")
424 ifname
= dev
[0].ifname
425 sigma
= start_sigma_dut(ifname
)
429 params
= hostapd
.wpa2_params(ssid
=ssid
)
430 params
['sae_password'] = 100*'B'
431 params
['wpa_key_mgmt'] = 'SAE'
432 params
["ieee80211w"] = "2"
433 hapd
= hostapd
.add_ap(apdev
[0], params
)
435 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
436 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
437 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
438 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
440 sigma_dut_wait_connected(ifname
)
441 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
442 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
443 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
445 stop_sigma_dut(sigma
)
447 def test_sigma_dut_sae_pw_id(dev
, apdev
):
448 """sigma_dut controlled SAE association with Password Identifier"""
449 if "SAE" not in dev
[0].get_capability("auth_alg"):
450 raise HwsimSkip("SAE not supported")
452 ifname
= dev
[0].ifname
453 sigma
= start_sigma_dut(ifname
)
457 params
= hostapd
.wpa2_params(ssid
=ssid
)
458 params
['wpa_key_mgmt'] = 'SAE'
459 params
["ieee80211w"] = "2"
460 params
['sae_password'] = 'secret|id=pw id'
461 params
['sae_groups'] = '19'
462 hapd
= hostapd
.add_ap(apdev
[0], params
)
464 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
465 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
466 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname
, "test-sae", "secret"))
467 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
469 sigma_dut_wait_connected(ifname
)
470 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
471 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
473 stop_sigma_dut(sigma
)
475 def test_sigma_dut_sae_pw_id_pwe_loop(dev
, apdev
):
476 """sigma_dut controlled SAE association with Password Identifier and forced PWE looping"""
477 if "SAE" not in dev
[0].get_capability("auth_alg"):
478 raise HwsimSkip("SAE not supported")
480 ifname
= dev
[0].ifname
481 sigma
= start_sigma_dut(ifname
)
485 params
= hostapd
.wpa2_params(ssid
=ssid
)
486 params
['wpa_key_mgmt'] = 'SAE'
487 params
["ieee80211w"] = "2"
488 params
['sae_password'] = 'secret|id=pw id'
489 params
['sae_groups'] = '19'
490 hapd
= hostapd
.add_ap(apdev
[0], params
)
492 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
493 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
494 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id,sae_pwe,looping" % (ifname
, "test-sae", "secret"))
495 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
498 ev
= dev
[0].wait_event(["SME: Trying to authenticate",
499 "CTRL-EVENT-CONNECTED"], timeout
=10)
501 raise Exception("Network selection result not indicated")
502 if "CTRL-EVENT-CONNECTED" in ev
:
503 raise Exception("Unexpected connection")
504 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
505 if "connected,1" in res
:
506 raise Exception("Connection reported")
507 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
509 stop_sigma_dut(sigma
)
510 dev
[0].set("sae_pwe", "0")
512 def test_sigma_dut_sae_pw_id_ft(dev
, apdev
):
513 """sigma_dut controlled SAE association with Password Identifier and FT"""
514 run_sigma_dut_sae_pw_id_ft(dev
, apdev
)
516 def test_sigma_dut_sae_pw_id_ft_over_ds(dev
, apdev
):
517 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
518 run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=True)
520 def run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=False):
521 if "SAE" not in dev
[0].get_capability("auth_alg"):
522 raise HwsimSkip("SAE not supported")
524 ifname
= dev
[0].ifname
525 sigma
= start_sigma_dut(ifname
)
529 params
= hostapd
.wpa2_params(ssid
=ssid
)
530 params
['wpa_key_mgmt'] = 'SAE FT-SAE'
531 params
["ieee80211w"] = "2"
532 params
['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
533 params
['mobility_domain'] = 'aabb'
534 params
['ft_over_ds'] = '1' if over_ds
else '0'
535 bssid
= apdev
[0]['bssid'].replace(':', '')
536 params
['nas_identifier'] = bssid
+ '.nas.example.com'
537 params
['r1_key_holder'] = bssid
538 params
['pmk_r1_push'] = '0'
539 params
['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
540 params
['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
541 hapd
= hostapd
.add_ap(apdev
[0], params
)
543 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
545 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname
)
546 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
547 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname
, "test-sae", "pw2"))
548 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
550 sigma_dut_wait_connected(ifname
)
552 bssid
= apdev
[1]['bssid'].replace(':', '')
553 params
['nas_identifier'] = bssid
+ '.nas.example.com'
554 params
['r1_key_holder'] = bssid
555 hapd2
= hostapd
.add_ap(apdev
[1], params
)
556 bssid
= hapd2
.own_addr()
557 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
558 dev
[0].wait_connected()
560 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
561 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
563 stop_sigma_dut(sigma
)
565 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
566 """sigma_dut and RSNE override on STA"""
568 run_sigma_dut_sta_override_rsne(dev
, apdev
)
570 dev
[0].set("ignore_old_scan_res", "0")
572 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
573 ifname
= dev
[0].ifname
574 sigma
= start_sigma_dut(ifname
)
578 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
579 hapd
= hostapd
.add_ap(apdev
[0], params
)
581 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
583 tests
= ["30120100000fac040100000fac040100000fac02",
584 "30140100000fac040100000fac040100000fac02ffff"]
586 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
587 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
588 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
590 sigma_dut_wait_connected(ifname
)
591 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
592 dev
[0].dump_monitor()
594 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
595 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
596 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
599 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
601 raise Exception("Association rejection not reported")
602 if "status_code=40" not in ev
:
603 raise Exception("Unexpected status code: " + ev
)
605 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
607 stop_sigma_dut(sigma
)
609 def test_sigma_dut_ap_psk(dev
, apdev
):
610 """sigma_dut controlled AP"""
611 with
HWSimRadio() as (radio
, iface
):
612 sigma
= start_sigma_dut(iface
)
614 sigma_dut_cmd_check("ap_reset_default")
615 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
616 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
617 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
619 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
621 sigma_dut_cmd_check("ap_reset_default")
623 stop_sigma_dut(sigma
)
625 def test_sigma_dut_ap_pskhex(dev
, apdev
, params
):
626 """sigma_dut controlled AP and PSKHEX"""
627 logdir
= os
.path
.join(params
['logdir'],
628 "sigma_dut_ap_pskhex.sigma-hostapd")
629 with
HWSimRadio() as (radio
, iface
):
630 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
632 psk
= "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
633 sigma_dut_cmd_check("ap_reset_default")
634 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
635 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk
)
636 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
638 dev
[0].connect("test-psk", raw_psk
=psk
, scan_freq
="2412")
640 sigma_dut_cmd_check("ap_reset_default")
642 stop_sigma_dut(sigma
)
644 def test_sigma_dut_ap_psk_sha256(dev
, apdev
, params
):
645 """sigma_dut controlled AP PSK SHA256"""
646 logdir
= os
.path
.join(params
['logdir'],
647 "sigma_dut_ap_psk_sha256.sigma-hostapd")
648 with
HWSimRadio() as (radio
, iface
):
649 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
651 sigma_dut_cmd_check("ap_reset_default")
652 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
653 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
654 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
656 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
657 psk
="12345678", scan_freq
="2412")
659 sigma_dut_cmd_check("ap_reset_default")
661 stop_sigma_dut(sigma
)
663 def test_sigma_dut_ap_psk_deauth(dev
, apdev
, params
):
664 """sigma_dut controlled AP and deauth commands"""
665 logdir
= os
.path
.join(params
['logdir'],
666 "sigma_dut_ap_psk_deauth.sigma-hostapd")
667 with
HWSimRadio() as (radio
, iface
):
668 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
670 sigma_dut_cmd_check("ap_reset_default")
671 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
672 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
673 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
675 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
676 psk
="12345678", ieee80211w
="2", scan_freq
="2412")
677 addr
= dev
[0].own_addr()
678 dev
[0].dump_monitor()
680 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
)
681 ev
= dev
[0].wait_disconnected()
682 dev
[0].dump_monitor()
683 if "locally_generated=1" in ev
:
684 raise Exception("Unexpected disconnection reason")
685 dev
[0].wait_connected()
686 dev
[0].dump_monitor()
688 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
+ ",disconnect,silent")
689 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
690 if ev
and "locally_generated=1" not in ev
:
691 raise Exception("Unexpected disconnection")
693 sigma_dut_cmd_check("ap_reset_default")
695 stop_sigma_dut(sigma
)
697 def test_sigma_dut_eap_ttls(dev
, apdev
, params
):
698 """sigma_dut controlled STA and EAP-TTLS parameters"""
699 check_domain_match(dev
[0])
700 logdir
= params
['logdir']
702 with
open("auth_serv/ca.pem", "r") as f
:
703 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls.ca.pem"), "w") as f2
:
706 src
= "auth_serv/server.pem"
707 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.der")
708 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.pem.sha256")
709 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
711 stderr
=open('/dev/null', 'w'))
712 with
open(dst
, "rb") as f
:
714 hash = hashlib
.sha256(der
).digest()
715 with
open(hashdst
, "w") as f
:
716 f
.write(binascii
.hexlify(hash).decode())
718 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.incorrect.pem.sha256")
719 with
open(dst
, "w") as f
:
722 ssid
= "test-wpa2-eap"
723 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
724 hapd
= hostapd
.add_ap(apdev
[0], params
)
726 ifname
= dev
[0].ifname
727 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
729 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname
, ssid
)
733 ",Domain,server.w1.fi",
734 ",DomainSuffix,w1.fi",
735 ",DomainSuffix,server.w1.fi",
736 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
738 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
739 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
740 sigma_dut_cmd_check(cmd
+ extra
)
741 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
743 sigma_dut_wait_connected(ifname
)
744 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
745 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
746 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
747 dev
[0].dump_monitor()
749 tests
= [",Domain,w1.fi",
750 ",DomainSuffix,example.com",
751 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
753 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
754 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
755 sigma_dut_cmd_check(cmd
+ extra
)
756 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
758 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
760 raise Exception("Server certificate error not reported")
761 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
762 if "connected,1" in res
:
763 raise Exception("Unexpected connection reported")
764 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
765 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
766 dev
[0].dump_monitor()
768 stop_sigma_dut(sigma
)
770 def test_sigma_dut_suite_b(dev
, apdev
, params
):
771 """sigma_dut controlled STA Suite B"""
772 check_suite_b_192_capa(dev
)
773 logdir
= params
['logdir']
775 with
open("auth_serv/ec2-ca.pem", "r") as f
:
776 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
779 with
open("auth_serv/ec2-user.pem", "r") as f
:
780 with
open("auth_serv/ec2-user.key", "r") as f2
:
781 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
785 dev
[0].flush_scan_cache()
786 params
= suite_b_as_params()
787 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
788 params
['server_cert'] = 'auth_serv/ec2-server.pem'
789 params
['private_key'] = 'auth_serv/ec2-server.key'
790 params
['openssl_ciphers'] = 'SUITEB192'
791 hostapd
.add_ap(apdev
[1], params
)
793 params
= {"ssid": "test-suite-b",
795 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
796 "rsn_pairwise": "GCMP-256",
797 "group_mgmt_cipher": "BIP-GMAC-256",
800 'auth_server_addr': "127.0.0.1",
801 'auth_server_port': "18129",
802 'auth_server_shared_secret': "radius",
803 'nas_identifier': "nas.w1.fi"}
804 hapd
= hostapd
.add_ap(apdev
[0], params
)
806 ifname
= dev
[0].ifname
807 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
810 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
811 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
812 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
813 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
815 sigma_dut_wait_connected(ifname
)
816 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
817 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
818 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
820 stop_sigma_dut(sigma
)
822 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
823 """sigma_dut controlled STA Suite B (RSA)"""
824 check_suite_b_192_capa(dev
)
825 logdir
= params
['logdir']
827 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
828 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
831 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
832 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
833 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
837 dev
[0].flush_scan_cache()
838 params
= suite_b_192_rsa_ap_params()
839 hapd
= hostapd
.add_ap(apdev
[0], params
)
841 ifname
= dev
[0].ifname
842 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
844 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
848 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
849 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
851 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
852 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
853 sigma_dut_cmd_check(cmd
+ extra
)
854 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
856 sigma_dut_wait_connected(ifname
)
857 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
858 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
859 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
861 stop_sigma_dut(sigma
)
863 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
864 """sigma_dut controlled AP Suite B"""
865 check_suite_b_192_capa(dev
)
866 logdir
= os
.path
.join(params
['logdir'],
867 "sigma_dut_ap_suite_b.sigma-hostapd")
868 params
= suite_b_as_params()
869 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
870 params
['server_cert'] = 'auth_serv/ec2-server.pem'
871 params
['private_key'] = 'auth_serv/ec2-server.key'
872 params
['openssl_ciphers'] = 'SUITEB192'
873 hostapd
.add_ap(apdev
[1], params
)
874 with
HWSimRadio() as (radio
, iface
):
875 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
877 sigma_dut_cmd_check("ap_reset_default")
878 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
879 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
880 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
881 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
883 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
885 openssl_ciphers
="SUITEB192",
886 eap
="TLS", identity
="tls user",
887 ca_cert
="auth_serv/ec2-ca.pem",
888 client_cert
="auth_serv/ec2-user.pem",
889 private_key
="auth_serv/ec2-user.key",
890 pairwise
="GCMP-256", group
="GCMP-256",
893 sigma_dut_cmd_check("ap_reset_default")
895 stop_sigma_dut(sigma
)
897 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
898 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
899 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
902 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
903 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
904 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
907 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
908 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
909 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
912 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
913 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
914 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
917 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev
, apdev
, params
):
918 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
919 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
920 "BIP-GMAC-256", "CCMP")
922 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev
, apdev
, params
):
923 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
924 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
925 "BIP-GMAC-256", "GCMP-256", "CCMP")
927 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev
, apdev
, params
):
928 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
929 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
930 "GCMP-256", "CCMP", "AES-CCMP-128")
932 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
933 sta_cipher
, sta_cipher_group
=None, ap_group
=None):
934 check_suite_b_192_capa(dev
)
935 logdir
= os
.path
.join(params
['logdir'],
936 "sigma_dut_ap_cipher.sigma-hostapd")
937 params
= suite_b_as_params()
938 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
939 params
['server_cert'] = 'auth_serv/ec2-server.pem'
940 params
['private_key'] = 'auth_serv/ec2-server.key'
941 params
['openssl_ciphers'] = 'SUITEB192'
942 hostapd
.add_ap(apdev
[1], params
)
943 with
HWSimRadio() as (radio
, iface
):
944 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
946 sigma_dut_cmd_check("ap_reset_default")
947 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
948 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
949 cmd
= "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
)
951 cmd
+= ",GroupCipher,%s" % ap_group
952 sigma_dut_cmd_check(cmd
)
953 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
955 if sta_cipher_group
is None:
956 sta_cipher_group
= sta_cipher
957 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
959 openssl_ciphers
="SUITEB192",
960 eap
="TLS", identity
="tls user",
961 ca_cert
="auth_serv/ec2-ca.pem",
962 client_cert
="auth_serv/ec2-user.pem",
963 private_key
="auth_serv/ec2-user.key",
964 pairwise
=sta_cipher
, group
=sta_cipher_group
,
967 sigma_dut_cmd_check("ap_reset_default")
969 stop_sigma_dut(sigma
)
971 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
972 """sigma_dut controlled AP overriding RSNE"""
973 with
HWSimRadio() as (radio
, iface
):
974 sigma
= start_sigma_dut(iface
)
976 sigma_dut_cmd_check("ap_reset_default")
977 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
978 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
979 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
980 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
982 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
984 sigma_dut_cmd_check("ap_reset_default")
986 stop_sigma_dut(sigma
)
988 def test_sigma_dut_ap_sae(dev
, apdev
, params
):
989 """sigma_dut controlled AP with SAE"""
990 logdir
= os
.path
.join(params
['logdir'],
991 "sigma_dut_ap_sae.sigma-hostapd")
992 if "SAE" not in dev
[0].get_capability("auth_alg"):
993 raise HwsimSkip("SAE not supported")
994 with
HWSimRadio() as (radio
, iface
):
995 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
997 sigma_dut_cmd_check("ap_reset_default")
998 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
999 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
1000 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1002 dev
[0].request("SET sae_groups ")
1003 id = dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1004 ieee80211w
="2", scan_freq
="2412")
1005 if dev
[0].get_status_field('sae_group') != '19':
1006 raise Exception("Expected default SAE group not used")
1008 res
= sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev
[0].own_addr())
1009 logger
.info("Reported PMK: " + res
)
1010 if ",PMK," not in res
:
1011 raise Exception("PMK not reported");
1012 if dev
[0].get_pmk(id) != res
.split(',')[3]:
1013 raise Exception("Mismatch in reported PMK")
1015 sigma_dut_cmd_check("ap_reset_default")
1017 stop_sigma_dut(sigma
)
1019 def test_sigma_dut_ap_sae_confirm_immediate(dev
, apdev
, params
):
1020 """sigma_dut controlled AP with SAE Confirm immediate"""
1021 logdir
= os
.path
.join(params
['logdir'],
1022 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
1023 if "SAE" not in dev
[0].get_capability("auth_alg"):
1024 raise HwsimSkip("SAE not supported")
1025 with
HWSimRadio() as (radio
, iface
):
1026 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1028 sigma_dut_cmd_check("ap_reset_default")
1029 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1030 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
1031 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1033 dev
[0].request("SET sae_groups ")
1034 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1035 ieee80211w
="2", scan_freq
="2412")
1036 if dev
[0].get_status_field('sae_group') != '19':
1037 raise Exception("Expected default SAE group not used")
1039 sigma_dut_cmd_check("ap_reset_default")
1041 stop_sigma_dut(sigma
)
1043 def test_sigma_dut_ap_sae_password(dev
, apdev
, params
):
1044 """sigma_dut controlled AP with SAE and long password"""
1045 logdir
= os
.path
.join(params
['logdir'],
1046 "sigma_dut_ap_sae_password.sigma-hostapd")
1047 if "SAE" not in dev
[0].get_capability("auth_alg"):
1048 raise HwsimSkip("SAE not supported")
1049 with
HWSimRadio() as (radio
, iface
):
1050 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1052 sigma_dut_cmd_check("ap_reset_default")
1053 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1054 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1055 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1057 dev
[0].request("SET sae_groups ")
1058 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
1059 ieee80211w
="2", scan_freq
="2412")
1060 if dev
[0].get_status_field('sae_group') != '19':
1061 raise Exception("Expected default SAE group not used")
1063 sigma_dut_cmd_check("ap_reset_default")
1065 stop_sigma_dut(sigma
)
1067 def test_sigma_dut_ap_sae_pw_id(dev
, apdev
, params
):
1068 """sigma_dut controlled AP with SAE Password Identifier"""
1069 logdir
= os
.path
.join(params
['logdir'],
1070 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1071 conffile
= os
.path
.join(params
['logdir'],
1072 "sigma_dut_ap_sae_pw_id.sigma-conf")
1073 if "SAE" not in dev
[0].get_capability("auth_alg"):
1074 raise HwsimSkip("SAE not supported")
1075 with
HWSimRadio() as (radio
, iface
):
1076 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1078 sigma_dut_cmd_check("ap_reset_default")
1079 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1080 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1081 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1083 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1084 with
open(conffile
, "wb") as f2
:
1087 dev
[0].request("SET sae_groups ")
1088 tests
= [("pw1", "id1"),
1092 for pw
, pw_id
in tests
:
1093 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=pw
,
1094 sae_password_id
=pw_id
,
1095 ieee80211w
="2", scan_freq
="2412")
1096 dev
[0].request("REMOVE_NETWORK all")
1097 dev
[0].wait_disconnected()
1099 sigma_dut_cmd_check("ap_reset_default")
1101 stop_sigma_dut(sigma
)
1103 def test_sigma_dut_ap_sae_pw_id_pwe_loop(dev
, apdev
, params
):
1104 """sigma_dut controlled AP with SAE Password Identifier and forced PWE looping"""
1105 logdir
= os
.path
.join(params
['logdir'],
1106 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-hostapd")
1107 conffile
= os
.path
.join(params
['logdir'],
1108 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-conf")
1109 if "SAE" not in dev
[0].get_capability("auth_alg"):
1110 raise HwsimSkip("SAE not supported")
1111 with
HWSimRadio() as (radio
, iface
):
1112 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1114 sigma_dut_cmd_check("ap_reset_default")
1115 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1116 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,12345678:pwid,PMF,Required,sae_pwe,looping")
1117 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1119 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1120 with
open(conffile
, "wb") as f2
:
1123 dev
[0].set("sae_groups", "")
1124 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
="12345678",
1125 sae_password_id
="pwid",
1126 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
1127 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
1128 "CTRL-EVENT-CONNECTED"], timeout
=10)
1130 raise Exception("Network selection result not indicated")
1131 if "CTRL-EVENT-CONNECTED" in ev
:
1132 raise Exception("Unexpected connection")
1133 dev
[0].request("REMOVE_NETWORK all")
1135 sigma_dut_cmd_check("ap_reset_default")
1137 stop_sigma_dut(sigma
)
1139 def test_sigma_dut_ap_sae_pw_id_ft(dev
, apdev
, params
):
1140 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1141 logdir
= os
.path
.join(params
['logdir'],
1142 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1143 conffile
= os
.path
.join(params
['logdir'],
1144 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1145 if "SAE" not in dev
[0].get_capability("auth_alg"):
1146 raise HwsimSkip("SAE not supported")
1147 with
HWSimRadio() as (radio
, iface
):
1148 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1150 sigma_dut_cmd_check("ap_reset_default")
1151 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1152 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1153 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1155 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1156 with
open(conffile
, "wb") as f2
:
1159 dev
[0].request("SET sae_groups ")
1160 tests
= [("pw1", "id1", "SAE"),
1161 ("pw2", "id2", "FT-SAE"),
1162 ("pw3", None, "FT-SAE"),
1163 ("pw4", "id4", "SAE")]
1164 for pw
, pw_id
, key_mgmt
in tests
:
1165 dev
[0].connect("test-sae", key_mgmt
=key_mgmt
, sae_password
=pw
,
1166 sae_password_id
=pw_id
,
1167 ieee80211w
="2", scan_freq
="2412")
1168 dev
[0].request("REMOVE_NETWORK all")
1169 dev
[0].wait_disconnected()
1171 sigma_dut_cmd_check("ap_reset_default")
1173 stop_sigma_dut(sigma
)
1175 def test_sigma_dut_ap_sae_group(dev
, apdev
, params
):
1176 """sigma_dut controlled AP with SAE and specific group"""
1177 logdir
= os
.path
.join(params
['logdir'],
1178 "sigma_dut_ap_sae_group.sigma-hostapd")
1179 if "SAE" not in dev
[0].get_capability("auth_alg"):
1180 raise HwsimSkip("SAE not supported")
1181 with
HWSimRadio() as (radio
, iface
):
1182 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1184 sigma_dut_cmd_check("ap_reset_default")
1185 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1186 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1187 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1189 dev
[0].request("SET sae_groups ")
1190 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1191 ieee80211w
="2", scan_freq
="2412")
1192 if dev
[0].get_status_field('sae_group') != '20':
1193 raise Exception("Expected SAE group not used")
1195 sigma_dut_cmd_check("ap_reset_default")
1197 stop_sigma_dut(sigma
)
1199 def test_sigma_dut_ap_psk_sae(dev
, apdev
, params
):
1200 """sigma_dut controlled AP with PSK+SAE"""
1201 if "SAE" not in dev
[0].get_capability("auth_alg"):
1202 raise HwsimSkip("SAE not supported")
1203 logdir
= os
.path
.join(params
['logdir'],
1204 "sigma_dut_ap_psk_sae.sigma-hostapd")
1205 with
HWSimRadio() as (radio
, iface
):
1206 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1208 sigma_dut_cmd_check("ap_reset_default")
1209 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1210 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1211 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1213 dev
[2].request("SET sae_groups ")
1214 dev
[2].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1215 scan_freq
="2412", ieee80211w
="0", wait_connect
=False)
1216 dev
[0].request("SET sae_groups ")
1217 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1218 scan_freq
="2412", ieee80211w
="2")
1219 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
1221 ev
= dev
[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1222 dev
[2].request("DISCONNECT")
1224 raise Exception("Unexpected connection without PMF")
1226 sigma_dut_cmd_check("ap_reset_default")
1228 stop_sigma_dut(sigma
)
1230 def test_sigma_dut_ap_psk_sae_ft(dev
, apdev
, params
):
1231 """sigma_dut controlled AP with PSK, SAE, FT"""
1232 logdir
= os
.path
.join(params
['logdir'],
1233 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1234 conffile
= os
.path
.join(params
['logdir'],
1235 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1236 if "SAE" not in dev
[0].get_capability("auth_alg"):
1237 raise HwsimSkip("SAE not supported")
1238 with
HWSimRadio() as (radio
, iface
):
1239 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1241 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1242 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1243 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1244 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1245 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev
[1]['bssid'])
1246 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1248 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1249 with
open(conffile
, "wb") as f2
:
1252 dev
[0].request("SET sae_groups ")
1253 dev
[0].connect("test-sae-psk", key_mgmt
="SAE FT-SAE",
1254 sae_password
="12345678", scan_freq
="2412")
1255 dev
[1].connect("test-sae-psk", key_mgmt
="WPA-PSK FT-PSK",
1256 psk
="12345678", scan_freq
="2412")
1257 dev
[2].connect("test-sae-psk", key_mgmt
="WPA-PSK",
1258 psk
="12345678", scan_freq
="2412")
1260 sigma_dut_cmd_check("ap_reset_default")
1262 stop_sigma_dut(sigma
)
1264 def test_sigma_dut_owe(dev
, apdev
):
1265 """sigma_dut controlled OWE station"""
1267 run_sigma_dut_owe(dev
, apdev
)
1269 dev
[0].set("ignore_old_scan_res", "0")
1271 def run_sigma_dut_owe(dev
, apdev
):
1272 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1273 raise HwsimSkip("OWE not supported")
1275 ifname
= dev
[0].ifname
1276 sigma
= start_sigma_dut(ifname
)
1279 params
= {"ssid": "owe",
1281 "wpa_key_mgmt": "OWE",
1283 "rsn_pairwise": "CCMP"}
1284 hapd
= hostapd
.add_ap(apdev
[0], params
)
1285 bssid
= hapd
.own_addr()
1287 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1288 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1289 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
1290 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1292 sigma_dut_wait_connected(ifname
)
1293 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1294 res
= sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname
)
1295 logger
.info("Reported PMK: " + res
)
1296 if ",PMK," not in res
:
1297 raise Exception("PMK not reported");
1298 if hapd
.request("GET_PMK " + dev
[0].own_addr()) != res
.split(',')[3]:
1299 raise Exception("Mismatch in reported PMK")
1301 dev
[0].dump_monitor()
1302 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
1303 dev
[0].wait_connected()
1304 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1305 dev
[0].wait_disconnected()
1306 dev
[0].dump_monitor()
1308 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1309 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1310 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1311 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1313 sigma_dut_wait_connected(ifname
)
1314 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1315 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1316 dev
[0].wait_disconnected()
1317 dev
[0].dump_monitor()
1319 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1320 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1321 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
1322 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1324 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1325 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1327 raise Exception("Association not rejected")
1328 if "status_code=77" not in ev
:
1329 raise Exception("Unexpected rejection reason: " + ev
)
1331 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1333 stop_sigma_dut(sigma
)
1335 def test_sigma_dut_owe_ptk_workaround(dev
, apdev
):
1336 """sigma_dut controlled OWE station with PTK workaround"""
1337 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1338 raise HwsimSkip("OWE not supported")
1340 params
= {"ssid": "owe",
1342 "wpa_key_mgmt": "OWE",
1343 "owe_ptk_workaround": "1",
1346 "rsn_pairwise": "CCMP"}
1347 hapd
= hostapd
.add_ap(apdev
[0], params
)
1349 ifname
= dev
[0].ifname
1350 sigma
= start_sigma_dut(ifname
, owe_ptk_workaround
=True)
1353 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1354 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1355 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1356 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1358 sigma_dut_wait_connected(ifname
)
1359 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1361 stop_sigma_dut(sigma
)
1362 dev
[0].set("ignore_old_scan_res", "0")
1364 def test_sigma_dut_ap_owe(dev
, apdev
, params
):
1365 """sigma_dut controlled AP with OWE"""
1366 logdir
= os
.path
.join(params
['logdir'],
1367 "sigma_dut_ap_owe.sigma-hostapd")
1368 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1369 raise HwsimSkip("OWE not supported")
1370 with
HWSimRadio() as (radio
, iface
):
1371 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1373 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1374 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1375 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1376 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1378 id = dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1381 res
= sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev
[0].own_addr())
1382 logger
.info("Reported PMK: " + res
)
1383 if ",PMK," not in res
:
1384 raise Exception("PMK not reported");
1385 if dev
[0].get_pmk(id) != res
.split(',')[3]:
1386 raise Exception("Mismatch in reported PMK")
1388 sigma_dut_cmd_check("ap_reset_default")
1390 stop_sigma_dut(sigma
)
1392 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
1393 """sigma_dut controlled AP with OWE and ECGroupID"""
1394 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1395 raise HwsimSkip("OWE not supported")
1396 with
HWSimRadio() as (radio
, iface
):
1397 sigma
= start_sigma_dut(iface
)
1399 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1400 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1401 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1402 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1404 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1405 owe_group
="20", scan_freq
="2412")
1406 dev
[0].request("REMOVE_NETWORK all")
1407 dev
[0].wait_disconnected()
1409 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1410 owe_group
="21", scan_freq
="2412")
1411 dev
[0].request("REMOVE_NETWORK all")
1412 dev
[0].wait_disconnected()
1414 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1415 owe_group
="19", scan_freq
="2412", wait_connect
=False)
1416 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1417 dev
[0].request("DISCONNECT")
1419 raise Exception("Association not rejected")
1420 if "status_code=77" not in ev
:
1421 raise Exception("Unexpected rejection reason: " + ev
)
1422 dev
[0].dump_monitor()
1424 sigma_dut_cmd_check("ap_reset_default")
1426 stop_sigma_dut(sigma
)
1428 def test_sigma_dut_ap_owe_ptk_workaround(dev
, apdev
):
1429 """sigma_dut controlled AP with OWE PTK workaround"""
1430 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1431 raise HwsimSkip("OWE not supported")
1432 with
HWSimRadio() as (radio
, iface
):
1433 sigma
= start_sigma_dut(iface
, owe_ptk_workaround
=True)
1435 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1436 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1437 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20,PMF,Required")
1438 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1440 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1441 owe_group
="20", owe_ptk_workaround
="1",
1443 sigma_dut_cmd_check("ap_reset_default")
1445 stop_sigma_dut(sigma
)
1447 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
1448 """sigma_dut controlled AP with OWE and transition mode"""
1449 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1450 raise HwsimSkip("OWE not supported")
1451 logdir
= os
.path
.join(params
['logdir'],
1452 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1453 with
HWSimRadio() as (radio
, iface
):
1454 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1456 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1457 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1458 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1459 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1460 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1461 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1463 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1464 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1466 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1468 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1469 if dev
[0].get_status_field('bssid') not in res1
:
1470 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
1471 if dev
[1].get_status_field('bssid') not in res2
:
1472 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
1474 sigma_dut_cmd_check("ap_reset_default")
1476 stop_sigma_dut(sigma
)
1478 def test_sigma_dut_ap_owe_transition_mode_2(dev
, apdev
, params
):
1479 """sigma_dut controlled AP with OWE and transition mode (2)"""
1480 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1481 raise HwsimSkip("OWE not supported")
1482 logdir
= os
.path
.join(params
['logdir'],
1483 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1484 with
HWSimRadio() as (radio
, iface
):
1485 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1487 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1488 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1489 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1490 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1491 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1492 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1494 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1495 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1497 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1499 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1500 if dev
[0].get_status_field('bssid') not in res2
:
1501 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1
)
1502 if dev
[1].get_status_field('bssid') not in res1
:
1503 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2
)
1505 sigma_dut_cmd_check("ap_reset_default")
1507 stop_sigma_dut(sigma
)
1509 def dpp_init_enrollee(dev
, id1
, enrollee_role
):
1510 logger
.info("Starting DPP initiator/enrollee in a thread")
1512 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1513 if enrollee_role
== "Configurator":
1514 cmd
+= " netrole=configurator"
1515 if "OK" not in dev
.request(cmd
):
1516 raise Exception("Failed to initiate DPP Authentication")
1517 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
1519 raise Exception("DPP configuration not completed (Enrollee)")
1520 logger
.info("DPP initiator/enrollee done")
1522 def test_sigma_dut_dpp_qr_resp_1(dev
, apdev
):
1523 """sigma_dut DPP/QR responder (conf index 1)"""
1524 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1)
1526 def test_sigma_dut_dpp_qr_resp_2(dev
, apdev
):
1527 """sigma_dut DPP/QR responder (conf index 2)"""
1528 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 2)
1530 def test_sigma_dut_dpp_qr_resp_3(dev
, apdev
):
1531 """sigma_dut DPP/QR responder (conf index 3)"""
1532 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3)
1534 def test_sigma_dut_dpp_qr_resp_4(dev
, apdev
):
1535 """sigma_dut DPP/QR responder (conf index 4)"""
1536 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 4)
1538 def test_sigma_dut_dpp_qr_resp_5(dev
, apdev
):
1539 """sigma_dut DPP/QR responder (conf index 5)"""
1540 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 5)
1542 def test_sigma_dut_dpp_qr_resp_6(dev
, apdev
):
1543 """sigma_dut DPP/QR responder (conf index 6)"""
1544 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 6)
1546 def test_sigma_dut_dpp_qr_resp_7(dev
, apdev
):
1547 """sigma_dut DPP/QR responder (conf index 7)"""
1548 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 7)
1550 def test_sigma_dut_dpp_qr_resp_8(dev
, apdev
):
1551 """sigma_dut DPP/QR responder (conf index 8)"""
1552 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 8)
1554 def test_sigma_dut_dpp_qr_resp_9(dev
, apdev
):
1555 """sigma_dut DPP/QR responder (conf index 9)"""
1556 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 9)
1558 def test_sigma_dut_dpp_qr_resp_10(dev
, apdev
):
1559 """sigma_dut DPP/QR responder (conf index 10)"""
1560 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 10)
1562 def test_sigma_dut_dpp_qr_resp_chan_list(dev
, apdev
):
1563 """sigma_dut DPP/QR responder (channel list override)"""
1564 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1, chan_list
='81/2 81/6 81/1',
1567 def test_sigma_dut_dpp_qr_resp_status_query(dev
, apdev
):
1568 """sigma_dut DPP/QR responder status query"""
1569 check_dpp_capab(dev
[1])
1570 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1571 passphrase
="ThisIsDppPassphrase")
1572 hapd
= hostapd
.add_ap(apdev
[0], params
)
1575 dev
[1].set("dpp_config_processing", "2")
1576 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3, status_query
=True)
1578 dev
[1].set("dpp_config_processing", "0", allow_fail
=True)
1580 def test_sigma_dut_dpp_qr_resp_configurator(dev
, apdev
):
1581 """sigma_dut DPP/QR responder (configurator provisioning)"""
1582 run_sigma_dut_dpp_qr_resp(dev
, apdev
, -1, enrollee_role
="Configurator")
1584 def run_sigma_dut_dpp_qr_resp(dev
, apdev
, conf_idx
, chan_list
=None,
1585 listen_chan
=None, status_query
=False,
1586 enrollee_role
="STA"):
1587 check_dpp_capab(dev
[0])
1588 check_dpp_capab(dev
[1])
1589 sigma
= start_sigma_dut(dev
[0].ifname
)
1591 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1593 cmd
+= ",DPPChannelList," + chan_list
1594 res
= sigma_dut_cmd(cmd
)
1595 if "status,COMPLETE" not in res
:
1596 raise Exception("dev_exec_action did not succeed: " + res
)
1597 hex = res
.split(',')[3]
1599 logger
.info("URI from sigma_dut: " + uri
)
1601 id1
= dev
[1].dpp_qr_code(uri
)
1603 t
= threading
.Thread(target
=dpp_init_enrollee
, args
=(dev
[1], id1
,
1606 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
1607 if conf_idx
is not None:
1608 cmd
+= ",DPPConfIndex,%d" % conf_idx
1610 cmd
+= ",DPPListenChannel," + str(listen_chan
)
1612 cmd
+= ",DPPStatusQuery,Yes"
1613 res
= sigma_dut_cmd(cmd
, timeout
=10)
1615 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1616 raise Exception("Unexpected result: " + res
)
1617 if status_query
and "StatusResult,0" not in res
:
1618 raise Exception("Status query did not succeed: " + res
)
1620 stop_sigma_dut(sigma
)
1622 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1623 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1624 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1625 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1627 def start_dpp_ap(apdev
):
1628 params
= {"ssid": "DPPNET01",
1631 "wpa_key_mgmt": "DPP",
1632 "rsn_pairwise": "CCMP",
1633 "dpp_connector": ap_connector
,
1634 "dpp_csign": csign_pub
,
1635 "dpp_netaccesskey": ap_netaccesskey
}
1637 hapd
= hostapd
.add_ap(apdev
, params
)
1639 raise HwsimSkip("DPP not supported")
1642 def test_sigma_dut_dpp_qr_init_enrollee(dev
, apdev
):
1643 """sigma_dut DPP/QR initiator as Enrollee"""
1644 check_dpp_capab(dev
[0])
1645 check_dpp_capab(dev
[1])
1646 hapd
= start_dpp_ap(apdev
[0])
1647 sigma
= start_sigma_dut(dev
[0].ifname
)
1649 dev
[0].set("dpp_config_processing", "2")
1651 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1652 res
= dev
[1].request(cmd
)
1654 raise Exception("Failed to add configurator")
1657 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1658 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1660 dev
[1].set("dpp_configurator_params",
1661 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1662 cmd
= "DPP_LISTEN 2437 role=configurator"
1663 if "OK" not in dev
[1].request(cmd
):
1664 raise Exception("Failed to start listen operation")
1666 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1667 if "status,COMPLETE" not in res
:
1668 raise Exception("dev_exec_action did not succeed: " + res
)
1670 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1671 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1672 raise Exception("Unexpected result: " + res
)
1674 dev
[0].set("dpp_config_processing", "0")
1675 stop_sigma_dut(sigma
)
1677 def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev
, apdev
):
1678 """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
1679 check_dpp_capab(dev
[0])
1680 check_dpp_capab(dev
[1])
1682 sigma
= start_sigma_dut(dev
[0].ifname
)
1684 cmd
= "DPP_CONFIGURATOR_ADD"
1685 res
= dev
[1].request(cmd
)
1687 raise Exception("Failed to add configurator")
1690 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1691 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1693 dev
[1].set("dpp_configurator_params",
1694 " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1695 cmd
= "DPP_LISTEN 2437 role=configurator"
1696 if "OK" not in dev
[1].request(cmd
):
1697 raise Exception("Failed to start listen operation")
1699 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1700 if "status,COMPLETE" not in res
:
1701 raise Exception("dev_exec_action did not succeed: " + res
)
1703 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout
=10)
1704 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1705 raise Exception("Unexpected result: " + res
)
1707 dev
[0].set("dpp_config_processing", "0")
1708 stop_sigma_dut(sigma
)
1710 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1711 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1712 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
)
1714 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
):
1715 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1716 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
,
1717 extra
="DPPAuthDirection,Mutual,")
1719 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
, extra
=''):
1720 check_dpp_capab(dev
[0])
1721 check_dpp_capab(dev
[1])
1722 hapd
= start_dpp_ap(apdev
[0])
1723 sigma
= start_sigma_dut(dev
[0].ifname
)
1725 dev
[0].set("dpp_config_processing", "2")
1727 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1728 res
= dev
[1].request(cmd
)
1730 raise Exception("Failed to add configurator")
1733 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1734 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1736 dev
[1].set("dpp_configurator_params",
1737 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1738 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1739 if "OK" not in dev
[1].request(cmd
):
1740 raise Exception("Failed to start listen operation")
1742 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1743 if "status,COMPLETE" not in res
:
1744 raise Exception("dev_exec_action did not succeed: " + res
)
1745 hex = res
.split(',')[3]
1747 logger
.info("URI from sigma_dut: " + uri
)
1749 id1
= dev
[1].dpp_qr_code(uri
)
1751 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1752 if "status,COMPLETE" not in res
:
1753 raise Exception("dev_exec_action did not succeed: " + res
)
1755 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
, timeout
=10)
1756 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1757 raise Exception("Unexpected result: " + res
)
1759 dev
[0].set("dpp_config_processing", "0")
1760 stop_sigma_dut(sigma
)
1762 def dpp_init_conf_mutual(dev
, id1
, conf_id
, own_id
=None):
1764 logger
.info("Starting DPP initiator/configurator in a thread")
1765 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1
, to_hex("DPPNET01"), conf_id
)
1766 if own_id
is not None:
1767 cmd
+= " own=%d" % own_id
1768 if "OK" not in dev
.request(cmd
):
1769 raise Exception("Failed to initiate DPP Authentication")
1770 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1772 raise Exception("DPP configuration not completed (Configurator)")
1773 logger
.info("DPP initiator/configurator done")
1775 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
):
1776 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1777 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
)
1779 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev
, apdev
):
1780 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1781 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, ',DPPDelayQRResponse,1')
1783 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, extra
=None):
1784 check_dpp_capab(dev
[0])
1785 check_dpp_capab(dev
[1])
1786 hapd
= start_dpp_ap(apdev
[0])
1787 sigma
= start_sigma_dut(dev
[0].ifname
)
1789 dev
[0].set("dpp_config_processing", "2")
1791 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1792 res
= dev
[1].request(cmd
)
1794 raise Exception("Failed to add configurator")
1797 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1798 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1800 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1801 if "status,COMPLETE" not in res
:
1802 raise Exception("dev_exec_action did not succeed: " + res
)
1803 hex = res
.split(',')[3]
1805 logger
.info("URI from sigma_dut: " + uri
)
1807 id1
= dev
[1].dpp_qr_code(uri
)
1809 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1810 if "status,COMPLETE" not in res
:
1811 raise Exception("dev_exec_action did not succeed: " + res
)
1813 t
= threading
.Thread(target
=dpp_init_conf_mutual
,
1814 args
=(dev
[1], id1
, conf_id
, id0
))
1817 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1820 res
= sigma_dut_cmd(cmd
, timeout
=25)
1822 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1823 raise Exception("Unexpected result: " + res
)
1825 dev
[0].set("dpp_config_processing", "0")
1826 stop_sigma_dut(sigma
)
1828 def dpp_resp_conf_mutual(dev
, conf_id
, uri
):
1829 logger
.info("Starting DPP responder/configurator in a thread")
1830 dev
.set("dpp_configurator_params",
1831 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1833 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1834 if "OK" not in dev
.request(cmd
):
1835 raise Exception("Failed to initiate DPP listen")
1837 ev
= dev
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=10)
1839 raise Exception("QR Code scan for mutual authentication not requested")
1840 dev
.dpp_qr_code(uri
)
1841 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1843 raise Exception("DPP configuration not completed (Configurator)")
1844 logger
.info("DPP responder/configurator done")
1846 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1847 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1848 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, False)
1850 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev
, apdev
):
1851 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1852 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, True)
1854 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, resp_pending
):
1855 check_dpp_capab(dev
[0])
1856 check_dpp_capab(dev
[1])
1857 hapd
= start_dpp_ap(apdev
[0])
1858 sigma
= start_sigma_dut(dev
[0].ifname
)
1860 dev
[0].set("dpp_config_processing", "2")
1862 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1863 res
= dev
[1].request(cmd
)
1865 raise Exception("Failed to add configurator")
1868 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1869 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1871 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1872 if "status,COMPLETE" not in res
:
1873 raise Exception("dev_exec_action did not succeed: " + res
)
1874 hex = res
.split(',')[3]
1876 logger
.info("URI from sigma_dut: " + uri
)
1878 if not resp_pending
:
1879 dev
[1].dpp_qr_code(uri
)
1882 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1883 if "status,COMPLETE" not in res
:
1884 raise Exception("dev_exec_action did not succeed: " + res
)
1886 t
= threading
.Thread(target
=dpp_resp_conf_mutual
,
1887 args
=(dev
[1], conf_id
, uri
))
1891 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1892 res
= sigma_dut_cmd(cmd
, timeout
=15)
1894 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1895 raise Exception("Unexpected result: " + res
)
1897 dev
[0].set("dpp_config_processing", "0")
1898 stop_sigma_dut(sigma
)
1900 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev
, apdev
):
1901 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1902 check_dpp_capab(dev
[0])
1903 check_dpp_capab(dev
[1])
1905 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1906 passphrase
="ThisIsDppPassphrase")
1907 hapd
= hostapd
.add_ap(apdev
[0], params
)
1909 sigma
= start_sigma_dut(dev
[0].ifname
)
1911 dev
[0].set("dpp_config_processing", "2")
1913 cmd
= "DPP_CONFIGURATOR_ADD"
1914 res
= dev
[1].request(cmd
)
1916 raise Exception("Failed to add configurator")
1919 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1920 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1922 dev
[1].set("dpp_configurator_params",
1923 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1924 cmd
= "DPP_LISTEN 2437 role=configurator"
1925 if "OK" not in dev
[1].request(cmd
):
1926 raise Exception("Failed to start listen operation")
1928 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1929 if "status,COMPLETE" not in res
:
1930 raise Exception("dev_exec_action did not succeed: " + res
)
1932 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1933 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1934 raise Exception("Unexpected result: " + res
)
1936 dev
[0].set("dpp_config_processing", "0")
1937 stop_sigma_dut(sigma
)
1939 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev
, apdev
):
1940 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1941 check_dpp_capab(dev
[0])
1942 check_dpp_capab(dev
[1])
1943 if "SAE" not in dev
[0].get_capability("auth_alg"):
1944 raise HwsimSkip("SAE not supported")
1946 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1947 passphrase
="ThisIsDppPassphrase")
1948 params
['wpa_key_mgmt'] = 'SAE'
1949 params
["ieee80211w"] = "2"
1950 hapd
= hostapd
.add_ap(apdev
[0], params
)
1952 sigma
= start_sigma_dut(dev
[0].ifname
)
1954 dev
[0].set("dpp_config_processing", "2")
1955 dev
[0].set("sae_groups", "")
1957 cmd
= "DPP_CONFIGURATOR_ADD"
1958 res
= dev
[1].request(cmd
)
1960 raise Exception("Failed to add configurator")
1963 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1964 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1966 dev
[1].set("dpp_configurator_params",
1967 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1968 cmd
= "DPP_LISTEN 2437 role=configurator"
1969 if "OK" not in dev
[1].request(cmd
):
1970 raise Exception("Failed to start listen operation")
1972 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1973 if "status,COMPLETE" not in res
:
1974 raise Exception("dev_exec_action did not succeed: " + res
)
1976 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1977 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1978 raise Exception("Unexpected result: " + res
)
1980 dev
[0].set("dpp_config_processing", "0")
1981 stop_sigma_dut(sigma
)
1983 def test_sigma_dut_dpp_qr_init_configurator_1(dev
, apdev
):
1984 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1985 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1)
1987 def test_sigma_dut_dpp_qr_init_configurator_2(dev
, apdev
):
1988 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1989 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 2)
1991 def test_sigma_dut_dpp_qr_init_configurator_3(dev
, apdev
):
1992 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1993 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 3)
1995 def test_sigma_dut_dpp_qr_init_configurator_4(dev
, apdev
):
1996 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1997 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 4)
1999 def test_sigma_dut_dpp_qr_init_configurator_5(dev
, apdev
):
2000 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
2001 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 5)
2003 def test_sigma_dut_dpp_qr_init_configurator_6(dev
, apdev
):
2004 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
2005 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 6)
2007 def test_sigma_dut_dpp_qr_init_configurator_7(dev
, apdev
):
2008 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
2009 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 7)
2011 def test_sigma_dut_dpp_qr_init_configurator_both(dev
, apdev
):
2012 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
2013 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, "Both")
2015 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev
, apdev
):
2016 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
2017 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, extra
='DPPSubsequentChannel,81/11')
2019 def run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, conf_idx
,
2020 prov_role
="Configurator",
2022 check_dpp_capab(dev
[0])
2023 check_dpp_capab(dev
[1])
2024 sigma
= start_sigma_dut(dev
[0].ifname
)
2026 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2027 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2029 cmd
= "DPP_LISTEN 2437 role=enrollee"
2030 if "OK" not in dev
[1].request(cmd
):
2031 raise Exception("Failed to start listen operation")
2033 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2034 if "status,COMPLETE" not in res
:
2035 raise Exception("dev_exec_action did not succeed: " + res
)
2037 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role
, conf_idx
)
2040 res
= sigma_dut_cmd(cmd
)
2041 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2042 raise Exception("Unexpected result: " + res
)
2044 stop_sigma_dut(sigma
)
2046 def test_sigma_dut_dpp_incompatible_roles_init(dev
, apdev
):
2047 """sigma_dut DPP roles incompatible (Initiator)"""
2048 check_dpp_capab(dev
[0])
2049 check_dpp_capab(dev
[1])
2050 sigma
= start_sigma_dut(dev
[0].ifname
)
2052 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2053 if "status,COMPLETE" not in res
:
2054 raise Exception("dev_exec_action did not succeed: " + res
)
2055 hex = res
.split(',')[3]
2057 logger
.info("URI from sigma_dut: " + uri
)
2059 id1
= dev
[1].dpp_qr_code(uri
)
2061 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2062 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2064 cmd
= "DPP_LISTEN 2437 role=enrollee"
2065 if "OK" not in dev
[1].request(cmd
):
2066 raise Exception("Failed to start listen operation")
2068 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2069 if "status,COMPLETE" not in res
:
2070 raise Exception("dev_exec_action did not succeed: " + res
)
2072 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2073 res
= sigma_dut_cmd(cmd
)
2074 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
2075 raise Exception("Unexpected result: " + res
)
2077 stop_sigma_dut(sigma
)
2079 def dpp_init_enrollee_mutual(dev
, id1
, own_id
):
2080 logger
.info("Starting DPP initiator/enrollee in a thread")
2082 cmd
= "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1
, own_id
)
2083 if "OK" not in dev
.request(cmd
):
2084 raise Exception("Failed to initiate DPP Authentication")
2085 ev
= dev
.wait_event(["DPP-CONF-RECEIVED",
2086 "DPP-NOT-COMPATIBLE"], timeout
=5)
2088 raise Exception("DPP configuration not completed (Enrollee)")
2089 logger
.info("DPP initiator/enrollee done")
2091 def test_sigma_dut_dpp_incompatible_roles_resp(dev
, apdev
):
2092 """sigma_dut DPP roles incompatible (Responder)"""
2093 check_dpp_capab(dev
[0])
2094 check_dpp_capab(dev
[1])
2095 sigma
= start_sigma_dut(dev
[0].ifname
)
2097 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2098 res
= sigma_dut_cmd(cmd
)
2099 if "status,COMPLETE" not in res
:
2100 raise Exception("dev_exec_action did not succeed: " + res
)
2101 hex = res
.split(',')[3]
2103 logger
.info("URI from sigma_dut: " + uri
)
2105 id1
= dev
[1].dpp_qr_code(uri
)
2107 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2108 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2110 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2111 if "status,COMPLETE" not in res
:
2112 raise Exception("dev_exec_action did not succeed: " + res
)
2114 t
= threading
.Thread(target
=dpp_init_enrollee_mutual
, args
=(dev
[1], id1
, id0
))
2116 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2117 res
= sigma_dut_cmd(cmd
, timeout
=10)
2119 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
2120 raise Exception("Unexpected result: " + res
)
2122 stop_sigma_dut(sigma
)
2124 def test_sigma_dut_dpp_pkex_init_configurator(dev
, apdev
):
2125 """sigma_dut DPP/PKEX initiator as Configurator"""
2126 check_dpp_capab(dev
[0])
2127 check_dpp_capab(dev
[1])
2128 sigma
= start_sigma_dut(dev
[0].ifname
)
2130 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2131 cmd
= "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1
)
2132 res
= dev
[1].request(cmd
)
2134 raise Exception("Failed to set PKEX data (responder)")
2135 cmd
= "DPP_LISTEN 2437 role=enrollee"
2136 if "OK" not in dev
[1].request(cmd
):
2137 raise Exception("Failed to start listen operation")
2139 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
2140 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2141 raise Exception("Unexpected result: " + res
)
2143 stop_sigma_dut(sigma
)
2145 def dpp_init_conf(dev
, id1
, conf
, conf_id
, extra
):
2146 logger
.info("Starting DPP initiator/configurator in a thread")
2147 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1
, conf
, extra
, conf_id
)
2148 if "OK" not in dev
.request(cmd
):
2149 raise Exception("Failed to initiate DPP Authentication")
2150 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2152 raise Exception("DPP configuration not completed (Configurator)")
2153 logger
.info("DPP initiator/configurator done")
2155 def test_sigma_dut_ap_dpp_qr(dev
, apdev
, params
):
2156 """sigma_dut controlled AP (DPP)"""
2157 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-dpp", "sta-dpp")
2159 def test_sigma_dut_ap_dpp_qr_legacy(dev
, apdev
, params
):
2160 """sigma_dut controlled AP (legacy)"""
2161 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2162 extra
="pass=%s" % to_hex("qwertyuiop"))
2164 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev
, apdev
, params
):
2165 """sigma_dut controlled AP (legacy)"""
2166 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2167 extra
="psk=%s" % (32*"12"))
2169 def run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, ap_conf
, sta_conf
, extra
=""):
2170 check_dpp_capab(dev
[0])
2171 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2172 with
HWSimRadio() as (radio
, iface
):
2173 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2175 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2176 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2177 if "status,COMPLETE" not in res
:
2178 raise Exception("dev_exec_action did not succeed: " + res
)
2179 hex = res
.split(',')[3]
2181 logger
.info("URI from sigma_dut: " + uri
)
2183 cmd
= "DPP_CONFIGURATOR_ADD"
2184 res
= dev
[0].request(cmd
)
2186 raise Exception("Failed to add configurator")
2189 id1
= dev
[0].dpp_qr_code(uri
)
2191 t
= threading
.Thread(target
=dpp_init_conf
,
2192 args
=(dev
[0], id1
, ap_conf
, conf_id
, extra
))
2194 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2196 if "ConfResult,OK" not in res
:
2197 raise Exception("Unexpected result: " + res
)
2199 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2200 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
2202 id0b
= dev
[0].dpp_qr_code(uri1
)
2204 dev
[1].set("dpp_config_processing", "2")
2205 cmd
= "DPP_LISTEN 2412"
2206 if "OK" not in dev
[1].request(cmd
):
2207 raise Exception("Failed to start listen operation")
2208 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b
, sta_conf
, extra
, conf_id
)
2209 if "OK" not in dev
[0].request(cmd
):
2210 raise Exception("Failed to initiate DPP Authentication")
2211 dev
[1].wait_connected()
2213 sigma_dut_cmd_check("ap_reset_default")
2215 dev
[1].set("dpp_config_processing", "0")
2216 stop_sigma_dut(sigma
)
2218 def test_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
, params
):
2219 """sigma_dut controlled AP as DPP PKEX responder"""
2220 check_dpp_capab(dev
[0])
2221 logdir
= os
.path
.join(params
['logdir'],
2222 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2223 with
HWSimRadio() as (radio
, iface
):
2224 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2226 run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
)
2228 stop_sigma_dut(sigma
)
2230 def dpp_init_conf_pkex(dev
, conf_id
, check_config
=True):
2231 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2233 id = dev
.dpp_bootstrap_gen(type="pkex")
2234 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id
)
2235 res
= dev
.request(cmd
)
2237 raise Exception("Failed to initiate DPP PKEX")
2238 if not check_config
:
2240 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2242 raise Exception("DPP configuration not completed (Configurator)")
2243 logger
.info("DPP initiator/configurator done")
2245 def run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
):
2246 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2248 cmd
= "DPP_CONFIGURATOR_ADD"
2249 res
= dev
[0].request(cmd
)
2251 raise Exception("Failed to add configurator")
2254 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[0], conf_id
))
2256 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout
=10)
2258 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2259 raise Exception("Unexpected result: " + res
)
2261 sigma_dut_cmd_check("ap_reset_default")
2263 def test_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2264 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2265 check_dpp_capab(dev
[0])
2266 sigma
= start_sigma_dut(dev
[0].ifname
)
2268 run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
)
2270 stop_sigma_dut(sigma
)
2272 def run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2273 cmd
= "DPP_CONFIGURATOR_ADD"
2274 res
= dev
[1].request(cmd
)
2276 raise Exception("Failed to add configurator")
2279 dev
[1].set("dpp_test", "44")
2281 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[1], conf_id
,
2284 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout
=10)
2286 if "BootstrapResult,Timeout" not in res
:
2287 raise Exception("Unexpected result: " + res
)
2289 def dpp_proto_init(dev
, id1
):
2291 logger
.info("Starting DPP initiator/configurator in a thread")
2292 cmd
= "DPP_CONFIGURATOR_ADD"
2293 res
= dev
.request(cmd
)
2295 raise Exception("Failed to add configurator")
2298 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1
, conf_id
)
2299 if "OK" not in dev
.request(cmd
):
2300 raise Exception("Failed to initiate DPP Authentication")
2302 def test_sigma_dut_dpp_proto_initiator(dev
, apdev
):
2303 """sigma_dut DPP protocol testing - Initiator"""
2304 check_dpp_capab(dev
[0])
2305 check_dpp_capab(dev
[1])
2306 tests
= [("InvalidValue", "AuthenticationRequest", "WrappedData",
2307 "BootstrapResult,OK,AuthResult,Errorsent",
2309 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2310 "BootstrapResult,OK,AuthResult,Errorsent",
2312 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2313 "BootstrapResult,OK,AuthResult,Errorsent",
2314 "Missing or invalid I-capabilities"),
2315 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2316 "BootstrapResult,OK,AuthResult,Errorsent",
2317 "Mismatching Initiator Authenticating Tag"),
2318 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2319 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2320 "Missing or invalid Enrollee Nonce attribute")]
2321 for step
, frame
, attr
, result
, fail
in tests
:
2322 dev
[0].request("FLUSH")
2323 dev
[1].request("FLUSH")
2324 sigma
= start_sigma_dut(dev
[0].ifname
)
2326 run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
,
2329 stop_sigma_dut(sigma
)
2331 def run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
, fail
):
2332 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2333 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2335 cmd
= "DPP_LISTEN 2437 role=enrollee"
2336 if "OK" not in dev
[1].request(cmd
):
2337 raise Exception("Failed to start listen operation")
2339 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2340 if "status,COMPLETE" not in res
:
2341 raise Exception("dev_exec_action did not succeed: " + res
)
2343 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
),
2345 if result
not in res
:
2346 raise Exception("Unexpected result: " + res
)
2348 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2349 if ev
is None or fail
not in ev
:
2350 raise Exception("Failure not reported correctly: " + str(ev
))
2352 dev
[1].request("DPP_STOP_LISTEN")
2353 dev
[0].dump_monitor()
2354 dev
[1].dump_monitor()
2356 def test_sigma_dut_dpp_proto_responder(dev
, apdev
):
2357 """sigma_dut DPP protocol testing - Responder"""
2358 check_dpp_capab(dev
[0])
2359 check_dpp_capab(dev
[1])
2360 tests
= [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2361 "BootstrapResult,OK,AuthResult,Errorsent",
2362 "Missing or invalid required DPP Status attribute"),
2363 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2364 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2365 "Missing or invalid Enrollee Nonce attribute")]
2366 for step
, frame
, attr
, result
, fail
in tests
:
2367 dev
[0].request("FLUSH")
2368 dev
[1].request("FLUSH")
2369 sigma
= start_sigma_dut(dev
[0].ifname
)
2371 run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
,
2374 stop_sigma_dut(sigma
)
2376 def run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
, fail
):
2377 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2378 if "status,COMPLETE" not in res
:
2379 raise Exception("dev_exec_action did not succeed: " + res
)
2380 hex = res
.split(',')[3]
2382 logger
.info("URI from sigma_dut: " + uri
)
2384 id1
= dev
[1].dpp_qr_code(uri
)
2386 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2388 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2390 if result
not in res
:
2391 raise Exception("Unexpected result: " + res
)
2393 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2394 if ev
is None or fail
not in ev
:
2395 raise Exception("Failure not reported correctly:" + str(ev
))
2397 dev
[1].request("DPP_STOP_LISTEN")
2398 dev
[0].dump_monitor()
2399 dev
[1].dump_monitor()
2401 def test_sigma_dut_dpp_proto_stop_at_initiator(dev
, apdev
):
2402 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2403 check_dpp_capab(dev
[0])
2404 check_dpp_capab(dev
[1])
2405 tests
= [("AuthenticationResponse",
2406 "BootstrapResult,OK,AuthResult,Errorsent",
2408 ("ConfigurationRequest",
2409 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2411 for frame
, result
, fail
in tests
:
2412 dev
[0].request("FLUSH")
2413 dev
[1].request("FLUSH")
2414 sigma
= start_sigma_dut(dev
[0].ifname
)
2416 run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
)
2418 stop_sigma_dut(sigma
)
2420 def run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
):
2421 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2422 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2424 cmd
= "DPP_LISTEN 2437 role=enrollee"
2425 if "OK" not in dev
[1].request(cmd
):
2426 raise Exception("Failed to start listen operation")
2428 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2429 if "status,COMPLETE" not in res
:
2430 raise Exception("dev_exec_action did not succeed: " + res
)
2432 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
))
2433 if result
not in res
:
2434 raise Exception("Unexpected result: " + res
)
2436 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2437 if ev
is None or fail
not in ev
:
2438 raise Exception("Failure not reported correctly: " + str(ev
))
2440 dev
[1].request("DPP_STOP_LISTEN")
2441 dev
[0].dump_monitor()
2442 dev
[1].dump_monitor()
2444 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, apdev
):
2445 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2446 check_dpp_capab(dev
[0])
2447 check_dpp_capab(dev
[1])
2448 tests
= [("AuthenticationConfirm",
2449 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2451 for frame
, result
, fail
in tests
:
2452 dev
[0].request("FLUSH")
2453 dev
[1].request("FLUSH")
2454 sigma
= start_sigma_dut(dev
[0].ifname
)
2456 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
,
2459 stop_sigma_dut(sigma
)
2461 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
, result
,
2463 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2464 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2466 cmd
= "DPP_LISTEN 2437 role=configurator"
2467 if "OK" not in dev
[1].request(cmd
):
2468 raise Exception("Failed to start listen operation")
2470 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2471 if "status,COMPLETE" not in res
:
2472 raise Exception("dev_exec_action did not succeed: " + res
)
2474 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2475 if result
not in res
:
2476 raise Exception("Unexpected result: " + res
)
2478 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2479 if ev
is None or fail
not in ev
:
2480 raise Exception("Failure not reported correctly: " + str(ev
))
2482 dev
[1].request("DPP_STOP_LISTEN")
2483 dev
[0].dump_monitor()
2484 dev
[1].dump_monitor()
2486 def test_sigma_dut_dpp_proto_stop_at_responder(dev
, apdev
):
2487 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2488 check_dpp_capab(dev
[0])
2489 check_dpp_capab(dev
[1])
2490 tests
= [("AuthenticationRequest",
2491 "BootstrapResult,OK,AuthResult,Errorsent",
2493 ("AuthenticationConfirm",
2494 "BootstrapResult,OK,AuthResult,Errorsent",
2496 for frame
, result
, fail
in tests
:
2497 dev
[0].request("FLUSH")
2498 dev
[1].request("FLUSH")
2499 sigma
= start_sigma_dut(dev
[0].ifname
)
2501 run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
)
2503 stop_sigma_dut(sigma
)
2505 def run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
):
2506 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2507 if "status,COMPLETE" not in res
:
2508 raise Exception("dev_exec_action did not succeed: " + res
)
2509 hex = res
.split(',')[3]
2511 logger
.info("URI from sigma_dut: " + uri
)
2513 id1
= dev
[1].dpp_qr_code(uri
)
2515 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2517 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2519 if result
not in res
:
2520 raise Exception("Unexpected result: " + res
)
2522 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2523 if ev
is None or fail
not in ev
:
2524 raise Exception("Failure not reported correctly:" + str(ev
))
2526 dev
[1].request("DPP_STOP_LISTEN")
2527 dev
[0].dump_monitor()
2528 dev
[1].dump_monitor()
2530 def dpp_proto_init_pkex(dev
):
2532 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2533 cmd
= "DPP_CONFIGURATOR_ADD"
2534 res
= dev
.request(cmd
)
2536 raise Exception("Failed to add configurator")
2539 id = dev
.dpp_bootstrap_gen(type="pkex")
2541 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id
)
2542 if "FAIL" in dev
.request(cmd
):
2543 raise Exception("Failed to initiate DPP PKEX")
2545 def test_sigma_dut_dpp_proto_initiator_pkex(dev
, apdev
):
2546 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2547 check_dpp_capab(dev
[0])
2548 check_dpp_capab(dev
[1])
2549 tests
= [("InvalidValue", "PKEXCRRequest", "WrappedData",
2550 "BootstrapResult,Errorsent",
2552 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2553 "BootstrapResult,Errorsent",
2554 "Missing or invalid Finite Cyclic Group attribute"),
2555 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2556 "BootstrapResult,Errorsent",
2557 "No valid peer bootstrapping key found")]
2558 for step
, frame
, attr
, result
, fail
in tests
:
2559 dev
[0].request("FLUSH")
2560 dev
[1].request("FLUSH")
2561 sigma
= start_sigma_dut(dev
[0].ifname
)
2563 run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
,
2566 stop_sigma_dut(sigma
)
2568 def run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
, result
, fail
):
2569 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2571 cmd
= "DPP_PKEX_ADD own=%d code=secret" % (id1
)
2572 res
= dev
[1].request(cmd
)
2574 raise Exception("Failed to set PKEX data (responder)")
2576 cmd
= "DPP_LISTEN 2437 role=enrollee"
2577 if "OK" not in dev
[1].request(cmd
):
2578 raise Exception("Failed to start listen operation")
2580 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
))
2581 if result
not in res
:
2582 raise Exception("Unexpected result: " + res
)
2584 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2585 if ev
is None or fail
not in ev
:
2586 raise Exception("Failure not reported correctly: " + str(ev
))
2588 dev
[1].request("DPP_STOP_LISTEN")
2589 dev
[0].dump_monitor()
2590 dev
[1].dump_monitor()
2592 def test_sigma_dut_dpp_proto_responder_pkex(dev
, apdev
):
2593 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2594 check_dpp_capab(dev
[0])
2595 check_dpp_capab(dev
[1])
2596 tests
= [("InvalidValue", "PKEXCRResponse", "WrappedData",
2597 "BootstrapResult,Errorsent",
2599 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2600 "BootstrapResult,Errorsent",
2601 "No DPP Status attribute"),
2602 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2603 "BootstrapResult,Errorsent",
2604 "No valid peer bootstrapping key found")]
2605 for step
, frame
, attr
, result
, fail
in tests
:
2606 dev
[0].request("FLUSH")
2607 dev
[1].request("FLUSH")
2608 sigma
= start_sigma_dut(dev
[0].ifname
)
2610 run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
,
2613 stop_sigma_dut(sigma
)
2615 def run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
, result
, fail
):
2616 t
= threading
.Thread(target
=dpp_proto_init_pkex
, args
=(dev
[1],))
2618 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2620 if result
not in res
:
2621 raise Exception("Unexpected result: " + res
)
2623 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2624 if ev
is None or fail
not in ev
:
2625 raise Exception("Failure not reported correctly:" + str(ev
))
2627 dev
[1].request("DPP_STOP_LISTEN")
2628 dev
[0].dump_monitor()
2629 dev
[1].dump_monitor()
2631 def init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2632 check_dpp_capab(dev
[0])
2633 check_dpp_capab(dev
[1])
2634 hapd
= start_dpp_ap(apdev
[0])
2635 dev
[0].set("dpp_config_processing", "2")
2637 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
2638 res
= dev
[1].request(cmd
)
2640 raise Exception("Failed to add configurator")
2643 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2644 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2646 dev
[1].set("dpp_configurator_params",
2647 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2649 cmd
= "DPP_LISTEN 2437 role=configurator"
2650 if "OK" not in dev
[1].request(cmd
):
2651 raise Exception("Failed to start listen operation")
2653 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2654 if "status,COMPLETE" not in res
:
2655 raise Exception("dev_exec_action did not succeed: " + res
)
2657 def test_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2658 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2659 sigma
= start_sigma_dut(dev
[0].ifname
)
2661 init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
)
2663 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout
=10)
2664 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res
:
2665 raise Exception("Unexpected result: " + res
)
2667 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2668 stop_sigma_dut(sigma
)
2670 def test_sigma_dut_dpp_self_config(dev
, apdev
):
2671 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2672 check_dpp_capab(dev
[0])
2674 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2675 check_dpp_capab(hapd
)
2677 sigma
= start_sigma_dut(dev
[0].ifname
)
2679 dev
[0].set("dpp_config_processing", "2")
2680 id = hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2681 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2683 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2684 if "status,COMPLETE" not in res
:
2685 raise Exception("dev_exec_action did not succeed: " + res
)
2687 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2688 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2689 raise Exception("Unexpected result: " + res
)
2690 update_hapd_config(hapd
)
2692 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2693 res
= sigma_dut_cmd(cmd
, timeout
=10)
2694 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
2695 raise Exception("Unexpected result: " + res
)
2697 stop_sigma_dut(sigma
)
2698 dev
[0].set("dpp_config_processing", "0")
2700 def test_sigma_dut_ap_dpp_self_config(dev
, apdev
, params
):
2701 """sigma_dut DPP AP Configurator using self-configuration"""
2702 logdir
= os
.path
.join(params
['logdir'],
2703 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2704 with
HWSimRadio() as (radio
, iface
):
2705 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2707 run_sigma_dut_ap_dpp_self_config(dev
, apdev
)
2709 stop_sigma_dut(sigma
)
2710 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2712 def run_sigma_dut_ap_dpp_self_config(dev
, apdev
):
2713 check_dpp_capab(dev
[0])
2715 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2717 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout
=10)
2718 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2719 raise Exception("Unexpected result: " + res
)
2721 dev
[0].set("dpp_config_processing", "2")
2723 id = dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True)
2724 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2725 cmd
= "DPP_LISTEN 2462 role=enrollee"
2726 if "OK" not in dev
[0].request(cmd
):
2727 raise Exception("Failed to start listen operation")
2729 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2730 if "status,COMPLETE" not in res
:
2731 raise Exception("dev_exec_action did not succeed: " + res
)
2732 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2733 res
= sigma_dut_cmd(cmd
)
2734 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2735 raise Exception("Unexpected result: " + res
)
2736 dev
[0].wait_connected()
2737 dev
[0].request("DISCONNECT")
2738 dev
[0].wait_disconnected()
2739 sigma_dut_cmd_check("ap_reset_default")
2742 def test_sigma_dut_ap_dpp_relay(dev
, apdev
, params
):
2743 """sigma_dut DPP AP as Relay to Controller"""
2744 logdir
= os
.path
.join(params
['logdir'],
2745 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2746 with
HWSimRadio() as (radio
, iface
):
2747 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2749 run_sigma_dut_ap_dpp_relay(dev
, apdev
)
2751 stop_sigma_dut(sigma
)
2752 dev
[1].request("DPP_CONTROLLER_STOP")
2754 def run_sigma_dut_ap_dpp_relay(dev
, apdev
):
2755 check_dpp_capab(dev
[0])
2756 check_dpp_capab(dev
[1])
2759 conf_id
= dev
[1].dpp_configurator_add()
2760 dev
[1].set("dpp_configurator_params",
2761 " conf=sta-dpp configurator=%d" % conf_id
)
2762 id_c
= dev
[1].dpp_bootstrap_gen()
2763 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2764 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
2766 for line
in res
.splitlines():
2767 name
, value
= line
.split('=')
2768 if name
== "pkhash":
2772 raise Exception("Could not fetch public key hash from Controller")
2773 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2774 raise Exception("Failed to start Controller")
2776 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2777 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash
)
2778 res
= sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2780 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
2781 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0])
2783 sigma_dut_cmd_check("ap_reset_default")
2785 def dpp_init_tcp_enrollee(dev
, id1
):
2786 logger
.info("Starting DPP initiator/enrollee (TCP) in a thread")
2788 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2789 if "OK" not in dev
.request(cmd
):
2790 raise Exception("Failed to initiate DPP Authentication")
2791 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
2793 raise Exception("DPP configuration not completed (Enrollee)")
2794 logger
.info("DPP initiator/enrollee done")
2796 def test_sigma_dut_dpp_tcp_conf_resp(dev
, apdev
):
2797 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2798 run_sigma_dut_dpp_tcp_conf_resp(dev
)
2800 def run_sigma_dut_dpp_tcp_conf_resp(dev
, status_query
=False):
2801 check_dpp_capab(dev
[0])
2802 check_dpp_capab(dev
[1])
2803 sigma
= start_sigma_dut(dev
[0].ifname
)
2805 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2806 res
= sigma_dut_cmd(cmd
)
2807 if "status,COMPLETE" not in res
:
2808 raise Exception("dev_exec_action did not succeed: " + res
)
2809 hex = res
.split(',')[3]
2811 logger
.info("URI from sigma_dut: " + uri
)
2813 id1
= dev
[1].dpp_qr_code(uri
)
2815 t
= threading
.Thread(target
=dpp_init_tcp_enrollee
, args
=(dev
[1], id1
))
2817 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2819 cmd
+= ",DPPStatusQuery,Yes"
2820 res
= sigma_dut_cmd(cmd
, timeout
=10)
2822 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2823 raise Exception("Unexpected result: " + res
)
2824 if status_query
and "StatusResult,0" not in res
:
2825 raise Exception("Status query did not succeed: " + res
)
2827 stop_sigma_dut(sigma
)
2829 def test_sigma_dut_dpp_tcp_enrollee_init(dev
, apdev
):
2830 """sigma_dut DPP TCP Enrollee as initiator"""
2831 check_dpp_capab(dev
[0])
2832 check_dpp_capab(dev
[1])
2833 sigma
= start_sigma_dut(dev
[0].ifname
)
2836 conf_id
= dev
[1].dpp_configurator_add()
2837 dev
[1].set("dpp_configurator_params",
2838 " conf=sta-dpp configurator=%d" % conf_id
)
2839 id_c
= dev
[1].dpp_bootstrap_gen()
2840 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2841 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2842 raise Exception("Failed to start Controller")
2844 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c
))
2845 if "status,COMPLETE" not in res
:
2846 raise Exception("dev_exec_action did not succeed: " + res
)
2848 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2849 res
= sigma_dut_cmd(cmd
, timeout
=10)
2850 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2851 raise Exception("Unexpected result: " + res
)
2853 stop_sigma_dut(sigma
)
2854 dev
[1].request("DPP_CONTROLLER_STOP")
2856 def test_sigma_dut_preconfigured_profile(dev
, apdev
):
2857 """sigma_dut controlled connection using preconfigured profile"""
2859 run_sigma_dut_preconfigured_profile(dev
, apdev
)
2861 dev
[0].set("ignore_old_scan_res", "0")
2863 def run_sigma_dut_preconfigured_profile(dev
, apdev
):
2864 ifname
= dev
[0].ifname
2865 sigma
= start_sigma_dut(ifname
)
2868 params
= hostapd
.wpa2_params(ssid
="test-psk", passphrase
="12345678")
2869 hapd
= hostapd
.add_ap(apdev
[0], params
)
2870 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412",
2871 only_add_network
=True)
2873 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2874 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "test-psk"),
2876 sigma_dut_wait_connected(ifname
)
2877 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2878 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2879 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2881 stop_sigma_dut(sigma
)
2883 def test_sigma_dut_wps_pbc(dev
, apdev
):
2884 """sigma_dut and WPS PBC Enrollee"""
2886 run_sigma_dut_wps_pbc(dev
, apdev
)
2888 dev
[0].set("ignore_old_scan_res", "0")
2890 def run_sigma_dut_wps_pbc(dev
, apdev
):
2891 ssid
= "test-wps-conf"
2892 hapd
= hostapd
.add_ap(apdev
[0],
2893 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2894 "wpa_passphrase": "12345678", "wpa": "2",
2895 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2896 hapd
.request("WPS_PBC")
2898 ifname
= dev
[0].ifname
2899 sigma
= start_sigma_dut(ifname
)
2902 cmd
= "start_wps_registration,interface,%s" % ifname
2903 cmd
+= ",WpsRole,Enrollee"
2904 cmd
+= ",WpsConfigMethod,PBC"
2905 sigma_dut_cmd_check(cmd
, timeout
=15)
2907 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2909 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2911 stop_sigma_dut(sigma
)
2912 dev
[0].flush_scan_cache()
2914 def test_sigma_dut_sta_scan_bss(dev
, apdev
):
2915 """sigma_dut sta_scan_bss"""
2916 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "test"})
2917 sigma
= start_sigma_dut(dev
[0].ifname
)
2919 cmd
= "sta_scan_bss,Interface,%s,BSSID,%s" % (dev
[0].ifname
, \
2921 res
= sigma_dut_cmd(cmd
, timeout
=10)
2922 if "ssid,test,bsschannel,1" not in res
:
2923 raise Exception("Unexpected result: " + res
)
2925 stop_sigma_dut(sigma
)
2927 def test_sigma_dut_sta_scan_ssid_bssid(dev
, apdev
):
2928 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2929 hostapd
.add_ap(apdev
[0], {"ssid": "abcdef"})
2930 hostapd
.add_ap(apdev
[1], {"ssid": "qwerty"})
2931 sigma
= start_sigma_dut(dev
[0].ifname
)
2933 cmd
= "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev
[0].ifname
2934 res
= sigma_dut_cmd(cmd
, timeout
=10)
2935 if "abcdef" not in res
or "qwerty" not in res
:
2936 raise Exception("Unexpected result: " + res
)
2938 stop_sigma_dut(sigma
)
2940 def test_sigma_dut_sta_scan_short_ssid(dev
, apdev
):
2941 """sigma_dut sta_scan ShortSSID"""
2942 dev
[0].flush_scan_cache()
2943 ssid
= "test-short-ssid-list"
2944 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": ssid
,
2945 "ignore_broadcast_ssid": "1"})
2946 bssid
= apdev
[0]['bssid']
2947 payload
= struct
.pack('>L', binascii
.crc32(ssid
.encode()))
2948 val
= binascii
.hexlify(payload
).decode()
2949 sigma
= start_sigma_dut(dev
[0].ifname
)
2952 cmd
= "sta_scan,Interface,%s,ChnlFreq,2412,ShortSSID,%s" % (dev
[0].ifname
, val
)
2954 sigma_dut_cmd_check(cmd
, timeout
=5)
2955 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
2957 raise Exception("Scan did not complete")
2958 if bssid
in dev
[0].request("SCAN_RESULTS"):
2962 stop_sigma_dut(sigma
)
2963 dev
[0].request("VENDOR_ELEM_REMOVE 14 *")
2966 raise Exception("AP not found in scan results")
2968 def test_sigma_dut_ap_osen(dev
, apdev
, params
):
2969 """sigma_dut controlled AP with OSEN"""
2970 logdir
= os
.path
.join(params
['logdir'],
2971 "sigma_dut_ap_osen.sigma-hostapd")
2972 with
HWSimRadio() as (radio
, iface
):
2973 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2975 sigma_dut_cmd_check("ap_reset_default")
2976 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2977 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2978 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2979 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2981 # RSN-OSEN (for OSU)
2982 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2983 pairwise
="CCMP", group
="GTK_NOT_USED",
2984 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2985 ca_cert
="auth_serv/ca.pem", scan_freq
="2412")
2987 sigma_dut_cmd_check("ap_reset_default")
2989 stop_sigma_dut(sigma
)
2991 def test_sigma_dut_ap_eap_osen(dev
, apdev
, params
):
2992 """sigma_dut controlled AP with EAP+OSEN"""
2993 logdir
= os
.path
.join(params
['logdir'],
2994 "sigma_dut_ap_eap_osen.sigma-hostapd")
2995 with
HWSimRadio() as (radio
, iface
):
2996 sigma
= start_sigma_dut(iface
, bridge
="ap-br0", hostapd_logdir
=logdir
)
2998 sigma_dut_cmd_check("ap_reset_default")
2999 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3000 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3001 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
3002 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3004 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
3005 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
3007 # RSN-OSEN (for OSU)
3008 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
3010 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
3011 ca_cert
="auth_serv/ca.pem", ieee80211w
='2',
3013 # RSN-EAP (for data connection)
3014 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
3015 identity
="hs20-test", password
="password",
3016 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
3017 ieee80211w
='2', scan_freq
="2412")
3019 hwsim_utils
.test_connectivity(dev
[0], dev
[1], broadcast
=False,
3020 success_expected
=False, timeout
=1)
3022 sigma_dut_cmd_check("ap_reset_default")
3024 stop_sigma_dut(sigma
)
3025 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3026 stderr
=open('/dev/null', 'w'))
3027 subprocess
.call(['brctl', 'delbr', 'ap-br0'],
3028 stderr
=open('/dev/null', 'w'))
3030 def test_sigma_dut_ap_eap(dev
, apdev
, params
):
3031 """sigma_dut controlled AP WPA2-Enterprise"""
3032 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
3033 with
HWSimRadio() as (radio
, iface
):
3034 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3036 sigma_dut_cmd_check("ap_reset_default")
3037 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3038 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3039 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
3040 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3042 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
3043 identity
="gpsk user",
3044 password
="abcdefghijklmnop0123456789abcdef",
3047 sigma_dut_cmd_check("ap_reset_default")
3049 stop_sigma_dut(sigma
)
3051 def test_sigma_dut_ap_eap_sha256(dev
, apdev
, params
):
3052 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
3053 logdir
= os
.path
.join(params
['logdir'],
3054 "sigma_dut_ap_eap_sha256.sigma-hostapd")
3055 with
HWSimRadio() as (radio
, iface
):
3056 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3058 sigma_dut_cmd_check("ap_reset_default")
3059 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3060 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3061 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
3062 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3064 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP-SHA256", eap
="GPSK",
3065 identity
="gpsk user",
3066 password
="abcdefghijklmnop0123456789abcdef",
3069 sigma_dut_cmd_check("ap_reset_default")
3071 stop_sigma_dut(sigma
)
3073 def test_sigma_dut_ap_ft_eap(dev
, apdev
, params
):
3074 """sigma_dut controlled AP FT-EAP"""
3075 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
3076 with
HWSimRadio() as (radio
, iface
):
3077 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3079 sigma_dut_cmd_check("ap_reset_default")
3080 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3081 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3082 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
3083 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3085 dev
[0].connect("test-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
3086 identity
="gpsk user",
3087 password
="abcdefghijklmnop0123456789abcdef",
3090 sigma_dut_cmd_check("ap_reset_default")
3092 stop_sigma_dut(sigma
)
3094 def test_sigma_dut_ap_ft_psk(dev
, apdev
, params
):
3095 """sigma_dut controlled AP FT-PSK"""
3096 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
3097 with
HWSimRadio() as (radio
, iface
):
3098 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3100 sigma_dut_cmd_check("ap_reset_default")
3101 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3102 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3103 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3105 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
3108 sigma_dut_cmd_check("ap_reset_default")
3110 stop_sigma_dut(sigma
)
3112 def test_sigma_dut_ap_ft_over_ds_psk(dev
, apdev
, params
):
3113 """sigma_dut controlled AP FT-PSK (over-DS)"""
3114 logdir
= os
.path
.join(params
['logdir'],
3115 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
3116 conffile
= os
.path
.join(params
['logdir'],
3117 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
3118 with
HWSimRadio() as (radio
, iface
):
3119 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3121 sigma_dut_cmd_check("ap_reset_default")
3122 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
3123 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3124 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3126 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3127 with
open(conffile
, "wb") as f2
:
3130 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
3133 sigma_dut_cmd_check("ap_reset_default")
3135 stop_sigma_dut(sigma
)
3137 def test_sigma_dut_ap_ent_ft_eap(dev
, apdev
, params
):
3138 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
3139 logdir
= os
.path
.join(params
['logdir'],
3140 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
3141 with
HWSimRadio() as (radio
, iface
):
3142 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3144 sigma_dut_cmd_check("ap_reset_default")
3145 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3146 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3147 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
3148 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3150 dev
[0].connect("test-ent-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
3151 identity
="gpsk user",
3152 password
="abcdefghijklmnop0123456789abcdef",
3154 dev
[1].connect("test-ent-ft-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
3155 identity
="gpsk user",
3156 password
="abcdefghijklmnop0123456789abcdef",
3159 sigma_dut_cmd_check("ap_reset_default")
3161 stop_sigma_dut(sigma
)
3163 def test_sigma_dut_venue_url(dev
, apdev
):
3164 """sigma_dut controlled Venue URL fetch"""
3166 run_sigma_dut_venue_url(dev
, apdev
)
3168 dev
[0].set("ignore_old_scan_res", "0")
3170 def run_sigma_dut_venue_url(dev
, apdev
):
3171 ifname
= dev
[0].ifname
3172 sigma
= start_sigma_dut(ifname
)
3176 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3177 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3178 params
["ieee80211w"] = "2"
3182 venue_info
= struct
.pack('BB', venue_group
, venue_type
)
3184 name1
= "Example venue"
3186 name2
= "Esimerkkipaikka"
3187 venue1
= struct
.pack('B', len(lang1
+ name1
)) + lang1
.encode() + name1
.encode()
3188 venue2
= struct
.pack('B', len(lang2
+ name2
)) + lang2
.encode() + name2
.encode()
3189 venue_name
= binascii
.hexlify(venue_info
+ venue1
+ venue2
)
3191 url1
= "http://example.com/venue"
3192 url2
= "https://example.org/venue-info/"
3193 params
["venue_group"] = str(venue_group
)
3194 params
["venue_type"] = str(venue_type
)
3195 params
["venue_name"] = [lang1
+ ":" + name1
, lang2
+ ":" + name2
]
3196 params
["venue_url"] = ["1:" + url1
, "2:" + url2
]
3198 hapd
= hostapd
.add_ap(apdev
[0], params
)
3200 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
3201 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3202 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "venue", "12345678"))
3203 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "venue"),
3205 sigma_dut_wait_connected(ifname
)
3206 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3207 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname
+ ",Display,Yes")
3208 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3209 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3211 stop_sigma_dut(sigma
)
3213 def test_sigma_dut_hs20_assoc_24(dev
, apdev
):
3214 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3215 run_sigma_dut_hs20_assoc(dev
, apdev
, True)
3217 def test_sigma_dut_hs20_assoc_5(dev
, apdev
):
3218 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3219 run_sigma_dut_hs20_assoc(dev
, apdev
, False)
3221 def run_sigma_dut_hs20_assoc(dev
, apdev
, band24
):
3225 bssid0
= apdev
[0]['bssid']
3226 params
= hs20_ap_params()
3227 params
['hessid'] = bssid0
3228 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3230 bssid1
= apdev
[1]['bssid']
3231 params
= hs20_ap_params()
3232 params
['hessid'] = bssid0
3233 params
["hw_mode"] = "a"
3234 params
["channel"] = "36"
3235 params
["country_code"] = "US"
3236 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3238 band
= "2.4" if band24
else "5"
3239 exp_bssid
= bssid0
if band24
else bssid1
3240 run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, exp_bssid
)
3242 dev
[0].request("DISCONNECT")
3244 hapd0
.request("DISABLE")
3246 hapd1
.request("DISABLE")
3247 subprocess
.call(['iw', 'reg', 'set', '00'])
3248 dev
[0].flush_scan_cache()
3250 def run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, expect_bssid
):
3251 check_eap_capa(dev
[0], "MSCHAPV2")
3252 dev
[0].flush_scan_cache()
3254 ifname
= dev
[0].ifname
3255 sigma
= start_sigma_dut(ifname
)
3258 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname
)
3259 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3260 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname
)
3261 res
= sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname
, band
),
3263 sigma_dut_wait_connected(ifname
)
3264 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3265 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3266 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3268 stop_sigma_dut(sigma
)
3270 if "BSSID," + expect_bssid
not in res
:
3271 raise Exception("Unexpected BSSID: " + res
)
3273 def test_sigma_dut_ap_hs20(dev
, apdev
, params
):
3274 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3275 logdir
= os
.path
.join(params
['logdir'],
3276 "sigma_dut_ap_hs20.sigma-hostapd")
3277 conffile
= os
.path
.join(params
['logdir'],
3278 "sigma_dut_ap_hs20.sigma-conf")
3279 with
HWSimRadio() as (radio
, iface
):
3280 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3282 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3283 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3284 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3285 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3286 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3287 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3288 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3289 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3290 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3291 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3292 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3293 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3294 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3295 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3297 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3298 with
open(conffile
, "wb") as f2
:
3301 sigma_dut_cmd_check("ap_reset_default")
3303 stop_sigma_dut(sigma
)
3305 def test_sigma_dut_eap_ttls_uosc(dev
, apdev
, params
):
3306 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3307 logdir
= params
['logdir']
3309 with
open("auth_serv/ca.pem", "r") as f
:
3310 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.ca.pem"),
3314 src
= "auth_serv/server.pem"
3315 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.der")
3316 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3317 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3319 stderr
=open('/dev/null', 'w'))
3320 with
open(dst
, "rb") as f
:
3322 hash = hashlib
.sha256(der
).digest()
3323 with
open(hashdst
, "w") as f
:
3324 f
.write(binascii
.hexlify(hash).decode())
3326 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3327 with
open(dst
, "w") as f
:
3330 ssid
= "test-wpa2-eap"
3331 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3332 hapd
= hostapd
.add_ap(apdev
[0], params
)
3334 ifname
= dev
[0].ifname
3335 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3338 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname
, ssid
)
3340 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3341 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3342 sigma_dut_cmd_check(cmd
)
3343 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3345 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3347 raise Exception("Server certificate error not reported")
3349 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3350 if "ServerCertTrustResult,Accepted" not in res
:
3351 raise Exception("Server certificate trust was not accepted")
3352 sigma_dut_wait_connected(ifname
)
3353 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3354 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3355 dev
[0].dump_monitor()
3357 stop_sigma_dut(sigma
)
3359 def test_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
):
3360 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3361 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, False)
3363 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev
, apdev
, params
):
3364 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3365 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, True)
3367 def run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, tofu
):
3368 logdir
= params
['logdir']
3370 name
= "sigma_dut_eap_ttls_uosc_tod"
3373 with
open("auth_serv/ca.pem", "r") as f
:
3374 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3378 src
= "auth_serv/server-certpol2.pem"
3380 src
= "auth_serv/server-certpol.pem"
3381 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3382 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3383 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3385 stderr
=open('/dev/null', 'w'))
3386 with
open(dst
, "rb") as f
:
3388 hash = hashlib
.sha256(der
).digest()
3389 with
open(hashdst
, "w") as f
:
3390 f
.write(binascii
.hexlify(hash).decode())
3392 ssid
= "test-wpa2-eap"
3393 params
= int_eap_server_params()
3394 params
["ssid"] = ssid
3396 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3397 params
["private_key"] = "auth_serv/server-certpol2.key"
3399 params
["server_cert"] = "auth_serv/server-certpol.pem"
3400 params
["private_key"] = "auth_serv/server-certpol.key"
3401 hapd
= hostapd
.add_ap(apdev
[0], params
)
3403 ifname
= dev
[0].ifname
3404 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3407 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name
+ ".server.pem") % (ifname
, ssid
)
3408 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3409 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3410 sigma_dut_cmd_check(cmd
)
3411 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3413 sigma_dut_wait_connected(ifname
)
3414 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3415 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
+ ",maintain_profile,1")
3416 dev
[0].wait_disconnected()
3417 dev
[0].dump_monitor()
3420 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3421 hapd
= hostapd
.add_ap(apdev
[0], params
)
3423 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3425 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3427 raise Exception("Server certificate error not reported")
3429 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3430 if "ServerCertTrustResult,Accepted" in res
:
3431 raise Exception("Server certificate trust override was accepted unexpectedly")
3432 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3433 dev
[0].dump_monitor()
3435 stop_sigma_dut(sigma
)
3437 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev
, apdev
, params
):
3438 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3439 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, False)
3441 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev
, apdev
, params
):
3442 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3443 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, True)
3445 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, tofu
):
3446 logdir
= params
['logdir']
3448 name
= "sigma_dut_eap_ttls_uosc_initial_tod"
3451 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
3452 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3456 src
= "auth_serv/server-certpol2.pem"
3458 src
= "auth_serv/server-certpol.pem"
3459 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3460 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3461 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3463 stderr
=open('/dev/null', 'w'))
3464 with
open(dst
, "rb") as f
:
3466 hash = hashlib
.sha256(der
).digest()
3467 with
open(hashdst
, "w") as f
:
3468 f
.write(binascii
.hexlify(hash).decode())
3470 ssid
= "test-wpa2-eap"
3471 params
= int_eap_server_params()
3472 params
["ssid"] = ssid
3474 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3475 params
["private_key"] = "auth_serv/server-certpol2.key"
3477 params
["server_cert"] = "auth_serv/server-certpol.pem"
3478 params
["private_key"] = "auth_serv/server-certpol.key"
3479 hapd
= hostapd
.add_ap(apdev
[0], params
)
3481 ifname
= dev
[0].ifname
3482 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3485 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname
, ssid
)
3486 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3487 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3488 sigma_dut_cmd_check(cmd
)
3489 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3491 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=15)
3493 raise Exception("Server certificate validation failure not reported")
3495 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3496 if not tofu
and "ServerCertTrustResult,Accepted" in res
:
3497 raise Exception("Server certificate trust override was accepted unexpectedly")
3498 if tofu
and "ServerCertTrustResult,Accepted" not in res
:
3499 raise Exception("Server certificate trust override was not accepted")
3500 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3501 dev
[0].dump_monitor()
3503 stop_sigma_dut(sigma
)
3505 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev
, apdev
, params
):
3506 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3507 check_domain_suffix_match(dev
[0])
3508 logdir
= params
['logdir']
3510 with
open("auth_serv/ca.pem", "r") as f
:
3511 with
open(os
.path
.join(logdir
,
3512 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3516 ssid
= "test-wpa2-eap"
3517 params
= int_eap_server_params()
3518 params
["ssid"] = ssid
3519 params
["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3520 params
["server_cert"] = "auth_serv/rsa3072-server.pem"
3521 params
["private_key"] = "auth_serv/rsa3072-server.key"
3522 hapd
= hostapd
.add_ap(apdev
[0], params
)
3524 ifname
= dev
[0].ifname
3525 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3528 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname
, ssid
)
3529 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3530 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3531 sigma_dut_cmd_check(cmd
)
3532 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3534 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3536 raise Exception("Server certificate error not reported")
3538 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3539 if "ServerCertTrustResult,Accepted" not in res
:
3540 raise Exception("Server certificate trust was not accepted")
3541 sigma_dut_wait_connected(ifname
)
3542 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3543 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3544 dev
[0].dump_monitor()
3546 stop_sigma_dut(sigma
)
3548 def start_sae_pwe_ap(apdev
, sae_pwe
):
3550 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3551 params
['wpa_key_mgmt'] = 'SAE'
3552 params
["ieee80211w"] = "2"
3553 params
['sae_groups'] = '19'
3554 params
['sae_pwe'] = str(sae_pwe
)
3555 return hostapd
.add_ap(apdev
, params
)
3557 def connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3559 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3560 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3561 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3564 sigma_dut_cmd_check(cmd
)
3565 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3567 sigma_dut_wait_connected(ifname
)
3568 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3569 dev
.wait_disconnected()
3570 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3573 def no_connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3575 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3576 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3577 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3580 sigma_dut_cmd_check(cmd
)
3581 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3583 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
3584 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3585 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3586 raise Exception("Unexpected connection result")
3587 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3590 def test_sigma_dut_sae_h2e(dev
, apdev
):
3591 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3592 if "SAE" not in dev
[0].get_capability("auth_alg"):
3593 raise HwsimSkip("SAE not supported")
3595 start_sae_pwe_ap(apdev
[0], 2)
3597 ifname
= dev
[0].ifname
3598 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3600 connect_sae_pwe_sta(dev
[0], ifname
)
3601 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3602 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3603 res
= sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname
, "test-sae", "12345678"))
3604 if res
!= "status,ERROR,errorCode,Unsupported sae_pwe value":
3605 raise Exception("Unexpected error result: " + res
)
3607 stop_sigma_dut(sigma
)
3608 dev
[0].set("sae_pwe", "0")
3610 def test_sigma_dut_sae_h2e_ap_loop(dev
, apdev
):
3611 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3612 if "SAE" not in dev
[0].get_capability("auth_alg"):
3613 raise HwsimSkip("SAE not supported")
3615 start_sae_pwe_ap(apdev
[0], 0)
3617 ifname
= dev
[0].ifname
3618 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3620 connect_sae_pwe_sta(dev
[0], ifname
)
3621 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3622 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3624 stop_sigma_dut(sigma
)
3625 dev
[0].set("sae_pwe", "0")
3627 def test_sigma_dut_sae_h2e_ap_h2e(dev
, apdev
):
3628 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3629 if "SAE" not in dev
[0].get_capability("auth_alg"):
3630 raise HwsimSkip("SAE not supported")
3632 start_sae_pwe_ap(apdev
[0], 1)
3634 ifname
= dev
[0].ifname
3635 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3637 connect_sae_pwe_sta(dev
[0], ifname
)
3638 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3639 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3641 stop_sigma_dut(sigma
)
3642 dev
[0].set("sae_pwe", "0")
3644 def test_sigma_dut_ap_sae_h2e(dev
, apdev
, params
):
3645 """sigma_dut controlled AP with SAE H2E"""
3646 logdir
= os
.path
.join(params
['logdir'],
3647 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3648 if "SAE" not in dev
[0].get_capability("auth_alg"):
3649 raise HwsimSkip("SAE not supported")
3650 with
HWSimRadio() as (radio
, iface
):
3651 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3653 sigma_dut_cmd_check("ap_reset_default")
3654 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3655 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3656 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3658 for sae_pwe
in [0, 1, 2]:
3659 dev
[0].request("SET sae_groups ")
3660 dev
[0].set("sae_pwe", str(sae_pwe
))
3661 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3662 ieee80211w
="2", scan_freq
="2412")
3663 dev
[0].request("REMOVE_NETWORK all")
3664 dev
[0].wait_disconnected()
3665 dev
[0].dump_monitor()
3667 sigma_dut_cmd_check("ap_reset_default")
3669 stop_sigma_dut(sigma
)
3670 dev
[0].set("sae_pwe", "0")
3672 def test_sigma_dut_ap_sae_h2e_only(dev
, apdev
, params
):
3673 """sigma_dut controlled AP with SAE H2E-only"""
3674 logdir
= os
.path
.join(params
['logdir'],
3675 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3676 if "SAE" not in dev
[0].get_capability("auth_alg"):
3677 raise HwsimSkip("SAE not supported")
3678 with
HWSimRadio() as (radio
, iface
):
3679 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3681 sigma_dut_cmd_check("ap_reset_default")
3682 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3683 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3684 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3686 dev
[0].request("SET sae_groups ")
3687 dev
[0].set("sae_pwe", "1")
3688 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3689 ieee80211w
="2", scan_freq
="2412")
3690 dev
[0].request("REMOVE_NETWORK all")
3691 dev
[0].wait_disconnected()
3692 dev
[0].dump_monitor()
3694 dev
[0].set("sae_pwe", "0")
3695 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3696 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3697 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3698 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3699 dev
[0].request("DISCONNECT")
3700 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3701 raise Exception("Unexpected connection result")
3703 sigma_dut_cmd_check("ap_reset_default")
3705 stop_sigma_dut(sigma
)
3706 dev
[0].set("sae_pwe", "0")
3708 def test_sigma_dut_ap_sae_loop_only(dev
, apdev
, params
):
3709 """sigma_dut controlled AP with SAE looping-only"""
3710 logdir
= os
.path
.join(params
['logdir'],
3711 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3712 if "SAE" not in dev
[0].get_capability("auth_alg"):
3713 raise HwsimSkip("SAE not supported")
3714 with
HWSimRadio() as (radio
, iface
):
3715 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3717 sigma_dut_cmd_check("ap_reset_default")
3718 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3719 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3720 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3722 dev
[0].request("SET sae_groups ")
3723 dev
[0].set("sae_pwe", "0")
3724 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3725 ieee80211w
="2", scan_freq
="2412")
3726 dev
[0].request("REMOVE_NETWORK all")
3727 dev
[0].wait_disconnected()
3728 dev
[0].dump_monitor()
3730 dev
[0].set("sae_pwe", "1")
3731 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3732 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3733 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3734 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3735 dev
[0].request("DISCONNECT")
3736 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3737 raise Exception("Unexpected connection result")
3739 sigma_dut_cmd_check("ap_reset_default")
3741 stop_sigma_dut(sigma
)
3742 dev
[0].set("sae_pwe", "0")
3744 def test_sigma_dut_sae_h2e_loop_forcing(dev
, apdev
):
3745 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3746 if "SAE" not in dev
[0].get_capability("auth_alg"):
3747 raise HwsimSkip("SAE not supported")
3750 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3751 params
['wpa_key_mgmt'] = 'SAE'
3752 params
["ieee80211w"] = "2"
3753 params
['sae_pwe'] = '1'
3754 hapd
= hostapd
.add_ap(apdev
[0], params
)
3756 ifname
= dev
[0].ifname
3757 sigma
= start_sigma_dut(ifname
)
3759 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3760 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3761 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname
, "test-sae", "12345678"))
3762 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3764 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3766 raise Exception("No authentication attempt reported")
3767 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3769 raise Exception("Unexpected connection reported")
3771 stop_sigma_dut(sigma
)
3773 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev
, apdev
):
3774 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3775 if "SAE" not in dev
[0].get_capability("auth_alg"):
3776 raise HwsimSkip("SAE not supported")
3779 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3780 params
['wpa_key_mgmt'] = 'SAE'
3781 params
["ieee80211w"] = "2"
3782 params
['sae_groups'] = "19 20"
3783 params
['sae_pwe'] = '1'
3784 hapd
= hostapd
.add_ap(apdev
[0], params
)
3786 ifname
= dev
[0].ifname
3787 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3789 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3790 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3791 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname
, "test-sae", "12345678"))
3792 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3794 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3796 raise Exception("No authentication attempt reported")
3797 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3799 raise Exception("Unexpected connection reported")
3801 stop_sigma_dut(sigma
)
3803 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev
, apdev
):
3804 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3805 if "SAE" not in dev
[0].get_capability("auth_alg"):
3806 raise HwsimSkip("SAE not supported")
3809 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3810 params
['wpa_key_mgmt'] = 'SAE'
3811 params
["ieee80211w"] = "2"
3812 params
['sae_groups'] = "19"
3813 params
['sae_pwe'] = '1'
3814 hapd
= hostapd
.add_ap(apdev
[0], params
)
3816 ifname
= dev
[0].ifname
3817 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3819 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3820 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3821 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname
, "test-sae", "12345678"))
3822 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3824 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3826 raise Exception("No authentication attempt reported")
3827 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3829 raise Exception("Unexpected connection reported")
3831 stop_sigma_dut(sigma
)
3832 dev
[0].set("sae_pwe", "0")
3834 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev
, apdev
, params
):
3835 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3836 logdir
= os
.path
.join(params
['logdir'],
3837 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3838 if "SAE" not in dev
[0].get_capability("auth_alg"):
3839 raise HwsimSkip("SAE not supported")
3840 with
HWSimRadio() as (radio
, iface
):
3841 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3843 sigma_dut_cmd_check("ap_reset_default")
3844 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3845 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3846 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3848 dev
[0].request("SET sae_groups ")
3849 dev
[0].set("sae_pwe", "1")
3850 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3851 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3852 ev
= dev
[0].wait_event(["Associated with"], timeout
=10)
3854 raise Exception("No indication of association seen")
3855 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3856 "CTRL-EVENT-DISCONNECTED"], timeout
=10)
3857 dev
[0].request("DISCONNECT")
3859 raise Exception("No disconnection seen")
3860 if "CTRL-EVENT-DISCONNECTED" not in ev
:
3861 raise Exception("Unexpected connection")
3863 sigma_dut_cmd_check("ap_reset_default")
3865 stop_sigma_dut(sigma
)
3866 dev
[0].set("sae_pwe", "0")
3868 def test_sigma_dut_ap_sae_h2e_group_rejection(dev
, apdev
, params
):
3869 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3870 logdir
= os
.path
.join(params
['logdir'],
3871 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3872 if "SAE" not in dev
[0].get_capability("auth_alg"):
3873 raise HwsimSkip("SAE not supported")
3874 with
HWSimRadio() as (radio
, iface
):
3875 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3877 sigma_dut_cmd_check("ap_reset_default")
3878 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3879 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3880 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3882 dev
[0].request("SET sae_groups 21 20 19")
3883 dev
[0].set("sae_pwe", "1")
3884 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3885 ieee80211w
="2", scan_freq
="2412")
3886 addr
= dev
[0].own_addr()
3887 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr
)
3888 if "DHGroupVerResult,21 20" not in res
:
3889 raise Exception("Unexpected dev_exec_action response: " + res
)
3891 sigma_dut_cmd_check("ap_reset_default")
3893 stop_sigma_dut(sigma
)
3894 dev
[0].set("sae_pwe", "0")
3896 def test_sigma_dut_ap_sae_h2e_anti_clogging(dev
, apdev
, params
):
3897 """sigma_dut controlled AP with SAE H2E and anti-clogging token"""
3898 logdir
= os
.path
.join(params
['logdir'],
3899 "sigma_dut_ap_sae_h2e_anti_clogging.sigma-hostapd")
3900 if "SAE" not in dev
[0].get_capability("auth_alg"):
3901 raise HwsimSkip("SAE not supported")
3902 with
HWSimRadio() as (radio
, iface
):
3903 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3905 sigma_dut_cmd_check("ap_reset_default")
3906 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3907 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SAE,PSK,12345678,AntiCloggingThreshold,0")
3908 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3910 dev
[0].set("sae_groups", "")
3911 dev
[0].set("sae_pwe", "2")
3912 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3913 ieee80211w
="2", scan_freq
="2412")
3915 sigma_dut_cmd_check("ap_reset_default")
3917 stop_sigma_dut(sigma
)
3918 dev
[0].set("sae_pwe", "0")
3920 def test_sigma_dut_ap_5ghz(dev
, apdev
, params
):
3921 """sigma_dut controlled AP on 5 GHz"""
3922 run_sigma_dut_ap_channel(dev
, apdev
, params
, 36, '11na', 5180,
3923 check_signal
="WIDTH=20 MHz")
3925 def test_sigma_dut_ap_ht40plus(dev
, apdev
, params
):
3926 """sigma_dut controlled AP and HT40+"""
3927 run_sigma_dut_ap_channel(dev
, apdev
, params
, 36, '11na', 5180,
3928 extra
="width,40", check_signal
="WIDTH=40 MHz")
3930 def test_sigma_dut_ap_ht40minus(dev
, apdev
, params
):
3931 """sigma_dut controlled AP and HT40-"""
3932 run_sigma_dut_ap_channel(dev
, apdev
, params
, 40, '11na', 5200,
3933 extra
="width,40", check_signal
="WIDTH=40 MHz")
3935 def test_sigma_dut_ap_vht40(dev
, apdev
, params
):
3936 """sigma_dut controlled AP and VHT40"""
3937 run_sigma_dut_ap_channel(dev
, apdev
, params
, 36, '11ac', 5180,
3938 extra
="width,40", check_signal
="WIDTH=40 MHz",
3941 def test_sigma_dut_ap_vht80(dev
, apdev
, params
):
3942 """sigma_dut controlled AP and VHT80"""
3943 run_sigma_dut_ap_channel(dev
, apdev
, params
, 36, '11ac', 5180,
3944 extra
="width,80", check_signal
="WIDTH=80 MHz",
3947 def run_sigma_dut_ap_channel(dev
, apdev
, params
, channel
, mode
, scan_freq
,
3948 extra
=None, check_signal
=None, program
=None):
3949 logdir
= params
['prefix'] + ".sigma-hostapd"
3950 with
HWSimRadio() as (radio
, iface
):
3951 subprocess
.call(['iw', 'reg', 'set', 'US'])
3952 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3954 cmd
= "ap_reset_default"
3956 cmd
+= ",program," + program
3957 sigma_dut_cmd_check(cmd
)
3958 cmd
= "ap_set_wireless,NAME,AP,CHANNEL,%d,SSID,test-psk,MODE,%s" % (channel
, mode
)
3961 sigma_dut_cmd_check(cmd
)
3962 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
3963 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3965 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3966 with
open(params
['prefix'] + ".sigma-conf", "wb") as f2
:
3969 dev
[0].connect("test-psk", psk
="12345678", scan_freq
=str(scan_freq
))
3970 sig
= dev
[0].request("SIGNAL_POLL")
3971 logger
.info("SIGNAL_POLL:\n" + sig
.strip())
3972 dev
[0].request("DISCONNECT")
3973 dev
[0].wait_disconnected()
3975 sigma_dut_cmd_check("ap_reset_default")
3977 if check_signal
and check_signal
not in sig
:
3978 raise Exception("Unexpected SIGNAL_POLL data")
3980 stop_sigma_dut(sigma
)
3981 subprocess
.call(['iw', 'reg', 'set', '00'])
3982 dev
[0].flush_scan_cache()
3984 def test_sigma_dut_beacon_prot(dev
, apdev
):
3985 """sigma_dut controlled STA and beacon protection"""
3986 ssid
= "test-pmf-required"
3987 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3988 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3989 params
["ieee80211w"] = "2"
3990 params
["beacon_prot"] = "1"
3992 hapd
= hostapd
.add_ap(apdev
[0], params
)
3993 except Exception as e
:
3994 if "Failed to enable hostapd interface" in str(e
):
3995 raise HwsimSkip("Beacon protection not supported")
3998 ifname
= dev
[0].ifname
3999 sigma
= start_sigma_dut(ifname
)
4002 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
4003 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
4004 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,BeaconProtection,1" % (ifname
, "test-pmf-required", "12345678"))
4005 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
4007 sigma_dut_wait_connected(ifname
)
4010 check_mac80211_bigtk(dev
[0], hapd
)
4012 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
4014 stop_sigma_dut(sigma
)
4015 dev
[0].set("ignore_old_scan_res", "0")
4017 def test_sigma_dut_ap_beacon_prot(dev
, apdev
, params
):
4018 """sigma_dut controlled AP and beacon protection"""
4019 logdir
= params
['prefix'] + ".sigma-hostapd"
4021 Wlantest
.setup(None)
4024 wt
.add_passphrase("12345678")
4026 with
HWSimRadio() as (radio
, iface
):
4027 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
4029 sigma_dut_cmd_check("ap_reset_default")
4030 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
4031 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required,BeaconProtection,1")
4032 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
4033 bssid
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP")
4035 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
4036 psk
="12345678", scan_freq
="2412",
4037 ieee80211w
="2", beacon_prot
="1")
4040 sigma_dut_cmd_check("ap_reset_default")
4042 stop_sigma_dut(sigma
)
4044 valid_bip
= wt
.get_bss_counter('valid_bip_mmie', bssid
)
4045 invalid_bip
= wt
.get_bss_counter('invalid_bip_mmie', bssid
)
4046 missing_bip
= wt
.get_bss_counter('missing_bip_mmie', bssid
)
4047 logger
.info("wlantest BIP counters: valid=%d invalid=%d missing=%d" % (valid_bip
, invalid_bip
, missing_bip
))
4048 if valid_bip
< 0 or invalid_bip
> 0 or missing_bip
> 0:
4049 raise Exception("Unexpected wlantest BIP counters: valid=%d invalid=%d missing=%d" % (valid_bip
, invalid_bip
, missing_bip
))
4051 def test_sigma_dut_ap_transition_disable(dev
, apdev
, params
):
4052 """sigma_dut controlled AP and transition disabled indication"""
4053 logdir
= params
['prefix'] + ".sigma-hostapd"
4055 with
HWSimRadio() as (radio
, iface
):
4056 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
4058 sigma_dut_cmd_check("ap_reset_default")
4059 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
4060 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,PMF,Required,Transition_Disable,1,Transition_Disable_Index,0")
4061 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
4062 bssid
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP")
4064 dev
[0].set("sae_groups", "")
4065 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
4066 ieee80211w
="2", scan_freq
="2412")
4067 ev
= dev
[0].wait_event(["TRANSITION-DISABLE"], timeout
=1)
4069 raise Exception("Transition disable not indicated")
4070 if ev
.split(' ')[1] != "01":
4071 raise Exception("Unexpected transition disable bitmap: " + ev
)
4073 sigma_dut_cmd_check("ap_reset_default")
4075 stop_sigma_dut(sigma
)