]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: sigma_dut and DPP Configurator provisioning
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import binascii
9 import errno
10 import fcntl
11 import hashlib
12 import logging
13 logger = logging.getLogger()
14 import os
15 import socket
16 import struct
17 import subprocess
18 import threading
19 import time
20
21 import hostapd
22 from utils import HwsimSkip
23 from hwsim import HWSimRadio
24 import hwsim_utils
25 from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
26 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
27 from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match
28 from test_ap_hs20 import hs20_ap_params
29
30 def check_sigma_dut():
31 if not os.path.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
33
34 def to_hex(s):
35 return binascii.hexlify(s.encode()).decode()
36
37 def from_hex(s):
38 return binascii.unhexlify(s).decode()
39
40 def sigma_log_output(cmd):
41 try:
42 out = cmd.stdout.read()
43 if out:
44 logger.debug("sigma_dut stdout: " + str(out.decode()))
45 except IOError as e:
46 if e.errno != errno.EAGAIN:
47 raise
48 try:
49 out = cmd.stderr.read()
50 if out:
51 logger.debug("sigma_dut stderr: " + str(out.decode()))
52 except IOError as e:
53 if e.errno != errno.EAGAIN:
54 raise
55
56 sigma_prog = None
57
58 def sigma_dut_cmd(cmd, port=9000, timeout=2):
59 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
60 socket.IPPROTO_TCP)
61 sock.settimeout(timeout)
62 addr = ('127.0.0.1', port)
63 sock.connect(addr)
64 sock.send(cmd.encode() + b"\r\n")
65 try:
66 res = sock.recv(1000).decode()
67 running = False
68 done = False
69 for line in res.splitlines():
70 if line.startswith("status,RUNNING"):
71 running = True
72 elif line.startswith("status,INVALID"):
73 done = True
74 elif line.startswith("status,ERROR"):
75 done = True
76 elif line.startswith("status,COMPLETE"):
77 done = True
78 if running and not done:
79 # Read the actual response
80 res = sock.recv(1000).decode()
81 except:
82 res = ''
83 pass
84 sock.close()
85 res = res.rstrip()
86 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
87 global sigma_prog
88 if sigma_prog:
89 sigma_log_output(sigma_prog)
90 return res
91
92 def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
93 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
94 if "COMPLETE" not in res:
95 raise Exception("sigma_dut command failed: " + cmd)
96 return res
97
98 def start_sigma_dut(ifname, hostapd_logdir=None, cert_path=None,
99 bridge=None, sae_h2e=False):
100 check_sigma_dut()
101 cmd = ['./sigma_dut',
102 '-d',
103 '-M', ifname,
104 '-S', ifname,
105 '-F', '../../hostapd/hostapd',
106 '-G',
107 '-w', '/var/run/wpa_supplicant/',
108 '-j', ifname]
109 if hostapd_logdir:
110 cmd += ['-H', hostapd_logdir]
111 if cert_path:
112 cmd += ['-C', cert_path]
113 if bridge:
114 cmd += ['-b', bridge]
115 if sae_h2e:
116 cmd += ['-2']
117 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
118 stderr=subprocess.PIPE)
119 for stream in [sigma.stdout, sigma.stderr]:
120 fd = stream.fileno()
121 fl = fcntl.fcntl(fd, fcntl.F_GETFL)
122 fcntl.fcntl(fd, fcntl.F_SETFL, fl | os.O_NONBLOCK)
123
124 global sigma_prog
125 sigma_prog = sigma
126 res = None
127 for i in range(20):
128 try:
129 res = sigma_dut_cmd("HELLO")
130 break
131 except:
132 time.sleep(0.05)
133 if res is None or "errorCode,Unknown command" not in res:
134 raise Exception("Failed to start sigma_dut")
135 return {'cmd': sigma, 'ifname': ifname}
136
137 def stop_sigma_dut(sigma):
138 global sigma_prog
139 sigma_prog = None
140 cmd = sigma['cmd']
141 sigma_log_output(cmd)
142 logger.debug("Terminating sigma_dut process")
143 cmd.terminate()
144 cmd.wait()
145 out, err = cmd.communicate()
146 logger.debug("sigma_dut stdout: " + str(out.decode()))
147 logger.debug("sigma_dut stderr: " + str(err.decode()))
148 subprocess.call(["ip", "addr", "del", "dev", sigma['ifname'],
149 "127.0.0.11/24"],
150 stderr=open('/dev/null', 'w'))
151
152 def sigma_dut_wait_connected(ifname):
153 for i in range(50):
154 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
155 if "connected,1" in res:
156 break
157 time.sleep(0.2)
158 if i == 49:
159 raise Exception("Connection did not complete")
160
161 def test_sigma_dut_basic(dev, apdev):
162 """sigma_dut basic functionality"""
163 sigma = start_sigma_dut(dev[0].ifname)
164
165 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
166 ("device_get_info", "status,COMPLETE,vendor"),
167 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
168 ("device_list_interfaces,interfaceType,802.11",
169 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
170 try:
171 res = sigma_dut_cmd("UNKNOWN")
172 if "status,INVALID,errorCode,Unknown command" not in res:
173 raise Exception("Unexpected sigma_dut response to unknown command")
174
175 for cmd, response in tests:
176 res = sigma_dut_cmd(cmd)
177 if response not in res:
178 raise Exception("Unexpected %s response: %s" % (cmd, res))
179 finally:
180 stop_sigma_dut(sigma)
181
182 def test_sigma_dut_open(dev, apdev):
183 """sigma_dut controlled open network association"""
184 try:
185 run_sigma_dut_open(dev, apdev)
186 finally:
187 dev[0].set("ignore_old_scan_res", "0")
188
189 def run_sigma_dut_open(dev, apdev):
190 ifname = dev[0].ifname
191 sigma = start_sigma_dut(ifname)
192
193 try:
194 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
195
196 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
197 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
198 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"),
199 timeout=10)
200 sigma_dut_wait_connected(ifname)
201 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
202 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
203 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
204 finally:
205 stop_sigma_dut(sigma)
206
207 def test_sigma_dut_psk_pmf(dev, apdev):
208 """sigma_dut controlled PSK+PMF association"""
209 try:
210 run_sigma_dut_psk_pmf(dev, apdev)
211 finally:
212 dev[0].set("ignore_old_scan_res", "0")
213
214 def run_sigma_dut_psk_pmf(dev, apdev):
215 ifname = dev[0].ifname
216 sigma = start_sigma_dut(ifname)
217
218 try:
219 ssid = "test-pmf-required"
220 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
221 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
222 params["ieee80211w"] = "2"
223 hapd = hostapd.add_ap(apdev[0], params)
224
225 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
226 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
227 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
228 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
229 timeout=10)
230 sigma_dut_wait_connected(ifname)
231 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
232 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
233 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
234 finally:
235 stop_sigma_dut(sigma)
236
237 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
238 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
239 try:
240 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
241 finally:
242 dev[0].set("ignore_old_scan_res", "0")
243
244 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
245 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
246 try:
247 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
248 finally:
249 dev[0].set("ignore_old_scan_res", "0")
250
251 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
252 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
253 try:
254 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
255 finally:
256 dev[0].set("ignore_old_scan_res", "0")
257
258 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
259 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
260 try:
261 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
262 finally:
263 dev[0].set("ignore_old_scan_res", "0")
264
265 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
266 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
267 try:
268 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
269 failure=True)
270 finally:
271 dev[0].set("ignore_old_scan_res", "0")
272
273 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
274 failure=False):
275 ifname = dev[0].ifname
276 sigma = start_sigma_dut(ifname)
277
278 try:
279 ssid = "test-pmf-required"
280 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
281 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
282 params["ieee80211w"] = "2"
283 params["group_mgmt_cipher"] = hostapd_cipher
284 hapd = hostapd.add_ap(apdev[0], params)
285
286 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
287 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
288 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
289 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
290 timeout=2 if failure else 10)
291 if failure:
292 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
293 "CTRL-EVENT-CONNECTED"], timeout=10)
294 if ev is None:
295 raise Exception("Network selection result not indicated")
296 if "CTRL-EVENT-CONNECTED" in ev:
297 raise Exception("Unexpected connection")
298 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
299 if "connected,1" in res:
300 raise Exception("Connection reported")
301 else:
302 sigma_dut_wait_connected(ifname)
303 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
304
305 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
306 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
307 finally:
308 stop_sigma_dut(sigma)
309
310 def test_sigma_dut_sae(dev, apdev):
311 """sigma_dut controlled SAE association"""
312 if "SAE" not in dev[0].get_capability("auth_alg"):
313 raise HwsimSkip("SAE not supported")
314
315 ifname = dev[0].ifname
316 sigma = start_sigma_dut(ifname)
317
318 try:
319 ssid = "test-sae"
320 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
321 params['wpa_key_mgmt'] = 'SAE'
322 params["ieee80211w"] = "2"
323 params['sae_groups'] = '19 20 21'
324 hapd = hostapd.add_ap(apdev[0], params)
325
326 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
327 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
328 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
329 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
330 timeout=10)
331 sigma_dut_wait_connected(ifname)
332 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
333 if dev[0].get_status_field('sae_group') != '19':
334 raise Exception("Expected default SAE group not used")
335 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
336
337 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
338
339 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
340 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
341 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
342 timeout=10)
343 sigma_dut_wait_connected(ifname)
344 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
345 if dev[0].get_status_field('sae_group') != '20':
346 raise Exception("Expected SAE group not used")
347 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
348 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
349 finally:
350 stop_sigma_dut(sigma)
351
352 def test_sigma_dut_sae_groups(dev, apdev):
353 """sigma_dut controlled SAE association with group negotiation"""
354 if "SAE" not in dev[0].get_capability("auth_alg"):
355 raise HwsimSkip("SAE not supported")
356
357 ifname = dev[0].ifname
358 sigma = start_sigma_dut(ifname)
359
360 try:
361 ssid = "test-sae"
362 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
363 params['wpa_key_mgmt'] = 'SAE'
364 params["ieee80211w"] = "2"
365 params['sae_groups'] = '19'
366 hapd = hostapd.add_ap(apdev[0], params)
367
368 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
369 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
370 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname, "test-sae", "12345678"))
371 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
372 timeout=10)
373 sigma_dut_wait_connected(ifname)
374 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
375 if dev[0].get_status_field('sae_group') != '19':
376 raise Exception("Expected default SAE group not used")
377 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
378
379 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
380 finally:
381 stop_sigma_dut(sigma)
382
383 def test_sigma_dut_sae_pmkid_include(dev, apdev):
384 """sigma_dut controlled SAE association with PMKID"""
385 if "SAE" not in dev[0].get_capability("auth_alg"):
386 raise HwsimSkip("SAE not supported")
387
388 ifname = dev[0].ifname
389 sigma = start_sigma_dut(ifname)
390
391 try:
392 ssid = "test-sae"
393 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
394 params['wpa_key_mgmt'] = 'SAE'
395 params["ieee80211w"] = "2"
396 params["sae_confirm_immediate"] = "1"
397 hapd = hostapd.add_ap(apdev[0], params)
398
399 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
400 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
401 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname, "test-sae", "12345678"))
402 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
403 timeout=10)
404 sigma_dut_wait_connected(ifname)
405 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
406 finally:
407 stop_sigma_dut(sigma)
408
409 def test_sigma_dut_sae_password(dev, apdev):
410 """sigma_dut controlled SAE association and long password"""
411 if "SAE" not in dev[0].get_capability("auth_alg"):
412 raise HwsimSkip("SAE not supported")
413
414 ifname = dev[0].ifname
415 sigma = start_sigma_dut(ifname)
416
417 try:
418 ssid = "test-sae"
419 params = hostapd.wpa2_params(ssid=ssid)
420 params['sae_password'] = 100*'B'
421 params['wpa_key_mgmt'] = 'SAE'
422 params["ieee80211w"] = "2"
423 hapd = hostapd.add_ap(apdev[0], params)
424
425 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
426 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
427 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
428 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
429 timeout=10)
430 sigma_dut_wait_connected(ifname)
431 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
432 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
433 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
434 finally:
435 stop_sigma_dut(sigma)
436
437 def test_sigma_dut_sae_pw_id(dev, apdev):
438 """sigma_dut controlled SAE association with Password Identifier"""
439 if "SAE" not in dev[0].get_capability("auth_alg"):
440 raise HwsimSkip("SAE not supported")
441
442 ifname = dev[0].ifname
443 sigma = start_sigma_dut(ifname)
444
445 try:
446 ssid = "test-sae"
447 params = hostapd.wpa2_params(ssid=ssid)
448 params['wpa_key_mgmt'] = 'SAE'
449 params["ieee80211w"] = "2"
450 params['sae_password'] = 'secret|id=pw id'
451 params['sae_groups'] = '19'
452 hapd = hostapd.add_ap(apdev[0], params)
453
454 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
455 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
456 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
457 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
458 timeout=10)
459 sigma_dut_wait_connected(ifname)
460 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
461 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
462 finally:
463 stop_sigma_dut(sigma)
464
465 def test_sigma_dut_sae_pw_id_ft(dev, apdev):
466 """sigma_dut controlled SAE association with Password Identifier and FT"""
467 run_sigma_dut_sae_pw_id_ft(dev, apdev)
468
469 def test_sigma_dut_sae_pw_id_ft_over_ds(dev, apdev):
470 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
471 run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=True)
472
473 def run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=False):
474 if "SAE" not in dev[0].get_capability("auth_alg"):
475 raise HwsimSkip("SAE not supported")
476
477 ifname = dev[0].ifname
478 sigma = start_sigma_dut(ifname)
479
480 try:
481 ssid = "test-sae"
482 params = hostapd.wpa2_params(ssid=ssid)
483 params['wpa_key_mgmt'] = 'SAE FT-SAE'
484 params["ieee80211w"] = "2"
485 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
486 params['mobility_domain'] = 'aabb'
487 params['ft_over_ds'] = '1' if over_ds else '0'
488 bssid = apdev[0]['bssid'].replace(':', '')
489 params['nas_identifier'] = bssid + '.nas.example.com'
490 params['r1_key_holder'] = bssid
491 params['pmk_r1_push'] = '0'
492 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
493 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
494 hapd = hostapd.add_ap(apdev[0], params)
495
496 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
497 if over_ds:
498 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname)
499 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
500 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
501 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
502 timeout=10)
503 sigma_dut_wait_connected(ifname)
504
505 bssid = apdev[1]['bssid'].replace(':', '')
506 params['nas_identifier'] = bssid + '.nas.example.com'
507 params['r1_key_holder'] = bssid
508 hapd2 = hostapd.add_ap(apdev[1], params)
509 bssid = hapd2.own_addr()
510 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
511 dev[0].wait_connected()
512
513 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
514 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
515 finally:
516 stop_sigma_dut(sigma)
517
518 def test_sigma_dut_sta_override_rsne(dev, apdev):
519 """sigma_dut and RSNE override on STA"""
520 try:
521 run_sigma_dut_sta_override_rsne(dev, apdev)
522 finally:
523 dev[0].set("ignore_old_scan_res", "0")
524
525 def run_sigma_dut_sta_override_rsne(dev, apdev):
526 ifname = dev[0].ifname
527 sigma = start_sigma_dut(ifname)
528
529 try:
530 ssid = "test-psk"
531 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
532 hapd = hostapd.add_ap(apdev[0], params)
533
534 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
535
536 tests = ["30120100000fac040100000fac040100000fac02",
537 "30140100000fac040100000fac040100000fac02ffff"]
538 for test in tests:
539 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
540 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
541 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
542 timeout=10)
543 sigma_dut_wait_connected(ifname)
544 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
545 dev[0].dump_monitor()
546
547 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
548 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
549 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
550 timeout=10)
551
552 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
553 if ev is None:
554 raise Exception("Association rejection not reported")
555 if "status_code=40" not in ev:
556 raise Exception("Unexpected status code: " + ev)
557
558 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
559 finally:
560 stop_sigma_dut(sigma)
561
562 def test_sigma_dut_ap_psk(dev, apdev):
563 """sigma_dut controlled AP"""
564 with HWSimRadio() as (radio, iface):
565 sigma = start_sigma_dut(iface)
566 try:
567 sigma_dut_cmd_check("ap_reset_default")
568 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
569 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
570 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
571
572 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
573
574 sigma_dut_cmd_check("ap_reset_default")
575 finally:
576 stop_sigma_dut(sigma)
577
578 def test_sigma_dut_ap_pskhex(dev, apdev, params):
579 """sigma_dut controlled AP and PSKHEX"""
580 logdir = os.path.join(params['logdir'],
581 "sigma_dut_ap_pskhex.sigma-hostapd")
582 with HWSimRadio() as (radio, iface):
583 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
584 try:
585 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
586 sigma_dut_cmd_check("ap_reset_default")
587 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
588 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
589 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
590
591 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
592
593 sigma_dut_cmd_check("ap_reset_default")
594 finally:
595 stop_sigma_dut(sigma)
596
597 def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
598 """sigma_dut controlled AP PSK SHA256"""
599 logdir = os.path.join(params['logdir'],
600 "sigma_dut_ap_psk_sha256.sigma-hostapd")
601 with HWSimRadio() as (radio, iface):
602 sigma = start_sigma_dut(iface)
603 try:
604 sigma_dut_cmd_check("ap_reset_default")
605 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
606 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
607 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
608
609 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
610 psk="12345678", scan_freq="2412")
611
612 sigma_dut_cmd_check("ap_reset_default")
613 finally:
614 stop_sigma_dut(sigma)
615
616 def test_sigma_dut_ap_psk_deauth(dev, apdev, params):
617 """sigma_dut controlled AP and deauth commands"""
618 logdir = os.path.join(params['logdir'],
619 "sigma_dut_ap_psk_deauth.sigma-hostapd")
620 with HWSimRadio() as (radio, iface):
621 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
622 try:
623 sigma_dut_cmd_check("ap_reset_default")
624 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
625 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
626 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
627
628 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
629 psk="12345678", ieee80211w="2", scan_freq="2412")
630 addr = dev[0].own_addr()
631 dev[0].dump_monitor()
632
633 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr)
634 ev = dev[0].wait_disconnected()
635 dev[0].dump_monitor()
636 if "locally_generated=1" in ev:
637 raise Exception("Unexpected disconnection reason")
638 dev[0].wait_connected()
639 dev[0].dump_monitor()
640
641 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr + ",disconnect,silent")
642 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
643 if ev and "locally_generated=1" not in ev:
644 raise Exception("Unexpected disconnection")
645
646 sigma_dut_cmd_check("ap_reset_default")
647 finally:
648 stop_sigma_dut(sigma)
649
650 def test_sigma_dut_eap_ttls(dev, apdev, params):
651 """sigma_dut controlled STA and EAP-TTLS parameters"""
652 check_domain_match(dev[0])
653 logdir = params['logdir']
654
655 with open("auth_serv/ca.pem", "r") as f:
656 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
657 f2.write(f.read())
658
659 src = "auth_serv/server.pem"
660 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
661 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
662 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
663 "-outform", "DER"],
664 stderr=open('/dev/null', 'w'))
665 with open(dst, "rb") as f:
666 der = f.read()
667 hash = hashlib.sha256(der).digest()
668 with open(hashdst, "w") as f:
669 f.write(binascii.hexlify(hash).decode())
670
671 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
672 with open(dst, "w") as f:
673 f.write(32*"00")
674
675 ssid = "test-wpa2-eap"
676 params = hostapd.wpa2_eap_params(ssid=ssid)
677 hapd = hostapd.add_ap(apdev[0], params)
678
679 ifname = dev[0].ifname
680 sigma = start_sigma_dut(ifname, cert_path=logdir)
681
682 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
683
684 try:
685 tests = ["",
686 ",Domain,server.w1.fi",
687 ",DomainSuffix,w1.fi",
688 ",DomainSuffix,server.w1.fi",
689 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
690 for extra in tests:
691 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
692 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
693 sigma_dut_cmd_check(cmd + extra)
694 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
695 timeout=10)
696 sigma_dut_wait_connected(ifname)
697 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
698 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
699 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
700 dev[0].dump_monitor()
701
702 tests = [",Domain,w1.fi",
703 ",DomainSuffix,example.com",
704 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
705 for extra in tests:
706 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
707 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
708 sigma_dut_cmd_check(cmd + extra)
709 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
710 timeout=10)
711 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
712 if ev is None:
713 raise Exception("Server certificate error not reported")
714 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
715 if "connected,1" in res:
716 raise Exception("Unexpected connection reported")
717 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
718 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
719 dev[0].dump_monitor()
720 finally:
721 stop_sigma_dut(sigma)
722
723 def test_sigma_dut_suite_b(dev, apdev, params):
724 """sigma_dut controlled STA Suite B"""
725 check_suite_b_192_capa(dev)
726 logdir = params['logdir']
727
728 with open("auth_serv/ec2-ca.pem", "r") as f:
729 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
730 f2.write(f.read())
731
732 with open("auth_serv/ec2-user.pem", "r") as f:
733 with open("auth_serv/ec2-user.key", "r") as f2:
734 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
735 f3.write(f.read())
736 f3.write(f2.read())
737
738 dev[0].flush_scan_cache()
739 params = suite_b_as_params()
740 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
741 params['server_cert'] = 'auth_serv/ec2-server.pem'
742 params['private_key'] = 'auth_serv/ec2-server.key'
743 params['openssl_ciphers'] = 'SUITEB192'
744 hostapd.add_ap(apdev[1], params)
745
746 params = {"ssid": "test-suite-b",
747 "wpa": "2",
748 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
749 "rsn_pairwise": "GCMP-256",
750 "group_mgmt_cipher": "BIP-GMAC-256",
751 "ieee80211w": "2",
752 "ieee8021x": "1",
753 'auth_server_addr': "127.0.0.1",
754 'auth_server_port': "18129",
755 'auth_server_shared_secret': "radius",
756 'nas_identifier': "nas.w1.fi"}
757 hapd = hostapd.add_ap(apdev[0], params)
758
759 ifname = dev[0].ifname
760 sigma = start_sigma_dut(ifname, cert_path=logdir)
761
762 try:
763 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
764 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
765 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
766 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
767 timeout=10)
768 sigma_dut_wait_connected(ifname)
769 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
770 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
771 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
772 finally:
773 stop_sigma_dut(sigma)
774
775 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
776 """sigma_dut controlled STA Suite B (RSA)"""
777 check_suite_b_192_capa(dev)
778 logdir = params['logdir']
779
780 with open("auth_serv/rsa3072-ca.pem", "r") as f:
781 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
782 f2.write(f.read())
783
784 with open("auth_serv/rsa3072-user.pem", "r") as f:
785 with open("auth_serv/rsa3072-user.key", "r") as f2:
786 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
787 f3.write(f.read())
788 f3.write(f2.read())
789
790 dev[0].flush_scan_cache()
791 params = suite_b_192_rsa_ap_params()
792 hapd = hostapd.add_ap(apdev[0], params)
793
794 ifname = dev[0].ifname
795 sigma = start_sigma_dut(ifname, cert_path=logdir)
796
797 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
798
799 try:
800 tests = ["",
801 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
802 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
803 for extra in tests:
804 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
805 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
806 sigma_dut_cmd_check(cmd + extra)
807 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
808 timeout=10)
809 sigma_dut_wait_connected(ifname)
810 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
811 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
812 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
813 finally:
814 stop_sigma_dut(sigma)
815
816 def test_sigma_dut_ap_suite_b(dev, apdev, params):
817 """sigma_dut controlled AP Suite B"""
818 check_suite_b_192_capa(dev)
819 logdir = os.path.join(params['logdir'],
820 "sigma_dut_ap_suite_b.sigma-hostapd")
821 params = suite_b_as_params()
822 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
823 params['server_cert'] = 'auth_serv/ec2-server.pem'
824 params['private_key'] = 'auth_serv/ec2-server.key'
825 params['openssl_ciphers'] = 'SUITEB192'
826 hostapd.add_ap(apdev[1], params)
827 with HWSimRadio() as (radio, iface):
828 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
829 try:
830 sigma_dut_cmd_check("ap_reset_default")
831 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
832 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
833 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
834 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
835
836 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
837 ieee80211w="2",
838 openssl_ciphers="SUITEB192",
839 eap="TLS", identity="tls user",
840 ca_cert="auth_serv/ec2-ca.pem",
841 client_cert="auth_serv/ec2-user.pem",
842 private_key="auth_serv/ec2-user.key",
843 pairwise="GCMP-256", group="GCMP-256",
844 scan_freq="2412")
845
846 sigma_dut_cmd_check("ap_reset_default")
847 finally:
848 stop_sigma_dut(sigma)
849
850 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
851 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
852 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
853 "GCMP")
854
855 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
856 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
857 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
858 "GCMP-256")
859
860 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
861 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
862 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
863 "CCMP")
864
865 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
866 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
867 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
868 "CCMP-256")
869
870 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
871 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
872 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
873 "BIP-GMAC-256", "CCMP")
874
875 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
876 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
877 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
878 "BIP-GMAC-256", "GCMP-256", "CCMP")
879
880 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
881 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
882 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
883 "GCMP-256", "CCMP", "AES-CCMP-128")
884
885 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
886 sta_cipher, sta_cipher_group=None, ap_group=None):
887 check_suite_b_192_capa(dev)
888 logdir = os.path.join(params['logdir'],
889 "sigma_dut_ap_cipher.sigma-hostapd")
890 params = suite_b_as_params()
891 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
892 params['server_cert'] = 'auth_serv/ec2-server.pem'
893 params['private_key'] = 'auth_serv/ec2-server.key'
894 params['openssl_ciphers'] = 'SUITEB192'
895 hostapd.add_ap(apdev[1], params)
896 with HWSimRadio() as (radio, iface):
897 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
898 try:
899 sigma_dut_cmd_check("ap_reset_default")
900 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
901 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
902 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
903 if ap_group:
904 cmd += ",GroupCipher,%s" % ap_group
905 sigma_dut_cmd_check(cmd)
906 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
907
908 if sta_cipher_group is None:
909 sta_cipher_group = sta_cipher
910 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
911 ieee80211w="2",
912 openssl_ciphers="SUITEB192",
913 eap="TLS", identity="tls user",
914 ca_cert="auth_serv/ec2-ca.pem",
915 client_cert="auth_serv/ec2-user.pem",
916 private_key="auth_serv/ec2-user.key",
917 pairwise=sta_cipher, group=sta_cipher_group,
918 scan_freq="2412")
919
920 sigma_dut_cmd_check("ap_reset_default")
921 finally:
922 stop_sigma_dut(sigma)
923
924 def test_sigma_dut_ap_override_rsne(dev, apdev):
925 """sigma_dut controlled AP overriding RSNE"""
926 with HWSimRadio() as (radio, iface):
927 sigma = start_sigma_dut(iface)
928 try:
929 sigma_dut_cmd_check("ap_reset_default")
930 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
931 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
932 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
933 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
934
935 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
936
937 sigma_dut_cmd_check("ap_reset_default")
938 finally:
939 stop_sigma_dut(sigma)
940
941 def test_sigma_dut_ap_sae(dev, apdev, params):
942 """sigma_dut controlled AP with SAE"""
943 logdir = os.path.join(params['logdir'],
944 "sigma_dut_ap_sae.sigma-hostapd")
945 if "SAE" not in dev[0].get_capability("auth_alg"):
946 raise HwsimSkip("SAE not supported")
947 with HWSimRadio() as (radio, iface):
948 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
949 try:
950 sigma_dut_cmd_check("ap_reset_default")
951 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
952 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
953 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
954
955 dev[0].request("SET sae_groups ")
956 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
957 ieee80211w="2", scan_freq="2412")
958 if dev[0].get_status_field('sae_group') != '19':
959 raise Exception("Expected default SAE group not used")
960
961 sigma_dut_cmd_check("ap_reset_default")
962 finally:
963 stop_sigma_dut(sigma)
964
965 def test_sigma_dut_ap_sae_confirm_immediate(dev, apdev, params):
966 """sigma_dut controlled AP with SAE Confirm immediate"""
967 logdir = os.path.join(params['logdir'],
968 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
969 if "SAE" not in dev[0].get_capability("auth_alg"):
970 raise HwsimSkip("SAE not supported")
971 with HWSimRadio() as (radio, iface):
972 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
973 try:
974 sigma_dut_cmd_check("ap_reset_default")
975 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
976 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
977 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
978
979 dev[0].request("SET sae_groups ")
980 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
981 ieee80211w="2", scan_freq="2412")
982 if dev[0].get_status_field('sae_group') != '19':
983 raise Exception("Expected default SAE group not used")
984
985 sigma_dut_cmd_check("ap_reset_default")
986 finally:
987 stop_sigma_dut(sigma)
988
989 def test_sigma_dut_ap_sae_password(dev, apdev, params):
990 """sigma_dut controlled AP with SAE and long password"""
991 logdir = os.path.join(params['logdir'],
992 "sigma_dut_ap_sae_password.sigma-hostapd")
993 if "SAE" not in dev[0].get_capability("auth_alg"):
994 raise HwsimSkip("SAE not supported")
995 with HWSimRadio() as (radio, iface):
996 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
997 try:
998 sigma_dut_cmd_check("ap_reset_default")
999 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1000 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1001 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1002
1003 dev[0].request("SET sae_groups ")
1004 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
1005 ieee80211w="2", scan_freq="2412")
1006 if dev[0].get_status_field('sae_group') != '19':
1007 raise Exception("Expected default SAE group not used")
1008
1009 sigma_dut_cmd_check("ap_reset_default")
1010 finally:
1011 stop_sigma_dut(sigma)
1012
1013 def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
1014 """sigma_dut controlled AP with SAE Password Identifier"""
1015 logdir = os.path.join(params['logdir'],
1016 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1017 conffile = os.path.join(params['logdir'],
1018 "sigma_dut_ap_sae_pw_id.sigma-conf")
1019 if "SAE" not in dev[0].get_capability("auth_alg"):
1020 raise HwsimSkip("SAE not supported")
1021 with HWSimRadio() as (radio, iface):
1022 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1023 try:
1024 sigma_dut_cmd_check("ap_reset_default")
1025 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1026 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1027 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1028
1029 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1030 with open(conffile, "wb") as f2:
1031 f2.write(f.read())
1032
1033 dev[0].request("SET sae_groups ")
1034 tests = [("pw1", "id1"),
1035 ("pw2", "id2"),
1036 ("pw3", None),
1037 ("pw4", "id4")]
1038 for pw, pw_id in tests:
1039 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
1040 sae_password_id=pw_id,
1041 ieee80211w="2", scan_freq="2412")
1042 dev[0].request("REMOVE_NETWORK all")
1043 dev[0].wait_disconnected()
1044
1045 sigma_dut_cmd_check("ap_reset_default")
1046 finally:
1047 stop_sigma_dut(sigma)
1048
1049 def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
1050 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1051 logdir = os.path.join(params['logdir'],
1052 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1053 conffile = os.path.join(params['logdir'],
1054 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1055 if "SAE" not in dev[0].get_capability("auth_alg"):
1056 raise HwsimSkip("SAE not supported")
1057 with HWSimRadio() as (radio, iface):
1058 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1059 try:
1060 sigma_dut_cmd_check("ap_reset_default")
1061 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1062 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1063 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1064
1065 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1066 with open(conffile, "wb") as f2:
1067 f2.write(f.read())
1068
1069 dev[0].request("SET sae_groups ")
1070 tests = [("pw1", "id1", "SAE"),
1071 ("pw2", "id2", "FT-SAE"),
1072 ("pw3", None, "FT-SAE"),
1073 ("pw4", "id4", "SAE")]
1074 for pw, pw_id, key_mgmt in tests:
1075 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
1076 sae_password_id=pw_id,
1077 ieee80211w="2", scan_freq="2412")
1078 dev[0].request("REMOVE_NETWORK all")
1079 dev[0].wait_disconnected()
1080
1081 sigma_dut_cmd_check("ap_reset_default")
1082 finally:
1083 stop_sigma_dut(sigma)
1084
1085 def test_sigma_dut_ap_sae_group(dev, apdev, params):
1086 """sigma_dut controlled AP with SAE and specific group"""
1087 logdir = os.path.join(params['logdir'],
1088 "sigma_dut_ap_sae_group.sigma-hostapd")
1089 if "SAE" not in dev[0].get_capability("auth_alg"):
1090 raise HwsimSkip("SAE not supported")
1091 with HWSimRadio() as (radio, iface):
1092 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1093 try:
1094 sigma_dut_cmd_check("ap_reset_default")
1095 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1096 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1097 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1098
1099 dev[0].request("SET sae_groups ")
1100 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1101 ieee80211w="2", scan_freq="2412")
1102 if dev[0].get_status_field('sae_group') != '20':
1103 raise Exception("Expected SAE group not used")
1104
1105 sigma_dut_cmd_check("ap_reset_default")
1106 finally:
1107 stop_sigma_dut(sigma)
1108
1109 def test_sigma_dut_ap_psk_sae(dev, apdev, params):
1110 """sigma_dut controlled AP with PSK+SAE"""
1111 if "SAE" not in dev[0].get_capability("auth_alg"):
1112 raise HwsimSkip("SAE not supported")
1113 logdir = os.path.join(params['logdir'],
1114 "sigma_dut_ap_psk_sae.sigma-hostapd")
1115 with HWSimRadio() as (radio, iface):
1116 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1117 try:
1118 sigma_dut_cmd_check("ap_reset_default")
1119 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1120 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1121 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1122
1123 dev[2].request("SET sae_groups ")
1124 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
1125 scan_freq="2412", ieee80211w="0", wait_connect=False)
1126 dev[0].request("SET sae_groups ")
1127 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1128 scan_freq="2412", ieee80211w="2")
1129 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
1130
1131 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1132 dev[2].request("DISCONNECT")
1133 if ev is not None:
1134 raise Exception("Unexpected connection without PMF")
1135
1136 sigma_dut_cmd_check("ap_reset_default")
1137 finally:
1138 stop_sigma_dut(sigma)
1139
1140 def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
1141 """sigma_dut controlled AP with PSK, SAE, FT"""
1142 logdir = os.path.join(params['logdir'],
1143 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1144 conffile = os.path.join(params['logdir'],
1145 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1146 if "SAE" not in dev[0].get_capability("auth_alg"):
1147 raise HwsimSkip("SAE not supported")
1148 with HWSimRadio() as (radio, iface):
1149 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1150 try:
1151 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1152 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1153 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1154 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1155 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
1156 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1157
1158 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1159 with open(conffile, "wb") as f2:
1160 f2.write(f.read())
1161
1162 dev[0].request("SET sae_groups ")
1163 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
1164 sae_password="12345678", scan_freq="2412")
1165 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
1166 psk="12345678", scan_freq="2412")
1167 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
1168 psk="12345678", scan_freq="2412")
1169
1170 sigma_dut_cmd_check("ap_reset_default")
1171 finally:
1172 stop_sigma_dut(sigma)
1173
1174 def test_sigma_dut_owe(dev, apdev):
1175 """sigma_dut controlled OWE station"""
1176 try:
1177 run_sigma_dut_owe(dev, apdev)
1178 finally:
1179 dev[0].set("ignore_old_scan_res", "0")
1180
1181 def run_sigma_dut_owe(dev, apdev):
1182 if "OWE" not in dev[0].get_capability("key_mgmt"):
1183 raise HwsimSkip("OWE not supported")
1184
1185 ifname = dev[0].ifname
1186 sigma = start_sigma_dut(ifname)
1187
1188 try:
1189 params = {"ssid": "owe",
1190 "wpa": "2",
1191 "wpa_key_mgmt": "OWE",
1192 "ieee80211w": "2",
1193 "rsn_pairwise": "CCMP"}
1194 hapd = hostapd.add_ap(apdev[0], params)
1195 bssid = hapd.own_addr()
1196
1197 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1198 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1199 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
1200 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1201 timeout=10)
1202 sigma_dut_wait_connected(ifname)
1203 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1204
1205 dev[0].dump_monitor()
1206 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1207 dev[0].wait_connected()
1208 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1209 dev[0].wait_disconnected()
1210 dev[0].dump_monitor()
1211
1212 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1213 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1214 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1215 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1216 timeout=10)
1217 sigma_dut_wait_connected(ifname)
1218 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1219 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1220 dev[0].wait_disconnected()
1221 dev[0].dump_monitor()
1222
1223 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1224 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1225 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
1226 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1227 timeout=10)
1228 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1229 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1230 if ev is None:
1231 raise Exception("Association not rejected")
1232 if "status_code=77" not in ev:
1233 raise Exception("Unexpected rejection reason: " + ev)
1234
1235 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1236 finally:
1237 stop_sigma_dut(sigma)
1238
1239 def test_sigma_dut_ap_owe(dev, apdev, params):
1240 """sigma_dut controlled AP with OWE"""
1241 logdir = os.path.join(params['logdir'],
1242 "sigma_dut_ap_owe.sigma-hostapd")
1243 if "OWE" not in dev[0].get_capability("key_mgmt"):
1244 raise HwsimSkip("OWE not supported")
1245 with HWSimRadio() as (radio, iface):
1246 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1247 try:
1248 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1249 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1250 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1251 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1252
1253 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1254 scan_freq="2412")
1255
1256 sigma_dut_cmd_check("ap_reset_default")
1257 finally:
1258 stop_sigma_dut(sigma)
1259
1260 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1261 """sigma_dut controlled AP with OWE and ECGroupID"""
1262 if "OWE" not in dev[0].get_capability("key_mgmt"):
1263 raise HwsimSkip("OWE not supported")
1264 with HWSimRadio() as (radio, iface):
1265 sigma = start_sigma_dut(iface)
1266 try:
1267 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1268 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1269 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1270 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1271
1272 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1273 owe_group="20", scan_freq="2412")
1274 dev[0].request("REMOVE_NETWORK all")
1275 dev[0].wait_disconnected()
1276
1277 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1278 owe_group="21", scan_freq="2412")
1279 dev[0].request("REMOVE_NETWORK all")
1280 dev[0].wait_disconnected()
1281
1282 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1283 owe_group="19", scan_freq="2412", wait_connect=False)
1284 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1285 dev[0].request("DISCONNECT")
1286 if ev is None:
1287 raise Exception("Association not rejected")
1288 if "status_code=77" not in ev:
1289 raise Exception("Unexpected rejection reason: " + ev)
1290 dev[0].dump_monitor()
1291
1292 sigma_dut_cmd_check("ap_reset_default")
1293 finally:
1294 stop_sigma_dut(sigma)
1295
1296 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1297 """sigma_dut controlled AP with OWE and transition mode"""
1298 if "OWE" not in dev[0].get_capability("key_mgmt"):
1299 raise HwsimSkip("OWE not supported")
1300 logdir = os.path.join(params['logdir'],
1301 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1302 with HWSimRadio() as (radio, iface):
1303 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1304 try:
1305 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1306 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1307 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1308 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1309 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1310 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1311
1312 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1313 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1314
1315 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1316 scan_freq="2412")
1317 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1318 if dev[0].get_status_field('bssid') not in res1:
1319 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1320 if dev[1].get_status_field('bssid') not in res2:
1321 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
1322
1323 sigma_dut_cmd_check("ap_reset_default")
1324 finally:
1325 stop_sigma_dut(sigma)
1326
1327 def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1328 """sigma_dut controlled AP with OWE and transition mode (2)"""
1329 if "OWE" not in dev[0].get_capability("key_mgmt"):
1330 raise HwsimSkip("OWE not supported")
1331 logdir = os.path.join(params['logdir'],
1332 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1333 with HWSimRadio() as (radio, iface):
1334 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1335 try:
1336 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1337 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1338 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1339 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1340 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1341 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1342
1343 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1344 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1345
1346 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1347 scan_freq="2412")
1348 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1349 if dev[0].get_status_field('bssid') not in res2:
1350 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1351 if dev[1].get_status_field('bssid') not in res1:
1352 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1353
1354 sigma_dut_cmd_check("ap_reset_default")
1355 finally:
1356 stop_sigma_dut(sigma)
1357
1358 def dpp_init_enrollee(dev, id1, enrollee_role):
1359 logger.info("Starting DPP initiator/enrollee in a thread")
1360 time.sleep(1)
1361 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1362 if enrollee_role == "Configurator":
1363 cmd += " netrole=configurator"
1364 if "OK" not in dev.request(cmd):
1365 raise Exception("Failed to initiate DPP Authentication")
1366 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1367 if ev is None:
1368 raise Exception("DPP configuration not completed (Enrollee)")
1369 logger.info("DPP initiator/enrollee done")
1370
1371 def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1372 """sigma_dut DPP/QR responder (conf index 1)"""
1373 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1374
1375 def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1376 """sigma_dut DPP/QR responder (conf index 2)"""
1377 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1378
1379 def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1380 """sigma_dut DPP/QR responder (conf index 3)"""
1381 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1382
1383 def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1384 """sigma_dut DPP/QR responder (conf index 4)"""
1385 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1386
1387 def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1388 """sigma_dut DPP/QR responder (conf index 5)"""
1389 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1390
1391 def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1392 """sigma_dut DPP/QR responder (conf index 6)"""
1393 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1394
1395 def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1396 """sigma_dut DPP/QR responder (conf index 7)"""
1397 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1398
1399 def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1400 """sigma_dut DPP/QR responder (conf index 8)"""
1401 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1402
1403 def test_sigma_dut_dpp_qr_resp_9(dev, apdev):
1404 """sigma_dut DPP/QR responder (conf index 9)"""
1405 run_sigma_dut_dpp_qr_resp(dev, apdev, 9)
1406
1407 def test_sigma_dut_dpp_qr_resp_10(dev, apdev):
1408 """sigma_dut DPP/QR responder (conf index 10)"""
1409 run_sigma_dut_dpp_qr_resp(dev, apdev, 10)
1410
1411 def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1412 """sigma_dut DPP/QR responder (channel list override)"""
1413 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1414 listen_chan=2)
1415
1416 def test_sigma_dut_dpp_qr_resp_status_query(dev, apdev):
1417 """sigma_dut DPP/QR responder status query"""
1418 check_dpp_capab(dev[1])
1419 params = hostapd.wpa2_params(ssid="DPPNET01",
1420 passphrase="ThisIsDppPassphrase")
1421 hapd = hostapd.add_ap(apdev[0], params)
1422
1423 try:
1424 dev[1].set("dpp_config_processing", "2")
1425 run_sigma_dut_dpp_qr_resp(dev, apdev, 3, status_query=True)
1426 finally:
1427 dev[1].set("dpp_config_processing", "0", allow_fail=True)
1428
1429 def test_sigma_dut_dpp_qr_resp_configurator(dev, apdev):
1430 """sigma_dut DPP/QR responder (configurator provisioning)"""
1431 run_sigma_dut_dpp_qr_resp(dev, apdev, -1, enrollee_role="Configurator")
1432
1433 def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1434 listen_chan=None, status_query=False,
1435 enrollee_role="STA"):
1436 check_dpp_capab(dev[0])
1437 check_dpp_capab(dev[1])
1438 sigma = start_sigma_dut(dev[0].ifname)
1439 try:
1440 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1441 if chan_list:
1442 cmd += ",DPPChannelList," + chan_list
1443 res = sigma_dut_cmd(cmd)
1444 if "status,COMPLETE" not in res:
1445 raise Exception("dev_exec_action did not succeed: " + res)
1446 hex = res.split(',')[3]
1447 uri = from_hex(hex)
1448 logger.info("URI from sigma_dut: " + uri)
1449
1450 id1 = dev[1].dpp_qr_code(uri)
1451
1452 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1,
1453 enrollee_role))
1454 t.start()
1455 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
1456 if conf_idx is not None:
1457 cmd += ",DPPConfIndex,%d" % conf_idx
1458 if listen_chan:
1459 cmd += ",DPPListenChannel," + str(listen_chan)
1460 if status_query:
1461 cmd += ",DPPStatusQuery,Yes"
1462 res = sigma_dut_cmd(cmd, timeout=10)
1463 t.join()
1464 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1465 raise Exception("Unexpected result: " + res)
1466 if status_query and "StatusResult,0" not in res:
1467 raise Exception("Status query did not succeed: " + res)
1468 finally:
1469 stop_sigma_dut(sigma)
1470
1471 def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1472 """sigma_dut DPP/QR initiator as Enrollee"""
1473 check_dpp_capab(dev[0])
1474 check_dpp_capab(dev[1])
1475
1476 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1477 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1478 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1479 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1480
1481 params = {"ssid": "DPPNET01",
1482 "wpa": "2",
1483 "ieee80211w": "2",
1484 "wpa_key_mgmt": "DPP",
1485 "rsn_pairwise": "CCMP",
1486 "dpp_connector": ap_connector,
1487 "dpp_csign": csign_pub,
1488 "dpp_netaccesskey": ap_netaccesskey}
1489 try:
1490 hapd = hostapd.add_ap(apdev[0], params)
1491 except:
1492 raise HwsimSkip("DPP not supported")
1493
1494 sigma = start_sigma_dut(dev[0].ifname)
1495 try:
1496 dev[0].set("dpp_config_processing", "2")
1497
1498 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1499 res = dev[1].request(cmd)
1500 if "FAIL" in res:
1501 raise Exception("Failed to add configurator")
1502 conf_id = int(res)
1503
1504 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1505 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1506
1507 dev[1].set("dpp_configurator_params",
1508 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1509 cmd = "DPP_LISTEN 2437 role=configurator"
1510 if "OK" not in dev[1].request(cmd):
1511 raise Exception("Failed to start listen operation")
1512
1513 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1514 if "status,COMPLETE" not in res:
1515 raise Exception("dev_exec_action did not succeed: " + res)
1516
1517 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1518 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1519 raise Exception("Unexpected result: " + res)
1520 finally:
1521 dev[0].set("dpp_config_processing", "0")
1522 stop_sigma_dut(sigma)
1523
1524 def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev, apdev):
1525 """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
1526 check_dpp_capab(dev[0])
1527 check_dpp_capab(dev[1])
1528
1529 sigma = start_sigma_dut(dev[0].ifname)
1530 try:
1531 cmd = "DPP_CONFIGURATOR_ADD"
1532 res = dev[1].request(cmd)
1533 if "FAIL" in res:
1534 raise Exception("Failed to add configurator")
1535 conf_id = int(res)
1536
1537 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1538 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1539
1540 dev[1].set("dpp_configurator_params",
1541 " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1542 cmd = "DPP_LISTEN 2437 role=configurator"
1543 if "OK" not in dev[1].request(cmd):
1544 raise Exception("Failed to start listen operation")
1545
1546 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1547 if "status,COMPLETE" not in res:
1548 raise Exception("dev_exec_action did not succeed: " + res)
1549
1550 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout=10)
1551 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1552 raise Exception("Unexpected result: " + res)
1553 finally:
1554 dev[0].set("dpp_config_processing", "0")
1555 stop_sigma_dut(sigma)
1556
1557 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1558 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1559 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1560
1561 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1562 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1563 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1564 extra="DPPAuthDirection,Mutual,")
1565
1566 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
1567 check_dpp_capab(dev[0])
1568 check_dpp_capab(dev[1])
1569
1570 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1571 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1572 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1573 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1574
1575 params = {"ssid": "DPPNET01",
1576 "wpa": "2",
1577 "ieee80211w": "2",
1578 "wpa_key_mgmt": "DPP",
1579 "rsn_pairwise": "CCMP",
1580 "dpp_connector": ap_connector,
1581 "dpp_csign": csign_pub,
1582 "dpp_netaccesskey": ap_netaccesskey}
1583 try:
1584 hapd = hostapd.add_ap(apdev[0], params)
1585 except:
1586 raise HwsimSkip("DPP not supported")
1587
1588 sigma = start_sigma_dut(dev[0].ifname)
1589 try:
1590 dev[0].set("dpp_config_processing", "2")
1591
1592 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1593 res = dev[1].request(cmd)
1594 if "FAIL" in res:
1595 raise Exception("Failed to add configurator")
1596 conf_id = int(res)
1597
1598 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1599 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1600
1601 dev[1].set("dpp_configurator_params",
1602 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1603 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1604 if "OK" not in dev[1].request(cmd):
1605 raise Exception("Failed to start listen operation")
1606
1607 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1608 if "status,COMPLETE" not in res:
1609 raise Exception("dev_exec_action did not succeed: " + res)
1610 hex = res.split(',')[3]
1611 uri = from_hex(hex)
1612 logger.info("URI from sigma_dut: " + uri)
1613
1614 id1 = dev[1].dpp_qr_code(uri)
1615
1616 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1617 if "status,COMPLETE" not in res:
1618 raise Exception("dev_exec_action did not succeed: " + res)
1619
1620 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
1621 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1622 raise Exception("Unexpected result: " + res)
1623 finally:
1624 dev[0].set("dpp_config_processing", "0")
1625 stop_sigma_dut(sigma)
1626
1627 def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1628 time.sleep(1)
1629 logger.info("Starting DPP initiator/configurator in a thread")
1630 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
1631 if own_id is not None:
1632 cmd += " own=%d" % own_id
1633 if "OK" not in dev.request(cmd):
1634 raise Exception("Failed to initiate DPP Authentication")
1635 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1636 if ev is None:
1637 raise Exception("DPP configuration not completed (Configurator)")
1638 logger.info("DPP initiator/configurator done")
1639
1640 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1641 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1642 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1643
1644 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1645 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1646 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1647
1648 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
1649 check_dpp_capab(dev[0])
1650 check_dpp_capab(dev[1])
1651
1652 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1653 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1654 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1655 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1656
1657 params = {"ssid": "DPPNET01",
1658 "wpa": "2",
1659 "ieee80211w": "2",
1660 "wpa_key_mgmt": "DPP",
1661 "rsn_pairwise": "CCMP",
1662 "dpp_connector": ap_connector,
1663 "dpp_csign": csign_pub,
1664 "dpp_netaccesskey": ap_netaccesskey}
1665 try:
1666 hapd = hostapd.add_ap(apdev[0], params)
1667 except:
1668 raise HwsimSkip("DPP not supported")
1669
1670 sigma = start_sigma_dut(dev[0].ifname)
1671 try:
1672 dev[0].set("dpp_config_processing", "2")
1673
1674 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1675 res = dev[1].request(cmd)
1676 if "FAIL" in res:
1677 raise Exception("Failed to add configurator")
1678 conf_id = int(res)
1679
1680 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1681 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1682
1683 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1684 if "status,COMPLETE" not in res:
1685 raise Exception("dev_exec_action did not succeed: " + res)
1686 hex = res.split(',')[3]
1687 uri = from_hex(hex)
1688 logger.info("URI from sigma_dut: " + uri)
1689
1690 id1 = dev[1].dpp_qr_code(uri)
1691
1692 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1693 if "status,COMPLETE" not in res:
1694 raise Exception("dev_exec_action did not succeed: " + res)
1695
1696 t = threading.Thread(target=dpp_init_conf_mutual,
1697 args=(dev[1], id1, conf_id, id0))
1698 t.start()
1699
1700 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1701 if extra:
1702 cmd += extra
1703 res = sigma_dut_cmd(cmd, timeout=25)
1704 t.join()
1705 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1706 raise Exception("Unexpected result: " + res)
1707 finally:
1708 dev[0].set("dpp_config_processing", "0")
1709 stop_sigma_dut(sigma)
1710
1711 def dpp_resp_conf_mutual(dev, conf_id, uri):
1712 logger.info("Starting DPP responder/configurator in a thread")
1713 dev.set("dpp_configurator_params",
1714 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1715 conf_id))
1716 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1717 if "OK" not in dev.request(cmd):
1718 raise Exception("Failed to initiate DPP listen")
1719 if uri:
1720 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1721 if ev is None:
1722 raise Exception("QR Code scan for mutual authentication not requested")
1723 dev.dpp_qr_code(uri)
1724 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1725 if ev is None:
1726 raise Exception("DPP configuration not completed (Configurator)")
1727 logger.info("DPP responder/configurator done")
1728
1729 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1730 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1731 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1732
1733 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1734 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1735 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1736
1737 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1738 check_dpp_capab(dev[0])
1739 check_dpp_capab(dev[1])
1740
1741 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1742 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1743 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1744 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1745
1746 params = {"ssid": "DPPNET01",
1747 "wpa": "2",
1748 "ieee80211w": "2",
1749 "wpa_key_mgmt": "DPP",
1750 "rsn_pairwise": "CCMP",
1751 "dpp_connector": ap_connector,
1752 "dpp_csign": csign_pub,
1753 "dpp_netaccesskey": ap_netaccesskey}
1754 try:
1755 hapd = hostapd.add_ap(apdev[0], params)
1756 except:
1757 raise HwsimSkip("DPP not supported")
1758
1759 sigma = start_sigma_dut(dev[0].ifname)
1760 try:
1761 dev[0].set("dpp_config_processing", "2")
1762
1763 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1764 res = dev[1].request(cmd)
1765 if "FAIL" in res:
1766 raise Exception("Failed to add configurator")
1767 conf_id = int(res)
1768
1769 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1770 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1771
1772 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1773 if "status,COMPLETE" not in res:
1774 raise Exception("dev_exec_action did not succeed: " + res)
1775 hex = res.split(',')[3]
1776 uri = from_hex(hex)
1777 logger.info("URI from sigma_dut: " + uri)
1778
1779 if not resp_pending:
1780 dev[1].dpp_qr_code(uri)
1781 uri = None
1782
1783 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1784 if "status,COMPLETE" not in res:
1785 raise Exception("dev_exec_action did not succeed: " + res)
1786
1787 t = threading.Thread(target=dpp_resp_conf_mutual,
1788 args=(dev[1], conf_id, uri))
1789 t.start()
1790
1791 time.sleep(1)
1792 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1793 res = sigma_dut_cmd(cmd, timeout=15)
1794 t.join()
1795 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1796 raise Exception("Unexpected result: " + res)
1797 finally:
1798 dev[0].set("dpp_config_processing", "0")
1799 stop_sigma_dut(sigma)
1800
1801 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1802 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1803 check_dpp_capab(dev[0])
1804 check_dpp_capab(dev[1])
1805
1806 params = hostapd.wpa2_params(ssid="DPPNET01",
1807 passphrase="ThisIsDppPassphrase")
1808 hapd = hostapd.add_ap(apdev[0], params)
1809
1810 sigma = start_sigma_dut(dev[0].ifname)
1811 try:
1812 dev[0].set("dpp_config_processing", "2")
1813
1814 cmd = "DPP_CONFIGURATOR_ADD"
1815 res = dev[1].request(cmd)
1816 if "FAIL" in res:
1817 raise Exception("Failed to add configurator")
1818 conf_id = int(res)
1819
1820 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1821 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1822
1823 dev[1].set("dpp_configurator_params",
1824 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1825 cmd = "DPP_LISTEN 2437 role=configurator"
1826 if "OK" not in dev[1].request(cmd):
1827 raise Exception("Failed to start listen operation")
1828
1829 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1830 if "status,COMPLETE" not in res:
1831 raise Exception("dev_exec_action did not succeed: " + res)
1832
1833 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1834 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1835 raise Exception("Unexpected result: " + res)
1836 finally:
1837 dev[0].set("dpp_config_processing", "0")
1838 stop_sigma_dut(sigma)
1839
1840 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1841 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1842 check_dpp_capab(dev[0])
1843 check_dpp_capab(dev[1])
1844 if "SAE" not in dev[0].get_capability("auth_alg"):
1845 raise HwsimSkip("SAE not supported")
1846
1847 params = hostapd.wpa2_params(ssid="DPPNET01",
1848 passphrase="ThisIsDppPassphrase")
1849 params['wpa_key_mgmt'] = 'SAE'
1850 params["ieee80211w"] = "2"
1851 hapd = hostapd.add_ap(apdev[0], params)
1852
1853 sigma = start_sigma_dut(dev[0].ifname)
1854 try:
1855 dev[0].set("dpp_config_processing", "2")
1856 dev[0].set("sae_groups", "")
1857
1858 cmd = "DPP_CONFIGURATOR_ADD"
1859 res = dev[1].request(cmd)
1860 if "FAIL" in res:
1861 raise Exception("Failed to add configurator")
1862 conf_id = int(res)
1863
1864 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1865 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1866
1867 dev[1].set("dpp_configurator_params",
1868 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1869 cmd = "DPP_LISTEN 2437 role=configurator"
1870 if "OK" not in dev[1].request(cmd):
1871 raise Exception("Failed to start listen operation")
1872
1873 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1874 if "status,COMPLETE" not in res:
1875 raise Exception("dev_exec_action did not succeed: " + res)
1876
1877 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1878 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1879 raise Exception("Unexpected result: " + res)
1880 finally:
1881 dev[0].set("dpp_config_processing", "0")
1882 stop_sigma_dut(sigma)
1883
1884 def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
1885 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1886 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
1887
1888 def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
1889 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1890 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
1891
1892 def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
1893 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1894 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
1895
1896 def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
1897 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1898 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
1899
1900 def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
1901 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1902 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
1903
1904 def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
1905 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1906 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
1907
1908 def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
1909 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1910 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
1911
1912 def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
1913 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1914 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
1915
1916 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
1917 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1918 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
1919
1920 def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
1921 prov_role="Configurator",
1922 extra=None):
1923 check_dpp_capab(dev[0])
1924 check_dpp_capab(dev[1])
1925 sigma = start_sigma_dut(dev[0].ifname)
1926 try:
1927 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1928 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1929
1930 cmd = "DPP_LISTEN 2437 role=enrollee"
1931 if "OK" not in dev[1].request(cmd):
1932 raise Exception("Failed to start listen operation")
1933
1934 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1935 if "status,COMPLETE" not in res:
1936 raise Exception("dev_exec_action did not succeed: " + res)
1937
1938 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
1939 if extra:
1940 cmd += "," + extra
1941 res = sigma_dut_cmd(cmd)
1942 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1943 raise Exception("Unexpected result: " + res)
1944 finally:
1945 stop_sigma_dut(sigma)
1946
1947 def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
1948 """sigma_dut DPP roles incompatible (Initiator)"""
1949 check_dpp_capab(dev[0])
1950 check_dpp_capab(dev[1])
1951 sigma = start_sigma_dut(dev[0].ifname)
1952 try:
1953 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1954 if "status,COMPLETE" not in res:
1955 raise Exception("dev_exec_action did not succeed: " + res)
1956 hex = res.split(',')[3]
1957 uri = from_hex(hex)
1958 logger.info("URI from sigma_dut: " + uri)
1959
1960 id1 = dev[1].dpp_qr_code(uri)
1961
1962 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1963 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1964
1965 cmd = "DPP_LISTEN 2437 role=enrollee"
1966 if "OK" not in dev[1].request(cmd):
1967 raise Exception("Failed to start listen operation")
1968
1969 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1970 if "status,COMPLETE" not in res:
1971 raise Exception("dev_exec_action did not succeed: " + res)
1972
1973 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1974 res = sigma_dut_cmd(cmd)
1975 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1976 raise Exception("Unexpected result: " + res)
1977 finally:
1978 stop_sigma_dut(sigma)
1979
1980 def dpp_init_enrollee_mutual(dev, id1, own_id):
1981 logger.info("Starting DPP initiator/enrollee in a thread")
1982 time.sleep(1)
1983 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
1984 if "OK" not in dev.request(cmd):
1985 raise Exception("Failed to initiate DPP Authentication")
1986 ev = dev.wait_event(["DPP-CONF-RECEIVED",
1987 "DPP-NOT-COMPATIBLE"], timeout=5)
1988 if ev is None:
1989 raise Exception("DPP configuration not completed (Enrollee)")
1990 logger.info("DPP initiator/enrollee done")
1991
1992 def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
1993 """sigma_dut DPP roles incompatible (Responder)"""
1994 check_dpp_capab(dev[0])
1995 check_dpp_capab(dev[1])
1996 sigma = start_sigma_dut(dev[0].ifname)
1997 try:
1998 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1999 res = sigma_dut_cmd(cmd)
2000 if "status,COMPLETE" not in res:
2001 raise Exception("dev_exec_action did not succeed: " + res)
2002 hex = res.split(',')[3]
2003 uri = from_hex(hex)
2004 logger.info("URI from sigma_dut: " + uri)
2005
2006 id1 = dev[1].dpp_qr_code(uri)
2007
2008 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2009 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2010
2011 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2012 if "status,COMPLETE" not in res:
2013 raise Exception("dev_exec_action did not succeed: " + res)
2014
2015 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
2016 t.start()
2017 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2018 res = sigma_dut_cmd(cmd, timeout=10)
2019 t.join()
2020 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
2021 raise Exception("Unexpected result: " + res)
2022 finally:
2023 stop_sigma_dut(sigma)
2024
2025 def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
2026 """sigma_dut DPP/PKEX initiator as Configurator"""
2027 check_dpp_capab(dev[0])
2028 check_dpp_capab(dev[1])
2029 sigma = start_sigma_dut(dev[0].ifname)
2030 try:
2031 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2032 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
2033 res = dev[1].request(cmd)
2034 if "FAIL" in res:
2035 raise Exception("Failed to set PKEX data (responder)")
2036 cmd = "DPP_LISTEN 2437 role=enrollee"
2037 if "OK" not in dev[1].request(cmd):
2038 raise Exception("Failed to start listen operation")
2039
2040 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
2041 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2042 raise Exception("Unexpected result: " + res)
2043 finally:
2044 stop_sigma_dut(sigma)
2045
2046 def dpp_init_conf(dev, id1, conf, conf_id, extra):
2047 logger.info("Starting DPP initiator/configurator in a thread")
2048 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
2049 if "OK" not in dev.request(cmd):
2050 raise Exception("Failed to initiate DPP Authentication")
2051 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2052 if ev is None:
2053 raise Exception("DPP configuration not completed (Configurator)")
2054 logger.info("DPP initiator/configurator done")
2055
2056 def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
2057 """sigma_dut controlled AP (DPP)"""
2058 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
2059
2060 def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
2061 """sigma_dut controlled AP (legacy)"""
2062 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
2063 extra="pass=%s" % to_hex("qwertyuiop"))
2064
2065 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
2066 """sigma_dut controlled AP (legacy)"""
2067 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
2068 extra="psk=%s" % (32*"12"))
2069
2070 def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
2071 check_dpp_capab(dev[0])
2072 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2073 with HWSimRadio() as (radio, iface):
2074 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2075 try:
2076 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2077 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2078 if "status,COMPLETE" not in res:
2079 raise Exception("dev_exec_action did not succeed: " + res)
2080 hex = res.split(',')[3]
2081 uri = from_hex(hex)
2082 logger.info("URI from sigma_dut: " + uri)
2083
2084 cmd = "DPP_CONFIGURATOR_ADD"
2085 res = dev[0].request(cmd)
2086 if "FAIL" in res:
2087 raise Exception("Failed to add configurator")
2088 conf_id = int(res)
2089
2090 id1 = dev[0].dpp_qr_code(uri)
2091
2092 t = threading.Thread(target=dpp_init_conf,
2093 args=(dev[0], id1, ap_conf, conf_id, extra))
2094 t.start()
2095 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2096 t.join()
2097 if "ConfResult,OK" not in res:
2098 raise Exception("Unexpected result: " + res)
2099
2100 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
2101 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2102
2103 id0b = dev[0].dpp_qr_code(uri1)
2104
2105 dev[1].set("dpp_config_processing", "2")
2106 cmd = "DPP_LISTEN 2412"
2107 if "OK" not in dev[1].request(cmd):
2108 raise Exception("Failed to start listen operation")
2109 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
2110 if "OK" not in dev[0].request(cmd):
2111 raise Exception("Failed to initiate DPP Authentication")
2112 dev[1].wait_connected()
2113
2114 sigma_dut_cmd_check("ap_reset_default")
2115 finally:
2116 dev[1].set("dpp_config_processing", "0")
2117 stop_sigma_dut(sigma)
2118
2119 def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
2120 """sigma_dut controlled AP as DPP PKEX responder"""
2121 check_dpp_capab(dev[0])
2122 logdir = os.path.join(params['logdir'],
2123 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2124 with HWSimRadio() as (radio, iface):
2125 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2126 try:
2127 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
2128 finally:
2129 stop_sigma_dut(sigma)
2130
2131 def dpp_init_conf_pkex(dev, conf_id, check_config=True):
2132 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2133 time.sleep(1.5)
2134 id = dev.dpp_bootstrap_gen(type="pkex")
2135 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
2136 res = dev.request(cmd)
2137 if "FAIL" in res:
2138 raise Exception("Failed to initiate DPP PKEX")
2139 if not check_config:
2140 return
2141 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2142 if ev is None:
2143 raise Exception("DPP configuration not completed (Configurator)")
2144 logger.info("DPP initiator/configurator done")
2145
2146 def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
2147 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2148
2149 cmd = "DPP_CONFIGURATOR_ADD"
2150 res = dev[0].request(cmd)
2151 if "FAIL" in res:
2152 raise Exception("Failed to add configurator")
2153 conf_id = int(res)
2154
2155 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
2156 t.start()
2157 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
2158 t.join()
2159 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2160 raise Exception("Unexpected result: " + res)
2161
2162 sigma_dut_cmd_check("ap_reset_default")
2163
2164 def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2165 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2166 check_dpp_capab(dev[0])
2167 sigma = start_sigma_dut(dev[0].ifname)
2168 try:
2169 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
2170 finally:
2171 stop_sigma_dut(sigma)
2172
2173 def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2174 cmd = "DPP_CONFIGURATOR_ADD"
2175 res = dev[1].request(cmd)
2176 if "FAIL" in res:
2177 raise Exception("Failed to add configurator")
2178 conf_id = int(res)
2179
2180 dev[1].set("dpp_test", "44")
2181
2182 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
2183 False))
2184 t.start()
2185 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
2186 t.join()
2187 if "BootstrapResult,Timeout" not in res:
2188 raise Exception("Unexpected result: " + res)
2189
2190 def dpp_proto_init(dev, id1):
2191 time.sleep(1)
2192 logger.info("Starting DPP initiator/configurator in a thread")
2193 cmd = "DPP_CONFIGURATOR_ADD"
2194 res = dev.request(cmd)
2195 if "FAIL" in res:
2196 raise Exception("Failed to add configurator")
2197 conf_id = int(res)
2198
2199 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
2200 if "OK" not in dev.request(cmd):
2201 raise Exception("Failed to initiate DPP Authentication")
2202
2203 def test_sigma_dut_dpp_proto_initiator(dev, apdev):
2204 """sigma_dut DPP protocol testing - Initiator"""
2205 check_dpp_capab(dev[0])
2206 check_dpp_capab(dev[1])
2207 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
2208 "BootstrapResult,OK,AuthResult,Errorsent",
2209 None),
2210 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2211 "BootstrapResult,OK,AuthResult,Errorsent",
2212 None),
2213 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2214 "BootstrapResult,OK,AuthResult,Errorsent",
2215 "Missing or invalid I-capabilities"),
2216 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2217 "BootstrapResult,OK,AuthResult,Errorsent",
2218 "Mismatching Initiator Authenticating Tag"),
2219 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2220 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2221 "Missing or invalid Enrollee Nonce attribute")]
2222 for step, frame, attr, result, fail in tests:
2223 dev[0].request("FLUSH")
2224 dev[1].request("FLUSH")
2225 sigma = start_sigma_dut(dev[0].ifname)
2226 try:
2227 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
2228 fail)
2229 finally:
2230 stop_sigma_dut(sigma)
2231
2232 def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
2233 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2234 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2235
2236 cmd = "DPP_LISTEN 2437 role=enrollee"
2237 if "OK" not in dev[1].request(cmd):
2238 raise Exception("Failed to start listen operation")
2239
2240 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2241 if "status,COMPLETE" not in res:
2242 raise Exception("dev_exec_action did not succeed: " + res)
2243
2244 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
2245 timeout=10)
2246 if result not in res:
2247 raise Exception("Unexpected result: " + res)
2248 if fail:
2249 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2250 if ev is None or fail not in ev:
2251 raise Exception("Failure not reported correctly: " + str(ev))
2252
2253 dev[1].request("DPP_STOP_LISTEN")
2254 dev[0].dump_monitor()
2255 dev[1].dump_monitor()
2256
2257 def test_sigma_dut_dpp_proto_responder(dev, apdev):
2258 """sigma_dut DPP protocol testing - Responder"""
2259 check_dpp_capab(dev[0])
2260 check_dpp_capab(dev[1])
2261 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2262 "BootstrapResult,OK,AuthResult,Errorsent",
2263 "Missing or invalid required DPP Status attribute"),
2264 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2265 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2266 "Missing or invalid Enrollee Nonce attribute")]
2267 for step, frame, attr, result, fail in tests:
2268 dev[0].request("FLUSH")
2269 dev[1].request("FLUSH")
2270 sigma = start_sigma_dut(dev[0].ifname)
2271 try:
2272 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2273 fail)
2274 finally:
2275 stop_sigma_dut(sigma)
2276
2277 def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2278 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2279 if "status,COMPLETE" not in res:
2280 raise Exception("dev_exec_action did not succeed: " + res)
2281 hex = res.split(',')[3]
2282 uri = from_hex(hex)
2283 logger.info("URI from sigma_dut: " + uri)
2284
2285 id1 = dev[1].dpp_qr_code(uri)
2286
2287 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2288 t.start()
2289 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2290 t.join()
2291 if result not in res:
2292 raise Exception("Unexpected result: " + res)
2293 if fail:
2294 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2295 if ev is None or fail not in ev:
2296 raise Exception("Failure not reported correctly:" + str(ev))
2297
2298 dev[1].request("DPP_STOP_LISTEN")
2299 dev[0].dump_monitor()
2300 dev[1].dump_monitor()
2301
2302 def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2303 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2304 check_dpp_capab(dev[0])
2305 check_dpp_capab(dev[1])
2306 tests = [("AuthenticationResponse",
2307 "BootstrapResult,OK,AuthResult,Errorsent",
2308 None),
2309 ("ConfigurationRequest",
2310 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2311 None)]
2312 for frame, result, fail in tests:
2313 dev[0].request("FLUSH")
2314 dev[1].request("FLUSH")
2315 sigma = start_sigma_dut(dev[0].ifname)
2316 try:
2317 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2318 finally:
2319 stop_sigma_dut(sigma)
2320
2321 def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
2322 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2323 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2324
2325 cmd = "DPP_LISTEN 2437 role=enrollee"
2326 if "OK" not in dev[1].request(cmd):
2327 raise Exception("Failed to start listen operation")
2328
2329 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2330 if "status,COMPLETE" not in res:
2331 raise Exception("dev_exec_action did not succeed: " + res)
2332
2333 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2334 if result not in res:
2335 raise Exception("Unexpected result: " + res)
2336 if fail:
2337 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2338 if ev is None or fail not in ev:
2339 raise Exception("Failure not reported correctly: " + str(ev))
2340
2341 dev[1].request("DPP_STOP_LISTEN")
2342 dev[0].dump_monitor()
2343 dev[1].dump_monitor()
2344
2345 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2346 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2347 check_dpp_capab(dev[0])
2348 check_dpp_capab(dev[1])
2349 tests = [("AuthenticationConfirm",
2350 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2351 None)]
2352 for frame, result, fail in tests:
2353 dev[0].request("FLUSH")
2354 dev[1].request("FLUSH")
2355 sigma = start_sigma_dut(dev[0].ifname)
2356 try:
2357 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2358 result, fail)
2359 finally:
2360 stop_sigma_dut(sigma)
2361
2362 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2363 fail):
2364 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2365 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2366
2367 cmd = "DPP_LISTEN 2437 role=configurator"
2368 if "OK" not in dev[1].request(cmd):
2369 raise Exception("Failed to start listen operation")
2370
2371 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2372 if "status,COMPLETE" not in res:
2373 raise Exception("dev_exec_action did not succeed: " + res)
2374
2375 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2376 if result not in res:
2377 raise Exception("Unexpected result: " + res)
2378 if fail:
2379 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2380 if ev is None or fail not in ev:
2381 raise Exception("Failure not reported correctly: " + str(ev))
2382
2383 dev[1].request("DPP_STOP_LISTEN")
2384 dev[0].dump_monitor()
2385 dev[1].dump_monitor()
2386
2387 def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2388 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2389 check_dpp_capab(dev[0])
2390 check_dpp_capab(dev[1])
2391 tests = [("AuthenticationRequest",
2392 "BootstrapResult,OK,AuthResult,Errorsent",
2393 None),
2394 ("AuthenticationConfirm",
2395 "BootstrapResult,OK,AuthResult,Errorsent",
2396 None)]
2397 for frame, result, fail in tests:
2398 dev[0].request("FLUSH")
2399 dev[1].request("FLUSH")
2400 sigma = start_sigma_dut(dev[0].ifname)
2401 try:
2402 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2403 finally:
2404 stop_sigma_dut(sigma)
2405
2406 def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2407 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2408 if "status,COMPLETE" not in res:
2409 raise Exception("dev_exec_action did not succeed: " + res)
2410 hex = res.split(',')[3]
2411 uri = from_hex(hex)
2412 logger.info("URI from sigma_dut: " + uri)
2413
2414 id1 = dev[1].dpp_qr_code(uri)
2415
2416 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2417 t.start()
2418 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2419 t.join()
2420 if result not in res:
2421 raise Exception("Unexpected result: " + res)
2422 if fail:
2423 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2424 if ev is None or fail not in ev:
2425 raise Exception("Failure not reported correctly:" + str(ev))
2426
2427 dev[1].request("DPP_STOP_LISTEN")
2428 dev[0].dump_monitor()
2429 dev[1].dump_monitor()
2430
2431 def dpp_proto_init_pkex(dev):
2432 time.sleep(1)
2433 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2434 cmd = "DPP_CONFIGURATOR_ADD"
2435 res = dev.request(cmd)
2436 if "FAIL" in res:
2437 raise Exception("Failed to add configurator")
2438 conf_id = int(res)
2439
2440 id = dev.dpp_bootstrap_gen(type="pkex")
2441
2442 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2443 if "FAIL" in dev.request(cmd):
2444 raise Exception("Failed to initiate DPP PKEX")
2445
2446 def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2447 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2448 check_dpp_capab(dev[0])
2449 check_dpp_capab(dev[1])
2450 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2451 "BootstrapResult,Errorsent",
2452 None),
2453 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2454 "BootstrapResult,Errorsent",
2455 "Missing or invalid Finite Cyclic Group attribute"),
2456 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2457 "BootstrapResult,Errorsent",
2458 "No valid peer bootstrapping key found")]
2459 for step, frame, attr, result, fail in tests:
2460 dev[0].request("FLUSH")
2461 dev[1].request("FLUSH")
2462 sigma = start_sigma_dut(dev[0].ifname)
2463 try:
2464 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2465 result, fail)
2466 finally:
2467 stop_sigma_dut(sigma)
2468
2469 def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
2470 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2471
2472 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2473 res = dev[1].request(cmd)
2474 if "FAIL" in res:
2475 raise Exception("Failed to set PKEX data (responder)")
2476
2477 cmd = "DPP_LISTEN 2437 role=enrollee"
2478 if "OK" not in dev[1].request(cmd):
2479 raise Exception("Failed to start listen operation")
2480
2481 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
2482 if result not in res:
2483 raise Exception("Unexpected result: " + res)
2484 if fail:
2485 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2486 if ev is None or fail not in ev:
2487 raise Exception("Failure not reported correctly: " + str(ev))
2488
2489 dev[1].request("DPP_STOP_LISTEN")
2490 dev[0].dump_monitor()
2491 dev[1].dump_monitor()
2492
2493 def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2494 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2495 check_dpp_capab(dev[0])
2496 check_dpp_capab(dev[1])
2497 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2498 "BootstrapResult,Errorsent",
2499 None),
2500 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2501 "BootstrapResult,Errorsent",
2502 "No DPP Status attribute"),
2503 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2504 "BootstrapResult,Errorsent",
2505 "No valid peer bootstrapping key found")]
2506 for step, frame, attr, result, fail in tests:
2507 dev[0].request("FLUSH")
2508 dev[1].request("FLUSH")
2509 sigma = start_sigma_dut(dev[0].ifname)
2510 try:
2511 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2512 result, fail)
2513 finally:
2514 stop_sigma_dut(sigma)
2515
2516 def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2517 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2518 t.start()
2519 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2520 t.join()
2521 if result not in res:
2522 raise Exception("Unexpected result: " + res)
2523 if fail:
2524 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2525 if ev is None or fail not in ev:
2526 raise Exception("Failure not reported correctly:" + str(ev))
2527
2528 dev[1].request("DPP_STOP_LISTEN")
2529 dev[0].dump_monitor()
2530 dev[1].dump_monitor()
2531
2532 def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2533 check_dpp_capab(dev[0])
2534 check_dpp_capab(dev[1])
2535
2536 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2537 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2538 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2539 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2540
2541 params = {"ssid": "DPPNET01",
2542 "wpa": "2",
2543 "ieee80211w": "2",
2544 "wpa_key_mgmt": "DPP",
2545 "rsn_pairwise": "CCMP",
2546 "dpp_connector": ap_connector,
2547 "dpp_csign": csign_pub,
2548 "dpp_netaccesskey": ap_netaccesskey}
2549 try:
2550 hapd = hostapd.add_ap(apdev[0], params)
2551 except:
2552 raise HwsimSkip("DPP not supported")
2553
2554 dev[0].set("dpp_config_processing", "2")
2555
2556 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2557 res = dev[1].request(cmd)
2558 if "FAIL" in res:
2559 raise Exception("Failed to add configurator")
2560 conf_id = int(res)
2561
2562 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2563 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2564
2565 dev[1].set("dpp_configurator_params",
2566 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2567 conf_id))
2568 cmd = "DPP_LISTEN 2437 role=configurator"
2569 if "OK" not in dev[1].request(cmd):
2570 raise Exception("Failed to start listen operation")
2571
2572 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2573 if "status,COMPLETE" not in res:
2574 raise Exception("dev_exec_action did not succeed: " + res)
2575
2576 def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2577 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2578 sigma = start_sigma_dut(dev[0].ifname)
2579 try:
2580 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2581
2582 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2583 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2584 raise Exception("Unexpected result: " + res)
2585 finally:
2586 dev[0].set("dpp_config_processing", "0", allow_fail=True)
2587 stop_sigma_dut(sigma)
2588
2589 def test_sigma_dut_dpp_self_config(dev, apdev):
2590 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2591 check_dpp_capab(dev[0])
2592
2593 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2594 check_dpp_capab(hapd)
2595
2596 sigma = start_sigma_dut(dev[0].ifname)
2597 try:
2598 dev[0].set("dpp_config_processing", "2")
2599 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2600 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2601
2602 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2603 if "status,COMPLETE" not in res:
2604 raise Exception("dev_exec_action did not succeed: " + res)
2605
2606 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2607 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2608 raise Exception("Unexpected result: " + res)
2609 update_hapd_config(hapd)
2610
2611 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2612 res = sigma_dut_cmd(cmd, timeout=10)
2613 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2614 raise Exception("Unexpected result: " + res)
2615 finally:
2616 stop_sigma_dut(sigma)
2617 dev[0].set("dpp_config_processing", "0")
2618
2619 def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2620 """sigma_dut DPP AP Configurator using self-configuration"""
2621 logdir = os.path.join(params['logdir'],
2622 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2623 with HWSimRadio() as (radio, iface):
2624 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2625 try:
2626 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2627 finally:
2628 stop_sigma_dut(sigma)
2629 dev[0].set("dpp_config_processing", "0", allow_fail=True)
2630
2631 def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2632 check_dpp_capab(dev[0])
2633
2634 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2635
2636 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2637 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2638 raise Exception("Unexpected result: " + res)
2639
2640 dev[0].set("dpp_config_processing", "2")
2641
2642 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
2643 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2644 cmd = "DPP_LISTEN 2462 role=enrollee"
2645 if "OK" not in dev[0].request(cmd):
2646 raise Exception("Failed to start listen operation")
2647
2648 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2649 if "status,COMPLETE" not in res:
2650 raise Exception("dev_exec_action did not succeed: " + res)
2651 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2652 res = sigma_dut_cmd(cmd)
2653 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2654 raise Exception("Unexpected result: " + res)
2655 dev[0].wait_connected()
2656 dev[0].request("DISCONNECT")
2657 dev[0].wait_disconnected()
2658 sigma_dut_cmd_check("ap_reset_default")
2659
2660
2661 def test_sigma_dut_ap_dpp_relay(dev, apdev, params):
2662 """sigma_dut DPP AP as Relay to Controller"""
2663 logdir = os.path.join(params['logdir'],
2664 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2665 with HWSimRadio() as (radio, iface):
2666 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2667 try:
2668 run_sigma_dut_ap_dpp_relay(dev, apdev)
2669 finally:
2670 stop_sigma_dut(sigma)
2671 dev[1].request("DPP_CONTROLLER_STOP")
2672
2673 def run_sigma_dut_ap_dpp_relay(dev, apdev):
2674 check_dpp_capab(dev[0])
2675 check_dpp_capab(dev[1])
2676
2677 # Controller
2678 conf_id = dev[1].dpp_configurator_add()
2679 dev[1].set("dpp_configurator_params",
2680 " conf=sta-dpp configurator=%d" % conf_id)
2681 id_c = dev[1].dpp_bootstrap_gen()
2682 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2683 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
2684 pkhash = None
2685 for line in res.splitlines():
2686 name, value = line.split('=')
2687 if name == "pkhash":
2688 pkhash = value
2689 break
2690 if not pkhash:
2691 raise Exception("Could not fetch public key hash from Controller")
2692 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2693 raise Exception("Failed to start Controller")
2694
2695 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2696 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash)
2697 res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2698
2699 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
2700 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0])
2701
2702 sigma_dut_cmd_check("ap_reset_default")
2703
2704 def dpp_init_tcp_enrollee(dev, id1):
2705 logger.info("Starting DPP initiator/enrollee (TCP) in a thread")
2706 time.sleep(1)
2707 cmd = "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2708 if "OK" not in dev.request(cmd):
2709 raise Exception("Failed to initiate DPP Authentication")
2710 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2711 if ev is None:
2712 raise Exception("DPP configuration not completed (Enrollee)")
2713 logger.info("DPP initiator/enrollee done")
2714
2715 def test_sigma_dut_dpp_tcp_conf_resp(dev, apdev):
2716 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2717 run_sigma_dut_dpp_tcp_conf_resp(dev)
2718
2719 def run_sigma_dut_dpp_tcp_conf_resp(dev, status_query=False):
2720 check_dpp_capab(dev[0])
2721 check_dpp_capab(dev[1])
2722 sigma = start_sigma_dut(dev[0].ifname)
2723 try:
2724 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2725 res = sigma_dut_cmd(cmd)
2726 if "status,COMPLETE" not in res:
2727 raise Exception("dev_exec_action did not succeed: " + res)
2728 hex = res.split(',')[3]
2729 uri = from_hex(hex)
2730 logger.info("URI from sigma_dut: " + uri)
2731
2732 id1 = dev[1].dpp_qr_code(uri)
2733
2734 t = threading.Thread(target=dpp_init_tcp_enrollee, args=(dev[1], id1))
2735 t.start()
2736 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2737 if status_query:
2738 cmd += ",DPPStatusQuery,Yes"
2739 res = sigma_dut_cmd(cmd, timeout=10)
2740 t.join()
2741 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2742 raise Exception("Unexpected result: " + res)
2743 if status_query and "StatusResult,0" not in res:
2744 raise Exception("Status query did not succeed: " + res)
2745 finally:
2746 stop_sigma_dut(sigma)
2747
2748 def test_sigma_dut_dpp_tcp_enrollee_init(dev, apdev):
2749 """sigma_dut DPP TCP Enrollee as initiator"""
2750 check_dpp_capab(dev[0])
2751 check_dpp_capab(dev[1])
2752 sigma = start_sigma_dut(dev[0].ifname)
2753 try:
2754 # Controller
2755 conf_id = dev[1].dpp_configurator_add()
2756 dev[1].set("dpp_configurator_params",
2757 " conf=sta-dpp configurator=%d" % conf_id)
2758 id_c = dev[1].dpp_bootstrap_gen()
2759 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2760 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2761 raise Exception("Failed to start Controller")
2762
2763 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
2764 if "status,COMPLETE" not in res:
2765 raise Exception("dev_exec_action did not succeed: " + res)
2766
2767 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2768 res = sigma_dut_cmd(cmd, timeout=10)
2769 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2770 raise Exception("Unexpected result: " + res)
2771 finally:
2772 stop_sigma_dut(sigma)
2773 dev[1].request("DPP_CONTROLLER_STOP")
2774
2775 def test_sigma_dut_preconfigured_profile(dev, apdev):
2776 """sigma_dut controlled connection using preconfigured profile"""
2777 try:
2778 run_sigma_dut_preconfigured_profile(dev, apdev)
2779 finally:
2780 dev[0].set("ignore_old_scan_res", "0")
2781
2782 def run_sigma_dut_preconfigured_profile(dev, apdev):
2783 ifname = dev[0].ifname
2784 sigma = start_sigma_dut(ifname)
2785
2786 try:
2787 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2788 hapd = hostapd.add_ap(apdev[0], params)
2789 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2790 only_add_network=True)
2791
2792 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2793 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"),
2794 timeout=10)
2795 sigma_dut_wait_connected(ifname)
2796 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2797 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2798 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2799 finally:
2800 stop_sigma_dut(sigma)
2801
2802 def test_sigma_dut_wps_pbc(dev, apdev):
2803 """sigma_dut and WPS PBC Enrollee"""
2804 try:
2805 run_sigma_dut_wps_pbc(dev, apdev)
2806 finally:
2807 dev[0].set("ignore_old_scan_res", "0")
2808
2809 def run_sigma_dut_wps_pbc(dev, apdev):
2810 ssid = "test-wps-conf"
2811 hapd = hostapd.add_ap(apdev[0],
2812 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2813 "wpa_passphrase": "12345678", "wpa": "2",
2814 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2815 hapd.request("WPS_PBC")
2816
2817 ifname = dev[0].ifname
2818 sigma = start_sigma_dut(ifname)
2819
2820 try:
2821 cmd = "start_wps_registration,interface,%s" % ifname
2822 cmd += ",WpsRole,Enrollee"
2823 cmd += ",WpsConfigMethod,PBC"
2824 sigma_dut_cmd_check(cmd, timeout=15)
2825
2826 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2827 hapd.disable()
2828 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2829 finally:
2830 stop_sigma_dut(sigma)
2831 dev[0].flush_scan_cache()
2832
2833 def test_sigma_dut_sta_scan_bss(dev, apdev):
2834 """sigma_dut sta_scan_bss"""
2835 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
2836 sigma = start_sigma_dut(dev[0].ifname)
2837 try:
2838 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2839 hapd.own_addr())
2840 res = sigma_dut_cmd(cmd, timeout=10)
2841 if "ssid,test,bsschannel,1" not in res:
2842 raise Exception("Unexpected result: " + res)
2843 finally:
2844 stop_sigma_dut(sigma)
2845
2846 def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2847 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2848 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2849 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2850 sigma = start_sigma_dut(dev[0].ifname)
2851 try:
2852 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
2853 res = sigma_dut_cmd(cmd, timeout=10)
2854 if "abcdef" not in res or "qwerty" not in res:
2855 raise Exception("Unexpected result: " + res)
2856 finally:
2857 stop_sigma_dut(sigma)
2858
2859 def test_sigma_dut_ap_osen(dev, apdev, params):
2860 """sigma_dut controlled AP with OSEN"""
2861 logdir = os.path.join(params['logdir'],
2862 "sigma_dut_ap_osen.sigma-hostapd")
2863 with HWSimRadio() as (radio, iface):
2864 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2865 try:
2866 sigma_dut_cmd_check("ap_reset_default")
2867 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2868 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2869 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2870 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2871
2872 # RSN-OSEN (for OSU)
2873 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2874 pairwise="CCMP", group="GTK_NOT_USED",
2875 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2876 ca_cert="auth_serv/ca.pem", scan_freq="2412")
2877
2878 sigma_dut_cmd_check("ap_reset_default")
2879 finally:
2880 stop_sigma_dut(sigma)
2881
2882 def test_sigma_dut_ap_eap_osen(dev, apdev, params):
2883 """sigma_dut controlled AP with EAP+OSEN"""
2884 logdir = os.path.join(params['logdir'],
2885 "sigma_dut_ap_eap_osen.sigma-hostapd")
2886 with HWSimRadio() as (radio, iface):
2887 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
2888 try:
2889 sigma_dut_cmd_check("ap_reset_default")
2890 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2891 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2892 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2893 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2894
2895 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2896 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2897
2898 # RSN-OSEN (for OSU)
2899 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2900 pairwise="CCMP",
2901 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2902 ca_cert="auth_serv/ca.pem", ieee80211w='2',
2903 scan_freq="2412")
2904 # RSN-EAP (for data connection)
2905 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2906 identity="hs20-test", password="password",
2907 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2908 ieee80211w='2', scan_freq="2412")
2909
2910 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
2911 success_expected=False, timeout=1)
2912
2913 sigma_dut_cmd_check("ap_reset_default")
2914 finally:
2915 stop_sigma_dut(sigma)
2916 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2917 stderr=open('/dev/null', 'w'))
2918 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2919 stderr=open('/dev/null', 'w'))
2920
2921 def test_sigma_dut_ap_eap(dev, apdev, params):
2922 """sigma_dut controlled AP WPA2-Enterprise"""
2923 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2924 with HWSimRadio() as (radio, iface):
2925 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2926 try:
2927 sigma_dut_cmd_check("ap_reset_default")
2928 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2929 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2930 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2931 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2932
2933 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
2934 identity="gpsk user",
2935 password="abcdefghijklmnop0123456789abcdef",
2936 scan_freq="2412")
2937
2938 sigma_dut_cmd_check("ap_reset_default")
2939 finally:
2940 stop_sigma_dut(sigma)
2941
2942 def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
2943 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2944 logdir = os.path.join(params['logdir'],
2945 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2946 with HWSimRadio() as (radio, iface):
2947 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2948 try:
2949 sigma_dut_cmd_check("ap_reset_default")
2950 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2951 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2952 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2953 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2954
2955 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
2956 identity="gpsk user",
2957 password="abcdefghijklmnop0123456789abcdef",
2958 scan_freq="2412")
2959
2960 sigma_dut_cmd_check("ap_reset_default")
2961 finally:
2962 stop_sigma_dut(sigma)
2963
2964 def test_sigma_dut_ap_ft_eap(dev, apdev, params):
2965 """sigma_dut controlled AP FT-EAP"""
2966 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2967 with HWSimRadio() as (radio, iface):
2968 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2969 try:
2970 sigma_dut_cmd_check("ap_reset_default")
2971 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2972 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2973 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2974 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2975
2976 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2977 identity="gpsk user",
2978 password="abcdefghijklmnop0123456789abcdef",
2979 scan_freq="2412")
2980
2981 sigma_dut_cmd_check("ap_reset_default")
2982 finally:
2983 stop_sigma_dut(sigma)
2984
2985 def test_sigma_dut_ap_ft_psk(dev, apdev, params):
2986 """sigma_dut controlled AP FT-PSK"""
2987 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2988 with HWSimRadio() as (radio, iface):
2989 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2990 try:
2991 sigma_dut_cmd_check("ap_reset_default")
2992 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2993 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2994 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2995
2996 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2997 scan_freq="2412")
2998
2999 sigma_dut_cmd_check("ap_reset_default")
3000 finally:
3001 stop_sigma_dut(sigma)
3002
3003 def test_sigma_dut_ap_ft_over_ds_psk(dev, apdev, params):
3004 """sigma_dut controlled AP FT-PSK (over-DS)"""
3005 logdir = os.path.join(params['logdir'],
3006 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
3007 conffile = os.path.join(params['logdir'],
3008 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
3009 with HWSimRadio() as (radio, iface):
3010 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3011 try:
3012 sigma_dut_cmd_check("ap_reset_default")
3013 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
3014 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3015 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3016
3017 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3018 with open(conffile, "wb") as f2:
3019 f2.write(f.read())
3020
3021 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
3022 scan_freq="2412")
3023
3024 sigma_dut_cmd_check("ap_reset_default")
3025 finally:
3026 stop_sigma_dut(sigma)
3027
3028 def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
3029 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
3030 logdir = os.path.join(params['logdir'],
3031 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
3032 with HWSimRadio() as (radio, iface):
3033 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3034 try:
3035 sigma_dut_cmd_check("ap_reset_default")
3036 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3037 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3038 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
3039 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3040
3041 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
3042 identity="gpsk user",
3043 password="abcdefghijklmnop0123456789abcdef",
3044 scan_freq="2412")
3045 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
3046 identity="gpsk user",
3047 password="abcdefghijklmnop0123456789abcdef",
3048 scan_freq="2412")
3049
3050 sigma_dut_cmd_check("ap_reset_default")
3051 finally:
3052 stop_sigma_dut(sigma)
3053
3054 def test_sigma_dut_venue_url(dev, apdev):
3055 """sigma_dut controlled Venue URL fetch"""
3056 try:
3057 run_sigma_dut_venue_url(dev, apdev)
3058 finally:
3059 dev[0].set("ignore_old_scan_res", "0")
3060
3061 def run_sigma_dut_venue_url(dev, apdev):
3062 ifname = dev[0].ifname
3063 sigma = start_sigma_dut(ifname)
3064
3065 try:
3066 ssid = "venue"
3067 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3068 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3069 params["ieee80211w"] = "2"
3070
3071 venue_group = 1
3072 venue_type = 13
3073 venue_info = struct.pack('BB', venue_group, venue_type)
3074 lang1 = "eng"
3075 name1 = "Example venue"
3076 lang2 = "fin"
3077 name2 = "Esimerkkipaikka"
3078 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
3079 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
3080 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
3081
3082 url1 = "http://example.com/venue"
3083 url2 = "https://example.org/venue-info/"
3084 params["venue_group"] = str(venue_group)
3085 params["venue_type"] = str(venue_type)
3086 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
3087 params["venue_url"] = ["1:" + url1, "2:" + url2]
3088
3089 hapd = hostapd.add_ap(apdev[0], params)
3090
3091 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
3092 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3093 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
3094 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"),
3095 timeout=10)
3096 sigma_dut_wait_connected(ifname)
3097 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3098 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
3099 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3100 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3101 finally:
3102 stop_sigma_dut(sigma)
3103
3104 def test_sigma_dut_hs20_assoc_24(dev, apdev):
3105 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3106 run_sigma_dut_hs20_assoc(dev, apdev, True)
3107
3108 def test_sigma_dut_hs20_assoc_5(dev, apdev):
3109 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3110 run_sigma_dut_hs20_assoc(dev, apdev, False)
3111
3112 def run_sigma_dut_hs20_assoc(dev, apdev, band24):
3113 hapd0 = None
3114 hapd1 = None
3115 try:
3116 bssid0 = apdev[0]['bssid']
3117 params = hs20_ap_params()
3118 params['hessid'] = bssid0
3119 hapd0 = hostapd.add_ap(apdev[0], params)
3120
3121 bssid1 = apdev[1]['bssid']
3122 params = hs20_ap_params()
3123 params['hessid'] = bssid0
3124 params["hw_mode"] = "a"
3125 params["channel"] = "36"
3126 params["country_code"] = "US"
3127 hapd1 = hostapd.add_ap(apdev[1], params)
3128
3129 band = "2.4" if band24 else "5"
3130 exp_bssid = bssid0 if band24 else bssid1
3131 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
3132 finally:
3133 dev[0].request("DISCONNECT")
3134 if hapd0:
3135 hapd0.request("DISABLE")
3136 if hapd1:
3137 hapd1.request("DISABLE")
3138 subprocess.call(['iw', 'reg', 'set', '00'])
3139 dev[0].flush_scan_cache()
3140
3141 def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
3142 check_eap_capa(dev[0], "MSCHAPV2")
3143 dev[0].flush_scan_cache()
3144
3145 ifname = dev[0].ifname
3146 sigma = start_sigma_dut(ifname)
3147
3148 try:
3149 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
3150 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3151 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
3152 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
3153 timeout=15)
3154 sigma_dut_wait_connected(ifname)
3155 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3156 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3157 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3158 finally:
3159 stop_sigma_dut(sigma)
3160
3161 if "BSSID," + expect_bssid not in res:
3162 raise Exception("Unexpected BSSID: " + res)
3163
3164 def test_sigma_dut_ap_hs20(dev, apdev, params):
3165 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3166 logdir = os.path.join(params['logdir'],
3167 "sigma_dut_ap_hs20.sigma-hostapd")
3168 conffile = os.path.join(params['logdir'],
3169 "sigma_dut_ap_hs20.sigma-conf")
3170 with HWSimRadio() as (radio, iface):
3171 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3172 try:
3173 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3174 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3175 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3176 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3177 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3178 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3179 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3180 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3181 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3182 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3183 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3184 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3185 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3186 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3187
3188 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3189 with open(conffile, "wb") as f2:
3190 f2.write(f.read())
3191
3192 sigma_dut_cmd_check("ap_reset_default")
3193 finally:
3194 stop_sigma_dut(sigma)
3195
3196 def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
3197 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3198 logdir = params['logdir']
3199
3200 with open("auth_serv/ca.pem", "r") as f:
3201 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
3202 "w") as f2:
3203 f2.write(f.read())
3204
3205 src = "auth_serv/server.pem"
3206 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
3207 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3208 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3209 "-outform", "DER"],
3210 stderr=open('/dev/null', 'w'))
3211 with open(dst, "rb") as f:
3212 der = f.read()
3213 hash = hashlib.sha256(der).digest()
3214 with open(hashdst, "w") as f:
3215 f.write(binascii.hexlify(hash).decode())
3216
3217 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3218 with open(dst, "w") as f:
3219 f.write(32*"00")
3220
3221 ssid = "test-wpa2-eap"
3222 params = hostapd.wpa2_eap_params(ssid=ssid)
3223 hapd = hostapd.add_ap(apdev[0], params)
3224
3225 ifname = dev[0].ifname
3226 sigma = start_sigma_dut(ifname, cert_path=logdir)
3227
3228 try:
3229 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
3230
3231 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3232 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3233 sigma_dut_cmd_check(cmd)
3234 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3235 timeout=10)
3236 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3237 if ev is None:
3238 raise Exception("Server certificate error not reported")
3239
3240 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3241 if "ServerCertTrustResult,Accepted" not in res:
3242 raise Exception("Server certificate trust was not accepted")
3243 sigma_dut_wait_connected(ifname)
3244 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3245 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3246 dev[0].dump_monitor()
3247 finally:
3248 stop_sigma_dut(sigma)
3249
3250 def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
3251 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3252 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
3253
3254 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
3255 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3256 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
3257
3258 def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
3259 logdir = params['logdir']
3260
3261 name = "sigma_dut_eap_ttls_uosc_tod"
3262 if tofu:
3263 name += "_tofu"
3264 with open("auth_serv/ca.pem", "r") as f:
3265 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3266 f2.write(f.read())
3267
3268 if tofu:
3269 src = "auth_serv/server-certpol2.pem"
3270 else:
3271 src = "auth_serv/server-certpol.pem"
3272 dst = os.path.join(logdir, name + ".server.der")
3273 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3274 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3275 "-outform", "DER"],
3276 stderr=open('/dev/null', 'w'))
3277 with open(dst, "rb") as f:
3278 der = f.read()
3279 hash = hashlib.sha256(der).digest()
3280 with open(hashdst, "w") as f:
3281 f.write(binascii.hexlify(hash).decode())
3282
3283 ssid = "test-wpa2-eap"
3284 params = int_eap_server_params()
3285 params["ssid"] = ssid
3286 if tofu:
3287 params["server_cert"] = "auth_serv/server-certpol2.pem"
3288 params["private_key"] = "auth_serv/server-certpol2.key"
3289 else:
3290 params["server_cert"] = "auth_serv/server-certpol.pem"
3291 params["private_key"] = "auth_serv/server-certpol.key"
3292 hapd = hostapd.add_ap(apdev[0], params)
3293
3294 ifname = dev[0].ifname
3295 sigma = start_sigma_dut(ifname, cert_path=logdir)
3296
3297 try:
3298 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
3299 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3300 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3301 sigma_dut_cmd_check(cmd)
3302 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3303 timeout=10)
3304 sigma_dut_wait_connected(ifname)
3305 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3306 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
3307 dev[0].wait_disconnected()
3308 dev[0].dump_monitor()
3309
3310 hapd.disable()
3311 params = hostapd.wpa2_eap_params(ssid=ssid)
3312 hapd = hostapd.add_ap(apdev[0], params)
3313
3314 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3315 timeout=10)
3316 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3317 if ev is None:
3318 raise Exception("Server certificate error not reported")
3319
3320 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3321 if "ServerCertTrustResult,Accepted" in res:
3322 raise Exception("Server certificate trust override was accepted unexpectedly")
3323 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3324 dev[0].dump_monitor()
3325 finally:
3326 stop_sigma_dut(sigma)
3327
3328 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
3329 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3330 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
3331
3332 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
3333 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3334 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
3335
3336 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
3337 logdir = params['logdir']
3338
3339 name = "sigma_dut_eap_ttls_uosc_initial_tod"
3340 if tofu:
3341 name += "_tofu"
3342 with open("auth_serv/rsa3072-ca.pem", "r") as f:
3343 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3344 f2.write(f.read())
3345
3346 if tofu:
3347 src = "auth_serv/server-certpol2.pem"
3348 else:
3349 src = "auth_serv/server-certpol.pem"
3350 dst = os.path.join(logdir, name + ".server.der")
3351 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3352 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3353 "-outform", "DER"],
3354 stderr=open('/dev/null', 'w'))
3355 with open(dst, "rb") as f:
3356 der = f.read()
3357 hash = hashlib.sha256(der).digest()
3358 with open(hashdst, "w") as f:
3359 f.write(binascii.hexlify(hash).decode())
3360
3361 ssid = "test-wpa2-eap"
3362 params = int_eap_server_params()
3363 params["ssid"] = ssid
3364 if tofu:
3365 params["server_cert"] = "auth_serv/server-certpol2.pem"
3366 params["private_key"] = "auth_serv/server-certpol2.key"
3367 else:
3368 params["server_cert"] = "auth_serv/server-certpol.pem"
3369 params["private_key"] = "auth_serv/server-certpol.key"
3370 hapd = hostapd.add_ap(apdev[0], params)
3371
3372 ifname = dev[0].ifname
3373 sigma = start_sigma_dut(ifname, cert_path=logdir)
3374
3375 try:
3376 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
3377 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3378 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3379 sigma_dut_cmd_check(cmd)
3380 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3381 timeout=10)
3382 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
3383 if ev is None:
3384 raise Exception("Server certificate validation failure not reported")
3385
3386 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3387 if not tofu and "ServerCertTrustResult,Accepted" in res:
3388 raise Exception("Server certificate trust override was accepted unexpectedly")
3389 if tofu and "ServerCertTrustResult,Accepted" not in res:
3390 raise Exception("Server certificate trust override was not accepted")
3391 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3392 dev[0].dump_monitor()
3393 finally:
3394 stop_sigma_dut(sigma)
3395
3396 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
3397 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3398 check_domain_suffix_match(dev[0])
3399 logdir = params['logdir']
3400
3401 with open("auth_serv/ca.pem", "r") as f:
3402 with open(os.path.join(logdir,
3403 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3404 "w") as f2:
3405 f2.write(f.read())
3406
3407 ssid = "test-wpa2-eap"
3408 params = int_eap_server_params()
3409 params["ssid"] = ssid
3410 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3411 params["server_cert"] = "auth_serv/rsa3072-server.pem"
3412 params["private_key"] = "auth_serv/rsa3072-server.key"
3413 hapd = hostapd.add_ap(apdev[0], params)
3414
3415 ifname = dev[0].ifname
3416 sigma = start_sigma_dut(ifname, cert_path=logdir)
3417
3418 try:
3419 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
3420 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3421 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3422 sigma_dut_cmd_check(cmd)
3423 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3424 timeout=10)
3425 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3426 if ev is None:
3427 raise Exception("Server certificate error not reported")
3428
3429 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3430 if "ServerCertTrustResult,Accepted" not in res:
3431 raise Exception("Server certificate trust was not accepted")
3432 sigma_dut_wait_connected(ifname)
3433 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3434 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3435 dev[0].dump_monitor()
3436 finally:
3437 stop_sigma_dut(sigma)
3438
3439 def start_sae_pwe_ap(apdev, sae_pwe):
3440 ssid = "test-sae"
3441 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3442 params['wpa_key_mgmt'] = 'SAE'
3443 params["ieee80211w"] = "2"
3444 params['sae_groups'] = '19'
3445 params['sae_pwe'] = str(sae_pwe)
3446 return hostapd.add_ap(apdev, params)
3447
3448 def connect_sae_pwe_sta(dev, ifname, extra=None):
3449 dev.dump_monitor()
3450 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3451 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3452 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3453 if extra:
3454 cmd += "," + extra
3455 sigma_dut_cmd_check(cmd)
3456 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3457 timeout=10)
3458 sigma_dut_wait_connected(ifname)
3459 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3460 dev.wait_disconnected()
3461 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3462 dev.dump_monitor()
3463
3464 def no_connect_sae_pwe_sta(dev, ifname, extra=None):
3465 dev.dump_monitor()
3466 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3467 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3468 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3469 if extra:
3470 cmd += "," + extra
3471 sigma_dut_cmd_check(cmd)
3472 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3473 timeout=10)
3474 ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
3475 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3476 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3477 raise Exception("Unexpected connection result")
3478 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3479 dev.dump_monitor()
3480
3481 def test_sigma_dut_sae_h2e(dev, apdev):
3482 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3483 if "SAE" not in dev[0].get_capability("auth_alg"):
3484 raise HwsimSkip("SAE not supported")
3485
3486 start_sae_pwe_ap(apdev[0], 2)
3487
3488 ifname = dev[0].ifname
3489 sigma = start_sigma_dut(ifname, sae_h2e=True)
3490 try:
3491 connect_sae_pwe_sta(dev[0], ifname)
3492 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3493 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3494 res = sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname, "test-sae", "12345678"))
3495 if res != "status,ERROR,errorCode,Unsupported sae_pwe value":
3496 raise Exception("Unexpected error result: " + res)
3497 finally:
3498 stop_sigma_dut(sigma)
3499 dev[0].set("sae_pwe", "0")
3500
3501 def test_sigma_dut_sae_h2e_ap_loop(dev, apdev):
3502 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3503 if "SAE" not in dev[0].get_capability("auth_alg"):
3504 raise HwsimSkip("SAE not supported")
3505
3506 start_sae_pwe_ap(apdev[0], 0)
3507
3508 ifname = dev[0].ifname
3509 sigma = start_sigma_dut(ifname, sae_h2e=True)
3510 try:
3511 connect_sae_pwe_sta(dev[0], ifname)
3512 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3513 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3514 finally:
3515 stop_sigma_dut(sigma)
3516 dev[0].set("sae_pwe", "0")
3517
3518 def test_sigma_dut_sae_h2e_ap_h2e(dev, apdev):
3519 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3520 if "SAE" not in dev[0].get_capability("auth_alg"):
3521 raise HwsimSkip("SAE not supported")
3522
3523 start_sae_pwe_ap(apdev[0], 1)
3524
3525 ifname = dev[0].ifname
3526 sigma = start_sigma_dut(ifname, sae_h2e=True)
3527 try:
3528 connect_sae_pwe_sta(dev[0], ifname)
3529 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3530 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3531 finally:
3532 stop_sigma_dut(sigma)
3533 dev[0].set("sae_pwe", "0")
3534
3535 def test_sigma_dut_ap_sae_h2e(dev, apdev, params):
3536 """sigma_dut controlled AP with SAE H2E"""
3537 logdir = os.path.join(params['logdir'],
3538 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3539 if "SAE" not in dev[0].get_capability("auth_alg"):
3540 raise HwsimSkip("SAE not supported")
3541 with HWSimRadio() as (radio, iface):
3542 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3543 try:
3544 sigma_dut_cmd_check("ap_reset_default")
3545 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3546 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3547 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3548
3549 for sae_pwe in [0, 1, 2]:
3550 dev[0].request("SET sae_groups ")
3551 dev[0].set("sae_pwe", str(sae_pwe))
3552 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3553 ieee80211w="2", scan_freq="2412")
3554 dev[0].request("REMOVE_NETWORK all")
3555 dev[0].wait_disconnected()
3556 dev[0].dump_monitor()
3557
3558 sigma_dut_cmd_check("ap_reset_default")
3559 finally:
3560 stop_sigma_dut(sigma)
3561 dev[0].set("sae_pwe", "0")
3562
3563 def test_sigma_dut_ap_sae_h2e_only(dev, apdev, params):
3564 """sigma_dut controlled AP with SAE H2E-only"""
3565 logdir = os.path.join(params['logdir'],
3566 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3567 if "SAE" not in dev[0].get_capability("auth_alg"):
3568 raise HwsimSkip("SAE not supported")
3569 with HWSimRadio() as (radio, iface):
3570 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3571 try:
3572 sigma_dut_cmd_check("ap_reset_default")
3573 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3574 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3575 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3576
3577 dev[0].request("SET sae_groups ")
3578 dev[0].set("sae_pwe", "1")
3579 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3580 ieee80211w="2", scan_freq="2412")
3581 dev[0].request("REMOVE_NETWORK all")
3582 dev[0].wait_disconnected()
3583 dev[0].dump_monitor()
3584
3585 dev[0].set("sae_pwe", "0")
3586 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3587 ieee80211w="2", scan_freq="2412", wait_connect=False)
3588 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3589 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3590 dev[0].request("DISCONNECT")
3591 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3592 raise Exception("Unexpected connection result")
3593
3594 sigma_dut_cmd_check("ap_reset_default")
3595 finally:
3596 stop_sigma_dut(sigma)
3597 dev[0].set("sae_pwe", "0")
3598
3599 def test_sigma_dut_ap_sae_loop_only(dev, apdev, params):
3600 """sigma_dut controlled AP with SAE looping-only"""
3601 logdir = os.path.join(params['logdir'],
3602 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3603 if "SAE" not in dev[0].get_capability("auth_alg"):
3604 raise HwsimSkip("SAE not supported")
3605 with HWSimRadio() as (radio, iface):
3606 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3607 try:
3608 sigma_dut_cmd_check("ap_reset_default")
3609 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3610 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3611 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3612
3613 dev[0].request("SET sae_groups ")
3614 dev[0].set("sae_pwe", "0")
3615 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3616 ieee80211w="2", scan_freq="2412")
3617 dev[0].request("REMOVE_NETWORK all")
3618 dev[0].wait_disconnected()
3619 dev[0].dump_monitor()
3620
3621 dev[0].set("sae_pwe", "1")
3622 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3623 ieee80211w="2", scan_freq="2412", wait_connect=False)
3624 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3625 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3626 dev[0].request("DISCONNECT")
3627 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3628 raise Exception("Unexpected connection result")
3629
3630 sigma_dut_cmd_check("ap_reset_default")
3631 finally:
3632 stop_sigma_dut(sigma)
3633 dev[0].set("sae_pwe", "0")
3634
3635 def test_sigma_dut_sae_h2e_loop_forcing(dev, apdev):
3636 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3637 if "SAE" not in dev[0].get_capability("auth_alg"):
3638 raise HwsimSkip("SAE not supported")
3639
3640 ssid = "test-sae"
3641 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3642 params['wpa_key_mgmt'] = 'SAE'
3643 params["ieee80211w"] = "2"
3644 params['sae_pwe'] = '1'
3645 hapd = hostapd.add_ap(apdev[0], params)
3646
3647 ifname = dev[0].ifname
3648 sigma = start_sigma_dut(ifname)
3649 try:
3650 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3651 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3652 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname, "test-sae", "12345678"))
3653 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3654 timeout=10)
3655 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3656 if ev is None:
3657 raise Exception("No authentication attempt reported")
3658 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3659 if ev is not None:
3660 raise Exception("Unexpected connection reported")
3661 finally:
3662 stop_sigma_dut(sigma)
3663
3664 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev, apdev):
3665 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3666 if "SAE" not in dev[0].get_capability("auth_alg"):
3667 raise HwsimSkip("SAE not supported")
3668
3669 ssid = "test-sae"
3670 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3671 params['wpa_key_mgmt'] = 'SAE'
3672 params["ieee80211w"] = "2"
3673 params['sae_groups'] = "19 20"
3674 params['sae_pwe'] = '1'
3675 hapd = hostapd.add_ap(apdev[0], params)
3676
3677 ifname = dev[0].ifname
3678 sigma = start_sigma_dut(ifname, sae_h2e=True)
3679 try:
3680 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3681 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3682 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname, "test-sae", "12345678"))
3683 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3684 timeout=10)
3685 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3686 if ev is None:
3687 raise Exception("No authentication attempt reported")
3688 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3689 if ev is not None:
3690 raise Exception("Unexpected connection reported")
3691 finally:
3692 stop_sigma_dut(sigma)
3693
3694 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev, apdev):
3695 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3696 if "SAE" not in dev[0].get_capability("auth_alg"):
3697 raise HwsimSkip("SAE not supported")
3698
3699 ssid = "test-sae"
3700 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3701 params['wpa_key_mgmt'] = 'SAE'
3702 params["ieee80211w"] = "2"
3703 params['sae_groups'] = "19"
3704 params['sae_pwe'] = '1'
3705 hapd = hostapd.add_ap(apdev[0], params)
3706
3707 ifname = dev[0].ifname
3708 sigma = start_sigma_dut(ifname, sae_h2e=True)
3709 try:
3710 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3711 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3712 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname, "test-sae", "12345678"))
3713 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3714 timeout=10)
3715 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3716 if ev is None:
3717 raise Exception("No authentication attempt reported")
3718 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3719 if ev is not None:
3720 raise Exception("Unexpected connection reported")
3721 finally:
3722 stop_sigma_dut(sigma)
3723 dev[0].set("sae_pwe", "0")
3724
3725 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev, apdev, params):
3726 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3727 logdir = os.path.join(params['logdir'],
3728 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3729 if "SAE" not in dev[0].get_capability("auth_alg"):
3730 raise HwsimSkip("SAE not supported")
3731 with HWSimRadio() as (radio, iface):
3732 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3733 try:
3734 sigma_dut_cmd_check("ap_reset_default")
3735 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3736 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3737 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3738
3739 dev[0].request("SET sae_groups ")
3740 dev[0].set("sae_pwe", "1")
3741 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3742 ieee80211w="2", scan_freq="2412", wait_connect=False)
3743 ev = dev[0].wait_event(["Associated with"], timeout=10)
3744 if ev is None:
3745 raise Exception("No indication of association seen")
3746 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3747 "CTRL-EVENT-DISCONNECTED"], timeout=10)
3748 dev[0].request("DISCONNECT")
3749 if ev is None:
3750 raise Exception("No disconnection seen")
3751 if "CTRL-EVENT-DISCONNECTED" not in ev:
3752 raise Exception("Unexpected connection")
3753
3754 sigma_dut_cmd_check("ap_reset_default")
3755 finally:
3756 stop_sigma_dut(sigma)
3757 dev[0].set("sae_pwe", "0")
3758
3759 def test_sigma_dut_ap_sae_h2e_group_rejection(dev, apdev, params):
3760 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3761 logdir = os.path.join(params['logdir'],
3762 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3763 if "SAE" not in dev[0].get_capability("auth_alg"):
3764 raise HwsimSkip("SAE not supported")
3765 with HWSimRadio() as (radio, iface):
3766 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3767 try:
3768 sigma_dut_cmd_check("ap_reset_default")
3769 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3770 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3771 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3772
3773 dev[0].request("SET sae_groups 21 20 19")
3774 dev[0].set("sae_pwe", "1")
3775 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3776 ieee80211w="2", scan_freq="2412")
3777 addr = dev[0].own_addr()
3778 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr)
3779 if "DHGroupVerResult,21 20" not in res:
3780 raise Exception("Unexpected dev_exec_action response: " + res)
3781
3782 sigma_dut_cmd_check("ap_reset_default")
3783 finally:
3784 stop_sigma_dut(sigma)
3785 dev[0].set("sae_pwe", "0")
Unnamed repository; edit this file 'description' to name the repository.