1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
13 logger
= logging
.getLogger()
22 from utils
import HwsimSkip
23 from hwsim
import HWSimRadio
25 from test_dpp
import check_dpp_capab
, update_hapd_config
, wait_auth_success
26 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
27 from test_ap_eap
import check_eap_capa
, int_eap_server_params
, check_domain_match
, check_domain_suffix_match
28 from test_ap_hs20
import hs20_ap_params
30 def check_sigma_dut():
31 if not os
.path
.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
35 return binascii
.hexlify(s
.encode()).decode()
38 return binascii
.unhexlify(s
).decode()
40 def sigma_log_output(cmd
):
42 out
= cmd
.stdout
.read()
44 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
46 if e
.errno
!= errno
.EAGAIN
:
49 out
= cmd
.stderr
.read()
51 logger
.debug("sigma_dut stderr: " + str(out
.decode()))
53 if e
.errno
!= errno
.EAGAIN
:
58 def sigma_dut_cmd(cmd
, port
=9000, timeout
=2):
59 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
61 sock
.settimeout(timeout
)
62 addr
= ('127.0.0.1', port
)
64 sock
.send(cmd
.encode() + b
"\r\n")
66 res
= sock
.recv(1000).decode()
69 for line
in res
.splitlines():
70 if line
.startswith("status,RUNNING"):
72 elif line
.startswith("status,INVALID"):
74 elif line
.startswith("status,ERROR"):
76 elif line
.startswith("status,COMPLETE"):
78 if running
and not done
:
79 # Read the actual response
80 res
= sock
.recv(1000).decode()
86 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
89 sigma_log_output(sigma_prog
)
92 def sigma_dut_cmd_check(cmd
, port
=9000, timeout
=2):
93 res
= sigma_dut_cmd(cmd
, port
=port
, timeout
=timeout
)
94 if "COMPLETE" not in res
:
95 raise Exception("sigma_dut command failed: " + cmd
)
98 def start_sigma_dut(ifname
, hostapd_logdir
=None, cert_path
=None,
99 bridge
=None, sae_h2e
=False):
101 cmd
= ['./sigma_dut',
105 '-F', '../../hostapd/hostapd',
107 '-w', '/var/run/wpa_supplicant/',
110 cmd
+= ['-H', hostapd_logdir
]
112 cmd
+= ['-C', cert_path
]
114 cmd
+= ['-b', bridge
]
117 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
118 stderr
=subprocess
.PIPE
)
119 for stream
in [sigma
.stdout
, sigma
.stderr
]:
121 fl
= fcntl
.fcntl(fd
, fcntl
.F_GETFL
)
122 fcntl
.fcntl(fd
, fcntl
.F_SETFL
, fl | os
.O_NONBLOCK
)
129 res
= sigma_dut_cmd("HELLO")
133 if res
is None or "errorCode,Unknown command" not in res
:
134 raise Exception("Failed to start sigma_dut")
135 return {'cmd': sigma
, 'ifname': ifname
}
137 def stop_sigma_dut(sigma
):
141 sigma_log_output(cmd
)
142 logger
.debug("Terminating sigma_dut process")
145 out
, err
= cmd
.communicate()
146 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
147 logger
.debug("sigma_dut stderr: " + str(err
.decode()))
148 subprocess
.call(["ip", "addr", "del", "dev", sigma
['ifname'],
150 stderr
=open('/dev/null', 'w'))
152 def sigma_dut_wait_connected(ifname
):
154 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
155 if "connected,1" in res
:
159 raise Exception("Connection did not complete")
161 def test_sigma_dut_basic(dev
, apdev
):
162 """sigma_dut basic functionality"""
163 sigma
= start_sigma_dut(dev
[0].ifname
)
165 tests
= [("ca_get_version", "status,COMPLETE,version,1.0"),
166 ("device_get_info", "status,COMPLETE,vendor"),
167 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
168 ("device_list_interfaces,interfaceType,802.11",
169 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
)]
171 res
= sigma_dut_cmd("UNKNOWN")
172 if "status,INVALID,errorCode,Unknown command" not in res
:
173 raise Exception("Unexpected sigma_dut response to unknown command")
175 for cmd
, response
in tests
:
176 res
= sigma_dut_cmd(cmd
)
177 if response
not in res
:
178 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
180 stop_sigma_dut(sigma
)
182 def test_sigma_dut_open(dev
, apdev
):
183 """sigma_dut controlled open network association"""
185 run_sigma_dut_open(dev
, apdev
)
187 dev
[0].set("ignore_old_scan_res", "0")
189 def run_sigma_dut_open(dev
, apdev
):
190 ifname
= dev
[0].ifname
191 sigma
= start_sigma_dut(ifname
)
194 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "open"})
196 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
197 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
198 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"),
200 sigma_dut_wait_connected(ifname
)
201 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
202 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
203 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
205 stop_sigma_dut(sigma
)
207 def test_sigma_dut_psk_pmf(dev
, apdev
):
208 """sigma_dut controlled PSK+PMF association"""
210 run_sigma_dut_psk_pmf(dev
, apdev
)
212 dev
[0].set("ignore_old_scan_res", "0")
214 def run_sigma_dut_psk_pmf(dev
, apdev
):
215 ifname
= dev
[0].ifname
216 sigma
= start_sigma_dut(ifname
)
219 ssid
= "test-pmf-required"
220 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
221 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
222 params
["ieee80211w"] = "2"
223 hapd
= hostapd
.add_ap(apdev
[0], params
)
225 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
226 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
227 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
228 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
230 sigma_dut_wait_connected(ifname
)
231 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
232 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
233 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
235 stop_sigma_dut(sigma
)
237 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
238 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
240 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
242 dev
[0].set("ignore_old_scan_res", "0")
244 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
245 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
247 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
249 dev
[0].set("ignore_old_scan_res", "0")
251 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
252 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
254 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
256 dev
[0].set("ignore_old_scan_res", "0")
258 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
259 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
261 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
263 dev
[0].set("ignore_old_scan_res", "0")
265 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
266 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
268 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
271 dev
[0].set("ignore_old_scan_res", "0")
273 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
275 ifname
= dev
[0].ifname
276 sigma
= start_sigma_dut(ifname
)
279 ssid
= "test-pmf-required"
280 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
281 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
282 params
["ieee80211w"] = "2"
283 params
["group_mgmt_cipher"] = hostapd_cipher
284 hapd
= hostapd
.add_ap(apdev
[0], params
)
286 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
287 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
288 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
289 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
290 timeout
=2 if failure
else 10)
292 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
293 "CTRL-EVENT-CONNECTED"], timeout
=10)
295 raise Exception("Network selection result not indicated")
296 if "CTRL-EVENT-CONNECTED" in ev
:
297 raise Exception("Unexpected connection")
298 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
299 if "connected,1" in res
:
300 raise Exception("Connection reported")
302 sigma_dut_wait_connected(ifname
)
303 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
305 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
306 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
308 stop_sigma_dut(sigma
)
310 def test_sigma_dut_sae(dev
, apdev
):
311 """sigma_dut controlled SAE association"""
312 if "SAE" not in dev
[0].get_capability("auth_alg"):
313 raise HwsimSkip("SAE not supported")
315 ifname
= dev
[0].ifname
316 sigma
= start_sigma_dut(ifname
)
320 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
321 params
['wpa_key_mgmt'] = 'SAE'
322 params
["ieee80211w"] = "2"
323 params
['sae_groups'] = '19 20 21'
324 hapd
= hostapd
.add_ap(apdev
[0], params
)
326 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
327 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
328 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
329 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
331 sigma_dut_wait_connected(ifname
)
332 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
333 if dev
[0].get_status_field('sae_group') != '19':
334 raise Exception("Expected default SAE group not used")
335 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
337 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
339 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
340 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
341 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
343 sigma_dut_wait_connected(ifname
)
344 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
345 if dev
[0].get_status_field('sae_group') != '20':
346 raise Exception("Expected SAE group not used")
347 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
348 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
350 stop_sigma_dut(sigma
)
352 def test_sigma_dut_sae_groups(dev
, apdev
):
353 """sigma_dut controlled SAE association with group negotiation"""
354 if "SAE" not in dev
[0].get_capability("auth_alg"):
355 raise HwsimSkip("SAE not supported")
357 ifname
= dev
[0].ifname
358 sigma
= start_sigma_dut(ifname
)
362 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
363 params
['wpa_key_mgmt'] = 'SAE'
364 params
["ieee80211w"] = "2"
365 params
['sae_groups'] = '19'
366 hapd
= hostapd
.add_ap(apdev
[0], params
)
368 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
369 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
370 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname
, "test-sae", "12345678"))
371 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
373 sigma_dut_wait_connected(ifname
)
374 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
375 if dev
[0].get_status_field('sae_group') != '19':
376 raise Exception("Expected default SAE group not used")
377 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
379 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
381 stop_sigma_dut(sigma
)
383 def test_sigma_dut_sae_pmkid_include(dev
, apdev
):
384 """sigma_dut controlled SAE association with PMKID"""
385 if "SAE" not in dev
[0].get_capability("auth_alg"):
386 raise HwsimSkip("SAE not supported")
388 ifname
= dev
[0].ifname
389 sigma
= start_sigma_dut(ifname
)
393 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
394 params
['wpa_key_mgmt'] = 'SAE'
395 params
["ieee80211w"] = "2"
396 params
["sae_confirm_immediate"] = "1"
397 hapd
= hostapd
.add_ap(apdev
[0], params
)
399 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
400 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
401 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname
, "test-sae", "12345678"))
402 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
404 sigma_dut_wait_connected(ifname
)
405 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
407 stop_sigma_dut(sigma
)
409 def test_sigma_dut_sae_password(dev
, apdev
):
410 """sigma_dut controlled SAE association and long password"""
411 if "SAE" not in dev
[0].get_capability("auth_alg"):
412 raise HwsimSkip("SAE not supported")
414 ifname
= dev
[0].ifname
415 sigma
= start_sigma_dut(ifname
)
419 params
= hostapd
.wpa2_params(ssid
=ssid
)
420 params
['sae_password'] = 100*'B'
421 params
['wpa_key_mgmt'] = 'SAE'
422 params
["ieee80211w"] = "2"
423 hapd
= hostapd
.add_ap(apdev
[0], params
)
425 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
426 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
427 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
428 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
430 sigma_dut_wait_connected(ifname
)
431 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
432 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
433 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
435 stop_sigma_dut(sigma
)
437 def test_sigma_dut_sae_pw_id(dev
, apdev
):
438 """sigma_dut controlled SAE association with Password Identifier"""
439 if "SAE" not in dev
[0].get_capability("auth_alg"):
440 raise HwsimSkip("SAE not supported")
442 ifname
= dev
[0].ifname
443 sigma
= start_sigma_dut(ifname
)
447 params
= hostapd
.wpa2_params(ssid
=ssid
)
448 params
['wpa_key_mgmt'] = 'SAE'
449 params
["ieee80211w"] = "2"
450 params
['sae_password'] = 'secret|id=pw id'
451 params
['sae_groups'] = '19'
452 hapd
= hostapd
.add_ap(apdev
[0], params
)
454 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
455 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
456 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname
, "test-sae", "secret"))
457 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
459 sigma_dut_wait_connected(ifname
)
460 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
461 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
463 stop_sigma_dut(sigma
)
465 def test_sigma_dut_sae_pw_id_ft(dev
, apdev
):
466 """sigma_dut controlled SAE association with Password Identifier and FT"""
467 run_sigma_dut_sae_pw_id_ft(dev
, apdev
)
469 def test_sigma_dut_sae_pw_id_ft_over_ds(dev
, apdev
):
470 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
471 run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=True)
473 def run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=False):
474 if "SAE" not in dev
[0].get_capability("auth_alg"):
475 raise HwsimSkip("SAE not supported")
477 ifname
= dev
[0].ifname
478 sigma
= start_sigma_dut(ifname
)
482 params
= hostapd
.wpa2_params(ssid
=ssid
)
483 params
['wpa_key_mgmt'] = 'SAE FT-SAE'
484 params
["ieee80211w"] = "2"
485 params
['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
486 params
['mobility_domain'] = 'aabb'
487 params
['ft_over_ds'] = '1' if over_ds
else '0'
488 bssid
= apdev
[0]['bssid'].replace(':', '')
489 params
['nas_identifier'] = bssid
+ '.nas.example.com'
490 params
['r1_key_holder'] = bssid
491 params
['pmk_r1_push'] = '0'
492 params
['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
493 params
['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
494 hapd
= hostapd
.add_ap(apdev
[0], params
)
496 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
498 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname
)
499 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
500 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname
, "test-sae", "pw2"))
501 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
503 sigma_dut_wait_connected(ifname
)
505 bssid
= apdev
[1]['bssid'].replace(':', '')
506 params
['nas_identifier'] = bssid
+ '.nas.example.com'
507 params
['r1_key_holder'] = bssid
508 hapd2
= hostapd
.add_ap(apdev
[1], params
)
509 bssid
= hapd2
.own_addr()
510 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
511 dev
[0].wait_connected()
513 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
514 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
516 stop_sigma_dut(sigma
)
518 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
519 """sigma_dut and RSNE override on STA"""
521 run_sigma_dut_sta_override_rsne(dev
, apdev
)
523 dev
[0].set("ignore_old_scan_res", "0")
525 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
526 ifname
= dev
[0].ifname
527 sigma
= start_sigma_dut(ifname
)
531 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
532 hapd
= hostapd
.add_ap(apdev
[0], params
)
534 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
536 tests
= ["30120100000fac040100000fac040100000fac02",
537 "30140100000fac040100000fac040100000fac02ffff"]
539 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
540 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
541 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
543 sigma_dut_wait_connected(ifname
)
544 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
545 dev
[0].dump_monitor()
547 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
548 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
549 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
552 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
554 raise Exception("Association rejection not reported")
555 if "status_code=40" not in ev
:
556 raise Exception("Unexpected status code: " + ev
)
558 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
560 stop_sigma_dut(sigma
)
562 def test_sigma_dut_ap_psk(dev
, apdev
):
563 """sigma_dut controlled AP"""
564 with
HWSimRadio() as (radio
, iface
):
565 sigma
= start_sigma_dut(iface
)
567 sigma_dut_cmd_check("ap_reset_default")
568 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
569 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
570 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
572 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
574 sigma_dut_cmd_check("ap_reset_default")
576 stop_sigma_dut(sigma
)
578 def test_sigma_dut_ap_pskhex(dev
, apdev
, params
):
579 """sigma_dut controlled AP and PSKHEX"""
580 logdir
= os
.path
.join(params
['logdir'],
581 "sigma_dut_ap_pskhex.sigma-hostapd")
582 with
HWSimRadio() as (radio
, iface
):
583 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
585 psk
= "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
586 sigma_dut_cmd_check("ap_reset_default")
587 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
588 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk
)
589 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
591 dev
[0].connect("test-psk", raw_psk
=psk
, scan_freq
="2412")
593 sigma_dut_cmd_check("ap_reset_default")
595 stop_sigma_dut(sigma
)
597 def test_sigma_dut_ap_psk_sha256(dev
, apdev
, params
):
598 """sigma_dut controlled AP PSK SHA256"""
599 logdir
= os
.path
.join(params
['logdir'],
600 "sigma_dut_ap_psk_sha256.sigma-hostapd")
601 with
HWSimRadio() as (radio
, iface
):
602 sigma
= start_sigma_dut(iface
)
604 sigma_dut_cmd_check("ap_reset_default")
605 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
606 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
607 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
609 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
610 psk
="12345678", scan_freq
="2412")
612 sigma_dut_cmd_check("ap_reset_default")
614 stop_sigma_dut(sigma
)
616 def test_sigma_dut_ap_psk_deauth(dev
, apdev
, params
):
617 """sigma_dut controlled AP and deauth commands"""
618 logdir
= os
.path
.join(params
['logdir'],
619 "sigma_dut_ap_psk_deauth.sigma-hostapd")
620 with
HWSimRadio() as (radio
, iface
):
621 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
623 sigma_dut_cmd_check("ap_reset_default")
624 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
625 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
626 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
628 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
629 psk
="12345678", ieee80211w
="2", scan_freq
="2412")
630 addr
= dev
[0].own_addr()
631 dev
[0].dump_monitor()
633 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
)
634 ev
= dev
[0].wait_disconnected()
635 dev
[0].dump_monitor()
636 if "locally_generated=1" in ev
:
637 raise Exception("Unexpected disconnection reason")
638 dev
[0].wait_connected()
639 dev
[0].dump_monitor()
641 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
+ ",disconnect,silent")
642 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
643 if ev
and "locally_generated=1" not in ev
:
644 raise Exception("Unexpected disconnection")
646 sigma_dut_cmd_check("ap_reset_default")
648 stop_sigma_dut(sigma
)
650 def test_sigma_dut_eap_ttls(dev
, apdev
, params
):
651 """sigma_dut controlled STA and EAP-TTLS parameters"""
652 check_domain_match(dev
[0])
653 logdir
= params
['logdir']
655 with
open("auth_serv/ca.pem", "r") as f
:
656 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls.ca.pem"), "w") as f2
:
659 src
= "auth_serv/server.pem"
660 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.der")
661 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.pem.sha256")
662 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
664 stderr
=open('/dev/null', 'w'))
665 with
open(dst
, "rb") as f
:
667 hash = hashlib
.sha256(der
).digest()
668 with
open(hashdst
, "w") as f
:
669 f
.write(binascii
.hexlify(hash).decode())
671 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.incorrect.pem.sha256")
672 with
open(dst
, "w") as f
:
675 ssid
= "test-wpa2-eap"
676 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
677 hapd
= hostapd
.add_ap(apdev
[0], params
)
679 ifname
= dev
[0].ifname
680 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
682 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname
, ssid
)
686 ",Domain,server.w1.fi",
687 ",DomainSuffix,w1.fi",
688 ",DomainSuffix,server.w1.fi",
689 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
691 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
692 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
693 sigma_dut_cmd_check(cmd
+ extra
)
694 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
696 sigma_dut_wait_connected(ifname
)
697 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
698 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
699 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
700 dev
[0].dump_monitor()
702 tests
= [",Domain,w1.fi",
703 ",DomainSuffix,example.com",
704 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
706 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
707 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
708 sigma_dut_cmd_check(cmd
+ extra
)
709 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
711 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
713 raise Exception("Server certificate error not reported")
714 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
715 if "connected,1" in res
:
716 raise Exception("Unexpected connection reported")
717 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
718 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
719 dev
[0].dump_monitor()
721 stop_sigma_dut(sigma
)
723 def test_sigma_dut_suite_b(dev
, apdev
, params
):
724 """sigma_dut controlled STA Suite B"""
725 check_suite_b_192_capa(dev
)
726 logdir
= params
['logdir']
728 with
open("auth_serv/ec2-ca.pem", "r") as f
:
729 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
732 with
open("auth_serv/ec2-user.pem", "r") as f
:
733 with
open("auth_serv/ec2-user.key", "r") as f2
:
734 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
738 dev
[0].flush_scan_cache()
739 params
= suite_b_as_params()
740 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
741 params
['server_cert'] = 'auth_serv/ec2-server.pem'
742 params
['private_key'] = 'auth_serv/ec2-server.key'
743 params
['openssl_ciphers'] = 'SUITEB192'
744 hostapd
.add_ap(apdev
[1], params
)
746 params
= {"ssid": "test-suite-b",
748 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
749 "rsn_pairwise": "GCMP-256",
750 "group_mgmt_cipher": "BIP-GMAC-256",
753 'auth_server_addr': "127.0.0.1",
754 'auth_server_port': "18129",
755 'auth_server_shared_secret': "radius",
756 'nas_identifier': "nas.w1.fi"}
757 hapd
= hostapd
.add_ap(apdev
[0], params
)
759 ifname
= dev
[0].ifname
760 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
763 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
764 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
765 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
766 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
768 sigma_dut_wait_connected(ifname
)
769 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
770 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
771 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
773 stop_sigma_dut(sigma
)
775 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
776 """sigma_dut controlled STA Suite B (RSA)"""
777 check_suite_b_192_capa(dev
)
778 logdir
= params
['logdir']
780 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
781 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
784 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
785 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
786 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
790 dev
[0].flush_scan_cache()
791 params
= suite_b_192_rsa_ap_params()
792 hapd
= hostapd
.add_ap(apdev
[0], params
)
794 ifname
= dev
[0].ifname
795 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
797 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
801 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
802 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
804 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
805 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
806 sigma_dut_cmd_check(cmd
+ extra
)
807 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
809 sigma_dut_wait_connected(ifname
)
810 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
811 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
812 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
814 stop_sigma_dut(sigma
)
816 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
817 """sigma_dut controlled AP Suite B"""
818 check_suite_b_192_capa(dev
)
819 logdir
= os
.path
.join(params
['logdir'],
820 "sigma_dut_ap_suite_b.sigma-hostapd")
821 params
= suite_b_as_params()
822 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
823 params
['server_cert'] = 'auth_serv/ec2-server.pem'
824 params
['private_key'] = 'auth_serv/ec2-server.key'
825 params
['openssl_ciphers'] = 'SUITEB192'
826 hostapd
.add_ap(apdev
[1], params
)
827 with
HWSimRadio() as (radio
, iface
):
828 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
830 sigma_dut_cmd_check("ap_reset_default")
831 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
832 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
833 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
834 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
836 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
838 openssl_ciphers
="SUITEB192",
839 eap
="TLS", identity
="tls user",
840 ca_cert
="auth_serv/ec2-ca.pem",
841 client_cert
="auth_serv/ec2-user.pem",
842 private_key
="auth_serv/ec2-user.key",
843 pairwise
="GCMP-256", group
="GCMP-256",
846 sigma_dut_cmd_check("ap_reset_default")
848 stop_sigma_dut(sigma
)
850 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
851 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
852 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
855 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
856 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
857 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
860 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
861 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
862 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
865 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
866 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
867 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
870 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev
, apdev
, params
):
871 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
872 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
873 "BIP-GMAC-256", "CCMP")
875 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev
, apdev
, params
):
876 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
877 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
878 "BIP-GMAC-256", "GCMP-256", "CCMP")
880 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev
, apdev
, params
):
881 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
882 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
883 "GCMP-256", "CCMP", "AES-CCMP-128")
885 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
886 sta_cipher
, sta_cipher_group
=None, ap_group
=None):
887 check_suite_b_192_capa(dev
)
888 logdir
= os
.path
.join(params
['logdir'],
889 "sigma_dut_ap_cipher.sigma-hostapd")
890 params
= suite_b_as_params()
891 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
892 params
['server_cert'] = 'auth_serv/ec2-server.pem'
893 params
['private_key'] = 'auth_serv/ec2-server.key'
894 params
['openssl_ciphers'] = 'SUITEB192'
895 hostapd
.add_ap(apdev
[1], params
)
896 with
HWSimRadio() as (radio
, iface
):
897 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
899 sigma_dut_cmd_check("ap_reset_default")
900 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
901 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
902 cmd
= "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
)
904 cmd
+= ",GroupCipher,%s" % ap_group
905 sigma_dut_cmd_check(cmd
)
906 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
908 if sta_cipher_group
is None:
909 sta_cipher_group
= sta_cipher
910 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
912 openssl_ciphers
="SUITEB192",
913 eap
="TLS", identity
="tls user",
914 ca_cert
="auth_serv/ec2-ca.pem",
915 client_cert
="auth_serv/ec2-user.pem",
916 private_key
="auth_serv/ec2-user.key",
917 pairwise
=sta_cipher
, group
=sta_cipher_group
,
920 sigma_dut_cmd_check("ap_reset_default")
922 stop_sigma_dut(sigma
)
924 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
925 """sigma_dut controlled AP overriding RSNE"""
926 with
HWSimRadio() as (radio
, iface
):
927 sigma
= start_sigma_dut(iface
)
929 sigma_dut_cmd_check("ap_reset_default")
930 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
931 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
932 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
933 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
935 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
937 sigma_dut_cmd_check("ap_reset_default")
939 stop_sigma_dut(sigma
)
941 def test_sigma_dut_ap_sae(dev
, apdev
, params
):
942 """sigma_dut controlled AP with SAE"""
943 logdir
= os
.path
.join(params
['logdir'],
944 "sigma_dut_ap_sae.sigma-hostapd")
945 if "SAE" not in dev
[0].get_capability("auth_alg"):
946 raise HwsimSkip("SAE not supported")
947 with
HWSimRadio() as (radio
, iface
):
948 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
950 sigma_dut_cmd_check("ap_reset_default")
951 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
952 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
953 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
955 dev
[0].request("SET sae_groups ")
956 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
957 ieee80211w
="2", scan_freq
="2412")
958 if dev
[0].get_status_field('sae_group') != '19':
959 raise Exception("Expected default SAE group not used")
961 sigma_dut_cmd_check("ap_reset_default")
963 stop_sigma_dut(sigma
)
965 def test_sigma_dut_ap_sae_confirm_immediate(dev
, apdev
, params
):
966 """sigma_dut controlled AP with SAE Confirm immediate"""
967 logdir
= os
.path
.join(params
['logdir'],
968 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
969 if "SAE" not in dev
[0].get_capability("auth_alg"):
970 raise HwsimSkip("SAE not supported")
971 with
HWSimRadio() as (radio
, iface
):
972 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
974 sigma_dut_cmd_check("ap_reset_default")
975 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
976 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
977 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
979 dev
[0].request("SET sae_groups ")
980 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
981 ieee80211w
="2", scan_freq
="2412")
982 if dev
[0].get_status_field('sae_group') != '19':
983 raise Exception("Expected default SAE group not used")
985 sigma_dut_cmd_check("ap_reset_default")
987 stop_sigma_dut(sigma
)
989 def test_sigma_dut_ap_sae_password(dev
, apdev
, params
):
990 """sigma_dut controlled AP with SAE and long password"""
991 logdir
= os
.path
.join(params
['logdir'],
992 "sigma_dut_ap_sae_password.sigma-hostapd")
993 if "SAE" not in dev
[0].get_capability("auth_alg"):
994 raise HwsimSkip("SAE not supported")
995 with
HWSimRadio() as (radio
, iface
):
996 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
998 sigma_dut_cmd_check("ap_reset_default")
999 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1000 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1001 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1003 dev
[0].request("SET sae_groups ")
1004 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
1005 ieee80211w
="2", scan_freq
="2412")
1006 if dev
[0].get_status_field('sae_group') != '19':
1007 raise Exception("Expected default SAE group not used")
1009 sigma_dut_cmd_check("ap_reset_default")
1011 stop_sigma_dut(sigma
)
1013 def test_sigma_dut_ap_sae_pw_id(dev
, apdev
, params
):
1014 """sigma_dut controlled AP with SAE Password Identifier"""
1015 logdir
= os
.path
.join(params
['logdir'],
1016 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1017 conffile
= os
.path
.join(params
['logdir'],
1018 "sigma_dut_ap_sae_pw_id.sigma-conf")
1019 if "SAE" not in dev
[0].get_capability("auth_alg"):
1020 raise HwsimSkip("SAE not supported")
1021 with
HWSimRadio() as (radio
, iface
):
1022 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1024 sigma_dut_cmd_check("ap_reset_default")
1025 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1026 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1027 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1029 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1030 with
open(conffile
, "wb") as f2
:
1033 dev
[0].request("SET sae_groups ")
1034 tests
= [("pw1", "id1"),
1038 for pw
, pw_id
in tests
:
1039 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=pw
,
1040 sae_password_id
=pw_id
,
1041 ieee80211w
="2", scan_freq
="2412")
1042 dev
[0].request("REMOVE_NETWORK all")
1043 dev
[0].wait_disconnected()
1045 sigma_dut_cmd_check("ap_reset_default")
1047 stop_sigma_dut(sigma
)
1049 def test_sigma_dut_ap_sae_pw_id_ft(dev
, apdev
, params
):
1050 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1051 logdir
= os
.path
.join(params
['logdir'],
1052 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1053 conffile
= os
.path
.join(params
['logdir'],
1054 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1055 if "SAE" not in dev
[0].get_capability("auth_alg"):
1056 raise HwsimSkip("SAE not supported")
1057 with
HWSimRadio() as (radio
, iface
):
1058 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1060 sigma_dut_cmd_check("ap_reset_default")
1061 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1062 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1063 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1065 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1066 with
open(conffile
, "wb") as f2
:
1069 dev
[0].request("SET sae_groups ")
1070 tests
= [("pw1", "id1", "SAE"),
1071 ("pw2", "id2", "FT-SAE"),
1072 ("pw3", None, "FT-SAE"),
1073 ("pw4", "id4", "SAE")]
1074 for pw
, pw_id
, key_mgmt
in tests
:
1075 dev
[0].connect("test-sae", key_mgmt
=key_mgmt
, sae_password
=pw
,
1076 sae_password_id
=pw_id
,
1077 ieee80211w
="2", scan_freq
="2412")
1078 dev
[0].request("REMOVE_NETWORK all")
1079 dev
[0].wait_disconnected()
1081 sigma_dut_cmd_check("ap_reset_default")
1083 stop_sigma_dut(sigma
)
1085 def test_sigma_dut_ap_sae_group(dev
, apdev
, params
):
1086 """sigma_dut controlled AP with SAE and specific group"""
1087 logdir
= os
.path
.join(params
['logdir'],
1088 "sigma_dut_ap_sae_group.sigma-hostapd")
1089 if "SAE" not in dev
[0].get_capability("auth_alg"):
1090 raise HwsimSkip("SAE not supported")
1091 with
HWSimRadio() as (radio
, iface
):
1092 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1094 sigma_dut_cmd_check("ap_reset_default")
1095 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1096 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1097 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1099 dev
[0].request("SET sae_groups ")
1100 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1101 ieee80211w
="2", scan_freq
="2412")
1102 if dev
[0].get_status_field('sae_group') != '20':
1103 raise Exception("Expected SAE group not used")
1105 sigma_dut_cmd_check("ap_reset_default")
1107 stop_sigma_dut(sigma
)
1109 def test_sigma_dut_ap_psk_sae(dev
, apdev
, params
):
1110 """sigma_dut controlled AP with PSK+SAE"""
1111 if "SAE" not in dev
[0].get_capability("auth_alg"):
1112 raise HwsimSkip("SAE not supported")
1113 logdir
= os
.path
.join(params
['logdir'],
1114 "sigma_dut_ap_psk_sae.sigma-hostapd")
1115 with
HWSimRadio() as (radio
, iface
):
1116 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1118 sigma_dut_cmd_check("ap_reset_default")
1119 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1120 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1121 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1123 dev
[2].request("SET sae_groups ")
1124 dev
[2].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1125 scan_freq
="2412", ieee80211w
="0", wait_connect
=False)
1126 dev
[0].request("SET sae_groups ")
1127 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1128 scan_freq
="2412", ieee80211w
="2")
1129 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
1131 ev
= dev
[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1132 dev
[2].request("DISCONNECT")
1134 raise Exception("Unexpected connection without PMF")
1136 sigma_dut_cmd_check("ap_reset_default")
1138 stop_sigma_dut(sigma
)
1140 def test_sigma_dut_ap_psk_sae_ft(dev
, apdev
, params
):
1141 """sigma_dut controlled AP with PSK, SAE, FT"""
1142 logdir
= os
.path
.join(params
['logdir'],
1143 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1144 conffile
= os
.path
.join(params
['logdir'],
1145 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1146 if "SAE" not in dev
[0].get_capability("auth_alg"):
1147 raise HwsimSkip("SAE not supported")
1148 with
HWSimRadio() as (radio
, iface
):
1149 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1151 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1152 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1153 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1154 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1155 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev
[1]['bssid'])
1156 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1158 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1159 with
open(conffile
, "wb") as f2
:
1162 dev
[0].request("SET sae_groups ")
1163 dev
[0].connect("test-sae-psk", key_mgmt
="SAE FT-SAE",
1164 sae_password
="12345678", scan_freq
="2412")
1165 dev
[1].connect("test-sae-psk", key_mgmt
="WPA-PSK FT-PSK",
1166 psk
="12345678", scan_freq
="2412")
1167 dev
[2].connect("test-sae-psk", key_mgmt
="WPA-PSK",
1168 psk
="12345678", scan_freq
="2412")
1170 sigma_dut_cmd_check("ap_reset_default")
1172 stop_sigma_dut(sigma
)
1174 def test_sigma_dut_owe(dev
, apdev
):
1175 """sigma_dut controlled OWE station"""
1177 run_sigma_dut_owe(dev
, apdev
)
1179 dev
[0].set("ignore_old_scan_res", "0")
1181 def run_sigma_dut_owe(dev
, apdev
):
1182 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1183 raise HwsimSkip("OWE not supported")
1185 ifname
= dev
[0].ifname
1186 sigma
= start_sigma_dut(ifname
)
1189 params
= {"ssid": "owe",
1191 "wpa_key_mgmt": "OWE",
1193 "rsn_pairwise": "CCMP"}
1194 hapd
= hostapd
.add_ap(apdev
[0], params
)
1195 bssid
= hapd
.own_addr()
1197 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1198 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1199 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
1200 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1202 sigma_dut_wait_connected(ifname
)
1203 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1205 dev
[0].dump_monitor()
1206 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
1207 dev
[0].wait_connected()
1208 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1209 dev
[0].wait_disconnected()
1210 dev
[0].dump_monitor()
1212 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1213 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1214 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1215 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1217 sigma_dut_wait_connected(ifname
)
1218 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1219 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1220 dev
[0].wait_disconnected()
1221 dev
[0].dump_monitor()
1223 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1224 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1225 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
1226 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1228 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1229 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1231 raise Exception("Association not rejected")
1232 if "status_code=77" not in ev
:
1233 raise Exception("Unexpected rejection reason: " + ev
)
1235 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1237 stop_sigma_dut(sigma
)
1239 def test_sigma_dut_ap_owe(dev
, apdev
, params
):
1240 """sigma_dut controlled AP with OWE"""
1241 logdir
= os
.path
.join(params
['logdir'],
1242 "sigma_dut_ap_owe.sigma-hostapd")
1243 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1244 raise HwsimSkip("OWE not supported")
1245 with
HWSimRadio() as (radio
, iface
):
1246 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1248 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1249 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1250 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1251 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1253 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1256 sigma_dut_cmd_check("ap_reset_default")
1258 stop_sigma_dut(sigma
)
1260 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
1261 """sigma_dut controlled AP with OWE and ECGroupID"""
1262 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1263 raise HwsimSkip("OWE not supported")
1264 with
HWSimRadio() as (radio
, iface
):
1265 sigma
= start_sigma_dut(iface
)
1267 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1268 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1269 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1270 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1272 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1273 owe_group
="20", scan_freq
="2412")
1274 dev
[0].request("REMOVE_NETWORK all")
1275 dev
[0].wait_disconnected()
1277 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1278 owe_group
="21", scan_freq
="2412")
1279 dev
[0].request("REMOVE_NETWORK all")
1280 dev
[0].wait_disconnected()
1282 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1283 owe_group
="19", scan_freq
="2412", wait_connect
=False)
1284 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1285 dev
[0].request("DISCONNECT")
1287 raise Exception("Association not rejected")
1288 if "status_code=77" not in ev
:
1289 raise Exception("Unexpected rejection reason: " + ev
)
1290 dev
[0].dump_monitor()
1292 sigma_dut_cmd_check("ap_reset_default")
1294 stop_sigma_dut(sigma
)
1296 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
1297 """sigma_dut controlled AP with OWE and transition mode"""
1298 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1299 raise HwsimSkip("OWE not supported")
1300 logdir
= os
.path
.join(params
['logdir'],
1301 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1302 with
HWSimRadio() as (radio
, iface
):
1303 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1305 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1306 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1307 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1308 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1309 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1310 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1312 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1313 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1315 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1317 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1318 if dev
[0].get_status_field('bssid') not in res1
:
1319 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
1320 if dev
[1].get_status_field('bssid') not in res2
:
1321 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
1323 sigma_dut_cmd_check("ap_reset_default")
1325 stop_sigma_dut(sigma
)
1327 def test_sigma_dut_ap_owe_transition_mode_2(dev
, apdev
, params
):
1328 """sigma_dut controlled AP with OWE and transition mode (2)"""
1329 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1330 raise HwsimSkip("OWE not supported")
1331 logdir
= os
.path
.join(params
['logdir'],
1332 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1333 with
HWSimRadio() as (radio
, iface
):
1334 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1336 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1337 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1338 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1339 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1340 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1341 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1343 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1344 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1346 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1348 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1349 if dev
[0].get_status_field('bssid') not in res2
:
1350 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1
)
1351 if dev
[1].get_status_field('bssid') not in res1
:
1352 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2
)
1354 sigma_dut_cmd_check("ap_reset_default")
1356 stop_sigma_dut(sigma
)
1358 def dpp_init_enrollee(dev
, id1
, enrollee_role
):
1359 logger
.info("Starting DPP initiator/enrollee in a thread")
1361 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1362 if enrollee_role
== "Configurator":
1363 cmd
+= " netrole=configurator"
1364 if "OK" not in dev
.request(cmd
):
1365 raise Exception("Failed to initiate DPP Authentication")
1366 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
1368 raise Exception("DPP configuration not completed (Enrollee)")
1369 logger
.info("DPP initiator/enrollee done")
1371 def test_sigma_dut_dpp_qr_resp_1(dev
, apdev
):
1372 """sigma_dut DPP/QR responder (conf index 1)"""
1373 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1)
1375 def test_sigma_dut_dpp_qr_resp_2(dev
, apdev
):
1376 """sigma_dut DPP/QR responder (conf index 2)"""
1377 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 2)
1379 def test_sigma_dut_dpp_qr_resp_3(dev
, apdev
):
1380 """sigma_dut DPP/QR responder (conf index 3)"""
1381 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3)
1383 def test_sigma_dut_dpp_qr_resp_4(dev
, apdev
):
1384 """sigma_dut DPP/QR responder (conf index 4)"""
1385 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 4)
1387 def test_sigma_dut_dpp_qr_resp_5(dev
, apdev
):
1388 """sigma_dut DPP/QR responder (conf index 5)"""
1389 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 5)
1391 def test_sigma_dut_dpp_qr_resp_6(dev
, apdev
):
1392 """sigma_dut DPP/QR responder (conf index 6)"""
1393 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 6)
1395 def test_sigma_dut_dpp_qr_resp_7(dev
, apdev
):
1396 """sigma_dut DPP/QR responder (conf index 7)"""
1397 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 7)
1399 def test_sigma_dut_dpp_qr_resp_8(dev
, apdev
):
1400 """sigma_dut DPP/QR responder (conf index 8)"""
1401 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 8)
1403 def test_sigma_dut_dpp_qr_resp_9(dev
, apdev
):
1404 """sigma_dut DPP/QR responder (conf index 9)"""
1405 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 9)
1407 def test_sigma_dut_dpp_qr_resp_10(dev
, apdev
):
1408 """sigma_dut DPP/QR responder (conf index 10)"""
1409 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 10)
1411 def test_sigma_dut_dpp_qr_resp_chan_list(dev
, apdev
):
1412 """sigma_dut DPP/QR responder (channel list override)"""
1413 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1, chan_list
='81/2 81/6 81/1',
1416 def test_sigma_dut_dpp_qr_resp_status_query(dev
, apdev
):
1417 """sigma_dut DPP/QR responder status query"""
1418 check_dpp_capab(dev
[1])
1419 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1420 passphrase
="ThisIsDppPassphrase")
1421 hapd
= hostapd
.add_ap(apdev
[0], params
)
1424 dev
[1].set("dpp_config_processing", "2")
1425 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3, status_query
=True)
1427 dev
[1].set("dpp_config_processing", "0", allow_fail
=True)
1429 def test_sigma_dut_dpp_qr_resp_configurator(dev
, apdev
):
1430 """sigma_dut DPP/QR responder (configurator provisioning)"""
1431 run_sigma_dut_dpp_qr_resp(dev
, apdev
, -1, enrollee_role
="Configurator")
1433 def run_sigma_dut_dpp_qr_resp(dev
, apdev
, conf_idx
, chan_list
=None,
1434 listen_chan
=None, status_query
=False,
1435 enrollee_role
="STA"):
1436 check_dpp_capab(dev
[0])
1437 check_dpp_capab(dev
[1])
1438 sigma
= start_sigma_dut(dev
[0].ifname
)
1440 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1442 cmd
+= ",DPPChannelList," + chan_list
1443 res
= sigma_dut_cmd(cmd
)
1444 if "status,COMPLETE" not in res
:
1445 raise Exception("dev_exec_action did not succeed: " + res
)
1446 hex = res
.split(',')[3]
1448 logger
.info("URI from sigma_dut: " + uri
)
1450 id1
= dev
[1].dpp_qr_code(uri
)
1452 t
= threading
.Thread(target
=dpp_init_enrollee
, args
=(dev
[1], id1
,
1455 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
1456 if conf_idx
is not None:
1457 cmd
+= ",DPPConfIndex,%d" % conf_idx
1459 cmd
+= ",DPPListenChannel," + str(listen_chan
)
1461 cmd
+= ",DPPStatusQuery,Yes"
1462 res
= sigma_dut_cmd(cmd
, timeout
=10)
1464 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1465 raise Exception("Unexpected result: " + res
)
1466 if status_query
and "StatusResult,0" not in res
:
1467 raise Exception("Status query did not succeed: " + res
)
1469 stop_sigma_dut(sigma
)
1471 def test_sigma_dut_dpp_qr_init_enrollee(dev
, apdev
):
1472 """sigma_dut DPP/QR initiator as Enrollee"""
1473 check_dpp_capab(dev
[0])
1474 check_dpp_capab(dev
[1])
1476 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1477 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1478 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1479 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1481 params
= {"ssid": "DPPNET01",
1484 "wpa_key_mgmt": "DPP",
1485 "rsn_pairwise": "CCMP",
1486 "dpp_connector": ap_connector
,
1487 "dpp_csign": csign_pub
,
1488 "dpp_netaccesskey": ap_netaccesskey
}
1490 hapd
= hostapd
.add_ap(apdev
[0], params
)
1492 raise HwsimSkip("DPP not supported")
1494 sigma
= start_sigma_dut(dev
[0].ifname
)
1496 dev
[0].set("dpp_config_processing", "2")
1498 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1499 res
= dev
[1].request(cmd
)
1501 raise Exception("Failed to add configurator")
1504 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1505 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1507 dev
[1].set("dpp_configurator_params",
1508 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1509 cmd
= "DPP_LISTEN 2437 role=configurator"
1510 if "OK" not in dev
[1].request(cmd
):
1511 raise Exception("Failed to start listen operation")
1513 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1514 if "status,COMPLETE" not in res
:
1515 raise Exception("dev_exec_action did not succeed: " + res
)
1517 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1518 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1519 raise Exception("Unexpected result: " + res
)
1521 dev
[0].set("dpp_config_processing", "0")
1522 stop_sigma_dut(sigma
)
1524 def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev
, apdev
):
1525 """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
1526 check_dpp_capab(dev
[0])
1527 check_dpp_capab(dev
[1])
1529 sigma
= start_sigma_dut(dev
[0].ifname
)
1531 cmd
= "DPP_CONFIGURATOR_ADD"
1532 res
= dev
[1].request(cmd
)
1534 raise Exception("Failed to add configurator")
1537 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1538 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1540 dev
[1].set("dpp_configurator_params",
1541 " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1542 cmd
= "DPP_LISTEN 2437 role=configurator"
1543 if "OK" not in dev
[1].request(cmd
):
1544 raise Exception("Failed to start listen operation")
1546 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1547 if "status,COMPLETE" not in res
:
1548 raise Exception("dev_exec_action did not succeed: " + res
)
1550 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout
=10)
1551 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1552 raise Exception("Unexpected result: " + res
)
1554 dev
[0].set("dpp_config_processing", "0")
1555 stop_sigma_dut(sigma
)
1557 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1558 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1559 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
)
1561 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
):
1562 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1563 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
,
1564 extra
="DPPAuthDirection,Mutual,")
1566 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
, extra
=''):
1567 check_dpp_capab(dev
[0])
1568 check_dpp_capab(dev
[1])
1570 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1571 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1572 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1573 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1575 params
= {"ssid": "DPPNET01",
1578 "wpa_key_mgmt": "DPP",
1579 "rsn_pairwise": "CCMP",
1580 "dpp_connector": ap_connector
,
1581 "dpp_csign": csign_pub
,
1582 "dpp_netaccesskey": ap_netaccesskey
}
1584 hapd
= hostapd
.add_ap(apdev
[0], params
)
1586 raise HwsimSkip("DPP not supported")
1588 sigma
= start_sigma_dut(dev
[0].ifname
)
1590 dev
[0].set("dpp_config_processing", "2")
1592 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1593 res
= dev
[1].request(cmd
)
1595 raise Exception("Failed to add configurator")
1598 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1599 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1601 dev
[1].set("dpp_configurator_params",
1602 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1603 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1604 if "OK" not in dev
[1].request(cmd
):
1605 raise Exception("Failed to start listen operation")
1607 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1608 if "status,COMPLETE" not in res
:
1609 raise Exception("dev_exec_action did not succeed: " + res
)
1610 hex = res
.split(',')[3]
1612 logger
.info("URI from sigma_dut: " + uri
)
1614 id1
= dev
[1].dpp_qr_code(uri
)
1616 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1617 if "status,COMPLETE" not in res
:
1618 raise Exception("dev_exec_action did not succeed: " + res
)
1620 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
, timeout
=10)
1621 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1622 raise Exception("Unexpected result: " + res
)
1624 dev
[0].set("dpp_config_processing", "0")
1625 stop_sigma_dut(sigma
)
1627 def dpp_init_conf_mutual(dev
, id1
, conf_id
, own_id
=None):
1629 logger
.info("Starting DPP initiator/configurator in a thread")
1630 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1
, to_hex("DPPNET01"), conf_id
)
1631 if own_id
is not None:
1632 cmd
+= " own=%d" % own_id
1633 if "OK" not in dev
.request(cmd
):
1634 raise Exception("Failed to initiate DPP Authentication")
1635 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1637 raise Exception("DPP configuration not completed (Configurator)")
1638 logger
.info("DPP initiator/configurator done")
1640 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
):
1641 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1642 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
)
1644 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev
, apdev
):
1645 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1646 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, ',DPPDelayQRResponse,1')
1648 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, extra
=None):
1649 check_dpp_capab(dev
[0])
1650 check_dpp_capab(dev
[1])
1652 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1653 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1654 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1655 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1657 params
= {"ssid": "DPPNET01",
1660 "wpa_key_mgmt": "DPP",
1661 "rsn_pairwise": "CCMP",
1662 "dpp_connector": ap_connector
,
1663 "dpp_csign": csign_pub
,
1664 "dpp_netaccesskey": ap_netaccesskey
}
1666 hapd
= hostapd
.add_ap(apdev
[0], params
)
1668 raise HwsimSkip("DPP not supported")
1670 sigma
= start_sigma_dut(dev
[0].ifname
)
1672 dev
[0].set("dpp_config_processing", "2")
1674 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1675 res
= dev
[1].request(cmd
)
1677 raise Exception("Failed to add configurator")
1680 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1681 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1683 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1684 if "status,COMPLETE" not in res
:
1685 raise Exception("dev_exec_action did not succeed: " + res
)
1686 hex = res
.split(',')[3]
1688 logger
.info("URI from sigma_dut: " + uri
)
1690 id1
= dev
[1].dpp_qr_code(uri
)
1692 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1693 if "status,COMPLETE" not in res
:
1694 raise Exception("dev_exec_action did not succeed: " + res
)
1696 t
= threading
.Thread(target
=dpp_init_conf_mutual
,
1697 args
=(dev
[1], id1
, conf_id
, id0
))
1700 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1703 res
= sigma_dut_cmd(cmd
, timeout
=25)
1705 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1706 raise Exception("Unexpected result: " + res
)
1708 dev
[0].set("dpp_config_processing", "0")
1709 stop_sigma_dut(sigma
)
1711 def dpp_resp_conf_mutual(dev
, conf_id
, uri
):
1712 logger
.info("Starting DPP responder/configurator in a thread")
1713 dev
.set("dpp_configurator_params",
1714 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1716 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1717 if "OK" not in dev
.request(cmd
):
1718 raise Exception("Failed to initiate DPP listen")
1720 ev
= dev
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=10)
1722 raise Exception("QR Code scan for mutual authentication not requested")
1723 dev
.dpp_qr_code(uri
)
1724 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1726 raise Exception("DPP configuration not completed (Configurator)")
1727 logger
.info("DPP responder/configurator done")
1729 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1730 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1731 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, False)
1733 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev
, apdev
):
1734 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1735 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, True)
1737 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, resp_pending
):
1738 check_dpp_capab(dev
[0])
1739 check_dpp_capab(dev
[1])
1741 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1742 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1743 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1744 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1746 params
= {"ssid": "DPPNET01",
1749 "wpa_key_mgmt": "DPP",
1750 "rsn_pairwise": "CCMP",
1751 "dpp_connector": ap_connector
,
1752 "dpp_csign": csign_pub
,
1753 "dpp_netaccesskey": ap_netaccesskey
}
1755 hapd
= hostapd
.add_ap(apdev
[0], params
)
1757 raise HwsimSkip("DPP not supported")
1759 sigma
= start_sigma_dut(dev
[0].ifname
)
1761 dev
[0].set("dpp_config_processing", "2")
1763 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1764 res
= dev
[1].request(cmd
)
1766 raise Exception("Failed to add configurator")
1769 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1770 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1772 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1773 if "status,COMPLETE" not in res
:
1774 raise Exception("dev_exec_action did not succeed: " + res
)
1775 hex = res
.split(',')[3]
1777 logger
.info("URI from sigma_dut: " + uri
)
1779 if not resp_pending
:
1780 dev
[1].dpp_qr_code(uri
)
1783 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1784 if "status,COMPLETE" not in res
:
1785 raise Exception("dev_exec_action did not succeed: " + res
)
1787 t
= threading
.Thread(target
=dpp_resp_conf_mutual
,
1788 args
=(dev
[1], conf_id
, uri
))
1792 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1793 res
= sigma_dut_cmd(cmd
, timeout
=15)
1795 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1796 raise Exception("Unexpected result: " + res
)
1798 dev
[0].set("dpp_config_processing", "0")
1799 stop_sigma_dut(sigma
)
1801 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev
, apdev
):
1802 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1803 check_dpp_capab(dev
[0])
1804 check_dpp_capab(dev
[1])
1806 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1807 passphrase
="ThisIsDppPassphrase")
1808 hapd
= hostapd
.add_ap(apdev
[0], params
)
1810 sigma
= start_sigma_dut(dev
[0].ifname
)
1812 dev
[0].set("dpp_config_processing", "2")
1814 cmd
= "DPP_CONFIGURATOR_ADD"
1815 res
= dev
[1].request(cmd
)
1817 raise Exception("Failed to add configurator")
1820 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1821 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1823 dev
[1].set("dpp_configurator_params",
1824 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1825 cmd
= "DPP_LISTEN 2437 role=configurator"
1826 if "OK" not in dev
[1].request(cmd
):
1827 raise Exception("Failed to start listen operation")
1829 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1830 if "status,COMPLETE" not in res
:
1831 raise Exception("dev_exec_action did not succeed: " + res
)
1833 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1834 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1835 raise Exception("Unexpected result: " + res
)
1837 dev
[0].set("dpp_config_processing", "0")
1838 stop_sigma_dut(sigma
)
1840 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev
, apdev
):
1841 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1842 check_dpp_capab(dev
[0])
1843 check_dpp_capab(dev
[1])
1844 if "SAE" not in dev
[0].get_capability("auth_alg"):
1845 raise HwsimSkip("SAE not supported")
1847 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1848 passphrase
="ThisIsDppPassphrase")
1849 params
['wpa_key_mgmt'] = 'SAE'
1850 params
["ieee80211w"] = "2"
1851 hapd
= hostapd
.add_ap(apdev
[0], params
)
1853 sigma
= start_sigma_dut(dev
[0].ifname
)
1855 dev
[0].set("dpp_config_processing", "2")
1856 dev
[0].set("sae_groups", "")
1858 cmd
= "DPP_CONFIGURATOR_ADD"
1859 res
= dev
[1].request(cmd
)
1861 raise Exception("Failed to add configurator")
1864 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1865 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1867 dev
[1].set("dpp_configurator_params",
1868 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1869 cmd
= "DPP_LISTEN 2437 role=configurator"
1870 if "OK" not in dev
[1].request(cmd
):
1871 raise Exception("Failed to start listen operation")
1873 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1874 if "status,COMPLETE" not in res
:
1875 raise Exception("dev_exec_action did not succeed: " + res
)
1877 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1878 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1879 raise Exception("Unexpected result: " + res
)
1881 dev
[0].set("dpp_config_processing", "0")
1882 stop_sigma_dut(sigma
)
1884 def test_sigma_dut_dpp_qr_init_configurator_1(dev
, apdev
):
1885 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1886 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1)
1888 def test_sigma_dut_dpp_qr_init_configurator_2(dev
, apdev
):
1889 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1890 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 2)
1892 def test_sigma_dut_dpp_qr_init_configurator_3(dev
, apdev
):
1893 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1894 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 3)
1896 def test_sigma_dut_dpp_qr_init_configurator_4(dev
, apdev
):
1897 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1898 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 4)
1900 def test_sigma_dut_dpp_qr_init_configurator_5(dev
, apdev
):
1901 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1902 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 5)
1904 def test_sigma_dut_dpp_qr_init_configurator_6(dev
, apdev
):
1905 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1906 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 6)
1908 def test_sigma_dut_dpp_qr_init_configurator_7(dev
, apdev
):
1909 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1910 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 7)
1912 def test_sigma_dut_dpp_qr_init_configurator_both(dev
, apdev
):
1913 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1914 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, "Both")
1916 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev
, apdev
):
1917 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1918 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, extra
='DPPSubsequentChannel,81/11')
1920 def run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, conf_idx
,
1921 prov_role
="Configurator",
1923 check_dpp_capab(dev
[0])
1924 check_dpp_capab(dev
[1])
1925 sigma
= start_sigma_dut(dev
[0].ifname
)
1927 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1928 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1930 cmd
= "DPP_LISTEN 2437 role=enrollee"
1931 if "OK" not in dev
[1].request(cmd
):
1932 raise Exception("Failed to start listen operation")
1934 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1935 if "status,COMPLETE" not in res
:
1936 raise Exception("dev_exec_action did not succeed: " + res
)
1938 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role
, conf_idx
)
1941 res
= sigma_dut_cmd(cmd
)
1942 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1943 raise Exception("Unexpected result: " + res
)
1945 stop_sigma_dut(sigma
)
1947 def test_sigma_dut_dpp_incompatible_roles_init(dev
, apdev
):
1948 """sigma_dut DPP roles incompatible (Initiator)"""
1949 check_dpp_capab(dev
[0])
1950 check_dpp_capab(dev
[1])
1951 sigma
= start_sigma_dut(dev
[0].ifname
)
1953 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1954 if "status,COMPLETE" not in res
:
1955 raise Exception("dev_exec_action did not succeed: " + res
)
1956 hex = res
.split(',')[3]
1958 logger
.info("URI from sigma_dut: " + uri
)
1960 id1
= dev
[1].dpp_qr_code(uri
)
1962 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1963 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1965 cmd
= "DPP_LISTEN 2437 role=enrollee"
1966 if "OK" not in dev
[1].request(cmd
):
1967 raise Exception("Failed to start listen operation")
1969 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1970 if "status,COMPLETE" not in res
:
1971 raise Exception("dev_exec_action did not succeed: " + res
)
1973 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1974 res
= sigma_dut_cmd(cmd
)
1975 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
1976 raise Exception("Unexpected result: " + res
)
1978 stop_sigma_dut(sigma
)
1980 def dpp_init_enrollee_mutual(dev
, id1
, own_id
):
1981 logger
.info("Starting DPP initiator/enrollee in a thread")
1983 cmd
= "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1
, own_id
)
1984 if "OK" not in dev
.request(cmd
):
1985 raise Exception("Failed to initiate DPP Authentication")
1986 ev
= dev
.wait_event(["DPP-CONF-RECEIVED",
1987 "DPP-NOT-COMPATIBLE"], timeout
=5)
1989 raise Exception("DPP configuration not completed (Enrollee)")
1990 logger
.info("DPP initiator/enrollee done")
1992 def test_sigma_dut_dpp_incompatible_roles_resp(dev
, apdev
):
1993 """sigma_dut DPP roles incompatible (Responder)"""
1994 check_dpp_capab(dev
[0])
1995 check_dpp_capab(dev
[1])
1996 sigma
= start_sigma_dut(dev
[0].ifname
)
1998 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1999 res
= sigma_dut_cmd(cmd
)
2000 if "status,COMPLETE" not in res
:
2001 raise Exception("dev_exec_action did not succeed: " + res
)
2002 hex = res
.split(',')[3]
2004 logger
.info("URI from sigma_dut: " + uri
)
2006 id1
= dev
[1].dpp_qr_code(uri
)
2008 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2009 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2011 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2012 if "status,COMPLETE" not in res
:
2013 raise Exception("dev_exec_action did not succeed: " + res
)
2015 t
= threading
.Thread(target
=dpp_init_enrollee_mutual
, args
=(dev
[1], id1
, id0
))
2017 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2018 res
= sigma_dut_cmd(cmd
, timeout
=10)
2020 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
2021 raise Exception("Unexpected result: " + res
)
2023 stop_sigma_dut(sigma
)
2025 def test_sigma_dut_dpp_pkex_init_configurator(dev
, apdev
):
2026 """sigma_dut DPP/PKEX initiator as Configurator"""
2027 check_dpp_capab(dev
[0])
2028 check_dpp_capab(dev
[1])
2029 sigma
= start_sigma_dut(dev
[0].ifname
)
2031 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2032 cmd
= "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1
)
2033 res
= dev
[1].request(cmd
)
2035 raise Exception("Failed to set PKEX data (responder)")
2036 cmd
= "DPP_LISTEN 2437 role=enrollee"
2037 if "OK" not in dev
[1].request(cmd
):
2038 raise Exception("Failed to start listen operation")
2040 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
2041 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2042 raise Exception("Unexpected result: " + res
)
2044 stop_sigma_dut(sigma
)
2046 def dpp_init_conf(dev
, id1
, conf
, conf_id
, extra
):
2047 logger
.info("Starting DPP initiator/configurator in a thread")
2048 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1
, conf
, extra
, conf_id
)
2049 if "OK" not in dev
.request(cmd
):
2050 raise Exception("Failed to initiate DPP Authentication")
2051 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2053 raise Exception("DPP configuration not completed (Configurator)")
2054 logger
.info("DPP initiator/configurator done")
2056 def test_sigma_dut_ap_dpp_qr(dev
, apdev
, params
):
2057 """sigma_dut controlled AP (DPP)"""
2058 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-dpp", "sta-dpp")
2060 def test_sigma_dut_ap_dpp_qr_legacy(dev
, apdev
, params
):
2061 """sigma_dut controlled AP (legacy)"""
2062 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2063 extra
="pass=%s" % to_hex("qwertyuiop"))
2065 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev
, apdev
, params
):
2066 """sigma_dut controlled AP (legacy)"""
2067 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2068 extra
="psk=%s" % (32*"12"))
2070 def run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, ap_conf
, sta_conf
, extra
=""):
2071 check_dpp_capab(dev
[0])
2072 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2073 with
HWSimRadio() as (radio
, iface
):
2074 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2076 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2077 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2078 if "status,COMPLETE" not in res
:
2079 raise Exception("dev_exec_action did not succeed: " + res
)
2080 hex = res
.split(',')[3]
2082 logger
.info("URI from sigma_dut: " + uri
)
2084 cmd
= "DPP_CONFIGURATOR_ADD"
2085 res
= dev
[0].request(cmd
)
2087 raise Exception("Failed to add configurator")
2090 id1
= dev
[0].dpp_qr_code(uri
)
2092 t
= threading
.Thread(target
=dpp_init_conf
,
2093 args
=(dev
[0], id1
, ap_conf
, conf_id
, extra
))
2095 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2097 if "ConfResult,OK" not in res
:
2098 raise Exception("Unexpected result: " + res
)
2100 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2101 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
2103 id0b
= dev
[0].dpp_qr_code(uri1
)
2105 dev
[1].set("dpp_config_processing", "2")
2106 cmd
= "DPP_LISTEN 2412"
2107 if "OK" not in dev
[1].request(cmd
):
2108 raise Exception("Failed to start listen operation")
2109 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b
, sta_conf
, extra
, conf_id
)
2110 if "OK" not in dev
[0].request(cmd
):
2111 raise Exception("Failed to initiate DPP Authentication")
2112 dev
[1].wait_connected()
2114 sigma_dut_cmd_check("ap_reset_default")
2116 dev
[1].set("dpp_config_processing", "0")
2117 stop_sigma_dut(sigma
)
2119 def test_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
, params
):
2120 """sigma_dut controlled AP as DPP PKEX responder"""
2121 check_dpp_capab(dev
[0])
2122 logdir
= os
.path
.join(params
['logdir'],
2123 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2124 with
HWSimRadio() as (radio
, iface
):
2125 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2127 run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
)
2129 stop_sigma_dut(sigma
)
2131 def dpp_init_conf_pkex(dev
, conf_id
, check_config
=True):
2132 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2134 id = dev
.dpp_bootstrap_gen(type="pkex")
2135 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id
)
2136 res
= dev
.request(cmd
)
2138 raise Exception("Failed to initiate DPP PKEX")
2139 if not check_config
:
2141 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2143 raise Exception("DPP configuration not completed (Configurator)")
2144 logger
.info("DPP initiator/configurator done")
2146 def run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
):
2147 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2149 cmd
= "DPP_CONFIGURATOR_ADD"
2150 res
= dev
[0].request(cmd
)
2152 raise Exception("Failed to add configurator")
2155 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[0], conf_id
))
2157 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout
=10)
2159 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2160 raise Exception("Unexpected result: " + res
)
2162 sigma_dut_cmd_check("ap_reset_default")
2164 def test_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2165 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2166 check_dpp_capab(dev
[0])
2167 sigma
= start_sigma_dut(dev
[0].ifname
)
2169 run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
)
2171 stop_sigma_dut(sigma
)
2173 def run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2174 cmd
= "DPP_CONFIGURATOR_ADD"
2175 res
= dev
[1].request(cmd
)
2177 raise Exception("Failed to add configurator")
2180 dev
[1].set("dpp_test", "44")
2182 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[1], conf_id
,
2185 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout
=10)
2187 if "BootstrapResult,Timeout" not in res
:
2188 raise Exception("Unexpected result: " + res
)
2190 def dpp_proto_init(dev
, id1
):
2192 logger
.info("Starting DPP initiator/configurator in a thread")
2193 cmd
= "DPP_CONFIGURATOR_ADD"
2194 res
= dev
.request(cmd
)
2196 raise Exception("Failed to add configurator")
2199 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1
, conf_id
)
2200 if "OK" not in dev
.request(cmd
):
2201 raise Exception("Failed to initiate DPP Authentication")
2203 def test_sigma_dut_dpp_proto_initiator(dev
, apdev
):
2204 """sigma_dut DPP protocol testing - Initiator"""
2205 check_dpp_capab(dev
[0])
2206 check_dpp_capab(dev
[1])
2207 tests
= [("InvalidValue", "AuthenticationRequest", "WrappedData",
2208 "BootstrapResult,OK,AuthResult,Errorsent",
2210 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2211 "BootstrapResult,OK,AuthResult,Errorsent",
2213 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2214 "BootstrapResult,OK,AuthResult,Errorsent",
2215 "Missing or invalid I-capabilities"),
2216 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2217 "BootstrapResult,OK,AuthResult,Errorsent",
2218 "Mismatching Initiator Authenticating Tag"),
2219 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2220 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2221 "Missing or invalid Enrollee Nonce attribute")]
2222 for step
, frame
, attr
, result
, fail
in tests
:
2223 dev
[0].request("FLUSH")
2224 dev
[1].request("FLUSH")
2225 sigma
= start_sigma_dut(dev
[0].ifname
)
2227 run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
,
2230 stop_sigma_dut(sigma
)
2232 def run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
, fail
):
2233 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2234 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2236 cmd
= "DPP_LISTEN 2437 role=enrollee"
2237 if "OK" not in dev
[1].request(cmd
):
2238 raise Exception("Failed to start listen operation")
2240 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2241 if "status,COMPLETE" not in res
:
2242 raise Exception("dev_exec_action did not succeed: " + res
)
2244 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
),
2246 if result
not in res
:
2247 raise Exception("Unexpected result: " + res
)
2249 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2250 if ev
is None or fail
not in ev
:
2251 raise Exception("Failure not reported correctly: " + str(ev
))
2253 dev
[1].request("DPP_STOP_LISTEN")
2254 dev
[0].dump_monitor()
2255 dev
[1].dump_monitor()
2257 def test_sigma_dut_dpp_proto_responder(dev
, apdev
):
2258 """sigma_dut DPP protocol testing - Responder"""
2259 check_dpp_capab(dev
[0])
2260 check_dpp_capab(dev
[1])
2261 tests
= [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2262 "BootstrapResult,OK,AuthResult,Errorsent",
2263 "Missing or invalid required DPP Status attribute"),
2264 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2265 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2266 "Missing or invalid Enrollee Nonce attribute")]
2267 for step
, frame
, attr
, result
, fail
in tests
:
2268 dev
[0].request("FLUSH")
2269 dev
[1].request("FLUSH")
2270 sigma
= start_sigma_dut(dev
[0].ifname
)
2272 run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
,
2275 stop_sigma_dut(sigma
)
2277 def run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
, fail
):
2278 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2279 if "status,COMPLETE" not in res
:
2280 raise Exception("dev_exec_action did not succeed: " + res
)
2281 hex = res
.split(',')[3]
2283 logger
.info("URI from sigma_dut: " + uri
)
2285 id1
= dev
[1].dpp_qr_code(uri
)
2287 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2289 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2291 if result
not in res
:
2292 raise Exception("Unexpected result: " + res
)
2294 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2295 if ev
is None or fail
not in ev
:
2296 raise Exception("Failure not reported correctly:" + str(ev
))
2298 dev
[1].request("DPP_STOP_LISTEN")
2299 dev
[0].dump_monitor()
2300 dev
[1].dump_monitor()
2302 def test_sigma_dut_dpp_proto_stop_at_initiator(dev
, apdev
):
2303 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2304 check_dpp_capab(dev
[0])
2305 check_dpp_capab(dev
[1])
2306 tests
= [("AuthenticationResponse",
2307 "BootstrapResult,OK,AuthResult,Errorsent",
2309 ("ConfigurationRequest",
2310 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2312 for frame
, result
, fail
in tests
:
2313 dev
[0].request("FLUSH")
2314 dev
[1].request("FLUSH")
2315 sigma
= start_sigma_dut(dev
[0].ifname
)
2317 run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
)
2319 stop_sigma_dut(sigma
)
2321 def run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
):
2322 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2323 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2325 cmd
= "DPP_LISTEN 2437 role=enrollee"
2326 if "OK" not in dev
[1].request(cmd
):
2327 raise Exception("Failed to start listen operation")
2329 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2330 if "status,COMPLETE" not in res
:
2331 raise Exception("dev_exec_action did not succeed: " + res
)
2333 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
))
2334 if result
not in res
:
2335 raise Exception("Unexpected result: " + res
)
2337 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2338 if ev
is None or fail
not in ev
:
2339 raise Exception("Failure not reported correctly: " + str(ev
))
2341 dev
[1].request("DPP_STOP_LISTEN")
2342 dev
[0].dump_monitor()
2343 dev
[1].dump_monitor()
2345 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, apdev
):
2346 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2347 check_dpp_capab(dev
[0])
2348 check_dpp_capab(dev
[1])
2349 tests
= [("AuthenticationConfirm",
2350 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2352 for frame
, result
, fail
in tests
:
2353 dev
[0].request("FLUSH")
2354 dev
[1].request("FLUSH")
2355 sigma
= start_sigma_dut(dev
[0].ifname
)
2357 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
,
2360 stop_sigma_dut(sigma
)
2362 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
, result
,
2364 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2365 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2367 cmd
= "DPP_LISTEN 2437 role=configurator"
2368 if "OK" not in dev
[1].request(cmd
):
2369 raise Exception("Failed to start listen operation")
2371 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2372 if "status,COMPLETE" not in res
:
2373 raise Exception("dev_exec_action did not succeed: " + res
)
2375 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2376 if result
not in res
:
2377 raise Exception("Unexpected result: " + res
)
2379 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2380 if ev
is None or fail
not in ev
:
2381 raise Exception("Failure not reported correctly: " + str(ev
))
2383 dev
[1].request("DPP_STOP_LISTEN")
2384 dev
[0].dump_monitor()
2385 dev
[1].dump_monitor()
2387 def test_sigma_dut_dpp_proto_stop_at_responder(dev
, apdev
):
2388 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2389 check_dpp_capab(dev
[0])
2390 check_dpp_capab(dev
[1])
2391 tests
= [("AuthenticationRequest",
2392 "BootstrapResult,OK,AuthResult,Errorsent",
2394 ("AuthenticationConfirm",
2395 "BootstrapResult,OK,AuthResult,Errorsent",
2397 for frame
, result
, fail
in tests
:
2398 dev
[0].request("FLUSH")
2399 dev
[1].request("FLUSH")
2400 sigma
= start_sigma_dut(dev
[0].ifname
)
2402 run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
)
2404 stop_sigma_dut(sigma
)
2406 def run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
):
2407 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2408 if "status,COMPLETE" not in res
:
2409 raise Exception("dev_exec_action did not succeed: " + res
)
2410 hex = res
.split(',')[3]
2412 logger
.info("URI from sigma_dut: " + uri
)
2414 id1
= dev
[1].dpp_qr_code(uri
)
2416 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2418 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2420 if result
not in res
:
2421 raise Exception("Unexpected result: " + res
)
2423 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2424 if ev
is None or fail
not in ev
:
2425 raise Exception("Failure not reported correctly:" + str(ev
))
2427 dev
[1].request("DPP_STOP_LISTEN")
2428 dev
[0].dump_monitor()
2429 dev
[1].dump_monitor()
2431 def dpp_proto_init_pkex(dev
):
2433 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2434 cmd
= "DPP_CONFIGURATOR_ADD"
2435 res
= dev
.request(cmd
)
2437 raise Exception("Failed to add configurator")
2440 id = dev
.dpp_bootstrap_gen(type="pkex")
2442 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id
)
2443 if "FAIL" in dev
.request(cmd
):
2444 raise Exception("Failed to initiate DPP PKEX")
2446 def test_sigma_dut_dpp_proto_initiator_pkex(dev
, apdev
):
2447 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2448 check_dpp_capab(dev
[0])
2449 check_dpp_capab(dev
[1])
2450 tests
= [("InvalidValue", "PKEXCRRequest", "WrappedData",
2451 "BootstrapResult,Errorsent",
2453 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2454 "BootstrapResult,Errorsent",
2455 "Missing or invalid Finite Cyclic Group attribute"),
2456 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2457 "BootstrapResult,Errorsent",
2458 "No valid peer bootstrapping key found")]
2459 for step
, frame
, attr
, result
, fail
in tests
:
2460 dev
[0].request("FLUSH")
2461 dev
[1].request("FLUSH")
2462 sigma
= start_sigma_dut(dev
[0].ifname
)
2464 run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
,
2467 stop_sigma_dut(sigma
)
2469 def run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
, result
, fail
):
2470 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2472 cmd
= "DPP_PKEX_ADD own=%d code=secret" % (id1
)
2473 res
= dev
[1].request(cmd
)
2475 raise Exception("Failed to set PKEX data (responder)")
2477 cmd
= "DPP_LISTEN 2437 role=enrollee"
2478 if "OK" not in dev
[1].request(cmd
):
2479 raise Exception("Failed to start listen operation")
2481 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
))
2482 if result
not in res
:
2483 raise Exception("Unexpected result: " + res
)
2485 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2486 if ev
is None or fail
not in ev
:
2487 raise Exception("Failure not reported correctly: " + str(ev
))
2489 dev
[1].request("DPP_STOP_LISTEN")
2490 dev
[0].dump_monitor()
2491 dev
[1].dump_monitor()
2493 def test_sigma_dut_dpp_proto_responder_pkex(dev
, apdev
):
2494 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2495 check_dpp_capab(dev
[0])
2496 check_dpp_capab(dev
[1])
2497 tests
= [("InvalidValue", "PKEXCRResponse", "WrappedData",
2498 "BootstrapResult,Errorsent",
2500 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2501 "BootstrapResult,Errorsent",
2502 "No DPP Status attribute"),
2503 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2504 "BootstrapResult,Errorsent",
2505 "No valid peer bootstrapping key found")]
2506 for step
, frame
, attr
, result
, fail
in tests
:
2507 dev
[0].request("FLUSH")
2508 dev
[1].request("FLUSH")
2509 sigma
= start_sigma_dut(dev
[0].ifname
)
2511 run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
,
2514 stop_sigma_dut(sigma
)
2516 def run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
, result
, fail
):
2517 t
= threading
.Thread(target
=dpp_proto_init_pkex
, args
=(dev
[1],))
2519 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2521 if result
not in res
:
2522 raise Exception("Unexpected result: " + res
)
2524 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2525 if ev
is None or fail
not in ev
:
2526 raise Exception("Failure not reported correctly:" + str(ev
))
2528 dev
[1].request("DPP_STOP_LISTEN")
2529 dev
[0].dump_monitor()
2530 dev
[1].dump_monitor()
2532 def init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2533 check_dpp_capab(dev
[0])
2534 check_dpp_capab(dev
[1])
2536 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2537 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2538 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2539 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2541 params
= {"ssid": "DPPNET01",
2544 "wpa_key_mgmt": "DPP",
2545 "rsn_pairwise": "CCMP",
2546 "dpp_connector": ap_connector
,
2547 "dpp_csign": csign_pub
,
2548 "dpp_netaccesskey": ap_netaccesskey
}
2550 hapd
= hostapd
.add_ap(apdev
[0], params
)
2552 raise HwsimSkip("DPP not supported")
2554 dev
[0].set("dpp_config_processing", "2")
2556 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
2557 res
= dev
[1].request(cmd
)
2559 raise Exception("Failed to add configurator")
2562 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2563 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2565 dev
[1].set("dpp_configurator_params",
2566 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2568 cmd
= "DPP_LISTEN 2437 role=configurator"
2569 if "OK" not in dev
[1].request(cmd
):
2570 raise Exception("Failed to start listen operation")
2572 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2573 if "status,COMPLETE" not in res
:
2574 raise Exception("dev_exec_action did not succeed: " + res
)
2576 def test_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2577 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2578 sigma
= start_sigma_dut(dev
[0].ifname
)
2580 init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
)
2582 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout
=10)
2583 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res
:
2584 raise Exception("Unexpected result: " + res
)
2586 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2587 stop_sigma_dut(sigma
)
2589 def test_sigma_dut_dpp_self_config(dev
, apdev
):
2590 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2591 check_dpp_capab(dev
[0])
2593 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2594 check_dpp_capab(hapd
)
2596 sigma
= start_sigma_dut(dev
[0].ifname
)
2598 dev
[0].set("dpp_config_processing", "2")
2599 id = hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2600 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2602 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2603 if "status,COMPLETE" not in res
:
2604 raise Exception("dev_exec_action did not succeed: " + res
)
2606 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2607 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2608 raise Exception("Unexpected result: " + res
)
2609 update_hapd_config(hapd
)
2611 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2612 res
= sigma_dut_cmd(cmd
, timeout
=10)
2613 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
2614 raise Exception("Unexpected result: " + res
)
2616 stop_sigma_dut(sigma
)
2617 dev
[0].set("dpp_config_processing", "0")
2619 def test_sigma_dut_ap_dpp_self_config(dev
, apdev
, params
):
2620 """sigma_dut DPP AP Configurator using self-configuration"""
2621 logdir
= os
.path
.join(params
['logdir'],
2622 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2623 with
HWSimRadio() as (radio
, iface
):
2624 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2626 run_sigma_dut_ap_dpp_self_config(dev
, apdev
)
2628 stop_sigma_dut(sigma
)
2629 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2631 def run_sigma_dut_ap_dpp_self_config(dev
, apdev
):
2632 check_dpp_capab(dev
[0])
2634 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2636 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout
=10)
2637 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2638 raise Exception("Unexpected result: " + res
)
2640 dev
[0].set("dpp_config_processing", "2")
2642 id = dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True)
2643 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2644 cmd
= "DPP_LISTEN 2462 role=enrollee"
2645 if "OK" not in dev
[0].request(cmd
):
2646 raise Exception("Failed to start listen operation")
2648 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2649 if "status,COMPLETE" not in res
:
2650 raise Exception("dev_exec_action did not succeed: " + res
)
2651 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2652 res
= sigma_dut_cmd(cmd
)
2653 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2654 raise Exception("Unexpected result: " + res
)
2655 dev
[0].wait_connected()
2656 dev
[0].request("DISCONNECT")
2657 dev
[0].wait_disconnected()
2658 sigma_dut_cmd_check("ap_reset_default")
2661 def test_sigma_dut_ap_dpp_relay(dev
, apdev
, params
):
2662 """sigma_dut DPP AP as Relay to Controller"""
2663 logdir
= os
.path
.join(params
['logdir'],
2664 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2665 with
HWSimRadio() as (radio
, iface
):
2666 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2668 run_sigma_dut_ap_dpp_relay(dev
, apdev
)
2670 stop_sigma_dut(sigma
)
2671 dev
[1].request("DPP_CONTROLLER_STOP")
2673 def run_sigma_dut_ap_dpp_relay(dev
, apdev
):
2674 check_dpp_capab(dev
[0])
2675 check_dpp_capab(dev
[1])
2678 conf_id
= dev
[1].dpp_configurator_add()
2679 dev
[1].set("dpp_configurator_params",
2680 " conf=sta-dpp configurator=%d" % conf_id
)
2681 id_c
= dev
[1].dpp_bootstrap_gen()
2682 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2683 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
2685 for line
in res
.splitlines():
2686 name
, value
= line
.split('=')
2687 if name
== "pkhash":
2691 raise Exception("Could not fetch public key hash from Controller")
2692 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2693 raise Exception("Failed to start Controller")
2695 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2696 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash
)
2697 res
= sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2699 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
2700 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0])
2702 sigma_dut_cmd_check("ap_reset_default")
2704 def dpp_init_tcp_enrollee(dev
, id1
):
2705 logger
.info("Starting DPP initiator/enrollee (TCP) in a thread")
2707 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2708 if "OK" not in dev
.request(cmd
):
2709 raise Exception("Failed to initiate DPP Authentication")
2710 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
2712 raise Exception("DPP configuration not completed (Enrollee)")
2713 logger
.info("DPP initiator/enrollee done")
2715 def test_sigma_dut_dpp_tcp_conf_resp(dev
, apdev
):
2716 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2717 run_sigma_dut_dpp_tcp_conf_resp(dev
)
2719 def run_sigma_dut_dpp_tcp_conf_resp(dev
, status_query
=False):
2720 check_dpp_capab(dev
[0])
2721 check_dpp_capab(dev
[1])
2722 sigma
= start_sigma_dut(dev
[0].ifname
)
2724 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2725 res
= sigma_dut_cmd(cmd
)
2726 if "status,COMPLETE" not in res
:
2727 raise Exception("dev_exec_action did not succeed: " + res
)
2728 hex = res
.split(',')[3]
2730 logger
.info("URI from sigma_dut: " + uri
)
2732 id1
= dev
[1].dpp_qr_code(uri
)
2734 t
= threading
.Thread(target
=dpp_init_tcp_enrollee
, args
=(dev
[1], id1
))
2736 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2738 cmd
+= ",DPPStatusQuery,Yes"
2739 res
= sigma_dut_cmd(cmd
, timeout
=10)
2741 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2742 raise Exception("Unexpected result: " + res
)
2743 if status_query
and "StatusResult,0" not in res
:
2744 raise Exception("Status query did not succeed: " + res
)
2746 stop_sigma_dut(sigma
)
2748 def test_sigma_dut_dpp_tcp_enrollee_init(dev
, apdev
):
2749 """sigma_dut DPP TCP Enrollee as initiator"""
2750 check_dpp_capab(dev
[0])
2751 check_dpp_capab(dev
[1])
2752 sigma
= start_sigma_dut(dev
[0].ifname
)
2755 conf_id
= dev
[1].dpp_configurator_add()
2756 dev
[1].set("dpp_configurator_params",
2757 " conf=sta-dpp configurator=%d" % conf_id
)
2758 id_c
= dev
[1].dpp_bootstrap_gen()
2759 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2760 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2761 raise Exception("Failed to start Controller")
2763 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c
))
2764 if "status,COMPLETE" not in res
:
2765 raise Exception("dev_exec_action did not succeed: " + res
)
2767 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2768 res
= sigma_dut_cmd(cmd
, timeout
=10)
2769 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2770 raise Exception("Unexpected result: " + res
)
2772 stop_sigma_dut(sigma
)
2773 dev
[1].request("DPP_CONTROLLER_STOP")
2775 def test_sigma_dut_preconfigured_profile(dev
, apdev
):
2776 """sigma_dut controlled connection using preconfigured profile"""
2778 run_sigma_dut_preconfigured_profile(dev
, apdev
)
2780 dev
[0].set("ignore_old_scan_res", "0")
2782 def run_sigma_dut_preconfigured_profile(dev
, apdev
):
2783 ifname
= dev
[0].ifname
2784 sigma
= start_sigma_dut(ifname
)
2787 params
= hostapd
.wpa2_params(ssid
="test-psk", passphrase
="12345678")
2788 hapd
= hostapd
.add_ap(apdev
[0], params
)
2789 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412",
2790 only_add_network
=True)
2792 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2793 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "test-psk"),
2795 sigma_dut_wait_connected(ifname
)
2796 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2797 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2798 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2800 stop_sigma_dut(sigma
)
2802 def test_sigma_dut_wps_pbc(dev
, apdev
):
2803 """sigma_dut and WPS PBC Enrollee"""
2805 run_sigma_dut_wps_pbc(dev
, apdev
)
2807 dev
[0].set("ignore_old_scan_res", "0")
2809 def run_sigma_dut_wps_pbc(dev
, apdev
):
2810 ssid
= "test-wps-conf"
2811 hapd
= hostapd
.add_ap(apdev
[0],
2812 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2813 "wpa_passphrase": "12345678", "wpa": "2",
2814 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2815 hapd
.request("WPS_PBC")
2817 ifname
= dev
[0].ifname
2818 sigma
= start_sigma_dut(ifname
)
2821 cmd
= "start_wps_registration,interface,%s" % ifname
2822 cmd
+= ",WpsRole,Enrollee"
2823 cmd
+= ",WpsConfigMethod,PBC"
2824 sigma_dut_cmd_check(cmd
, timeout
=15)
2826 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2828 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2830 stop_sigma_dut(sigma
)
2831 dev
[0].flush_scan_cache()
2833 def test_sigma_dut_sta_scan_bss(dev
, apdev
):
2834 """sigma_dut sta_scan_bss"""
2835 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "test"})
2836 sigma
= start_sigma_dut(dev
[0].ifname
)
2838 cmd
= "sta_scan_bss,Interface,%s,BSSID,%s" % (dev
[0].ifname
, \
2840 res
= sigma_dut_cmd(cmd
, timeout
=10)
2841 if "ssid,test,bsschannel,1" not in res
:
2842 raise Exception("Unexpected result: " + res
)
2844 stop_sigma_dut(sigma
)
2846 def test_sigma_dut_sta_scan_ssid_bssid(dev
, apdev
):
2847 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2848 hostapd
.add_ap(apdev
[0], {"ssid": "abcdef"})
2849 hostapd
.add_ap(apdev
[1], {"ssid": "qwerty"})
2850 sigma
= start_sigma_dut(dev
[0].ifname
)
2852 cmd
= "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev
[0].ifname
2853 res
= sigma_dut_cmd(cmd
, timeout
=10)
2854 if "abcdef" not in res
or "qwerty" not in res
:
2855 raise Exception("Unexpected result: " + res
)
2857 stop_sigma_dut(sigma
)
2859 def test_sigma_dut_ap_osen(dev
, apdev
, params
):
2860 """sigma_dut controlled AP with OSEN"""
2861 logdir
= os
.path
.join(params
['logdir'],
2862 "sigma_dut_ap_osen.sigma-hostapd")
2863 with
HWSimRadio() as (radio
, iface
):
2864 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2866 sigma_dut_cmd_check("ap_reset_default")
2867 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2868 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2869 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2870 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2872 # RSN-OSEN (for OSU)
2873 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2874 pairwise
="CCMP", group
="GTK_NOT_USED",
2875 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2876 ca_cert
="auth_serv/ca.pem", scan_freq
="2412")
2878 sigma_dut_cmd_check("ap_reset_default")
2880 stop_sigma_dut(sigma
)
2882 def test_sigma_dut_ap_eap_osen(dev
, apdev
, params
):
2883 """sigma_dut controlled AP with EAP+OSEN"""
2884 logdir
= os
.path
.join(params
['logdir'],
2885 "sigma_dut_ap_eap_osen.sigma-hostapd")
2886 with
HWSimRadio() as (radio
, iface
):
2887 sigma
= start_sigma_dut(iface
, bridge
="ap-br0", hostapd_logdir
=logdir
)
2889 sigma_dut_cmd_check("ap_reset_default")
2890 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2891 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2892 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2893 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2895 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
2896 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2898 # RSN-OSEN (for OSU)
2899 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2901 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2902 ca_cert
="auth_serv/ca.pem", ieee80211w
='2',
2904 # RSN-EAP (for data connection)
2905 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
2906 identity
="hs20-test", password
="password",
2907 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
2908 ieee80211w
='2', scan_freq
="2412")
2910 hwsim_utils
.test_connectivity(dev
[0], dev
[1], broadcast
=False,
2911 success_expected
=False, timeout
=1)
2913 sigma_dut_cmd_check("ap_reset_default")
2915 stop_sigma_dut(sigma
)
2916 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2917 stderr
=open('/dev/null', 'w'))
2918 subprocess
.call(['brctl', 'delbr', 'ap-br0'],
2919 stderr
=open('/dev/null', 'w'))
2921 def test_sigma_dut_ap_eap(dev
, apdev
, params
):
2922 """sigma_dut controlled AP WPA2-Enterprise"""
2923 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2924 with
HWSimRadio() as (radio
, iface
):
2925 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2927 sigma_dut_cmd_check("ap_reset_default")
2928 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2929 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2930 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2931 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2933 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
2934 identity
="gpsk user",
2935 password
="abcdefghijklmnop0123456789abcdef",
2938 sigma_dut_cmd_check("ap_reset_default")
2940 stop_sigma_dut(sigma
)
2942 def test_sigma_dut_ap_eap_sha256(dev
, apdev
, params
):
2943 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2944 logdir
= os
.path
.join(params
['logdir'],
2945 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2946 with
HWSimRadio() as (radio
, iface
):
2947 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2949 sigma_dut_cmd_check("ap_reset_default")
2950 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2951 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2952 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2953 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2955 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP-SHA256", eap
="GPSK",
2956 identity
="gpsk user",
2957 password
="abcdefghijklmnop0123456789abcdef",
2960 sigma_dut_cmd_check("ap_reset_default")
2962 stop_sigma_dut(sigma
)
2964 def test_sigma_dut_ap_ft_eap(dev
, apdev
, params
):
2965 """sigma_dut controlled AP FT-EAP"""
2966 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2967 with
HWSimRadio() as (radio
, iface
):
2968 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2970 sigma_dut_cmd_check("ap_reset_default")
2971 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2972 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2973 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2974 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2976 dev
[0].connect("test-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
2977 identity
="gpsk user",
2978 password
="abcdefghijklmnop0123456789abcdef",
2981 sigma_dut_cmd_check("ap_reset_default")
2983 stop_sigma_dut(sigma
)
2985 def test_sigma_dut_ap_ft_psk(dev
, apdev
, params
):
2986 """sigma_dut controlled AP FT-PSK"""
2987 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2988 with
HWSimRadio() as (radio
, iface
):
2989 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2991 sigma_dut_cmd_check("ap_reset_default")
2992 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2993 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2994 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2996 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
2999 sigma_dut_cmd_check("ap_reset_default")
3001 stop_sigma_dut(sigma
)
3003 def test_sigma_dut_ap_ft_over_ds_psk(dev
, apdev
, params
):
3004 """sigma_dut controlled AP FT-PSK (over-DS)"""
3005 logdir
= os
.path
.join(params
['logdir'],
3006 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
3007 conffile
= os
.path
.join(params
['logdir'],
3008 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
3009 with
HWSimRadio() as (radio
, iface
):
3010 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3012 sigma_dut_cmd_check("ap_reset_default")
3013 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
3014 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3015 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3017 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3018 with
open(conffile
, "wb") as f2
:
3021 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
3024 sigma_dut_cmd_check("ap_reset_default")
3026 stop_sigma_dut(sigma
)
3028 def test_sigma_dut_ap_ent_ft_eap(dev
, apdev
, params
):
3029 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
3030 logdir
= os
.path
.join(params
['logdir'],
3031 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
3032 with
HWSimRadio() as (radio
, iface
):
3033 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3035 sigma_dut_cmd_check("ap_reset_default")
3036 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3037 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3038 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
3039 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3041 dev
[0].connect("test-ent-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
3042 identity
="gpsk user",
3043 password
="abcdefghijklmnop0123456789abcdef",
3045 dev
[1].connect("test-ent-ft-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
3046 identity
="gpsk user",
3047 password
="abcdefghijklmnop0123456789abcdef",
3050 sigma_dut_cmd_check("ap_reset_default")
3052 stop_sigma_dut(sigma
)
3054 def test_sigma_dut_venue_url(dev
, apdev
):
3055 """sigma_dut controlled Venue URL fetch"""
3057 run_sigma_dut_venue_url(dev
, apdev
)
3059 dev
[0].set("ignore_old_scan_res", "0")
3061 def run_sigma_dut_venue_url(dev
, apdev
):
3062 ifname
= dev
[0].ifname
3063 sigma
= start_sigma_dut(ifname
)
3067 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3068 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3069 params
["ieee80211w"] = "2"
3073 venue_info
= struct
.pack('BB', venue_group
, venue_type
)
3075 name1
= "Example venue"
3077 name2
= "Esimerkkipaikka"
3078 venue1
= struct
.pack('B', len(lang1
+ name1
)) + lang1
.encode() + name1
.encode()
3079 venue2
= struct
.pack('B', len(lang2
+ name2
)) + lang2
.encode() + name2
.encode()
3080 venue_name
= binascii
.hexlify(venue_info
+ venue1
+ venue2
)
3082 url1
= "http://example.com/venue"
3083 url2
= "https://example.org/venue-info/"
3084 params
["venue_group"] = str(venue_group
)
3085 params
["venue_type"] = str(venue_type
)
3086 params
["venue_name"] = [lang1
+ ":" + name1
, lang2
+ ":" + name2
]
3087 params
["venue_url"] = ["1:" + url1
, "2:" + url2
]
3089 hapd
= hostapd
.add_ap(apdev
[0], params
)
3091 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
3092 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3093 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "venue", "12345678"))
3094 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "venue"),
3096 sigma_dut_wait_connected(ifname
)
3097 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3098 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname
+ ",Display,Yes")
3099 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3100 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3102 stop_sigma_dut(sigma
)
3104 def test_sigma_dut_hs20_assoc_24(dev
, apdev
):
3105 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3106 run_sigma_dut_hs20_assoc(dev
, apdev
, True)
3108 def test_sigma_dut_hs20_assoc_5(dev
, apdev
):
3109 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3110 run_sigma_dut_hs20_assoc(dev
, apdev
, False)
3112 def run_sigma_dut_hs20_assoc(dev
, apdev
, band24
):
3116 bssid0
= apdev
[0]['bssid']
3117 params
= hs20_ap_params()
3118 params
['hessid'] = bssid0
3119 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3121 bssid1
= apdev
[1]['bssid']
3122 params
= hs20_ap_params()
3123 params
['hessid'] = bssid0
3124 params
["hw_mode"] = "a"
3125 params
["channel"] = "36"
3126 params
["country_code"] = "US"
3127 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3129 band
= "2.4" if band24
else "5"
3130 exp_bssid
= bssid0
if band24
else bssid1
3131 run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, exp_bssid
)
3133 dev
[0].request("DISCONNECT")
3135 hapd0
.request("DISABLE")
3137 hapd1
.request("DISABLE")
3138 subprocess
.call(['iw', 'reg', 'set', '00'])
3139 dev
[0].flush_scan_cache()
3141 def run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, expect_bssid
):
3142 check_eap_capa(dev
[0], "MSCHAPV2")
3143 dev
[0].flush_scan_cache()
3145 ifname
= dev
[0].ifname
3146 sigma
= start_sigma_dut(ifname
)
3149 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname
)
3150 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3151 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname
)
3152 res
= sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname
, band
),
3154 sigma_dut_wait_connected(ifname
)
3155 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3156 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3157 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3159 stop_sigma_dut(sigma
)
3161 if "BSSID," + expect_bssid
not in res
:
3162 raise Exception("Unexpected BSSID: " + res
)
3164 def test_sigma_dut_ap_hs20(dev
, apdev
, params
):
3165 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3166 logdir
= os
.path
.join(params
['logdir'],
3167 "sigma_dut_ap_hs20.sigma-hostapd")
3168 conffile
= os
.path
.join(params
['logdir'],
3169 "sigma_dut_ap_hs20.sigma-conf")
3170 with
HWSimRadio() as (radio
, iface
):
3171 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3173 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3174 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3175 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3176 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3177 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3178 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3179 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3180 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3181 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3182 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3183 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3184 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3185 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3186 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3188 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3189 with
open(conffile
, "wb") as f2
:
3192 sigma_dut_cmd_check("ap_reset_default")
3194 stop_sigma_dut(sigma
)
3196 def test_sigma_dut_eap_ttls_uosc(dev
, apdev
, params
):
3197 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3198 logdir
= params
['logdir']
3200 with
open("auth_serv/ca.pem", "r") as f
:
3201 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.ca.pem"),
3205 src
= "auth_serv/server.pem"
3206 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.der")
3207 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3208 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3210 stderr
=open('/dev/null', 'w'))
3211 with
open(dst
, "rb") as f
:
3213 hash = hashlib
.sha256(der
).digest()
3214 with
open(hashdst
, "w") as f
:
3215 f
.write(binascii
.hexlify(hash).decode())
3217 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3218 with
open(dst
, "w") as f
:
3221 ssid
= "test-wpa2-eap"
3222 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3223 hapd
= hostapd
.add_ap(apdev
[0], params
)
3225 ifname
= dev
[0].ifname
3226 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3229 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname
, ssid
)
3231 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3232 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3233 sigma_dut_cmd_check(cmd
)
3234 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3236 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3238 raise Exception("Server certificate error not reported")
3240 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3241 if "ServerCertTrustResult,Accepted" not in res
:
3242 raise Exception("Server certificate trust was not accepted")
3243 sigma_dut_wait_connected(ifname
)
3244 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3245 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3246 dev
[0].dump_monitor()
3248 stop_sigma_dut(sigma
)
3250 def test_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
):
3251 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3252 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, False)
3254 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev
, apdev
, params
):
3255 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3256 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, True)
3258 def run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, tofu
):
3259 logdir
= params
['logdir']
3261 name
= "sigma_dut_eap_ttls_uosc_tod"
3264 with
open("auth_serv/ca.pem", "r") as f
:
3265 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3269 src
= "auth_serv/server-certpol2.pem"
3271 src
= "auth_serv/server-certpol.pem"
3272 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3273 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3274 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3276 stderr
=open('/dev/null', 'w'))
3277 with
open(dst
, "rb") as f
:
3279 hash = hashlib
.sha256(der
).digest()
3280 with
open(hashdst
, "w") as f
:
3281 f
.write(binascii
.hexlify(hash).decode())
3283 ssid
= "test-wpa2-eap"
3284 params
= int_eap_server_params()
3285 params
["ssid"] = ssid
3287 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3288 params
["private_key"] = "auth_serv/server-certpol2.key"
3290 params
["server_cert"] = "auth_serv/server-certpol.pem"
3291 params
["private_key"] = "auth_serv/server-certpol.key"
3292 hapd
= hostapd
.add_ap(apdev
[0], params
)
3294 ifname
= dev
[0].ifname
3295 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3298 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name
+ ".server.pem") % (ifname
, ssid
)
3299 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3300 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3301 sigma_dut_cmd_check(cmd
)
3302 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3304 sigma_dut_wait_connected(ifname
)
3305 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3306 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
+ ",maintain_profile,1")
3307 dev
[0].wait_disconnected()
3308 dev
[0].dump_monitor()
3311 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3312 hapd
= hostapd
.add_ap(apdev
[0], params
)
3314 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3316 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3318 raise Exception("Server certificate error not reported")
3320 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3321 if "ServerCertTrustResult,Accepted" in res
:
3322 raise Exception("Server certificate trust override was accepted unexpectedly")
3323 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3324 dev
[0].dump_monitor()
3326 stop_sigma_dut(sigma
)
3328 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev
, apdev
, params
):
3329 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3330 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, False)
3332 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev
, apdev
, params
):
3333 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3334 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, True)
3336 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, tofu
):
3337 logdir
= params
['logdir']
3339 name
= "sigma_dut_eap_ttls_uosc_initial_tod"
3342 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
3343 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3347 src
= "auth_serv/server-certpol2.pem"
3349 src
= "auth_serv/server-certpol.pem"
3350 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3351 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3352 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3354 stderr
=open('/dev/null', 'w'))
3355 with
open(dst
, "rb") as f
:
3357 hash = hashlib
.sha256(der
).digest()
3358 with
open(hashdst
, "w") as f
:
3359 f
.write(binascii
.hexlify(hash).decode())
3361 ssid
= "test-wpa2-eap"
3362 params
= int_eap_server_params()
3363 params
["ssid"] = ssid
3365 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3366 params
["private_key"] = "auth_serv/server-certpol2.key"
3368 params
["server_cert"] = "auth_serv/server-certpol.pem"
3369 params
["private_key"] = "auth_serv/server-certpol.key"
3370 hapd
= hostapd
.add_ap(apdev
[0], params
)
3372 ifname
= dev
[0].ifname
3373 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3376 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname
, ssid
)
3377 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3378 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3379 sigma_dut_cmd_check(cmd
)
3380 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3382 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=15)
3384 raise Exception("Server certificate validation failure not reported")
3386 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3387 if not tofu
and "ServerCertTrustResult,Accepted" in res
:
3388 raise Exception("Server certificate trust override was accepted unexpectedly")
3389 if tofu
and "ServerCertTrustResult,Accepted" not in res
:
3390 raise Exception("Server certificate trust override was not accepted")
3391 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3392 dev
[0].dump_monitor()
3394 stop_sigma_dut(sigma
)
3396 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev
, apdev
, params
):
3397 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3398 check_domain_suffix_match(dev
[0])
3399 logdir
= params
['logdir']
3401 with
open("auth_serv/ca.pem", "r") as f
:
3402 with
open(os
.path
.join(logdir
,
3403 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3407 ssid
= "test-wpa2-eap"
3408 params
= int_eap_server_params()
3409 params
["ssid"] = ssid
3410 params
["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3411 params
["server_cert"] = "auth_serv/rsa3072-server.pem"
3412 params
["private_key"] = "auth_serv/rsa3072-server.key"
3413 hapd
= hostapd
.add_ap(apdev
[0], params
)
3415 ifname
= dev
[0].ifname
3416 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3419 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname
, ssid
)
3420 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3421 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3422 sigma_dut_cmd_check(cmd
)
3423 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3425 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3427 raise Exception("Server certificate error not reported")
3429 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3430 if "ServerCertTrustResult,Accepted" not in res
:
3431 raise Exception("Server certificate trust was not accepted")
3432 sigma_dut_wait_connected(ifname
)
3433 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3434 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3435 dev
[0].dump_monitor()
3437 stop_sigma_dut(sigma
)
3439 def start_sae_pwe_ap(apdev
, sae_pwe
):
3441 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3442 params
['wpa_key_mgmt'] = 'SAE'
3443 params
["ieee80211w"] = "2"
3444 params
['sae_groups'] = '19'
3445 params
['sae_pwe'] = str(sae_pwe
)
3446 return hostapd
.add_ap(apdev
, params
)
3448 def connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3450 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3451 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3452 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3455 sigma_dut_cmd_check(cmd
)
3456 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3458 sigma_dut_wait_connected(ifname
)
3459 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3460 dev
.wait_disconnected()
3461 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3464 def no_connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3466 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3467 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3468 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3471 sigma_dut_cmd_check(cmd
)
3472 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3474 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
3475 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3476 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3477 raise Exception("Unexpected connection result")
3478 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3481 def test_sigma_dut_sae_h2e(dev
, apdev
):
3482 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3483 if "SAE" not in dev
[0].get_capability("auth_alg"):
3484 raise HwsimSkip("SAE not supported")
3486 start_sae_pwe_ap(apdev
[0], 2)
3488 ifname
= dev
[0].ifname
3489 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3491 connect_sae_pwe_sta(dev
[0], ifname
)
3492 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3493 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3494 res
= sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname
, "test-sae", "12345678"))
3495 if res
!= "status,ERROR,errorCode,Unsupported sae_pwe value":
3496 raise Exception("Unexpected error result: " + res
)
3498 stop_sigma_dut(sigma
)
3499 dev
[0].set("sae_pwe", "0")
3501 def test_sigma_dut_sae_h2e_ap_loop(dev
, apdev
):
3502 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3503 if "SAE" not in dev
[0].get_capability("auth_alg"):
3504 raise HwsimSkip("SAE not supported")
3506 start_sae_pwe_ap(apdev
[0], 0)
3508 ifname
= dev
[0].ifname
3509 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3511 connect_sae_pwe_sta(dev
[0], ifname
)
3512 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3513 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3515 stop_sigma_dut(sigma
)
3516 dev
[0].set("sae_pwe", "0")
3518 def test_sigma_dut_sae_h2e_ap_h2e(dev
, apdev
):
3519 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3520 if "SAE" not in dev
[0].get_capability("auth_alg"):
3521 raise HwsimSkip("SAE not supported")
3523 start_sae_pwe_ap(apdev
[0], 1)
3525 ifname
= dev
[0].ifname
3526 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3528 connect_sae_pwe_sta(dev
[0], ifname
)
3529 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3530 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3532 stop_sigma_dut(sigma
)
3533 dev
[0].set("sae_pwe", "0")
3535 def test_sigma_dut_ap_sae_h2e(dev
, apdev
, params
):
3536 """sigma_dut controlled AP with SAE H2E"""
3537 logdir
= os
.path
.join(params
['logdir'],
3538 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3539 if "SAE" not in dev
[0].get_capability("auth_alg"):
3540 raise HwsimSkip("SAE not supported")
3541 with
HWSimRadio() as (radio
, iface
):
3542 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3544 sigma_dut_cmd_check("ap_reset_default")
3545 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3546 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3547 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3549 for sae_pwe
in [0, 1, 2]:
3550 dev
[0].request("SET sae_groups ")
3551 dev
[0].set("sae_pwe", str(sae_pwe
))
3552 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3553 ieee80211w
="2", scan_freq
="2412")
3554 dev
[0].request("REMOVE_NETWORK all")
3555 dev
[0].wait_disconnected()
3556 dev
[0].dump_monitor()
3558 sigma_dut_cmd_check("ap_reset_default")
3560 stop_sigma_dut(sigma
)
3561 dev
[0].set("sae_pwe", "0")
3563 def test_sigma_dut_ap_sae_h2e_only(dev
, apdev
, params
):
3564 """sigma_dut controlled AP with SAE H2E-only"""
3565 logdir
= os
.path
.join(params
['logdir'],
3566 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3567 if "SAE" not in dev
[0].get_capability("auth_alg"):
3568 raise HwsimSkip("SAE not supported")
3569 with
HWSimRadio() as (radio
, iface
):
3570 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3572 sigma_dut_cmd_check("ap_reset_default")
3573 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3574 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3575 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3577 dev
[0].request("SET sae_groups ")
3578 dev
[0].set("sae_pwe", "1")
3579 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3580 ieee80211w
="2", scan_freq
="2412")
3581 dev
[0].request("REMOVE_NETWORK all")
3582 dev
[0].wait_disconnected()
3583 dev
[0].dump_monitor()
3585 dev
[0].set("sae_pwe", "0")
3586 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3587 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3588 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3589 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3590 dev
[0].request("DISCONNECT")
3591 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3592 raise Exception("Unexpected connection result")
3594 sigma_dut_cmd_check("ap_reset_default")
3596 stop_sigma_dut(sigma
)
3597 dev
[0].set("sae_pwe", "0")
3599 def test_sigma_dut_ap_sae_loop_only(dev
, apdev
, params
):
3600 """sigma_dut controlled AP with SAE looping-only"""
3601 logdir
= os
.path
.join(params
['logdir'],
3602 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3603 if "SAE" not in dev
[0].get_capability("auth_alg"):
3604 raise HwsimSkip("SAE not supported")
3605 with
HWSimRadio() as (radio
, iface
):
3606 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3608 sigma_dut_cmd_check("ap_reset_default")
3609 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3610 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3611 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3613 dev
[0].request("SET sae_groups ")
3614 dev
[0].set("sae_pwe", "0")
3615 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3616 ieee80211w
="2", scan_freq
="2412")
3617 dev
[0].request("REMOVE_NETWORK all")
3618 dev
[0].wait_disconnected()
3619 dev
[0].dump_monitor()
3621 dev
[0].set("sae_pwe", "1")
3622 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3623 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3624 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3625 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3626 dev
[0].request("DISCONNECT")
3627 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3628 raise Exception("Unexpected connection result")
3630 sigma_dut_cmd_check("ap_reset_default")
3632 stop_sigma_dut(sigma
)
3633 dev
[0].set("sae_pwe", "0")
3635 def test_sigma_dut_sae_h2e_loop_forcing(dev
, apdev
):
3636 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3637 if "SAE" not in dev
[0].get_capability("auth_alg"):
3638 raise HwsimSkip("SAE not supported")
3641 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3642 params
['wpa_key_mgmt'] = 'SAE'
3643 params
["ieee80211w"] = "2"
3644 params
['sae_pwe'] = '1'
3645 hapd
= hostapd
.add_ap(apdev
[0], params
)
3647 ifname
= dev
[0].ifname
3648 sigma
= start_sigma_dut(ifname
)
3650 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3651 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3652 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname
, "test-sae", "12345678"))
3653 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3655 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3657 raise Exception("No authentication attempt reported")
3658 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3660 raise Exception("Unexpected connection reported")
3662 stop_sigma_dut(sigma
)
3664 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev
, apdev
):
3665 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3666 if "SAE" not in dev
[0].get_capability("auth_alg"):
3667 raise HwsimSkip("SAE not supported")
3670 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3671 params
['wpa_key_mgmt'] = 'SAE'
3672 params
["ieee80211w"] = "2"
3673 params
['sae_groups'] = "19 20"
3674 params
['sae_pwe'] = '1'
3675 hapd
= hostapd
.add_ap(apdev
[0], params
)
3677 ifname
= dev
[0].ifname
3678 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3680 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3681 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3682 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname
, "test-sae", "12345678"))
3683 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3685 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3687 raise Exception("No authentication attempt reported")
3688 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3690 raise Exception("Unexpected connection reported")
3692 stop_sigma_dut(sigma
)
3694 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev
, apdev
):
3695 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3696 if "SAE" not in dev
[0].get_capability("auth_alg"):
3697 raise HwsimSkip("SAE not supported")
3700 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3701 params
['wpa_key_mgmt'] = 'SAE'
3702 params
["ieee80211w"] = "2"
3703 params
['sae_groups'] = "19"
3704 params
['sae_pwe'] = '1'
3705 hapd
= hostapd
.add_ap(apdev
[0], params
)
3707 ifname
= dev
[0].ifname
3708 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3710 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3711 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3712 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname
, "test-sae", "12345678"))
3713 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3715 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3717 raise Exception("No authentication attempt reported")
3718 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3720 raise Exception("Unexpected connection reported")
3722 stop_sigma_dut(sigma
)
3723 dev
[0].set("sae_pwe", "0")
3725 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev
, apdev
, params
):
3726 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3727 logdir
= os
.path
.join(params
['logdir'],
3728 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3729 if "SAE" not in dev
[0].get_capability("auth_alg"):
3730 raise HwsimSkip("SAE not supported")
3731 with
HWSimRadio() as (radio
, iface
):
3732 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3734 sigma_dut_cmd_check("ap_reset_default")
3735 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3736 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3737 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3739 dev
[0].request("SET sae_groups ")
3740 dev
[0].set("sae_pwe", "1")
3741 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3742 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3743 ev
= dev
[0].wait_event(["Associated with"], timeout
=10)
3745 raise Exception("No indication of association seen")
3746 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3747 "CTRL-EVENT-DISCONNECTED"], timeout
=10)
3748 dev
[0].request("DISCONNECT")
3750 raise Exception("No disconnection seen")
3751 if "CTRL-EVENT-DISCONNECTED" not in ev
:
3752 raise Exception("Unexpected connection")
3754 sigma_dut_cmd_check("ap_reset_default")
3756 stop_sigma_dut(sigma
)
3757 dev
[0].set("sae_pwe", "0")
3759 def test_sigma_dut_ap_sae_h2e_group_rejection(dev
, apdev
, params
):
3760 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3761 logdir
= os
.path
.join(params
['logdir'],
3762 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3763 if "SAE" not in dev
[0].get_capability("auth_alg"):
3764 raise HwsimSkip("SAE not supported")
3765 with
HWSimRadio() as (radio
, iface
):
3766 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3768 sigma_dut_cmd_check("ap_reset_default")
3769 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3770 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3771 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3773 dev
[0].request("SET sae_groups 21 20 19")
3774 dev
[0].set("sae_pwe", "1")
3775 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3776 ieee80211w
="2", scan_freq
="2412")
3777 addr
= dev
[0].own_addr()
3778 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr
)
3779 if "DHGroupVerResult,21 20" not in res
:
3780 raise Exception("Unexpected dev_exec_action response: " + res
)
3782 sigma_dut_cmd_check("ap_reset_default")
3784 stop_sigma_dut(sigma
)
3785 dev
[0].set("sae_pwe", "0")