1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
13 logger
= logging
.getLogger()
22 from utils
import HwsimSkip
23 from hwsim
import HWSimRadio
25 from test_dpp
import check_dpp_capab
, update_hapd_config
, wait_auth_success
26 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
27 from test_ap_eap
import check_eap_capa
, int_eap_server_params
, check_domain_match
, check_domain_suffix_match
28 from test_ap_hs20
import hs20_ap_params
30 def check_sigma_dut():
31 if not os
.path
.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
35 return binascii
.hexlify(s
.encode()).decode()
38 return binascii
.unhexlify(s
).decode()
40 def sigma_log_output(cmd
):
42 out
= cmd
.stdout
.read()
44 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
46 if e
.errno
!= errno
.EAGAIN
:
49 out
= cmd
.stderr
.read()
51 logger
.debug("sigma_dut stderr: " + str(out
.decode()))
53 if e
.errno
!= errno
.EAGAIN
:
58 def sigma_dut_cmd(cmd
, port
=9000, timeout
=2):
59 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
61 sock
.settimeout(timeout
)
62 addr
= ('127.0.0.1', port
)
64 sock
.send(cmd
.encode() + b
"\r\n")
66 res
= sock
.recv(1000).decode()
69 for line
in res
.splitlines():
70 if line
.startswith("status,RUNNING"):
72 elif line
.startswith("status,INVALID"):
74 elif line
.startswith("status,ERROR"):
76 elif line
.startswith("status,COMPLETE"):
78 if running
and not done
:
79 # Read the actual response
80 res
= sock
.recv(1000).decode()
86 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
89 sigma_log_output(sigma_prog
)
92 def sigma_dut_cmd_check(cmd
, port
=9000, timeout
=2):
93 res
= sigma_dut_cmd(cmd
, port
=port
, timeout
=timeout
)
94 if "COMPLETE" not in res
:
95 raise Exception("sigma_dut command failed: " + cmd
)
98 def start_sigma_dut(ifname
, hostapd_logdir
=None, cert_path
=None,
99 bridge
=None, sae_h2e
=False):
101 cmd
= ['./sigma_dut',
105 '-F', '../../hostapd/hostapd',
107 '-w', '/var/run/wpa_supplicant/',
110 cmd
+= ['-H', hostapd_logdir
]
112 cmd
+= ['-C', cert_path
]
114 cmd
+= ['-b', bridge
]
117 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
118 stderr
=subprocess
.PIPE
)
119 for stream
in [sigma
.stdout
, sigma
.stderr
]:
121 fl
= fcntl
.fcntl(fd
, fcntl
.F_GETFL
)
122 fcntl
.fcntl(fd
, fcntl
.F_SETFL
, fl | os
.O_NONBLOCK
)
129 res
= sigma_dut_cmd("HELLO")
133 if res
is None or "errorCode,Unknown command" not in res
:
134 raise Exception("Failed to start sigma_dut")
135 return {'cmd': sigma
, 'ifname': ifname
}
137 def stop_sigma_dut(sigma
):
141 sigma_log_output(cmd
)
142 logger
.debug("Terminating sigma_dut process")
145 out
, err
= cmd
.communicate()
146 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
147 logger
.debug("sigma_dut stderr: " + str(err
.decode()))
148 subprocess
.call(["ip", "addr", "del", "dev", sigma
['ifname'],
150 stderr
=open('/dev/null', 'w'))
152 def sigma_dut_wait_connected(ifname
):
154 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
155 if "connected,1" in res
:
159 raise Exception("Connection did not complete")
161 def test_sigma_dut_basic(dev
, apdev
):
162 """sigma_dut basic functionality"""
163 sigma
= start_sigma_dut(dev
[0].ifname
)
165 tests
= [("ca_get_version", "status,COMPLETE,version,1.0"),
166 ("device_get_info", "status,COMPLETE,vendor"),
167 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
168 ("device_list_interfaces,interfaceType,802.11",
169 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
)]
171 res
= sigma_dut_cmd("UNKNOWN")
172 if "status,INVALID,errorCode,Unknown command" not in res
:
173 raise Exception("Unexpected sigma_dut response to unknown command")
175 for cmd
, response
in tests
:
176 res
= sigma_dut_cmd(cmd
)
177 if response
not in res
:
178 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
180 stop_sigma_dut(sigma
)
182 def test_sigma_dut_open(dev
, apdev
):
183 """sigma_dut controlled open network association"""
185 run_sigma_dut_open(dev
, apdev
)
187 dev
[0].set("ignore_old_scan_res", "0")
189 def run_sigma_dut_open(dev
, apdev
):
190 ifname
= dev
[0].ifname
191 sigma
= start_sigma_dut(ifname
)
194 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "open"})
196 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
197 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
198 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"),
200 sigma_dut_wait_connected(ifname
)
201 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
202 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
203 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
205 stop_sigma_dut(sigma
)
207 def test_sigma_dut_psk_pmf(dev
, apdev
):
208 """sigma_dut controlled PSK+PMF association"""
210 run_sigma_dut_psk_pmf(dev
, apdev
)
212 dev
[0].set("ignore_old_scan_res", "0")
214 def run_sigma_dut_psk_pmf(dev
, apdev
):
215 ifname
= dev
[0].ifname
216 sigma
= start_sigma_dut(ifname
)
219 ssid
= "test-pmf-required"
220 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
221 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
222 params
["ieee80211w"] = "2"
223 hapd
= hostapd
.add_ap(apdev
[0], params
)
225 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
226 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
227 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
228 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
230 sigma_dut_wait_connected(ifname
)
231 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
232 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
233 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
235 stop_sigma_dut(sigma
)
237 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
238 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
240 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
242 dev
[0].set("ignore_old_scan_res", "0")
244 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
245 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
247 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
249 dev
[0].set("ignore_old_scan_res", "0")
251 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
252 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
254 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
256 dev
[0].set("ignore_old_scan_res", "0")
258 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
259 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
261 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
263 dev
[0].set("ignore_old_scan_res", "0")
265 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
266 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
268 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
271 dev
[0].set("ignore_old_scan_res", "0")
273 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
275 ifname
= dev
[0].ifname
276 sigma
= start_sigma_dut(ifname
)
279 ssid
= "test-pmf-required"
280 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
281 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
282 params
["ieee80211w"] = "2"
283 params
["group_mgmt_cipher"] = hostapd_cipher
284 hapd
= hostapd
.add_ap(apdev
[0], params
)
286 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
287 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
288 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
289 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
290 timeout
=2 if failure
else 10)
292 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
293 "CTRL-EVENT-CONNECTED"], timeout
=10)
295 raise Exception("Network selection result not indicated")
296 if "CTRL-EVENT-CONNECTED" in ev
:
297 raise Exception("Unexpected connection")
298 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
299 if "connected,1" in res
:
300 raise Exception("Connection reported")
302 sigma_dut_wait_connected(ifname
)
303 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
305 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
306 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
308 stop_sigma_dut(sigma
)
310 def test_sigma_dut_sae(dev
, apdev
):
311 """sigma_dut controlled SAE association"""
312 if "SAE" not in dev
[0].get_capability("auth_alg"):
313 raise HwsimSkip("SAE not supported")
315 ifname
= dev
[0].ifname
316 sigma
= start_sigma_dut(ifname
)
320 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
321 params
['wpa_key_mgmt'] = 'SAE'
322 params
["ieee80211w"] = "2"
323 params
['sae_groups'] = '19 20 21'
324 hapd
= hostapd
.add_ap(apdev
[0], params
)
326 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
327 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
328 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
329 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
331 sigma_dut_wait_connected(ifname
)
332 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
333 if dev
[0].get_status_field('sae_group') != '19':
334 raise Exception("Expected default SAE group not used")
335 res
= sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname
)
336 logger
.info("Reported PMK: " + res
)
337 if ",PMK," not in res
:
338 raise Exception("PMK not reported");
339 if hapd
.request("GET_PMK " + dev
[0].own_addr()) != res
.split(',')[3]:
340 raise Exception("Mismatch in reported PMK")
341 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
343 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
345 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
346 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
347 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
349 sigma_dut_wait_connected(ifname
)
350 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
351 if dev
[0].get_status_field('sae_group') != '20':
352 raise Exception("Expected SAE group not used")
353 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
354 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
356 stop_sigma_dut(sigma
)
358 def test_sigma_dut_sae_groups(dev
, apdev
):
359 """sigma_dut controlled SAE association with group negotiation"""
360 if "SAE" not in dev
[0].get_capability("auth_alg"):
361 raise HwsimSkip("SAE not supported")
363 ifname
= dev
[0].ifname
364 sigma
= start_sigma_dut(ifname
)
368 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
369 params
['wpa_key_mgmt'] = 'SAE'
370 params
["ieee80211w"] = "2"
371 params
['sae_groups'] = '19'
372 hapd
= hostapd
.add_ap(apdev
[0], params
)
374 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
375 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
376 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname
, "test-sae", "12345678"))
377 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
379 sigma_dut_wait_connected(ifname
)
380 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
381 if dev
[0].get_status_field('sae_group') != '19':
382 raise Exception("Expected default SAE group not used")
383 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
385 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
387 stop_sigma_dut(sigma
)
389 def test_sigma_dut_sae_pmkid_include(dev
, apdev
):
390 """sigma_dut controlled SAE association with PMKID"""
391 if "SAE" not in dev
[0].get_capability("auth_alg"):
392 raise HwsimSkip("SAE not supported")
394 ifname
= dev
[0].ifname
395 sigma
= start_sigma_dut(ifname
)
399 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
400 params
['wpa_key_mgmt'] = 'SAE'
401 params
["ieee80211w"] = "2"
402 params
["sae_confirm_immediate"] = "1"
403 hapd
= hostapd
.add_ap(apdev
[0], params
)
405 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
406 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
407 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname
, "test-sae", "12345678"))
408 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
410 sigma_dut_wait_connected(ifname
)
411 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
413 stop_sigma_dut(sigma
)
415 def test_sigma_dut_sae_password(dev
, apdev
):
416 """sigma_dut controlled SAE association and long password"""
417 if "SAE" not in dev
[0].get_capability("auth_alg"):
418 raise HwsimSkip("SAE not supported")
420 ifname
= dev
[0].ifname
421 sigma
= start_sigma_dut(ifname
)
425 params
= hostapd
.wpa2_params(ssid
=ssid
)
426 params
['sae_password'] = 100*'B'
427 params
['wpa_key_mgmt'] = 'SAE'
428 params
["ieee80211w"] = "2"
429 hapd
= hostapd
.add_ap(apdev
[0], params
)
431 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
432 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
433 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
434 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
436 sigma_dut_wait_connected(ifname
)
437 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
438 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
439 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
441 stop_sigma_dut(sigma
)
443 def test_sigma_dut_sae_pw_id(dev
, apdev
):
444 """sigma_dut controlled SAE association with Password Identifier"""
445 if "SAE" not in dev
[0].get_capability("auth_alg"):
446 raise HwsimSkip("SAE not supported")
448 ifname
= dev
[0].ifname
449 sigma
= start_sigma_dut(ifname
)
453 params
= hostapd
.wpa2_params(ssid
=ssid
)
454 params
['wpa_key_mgmt'] = 'SAE'
455 params
["ieee80211w"] = "2"
456 params
['sae_password'] = 'secret|id=pw id'
457 params
['sae_groups'] = '19'
458 hapd
= hostapd
.add_ap(apdev
[0], params
)
460 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
461 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
462 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname
, "test-sae", "secret"))
463 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
465 sigma_dut_wait_connected(ifname
)
466 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
467 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
469 stop_sigma_dut(sigma
)
471 def test_sigma_dut_sae_pw_id_ft(dev
, apdev
):
472 """sigma_dut controlled SAE association with Password Identifier and FT"""
473 run_sigma_dut_sae_pw_id_ft(dev
, apdev
)
475 def test_sigma_dut_sae_pw_id_ft_over_ds(dev
, apdev
):
476 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
477 run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=True)
479 def run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=False):
480 if "SAE" not in dev
[0].get_capability("auth_alg"):
481 raise HwsimSkip("SAE not supported")
483 ifname
= dev
[0].ifname
484 sigma
= start_sigma_dut(ifname
)
488 params
= hostapd
.wpa2_params(ssid
=ssid
)
489 params
['wpa_key_mgmt'] = 'SAE FT-SAE'
490 params
["ieee80211w"] = "2"
491 params
['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
492 params
['mobility_domain'] = 'aabb'
493 params
['ft_over_ds'] = '1' if over_ds
else '0'
494 bssid
= apdev
[0]['bssid'].replace(':', '')
495 params
['nas_identifier'] = bssid
+ '.nas.example.com'
496 params
['r1_key_holder'] = bssid
497 params
['pmk_r1_push'] = '0'
498 params
['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
499 params
['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
500 hapd
= hostapd
.add_ap(apdev
[0], params
)
502 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
504 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname
)
505 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
506 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname
, "test-sae", "pw2"))
507 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
509 sigma_dut_wait_connected(ifname
)
511 bssid
= apdev
[1]['bssid'].replace(':', '')
512 params
['nas_identifier'] = bssid
+ '.nas.example.com'
513 params
['r1_key_holder'] = bssid
514 hapd2
= hostapd
.add_ap(apdev
[1], params
)
515 bssid
= hapd2
.own_addr()
516 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
517 dev
[0].wait_connected()
519 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
520 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
522 stop_sigma_dut(sigma
)
524 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
525 """sigma_dut and RSNE override on STA"""
527 run_sigma_dut_sta_override_rsne(dev
, apdev
)
529 dev
[0].set("ignore_old_scan_res", "0")
531 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
532 ifname
= dev
[0].ifname
533 sigma
= start_sigma_dut(ifname
)
537 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
538 hapd
= hostapd
.add_ap(apdev
[0], params
)
540 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
542 tests
= ["30120100000fac040100000fac040100000fac02",
543 "30140100000fac040100000fac040100000fac02ffff"]
545 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
546 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
547 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
549 sigma_dut_wait_connected(ifname
)
550 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
551 dev
[0].dump_monitor()
553 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
554 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
555 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
558 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
560 raise Exception("Association rejection not reported")
561 if "status_code=40" not in ev
:
562 raise Exception("Unexpected status code: " + ev
)
564 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
566 stop_sigma_dut(sigma
)
568 def test_sigma_dut_ap_psk(dev
, apdev
):
569 """sigma_dut controlled AP"""
570 with
HWSimRadio() as (radio
, iface
):
571 sigma
= start_sigma_dut(iface
)
573 sigma_dut_cmd_check("ap_reset_default")
574 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
575 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
576 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
578 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
580 sigma_dut_cmd_check("ap_reset_default")
582 stop_sigma_dut(sigma
)
584 def test_sigma_dut_ap_pskhex(dev
, apdev
, params
):
585 """sigma_dut controlled AP and PSKHEX"""
586 logdir
= os
.path
.join(params
['logdir'],
587 "sigma_dut_ap_pskhex.sigma-hostapd")
588 with
HWSimRadio() as (radio
, iface
):
589 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
591 psk
= "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
592 sigma_dut_cmd_check("ap_reset_default")
593 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
594 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk
)
595 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
597 dev
[0].connect("test-psk", raw_psk
=psk
, scan_freq
="2412")
599 sigma_dut_cmd_check("ap_reset_default")
601 stop_sigma_dut(sigma
)
603 def test_sigma_dut_ap_psk_sha256(dev
, apdev
, params
):
604 """sigma_dut controlled AP PSK SHA256"""
605 logdir
= os
.path
.join(params
['logdir'],
606 "sigma_dut_ap_psk_sha256.sigma-hostapd")
607 with
HWSimRadio() as (radio
, iface
):
608 sigma
= start_sigma_dut(iface
)
610 sigma_dut_cmd_check("ap_reset_default")
611 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
612 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
613 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
615 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
616 psk
="12345678", scan_freq
="2412")
618 sigma_dut_cmd_check("ap_reset_default")
620 stop_sigma_dut(sigma
)
622 def test_sigma_dut_ap_psk_deauth(dev
, apdev
, params
):
623 """sigma_dut controlled AP and deauth commands"""
624 logdir
= os
.path
.join(params
['logdir'],
625 "sigma_dut_ap_psk_deauth.sigma-hostapd")
626 with
HWSimRadio() as (radio
, iface
):
627 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
629 sigma_dut_cmd_check("ap_reset_default")
630 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
631 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
632 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
634 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
635 psk
="12345678", ieee80211w
="2", scan_freq
="2412")
636 addr
= dev
[0].own_addr()
637 dev
[0].dump_monitor()
639 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
)
640 ev
= dev
[0].wait_disconnected()
641 dev
[0].dump_monitor()
642 if "locally_generated=1" in ev
:
643 raise Exception("Unexpected disconnection reason")
644 dev
[0].wait_connected()
645 dev
[0].dump_monitor()
647 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
+ ",disconnect,silent")
648 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
649 if ev
and "locally_generated=1" not in ev
:
650 raise Exception("Unexpected disconnection")
652 sigma_dut_cmd_check("ap_reset_default")
654 stop_sigma_dut(sigma
)
656 def test_sigma_dut_eap_ttls(dev
, apdev
, params
):
657 """sigma_dut controlled STA and EAP-TTLS parameters"""
658 check_domain_match(dev
[0])
659 logdir
= params
['logdir']
661 with
open("auth_serv/ca.pem", "r") as f
:
662 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls.ca.pem"), "w") as f2
:
665 src
= "auth_serv/server.pem"
666 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.der")
667 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.pem.sha256")
668 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
670 stderr
=open('/dev/null', 'w'))
671 with
open(dst
, "rb") as f
:
673 hash = hashlib
.sha256(der
).digest()
674 with
open(hashdst
, "w") as f
:
675 f
.write(binascii
.hexlify(hash).decode())
677 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.incorrect.pem.sha256")
678 with
open(dst
, "w") as f
:
681 ssid
= "test-wpa2-eap"
682 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
683 hapd
= hostapd
.add_ap(apdev
[0], params
)
685 ifname
= dev
[0].ifname
686 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
688 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname
, ssid
)
692 ",Domain,server.w1.fi",
693 ",DomainSuffix,w1.fi",
694 ",DomainSuffix,server.w1.fi",
695 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
697 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
698 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
699 sigma_dut_cmd_check(cmd
+ extra
)
700 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
702 sigma_dut_wait_connected(ifname
)
703 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
704 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
705 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
706 dev
[0].dump_monitor()
708 tests
= [",Domain,w1.fi",
709 ",DomainSuffix,example.com",
710 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
712 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
713 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
714 sigma_dut_cmd_check(cmd
+ extra
)
715 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
717 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
719 raise Exception("Server certificate error not reported")
720 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
721 if "connected,1" in res
:
722 raise Exception("Unexpected connection reported")
723 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
724 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
725 dev
[0].dump_monitor()
727 stop_sigma_dut(sigma
)
729 def test_sigma_dut_suite_b(dev
, apdev
, params
):
730 """sigma_dut controlled STA Suite B"""
731 check_suite_b_192_capa(dev
)
732 logdir
= params
['logdir']
734 with
open("auth_serv/ec2-ca.pem", "r") as f
:
735 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
738 with
open("auth_serv/ec2-user.pem", "r") as f
:
739 with
open("auth_serv/ec2-user.key", "r") as f2
:
740 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
744 dev
[0].flush_scan_cache()
745 params
= suite_b_as_params()
746 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
747 params
['server_cert'] = 'auth_serv/ec2-server.pem'
748 params
['private_key'] = 'auth_serv/ec2-server.key'
749 params
['openssl_ciphers'] = 'SUITEB192'
750 hostapd
.add_ap(apdev
[1], params
)
752 params
= {"ssid": "test-suite-b",
754 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
755 "rsn_pairwise": "GCMP-256",
756 "group_mgmt_cipher": "BIP-GMAC-256",
759 'auth_server_addr': "127.0.0.1",
760 'auth_server_port': "18129",
761 'auth_server_shared_secret': "radius",
762 'nas_identifier': "nas.w1.fi"}
763 hapd
= hostapd
.add_ap(apdev
[0], params
)
765 ifname
= dev
[0].ifname
766 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
769 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
770 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
771 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
772 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
774 sigma_dut_wait_connected(ifname
)
775 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
776 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
777 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
779 stop_sigma_dut(sigma
)
781 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
782 """sigma_dut controlled STA Suite B (RSA)"""
783 check_suite_b_192_capa(dev
)
784 logdir
= params
['logdir']
786 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
787 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
790 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
791 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
792 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
796 dev
[0].flush_scan_cache()
797 params
= suite_b_192_rsa_ap_params()
798 hapd
= hostapd
.add_ap(apdev
[0], params
)
800 ifname
= dev
[0].ifname
801 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
803 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
807 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
808 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
810 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
811 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
812 sigma_dut_cmd_check(cmd
+ extra
)
813 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
815 sigma_dut_wait_connected(ifname
)
816 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
817 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
818 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
820 stop_sigma_dut(sigma
)
822 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
823 """sigma_dut controlled AP Suite B"""
824 check_suite_b_192_capa(dev
)
825 logdir
= os
.path
.join(params
['logdir'],
826 "sigma_dut_ap_suite_b.sigma-hostapd")
827 params
= suite_b_as_params()
828 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
829 params
['server_cert'] = 'auth_serv/ec2-server.pem'
830 params
['private_key'] = 'auth_serv/ec2-server.key'
831 params
['openssl_ciphers'] = 'SUITEB192'
832 hostapd
.add_ap(apdev
[1], params
)
833 with
HWSimRadio() as (radio
, iface
):
834 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
836 sigma_dut_cmd_check("ap_reset_default")
837 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
838 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
839 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
840 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
842 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
844 openssl_ciphers
="SUITEB192",
845 eap
="TLS", identity
="tls user",
846 ca_cert
="auth_serv/ec2-ca.pem",
847 client_cert
="auth_serv/ec2-user.pem",
848 private_key
="auth_serv/ec2-user.key",
849 pairwise
="GCMP-256", group
="GCMP-256",
852 sigma_dut_cmd_check("ap_reset_default")
854 stop_sigma_dut(sigma
)
856 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
857 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
858 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
861 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
862 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
863 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
866 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
867 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
868 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
871 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
872 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
873 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
876 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev
, apdev
, params
):
877 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
878 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
879 "BIP-GMAC-256", "CCMP")
881 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev
, apdev
, params
):
882 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
883 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
884 "BIP-GMAC-256", "GCMP-256", "CCMP")
886 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev
, apdev
, params
):
887 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
888 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
889 "GCMP-256", "CCMP", "AES-CCMP-128")
891 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
892 sta_cipher
, sta_cipher_group
=None, ap_group
=None):
893 check_suite_b_192_capa(dev
)
894 logdir
= os
.path
.join(params
['logdir'],
895 "sigma_dut_ap_cipher.sigma-hostapd")
896 params
= suite_b_as_params()
897 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
898 params
['server_cert'] = 'auth_serv/ec2-server.pem'
899 params
['private_key'] = 'auth_serv/ec2-server.key'
900 params
['openssl_ciphers'] = 'SUITEB192'
901 hostapd
.add_ap(apdev
[1], params
)
902 with
HWSimRadio() as (radio
, iface
):
903 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
905 sigma_dut_cmd_check("ap_reset_default")
906 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
907 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
908 cmd
= "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
)
910 cmd
+= ",GroupCipher,%s" % ap_group
911 sigma_dut_cmd_check(cmd
)
912 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
914 if sta_cipher_group
is None:
915 sta_cipher_group
= sta_cipher
916 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
918 openssl_ciphers
="SUITEB192",
919 eap
="TLS", identity
="tls user",
920 ca_cert
="auth_serv/ec2-ca.pem",
921 client_cert
="auth_serv/ec2-user.pem",
922 private_key
="auth_serv/ec2-user.key",
923 pairwise
=sta_cipher
, group
=sta_cipher_group
,
926 sigma_dut_cmd_check("ap_reset_default")
928 stop_sigma_dut(sigma
)
930 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
931 """sigma_dut controlled AP overriding RSNE"""
932 with
HWSimRadio() as (radio
, iface
):
933 sigma
= start_sigma_dut(iface
)
935 sigma_dut_cmd_check("ap_reset_default")
936 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
937 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
938 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
939 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
941 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
943 sigma_dut_cmd_check("ap_reset_default")
945 stop_sigma_dut(sigma
)
947 def test_sigma_dut_ap_sae(dev
, apdev
, params
):
948 """sigma_dut controlled AP with SAE"""
949 logdir
= os
.path
.join(params
['logdir'],
950 "sigma_dut_ap_sae.sigma-hostapd")
951 if "SAE" not in dev
[0].get_capability("auth_alg"):
952 raise HwsimSkip("SAE not supported")
953 with
HWSimRadio() as (radio
, iface
):
954 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
956 sigma_dut_cmd_check("ap_reset_default")
957 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
958 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
959 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
961 dev
[0].request("SET sae_groups ")
962 id = dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
963 ieee80211w
="2", scan_freq
="2412")
964 if dev
[0].get_status_field('sae_group') != '19':
965 raise Exception("Expected default SAE group not used")
967 res
= sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev
[0].own_addr())
968 logger
.info("Reported PMK: " + res
)
969 if ",PMK," not in res
:
970 raise Exception("PMK not reported");
971 if dev
[0].get_pmk(id) != res
.split(',')[3]:
972 raise Exception("Mismatch in reported PMK")
974 sigma_dut_cmd_check("ap_reset_default")
976 stop_sigma_dut(sigma
)
978 def test_sigma_dut_ap_sae_confirm_immediate(dev
, apdev
, params
):
979 """sigma_dut controlled AP with SAE Confirm immediate"""
980 logdir
= os
.path
.join(params
['logdir'],
981 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
982 if "SAE" not in dev
[0].get_capability("auth_alg"):
983 raise HwsimSkip("SAE not supported")
984 with
HWSimRadio() as (radio
, iface
):
985 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
987 sigma_dut_cmd_check("ap_reset_default")
988 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
989 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
990 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
992 dev
[0].request("SET sae_groups ")
993 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
994 ieee80211w
="2", scan_freq
="2412")
995 if dev
[0].get_status_field('sae_group') != '19':
996 raise Exception("Expected default SAE group not used")
998 sigma_dut_cmd_check("ap_reset_default")
1000 stop_sigma_dut(sigma
)
1002 def test_sigma_dut_ap_sae_password(dev
, apdev
, params
):
1003 """sigma_dut controlled AP with SAE and long password"""
1004 logdir
= os
.path
.join(params
['logdir'],
1005 "sigma_dut_ap_sae_password.sigma-hostapd")
1006 if "SAE" not in dev
[0].get_capability("auth_alg"):
1007 raise HwsimSkip("SAE not supported")
1008 with
HWSimRadio() as (radio
, iface
):
1009 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1011 sigma_dut_cmd_check("ap_reset_default")
1012 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1013 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1014 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1016 dev
[0].request("SET sae_groups ")
1017 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
1018 ieee80211w
="2", scan_freq
="2412")
1019 if dev
[0].get_status_field('sae_group') != '19':
1020 raise Exception("Expected default SAE group not used")
1022 sigma_dut_cmd_check("ap_reset_default")
1024 stop_sigma_dut(sigma
)
1026 def test_sigma_dut_ap_sae_pw_id(dev
, apdev
, params
):
1027 """sigma_dut controlled AP with SAE Password Identifier"""
1028 logdir
= os
.path
.join(params
['logdir'],
1029 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1030 conffile
= os
.path
.join(params
['logdir'],
1031 "sigma_dut_ap_sae_pw_id.sigma-conf")
1032 if "SAE" not in dev
[0].get_capability("auth_alg"):
1033 raise HwsimSkip("SAE not supported")
1034 with
HWSimRadio() as (radio
, iface
):
1035 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1037 sigma_dut_cmd_check("ap_reset_default")
1038 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1039 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1040 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1042 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1043 with
open(conffile
, "wb") as f2
:
1046 dev
[0].request("SET sae_groups ")
1047 tests
= [("pw1", "id1"),
1051 for pw
, pw_id
in tests
:
1052 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=pw
,
1053 sae_password_id
=pw_id
,
1054 ieee80211w
="2", scan_freq
="2412")
1055 dev
[0].request("REMOVE_NETWORK all")
1056 dev
[0].wait_disconnected()
1058 sigma_dut_cmd_check("ap_reset_default")
1060 stop_sigma_dut(sigma
)
1062 def test_sigma_dut_ap_sae_pw_id_ft(dev
, apdev
, params
):
1063 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1064 logdir
= os
.path
.join(params
['logdir'],
1065 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1066 conffile
= os
.path
.join(params
['logdir'],
1067 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1068 if "SAE" not in dev
[0].get_capability("auth_alg"):
1069 raise HwsimSkip("SAE not supported")
1070 with
HWSimRadio() as (radio
, iface
):
1071 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1073 sigma_dut_cmd_check("ap_reset_default")
1074 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1075 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1076 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1078 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1079 with
open(conffile
, "wb") as f2
:
1082 dev
[0].request("SET sae_groups ")
1083 tests
= [("pw1", "id1", "SAE"),
1084 ("pw2", "id2", "FT-SAE"),
1085 ("pw3", None, "FT-SAE"),
1086 ("pw4", "id4", "SAE")]
1087 for pw
, pw_id
, key_mgmt
in tests
:
1088 dev
[0].connect("test-sae", key_mgmt
=key_mgmt
, sae_password
=pw
,
1089 sae_password_id
=pw_id
,
1090 ieee80211w
="2", scan_freq
="2412")
1091 dev
[0].request("REMOVE_NETWORK all")
1092 dev
[0].wait_disconnected()
1094 sigma_dut_cmd_check("ap_reset_default")
1096 stop_sigma_dut(sigma
)
1098 def test_sigma_dut_ap_sae_group(dev
, apdev
, params
):
1099 """sigma_dut controlled AP with SAE and specific group"""
1100 logdir
= os
.path
.join(params
['logdir'],
1101 "sigma_dut_ap_sae_group.sigma-hostapd")
1102 if "SAE" not in dev
[0].get_capability("auth_alg"):
1103 raise HwsimSkip("SAE not supported")
1104 with
HWSimRadio() as (radio
, iface
):
1105 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1107 sigma_dut_cmd_check("ap_reset_default")
1108 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1109 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1110 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1112 dev
[0].request("SET sae_groups ")
1113 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1114 ieee80211w
="2", scan_freq
="2412")
1115 if dev
[0].get_status_field('sae_group') != '20':
1116 raise Exception("Expected SAE group not used")
1118 sigma_dut_cmd_check("ap_reset_default")
1120 stop_sigma_dut(sigma
)
1122 def test_sigma_dut_ap_psk_sae(dev
, apdev
, params
):
1123 """sigma_dut controlled AP with PSK+SAE"""
1124 if "SAE" not in dev
[0].get_capability("auth_alg"):
1125 raise HwsimSkip("SAE not supported")
1126 logdir
= os
.path
.join(params
['logdir'],
1127 "sigma_dut_ap_psk_sae.sigma-hostapd")
1128 with
HWSimRadio() as (radio
, iface
):
1129 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1131 sigma_dut_cmd_check("ap_reset_default")
1132 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1133 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1134 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1136 dev
[2].request("SET sae_groups ")
1137 dev
[2].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1138 scan_freq
="2412", ieee80211w
="0", wait_connect
=False)
1139 dev
[0].request("SET sae_groups ")
1140 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1141 scan_freq
="2412", ieee80211w
="2")
1142 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
1144 ev
= dev
[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1145 dev
[2].request("DISCONNECT")
1147 raise Exception("Unexpected connection without PMF")
1149 sigma_dut_cmd_check("ap_reset_default")
1151 stop_sigma_dut(sigma
)
1153 def test_sigma_dut_ap_psk_sae_ft(dev
, apdev
, params
):
1154 """sigma_dut controlled AP with PSK, SAE, FT"""
1155 logdir
= os
.path
.join(params
['logdir'],
1156 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1157 conffile
= os
.path
.join(params
['logdir'],
1158 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1159 if "SAE" not in dev
[0].get_capability("auth_alg"):
1160 raise HwsimSkip("SAE not supported")
1161 with
HWSimRadio() as (radio
, iface
):
1162 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1164 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1165 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1166 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1167 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1168 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev
[1]['bssid'])
1169 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1171 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1172 with
open(conffile
, "wb") as f2
:
1175 dev
[0].request("SET sae_groups ")
1176 dev
[0].connect("test-sae-psk", key_mgmt
="SAE FT-SAE",
1177 sae_password
="12345678", scan_freq
="2412")
1178 dev
[1].connect("test-sae-psk", key_mgmt
="WPA-PSK FT-PSK",
1179 psk
="12345678", scan_freq
="2412")
1180 dev
[2].connect("test-sae-psk", key_mgmt
="WPA-PSK",
1181 psk
="12345678", scan_freq
="2412")
1183 sigma_dut_cmd_check("ap_reset_default")
1185 stop_sigma_dut(sigma
)
1187 def test_sigma_dut_owe(dev
, apdev
):
1188 """sigma_dut controlled OWE station"""
1190 run_sigma_dut_owe(dev
, apdev
)
1192 dev
[0].set("ignore_old_scan_res", "0")
1194 def run_sigma_dut_owe(dev
, apdev
):
1195 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1196 raise HwsimSkip("OWE not supported")
1198 ifname
= dev
[0].ifname
1199 sigma
= start_sigma_dut(ifname
)
1202 params
= {"ssid": "owe",
1204 "wpa_key_mgmt": "OWE",
1206 "rsn_pairwise": "CCMP"}
1207 hapd
= hostapd
.add_ap(apdev
[0], params
)
1208 bssid
= hapd
.own_addr()
1210 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1211 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1212 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
1213 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1215 sigma_dut_wait_connected(ifname
)
1216 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1217 res
= sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname
)
1218 logger
.info("Reported PMK: " + res
)
1219 if ",PMK," not in res
:
1220 raise Exception("PMK not reported");
1221 if hapd
.request("GET_PMK " + dev
[0].own_addr()) != res
.split(',')[3]:
1222 raise Exception("Mismatch in reported PMK")
1224 dev
[0].dump_monitor()
1225 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
1226 dev
[0].wait_connected()
1227 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1228 dev
[0].wait_disconnected()
1229 dev
[0].dump_monitor()
1231 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1232 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1233 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1234 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1236 sigma_dut_wait_connected(ifname
)
1237 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1238 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1239 dev
[0].wait_disconnected()
1240 dev
[0].dump_monitor()
1242 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1243 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1244 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
1245 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1247 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1248 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1250 raise Exception("Association not rejected")
1251 if "status_code=77" not in ev
:
1252 raise Exception("Unexpected rejection reason: " + ev
)
1254 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1256 stop_sigma_dut(sigma
)
1258 def test_sigma_dut_ap_owe(dev
, apdev
, params
):
1259 """sigma_dut controlled AP with OWE"""
1260 logdir
= os
.path
.join(params
['logdir'],
1261 "sigma_dut_ap_owe.sigma-hostapd")
1262 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1263 raise HwsimSkip("OWE not supported")
1264 with
HWSimRadio() as (radio
, iface
):
1265 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1267 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1268 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1269 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1270 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1272 id = dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1275 res
= sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev
[0].own_addr())
1276 logger
.info("Reported PMK: " + res
)
1277 if ",PMK," not in res
:
1278 raise Exception("PMK not reported");
1279 if dev
[0].get_pmk(id) != res
.split(',')[3]:
1280 raise Exception("Mismatch in reported PMK")
1282 sigma_dut_cmd_check("ap_reset_default")
1284 stop_sigma_dut(sigma
)
1286 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
1287 """sigma_dut controlled AP with OWE and ECGroupID"""
1288 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1289 raise HwsimSkip("OWE not supported")
1290 with
HWSimRadio() as (radio
, iface
):
1291 sigma
= start_sigma_dut(iface
)
1293 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1294 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1295 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1296 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1298 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1299 owe_group
="20", scan_freq
="2412")
1300 dev
[0].request("REMOVE_NETWORK all")
1301 dev
[0].wait_disconnected()
1303 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1304 owe_group
="21", scan_freq
="2412")
1305 dev
[0].request("REMOVE_NETWORK all")
1306 dev
[0].wait_disconnected()
1308 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1309 owe_group
="19", scan_freq
="2412", wait_connect
=False)
1310 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1311 dev
[0].request("DISCONNECT")
1313 raise Exception("Association not rejected")
1314 if "status_code=77" not in ev
:
1315 raise Exception("Unexpected rejection reason: " + ev
)
1316 dev
[0].dump_monitor()
1318 sigma_dut_cmd_check("ap_reset_default")
1320 stop_sigma_dut(sigma
)
1322 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
1323 """sigma_dut controlled AP with OWE and transition mode"""
1324 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1325 raise HwsimSkip("OWE not supported")
1326 logdir
= os
.path
.join(params
['logdir'],
1327 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1328 with
HWSimRadio() as (radio
, iface
):
1329 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1331 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1332 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1333 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1334 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1335 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1336 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1338 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1339 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1341 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1343 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1344 if dev
[0].get_status_field('bssid') not in res1
:
1345 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
1346 if dev
[1].get_status_field('bssid') not in res2
:
1347 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
1349 sigma_dut_cmd_check("ap_reset_default")
1351 stop_sigma_dut(sigma
)
1353 def test_sigma_dut_ap_owe_transition_mode_2(dev
, apdev
, params
):
1354 """sigma_dut controlled AP with OWE and transition mode (2)"""
1355 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1356 raise HwsimSkip("OWE not supported")
1357 logdir
= os
.path
.join(params
['logdir'],
1358 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1359 with
HWSimRadio() as (radio
, iface
):
1360 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1362 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1363 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1364 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1365 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1366 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1367 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1369 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1370 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1372 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1374 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1375 if dev
[0].get_status_field('bssid') not in res2
:
1376 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1
)
1377 if dev
[1].get_status_field('bssid') not in res1
:
1378 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2
)
1380 sigma_dut_cmd_check("ap_reset_default")
1382 stop_sigma_dut(sigma
)
1384 def dpp_init_enrollee(dev
, id1
, enrollee_role
):
1385 logger
.info("Starting DPP initiator/enrollee in a thread")
1387 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1388 if enrollee_role
== "Configurator":
1389 cmd
+= " netrole=configurator"
1390 if "OK" not in dev
.request(cmd
):
1391 raise Exception("Failed to initiate DPP Authentication")
1392 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
1394 raise Exception("DPP configuration not completed (Enrollee)")
1395 logger
.info("DPP initiator/enrollee done")
1397 def test_sigma_dut_dpp_qr_resp_1(dev
, apdev
):
1398 """sigma_dut DPP/QR responder (conf index 1)"""
1399 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1)
1401 def test_sigma_dut_dpp_qr_resp_2(dev
, apdev
):
1402 """sigma_dut DPP/QR responder (conf index 2)"""
1403 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 2)
1405 def test_sigma_dut_dpp_qr_resp_3(dev
, apdev
):
1406 """sigma_dut DPP/QR responder (conf index 3)"""
1407 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3)
1409 def test_sigma_dut_dpp_qr_resp_4(dev
, apdev
):
1410 """sigma_dut DPP/QR responder (conf index 4)"""
1411 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 4)
1413 def test_sigma_dut_dpp_qr_resp_5(dev
, apdev
):
1414 """sigma_dut DPP/QR responder (conf index 5)"""
1415 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 5)
1417 def test_sigma_dut_dpp_qr_resp_6(dev
, apdev
):
1418 """sigma_dut DPP/QR responder (conf index 6)"""
1419 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 6)
1421 def test_sigma_dut_dpp_qr_resp_7(dev
, apdev
):
1422 """sigma_dut DPP/QR responder (conf index 7)"""
1423 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 7)
1425 def test_sigma_dut_dpp_qr_resp_8(dev
, apdev
):
1426 """sigma_dut DPP/QR responder (conf index 8)"""
1427 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 8)
1429 def test_sigma_dut_dpp_qr_resp_9(dev
, apdev
):
1430 """sigma_dut DPP/QR responder (conf index 9)"""
1431 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 9)
1433 def test_sigma_dut_dpp_qr_resp_10(dev
, apdev
):
1434 """sigma_dut DPP/QR responder (conf index 10)"""
1435 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 10)
1437 def test_sigma_dut_dpp_qr_resp_chan_list(dev
, apdev
):
1438 """sigma_dut DPP/QR responder (channel list override)"""
1439 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1, chan_list
='81/2 81/6 81/1',
1442 def test_sigma_dut_dpp_qr_resp_status_query(dev
, apdev
):
1443 """sigma_dut DPP/QR responder status query"""
1444 check_dpp_capab(dev
[1])
1445 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1446 passphrase
="ThisIsDppPassphrase")
1447 hapd
= hostapd
.add_ap(apdev
[0], params
)
1450 dev
[1].set("dpp_config_processing", "2")
1451 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3, status_query
=True)
1453 dev
[1].set("dpp_config_processing", "0", allow_fail
=True)
1455 def test_sigma_dut_dpp_qr_resp_configurator(dev
, apdev
):
1456 """sigma_dut DPP/QR responder (configurator provisioning)"""
1457 run_sigma_dut_dpp_qr_resp(dev
, apdev
, -1, enrollee_role
="Configurator")
1459 def run_sigma_dut_dpp_qr_resp(dev
, apdev
, conf_idx
, chan_list
=None,
1460 listen_chan
=None, status_query
=False,
1461 enrollee_role
="STA"):
1462 check_dpp_capab(dev
[0])
1463 check_dpp_capab(dev
[1])
1464 sigma
= start_sigma_dut(dev
[0].ifname
)
1466 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1468 cmd
+= ",DPPChannelList," + chan_list
1469 res
= sigma_dut_cmd(cmd
)
1470 if "status,COMPLETE" not in res
:
1471 raise Exception("dev_exec_action did not succeed: " + res
)
1472 hex = res
.split(',')[3]
1474 logger
.info("URI from sigma_dut: " + uri
)
1476 id1
= dev
[1].dpp_qr_code(uri
)
1478 t
= threading
.Thread(target
=dpp_init_enrollee
, args
=(dev
[1], id1
,
1481 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
1482 if conf_idx
is not None:
1483 cmd
+= ",DPPConfIndex,%d" % conf_idx
1485 cmd
+= ",DPPListenChannel," + str(listen_chan
)
1487 cmd
+= ",DPPStatusQuery,Yes"
1488 res
= sigma_dut_cmd(cmd
, timeout
=10)
1490 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1491 raise Exception("Unexpected result: " + res
)
1492 if status_query
and "StatusResult,0" not in res
:
1493 raise Exception("Status query did not succeed: " + res
)
1495 stop_sigma_dut(sigma
)
1497 def test_sigma_dut_dpp_qr_init_enrollee(dev
, apdev
):
1498 """sigma_dut DPP/QR initiator as Enrollee"""
1499 check_dpp_capab(dev
[0])
1500 check_dpp_capab(dev
[1])
1502 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1503 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1504 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1505 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1507 params
= {"ssid": "DPPNET01",
1510 "wpa_key_mgmt": "DPP",
1511 "rsn_pairwise": "CCMP",
1512 "dpp_connector": ap_connector
,
1513 "dpp_csign": csign_pub
,
1514 "dpp_netaccesskey": ap_netaccesskey
}
1516 hapd
= hostapd
.add_ap(apdev
[0], params
)
1518 raise HwsimSkip("DPP not supported")
1520 sigma
= start_sigma_dut(dev
[0].ifname
)
1522 dev
[0].set("dpp_config_processing", "2")
1524 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1525 res
= dev
[1].request(cmd
)
1527 raise Exception("Failed to add configurator")
1530 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1531 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1533 dev
[1].set("dpp_configurator_params",
1534 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1535 cmd
= "DPP_LISTEN 2437 role=configurator"
1536 if "OK" not in dev
[1].request(cmd
):
1537 raise Exception("Failed to start listen operation")
1539 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1540 if "status,COMPLETE" not in res
:
1541 raise Exception("dev_exec_action did not succeed: " + res
)
1543 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1544 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1545 raise Exception("Unexpected result: " + res
)
1547 dev
[0].set("dpp_config_processing", "0")
1548 stop_sigma_dut(sigma
)
1550 def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev
, apdev
):
1551 """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
1552 check_dpp_capab(dev
[0])
1553 check_dpp_capab(dev
[1])
1555 sigma
= start_sigma_dut(dev
[0].ifname
)
1557 cmd
= "DPP_CONFIGURATOR_ADD"
1558 res
= dev
[1].request(cmd
)
1560 raise Exception("Failed to add configurator")
1563 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1564 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1566 dev
[1].set("dpp_configurator_params",
1567 " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1568 cmd
= "DPP_LISTEN 2437 role=configurator"
1569 if "OK" not in dev
[1].request(cmd
):
1570 raise Exception("Failed to start listen operation")
1572 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1573 if "status,COMPLETE" not in res
:
1574 raise Exception("dev_exec_action did not succeed: " + res
)
1576 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout
=10)
1577 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1578 raise Exception("Unexpected result: " + res
)
1580 dev
[0].set("dpp_config_processing", "0")
1581 stop_sigma_dut(sigma
)
1583 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1584 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1585 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
)
1587 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
):
1588 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1589 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
,
1590 extra
="DPPAuthDirection,Mutual,")
1592 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
, extra
=''):
1593 check_dpp_capab(dev
[0])
1594 check_dpp_capab(dev
[1])
1596 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1597 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1598 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1599 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1601 params
= {"ssid": "DPPNET01",
1604 "wpa_key_mgmt": "DPP",
1605 "rsn_pairwise": "CCMP",
1606 "dpp_connector": ap_connector
,
1607 "dpp_csign": csign_pub
,
1608 "dpp_netaccesskey": ap_netaccesskey
}
1610 hapd
= hostapd
.add_ap(apdev
[0], params
)
1612 raise HwsimSkip("DPP not supported")
1614 sigma
= start_sigma_dut(dev
[0].ifname
)
1616 dev
[0].set("dpp_config_processing", "2")
1618 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1619 res
= dev
[1].request(cmd
)
1621 raise Exception("Failed to add configurator")
1624 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1625 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1627 dev
[1].set("dpp_configurator_params",
1628 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1629 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1630 if "OK" not in dev
[1].request(cmd
):
1631 raise Exception("Failed to start listen operation")
1633 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1634 if "status,COMPLETE" not in res
:
1635 raise Exception("dev_exec_action did not succeed: " + res
)
1636 hex = res
.split(',')[3]
1638 logger
.info("URI from sigma_dut: " + uri
)
1640 id1
= dev
[1].dpp_qr_code(uri
)
1642 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1643 if "status,COMPLETE" not in res
:
1644 raise Exception("dev_exec_action did not succeed: " + res
)
1646 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
, timeout
=10)
1647 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1648 raise Exception("Unexpected result: " + res
)
1650 dev
[0].set("dpp_config_processing", "0")
1651 stop_sigma_dut(sigma
)
1653 def dpp_init_conf_mutual(dev
, id1
, conf_id
, own_id
=None):
1655 logger
.info("Starting DPP initiator/configurator in a thread")
1656 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1
, to_hex("DPPNET01"), conf_id
)
1657 if own_id
is not None:
1658 cmd
+= " own=%d" % own_id
1659 if "OK" not in dev
.request(cmd
):
1660 raise Exception("Failed to initiate DPP Authentication")
1661 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1663 raise Exception("DPP configuration not completed (Configurator)")
1664 logger
.info("DPP initiator/configurator done")
1666 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
):
1667 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1668 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
)
1670 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev
, apdev
):
1671 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1672 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, ',DPPDelayQRResponse,1')
1674 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, extra
=None):
1675 check_dpp_capab(dev
[0])
1676 check_dpp_capab(dev
[1])
1678 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1679 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1680 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1681 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1683 params
= {"ssid": "DPPNET01",
1686 "wpa_key_mgmt": "DPP",
1687 "rsn_pairwise": "CCMP",
1688 "dpp_connector": ap_connector
,
1689 "dpp_csign": csign_pub
,
1690 "dpp_netaccesskey": ap_netaccesskey
}
1692 hapd
= hostapd
.add_ap(apdev
[0], params
)
1694 raise HwsimSkip("DPP not supported")
1696 sigma
= start_sigma_dut(dev
[0].ifname
)
1698 dev
[0].set("dpp_config_processing", "2")
1700 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1701 res
= dev
[1].request(cmd
)
1703 raise Exception("Failed to add configurator")
1706 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1707 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1709 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1710 if "status,COMPLETE" not in res
:
1711 raise Exception("dev_exec_action did not succeed: " + res
)
1712 hex = res
.split(',')[3]
1714 logger
.info("URI from sigma_dut: " + uri
)
1716 id1
= dev
[1].dpp_qr_code(uri
)
1718 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1719 if "status,COMPLETE" not in res
:
1720 raise Exception("dev_exec_action did not succeed: " + res
)
1722 t
= threading
.Thread(target
=dpp_init_conf_mutual
,
1723 args
=(dev
[1], id1
, conf_id
, id0
))
1726 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1729 res
= sigma_dut_cmd(cmd
, timeout
=25)
1731 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1732 raise Exception("Unexpected result: " + res
)
1734 dev
[0].set("dpp_config_processing", "0")
1735 stop_sigma_dut(sigma
)
1737 def dpp_resp_conf_mutual(dev
, conf_id
, uri
):
1738 logger
.info("Starting DPP responder/configurator in a thread")
1739 dev
.set("dpp_configurator_params",
1740 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1742 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1743 if "OK" not in dev
.request(cmd
):
1744 raise Exception("Failed to initiate DPP listen")
1746 ev
= dev
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=10)
1748 raise Exception("QR Code scan for mutual authentication not requested")
1749 dev
.dpp_qr_code(uri
)
1750 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1752 raise Exception("DPP configuration not completed (Configurator)")
1753 logger
.info("DPP responder/configurator done")
1755 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1756 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1757 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, False)
1759 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev
, apdev
):
1760 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1761 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, True)
1763 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, resp_pending
):
1764 check_dpp_capab(dev
[0])
1765 check_dpp_capab(dev
[1])
1767 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1768 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1769 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1770 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1772 params
= {"ssid": "DPPNET01",
1775 "wpa_key_mgmt": "DPP",
1776 "rsn_pairwise": "CCMP",
1777 "dpp_connector": ap_connector
,
1778 "dpp_csign": csign_pub
,
1779 "dpp_netaccesskey": ap_netaccesskey
}
1781 hapd
= hostapd
.add_ap(apdev
[0], params
)
1783 raise HwsimSkip("DPP not supported")
1785 sigma
= start_sigma_dut(dev
[0].ifname
)
1787 dev
[0].set("dpp_config_processing", "2")
1789 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1790 res
= dev
[1].request(cmd
)
1792 raise Exception("Failed to add configurator")
1795 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1796 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1798 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1799 if "status,COMPLETE" not in res
:
1800 raise Exception("dev_exec_action did not succeed: " + res
)
1801 hex = res
.split(',')[3]
1803 logger
.info("URI from sigma_dut: " + uri
)
1805 if not resp_pending
:
1806 dev
[1].dpp_qr_code(uri
)
1809 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1810 if "status,COMPLETE" not in res
:
1811 raise Exception("dev_exec_action did not succeed: " + res
)
1813 t
= threading
.Thread(target
=dpp_resp_conf_mutual
,
1814 args
=(dev
[1], conf_id
, uri
))
1818 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1819 res
= sigma_dut_cmd(cmd
, timeout
=15)
1821 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1822 raise Exception("Unexpected result: " + res
)
1824 dev
[0].set("dpp_config_processing", "0")
1825 stop_sigma_dut(sigma
)
1827 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev
, apdev
):
1828 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1829 check_dpp_capab(dev
[0])
1830 check_dpp_capab(dev
[1])
1832 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1833 passphrase
="ThisIsDppPassphrase")
1834 hapd
= hostapd
.add_ap(apdev
[0], params
)
1836 sigma
= start_sigma_dut(dev
[0].ifname
)
1838 dev
[0].set("dpp_config_processing", "2")
1840 cmd
= "DPP_CONFIGURATOR_ADD"
1841 res
= dev
[1].request(cmd
)
1843 raise Exception("Failed to add configurator")
1846 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1847 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1849 dev
[1].set("dpp_configurator_params",
1850 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1851 cmd
= "DPP_LISTEN 2437 role=configurator"
1852 if "OK" not in dev
[1].request(cmd
):
1853 raise Exception("Failed to start listen operation")
1855 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1856 if "status,COMPLETE" not in res
:
1857 raise Exception("dev_exec_action did not succeed: " + res
)
1859 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1860 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1861 raise Exception("Unexpected result: " + res
)
1863 dev
[0].set("dpp_config_processing", "0")
1864 stop_sigma_dut(sigma
)
1866 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev
, apdev
):
1867 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1868 check_dpp_capab(dev
[0])
1869 check_dpp_capab(dev
[1])
1870 if "SAE" not in dev
[0].get_capability("auth_alg"):
1871 raise HwsimSkip("SAE not supported")
1873 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1874 passphrase
="ThisIsDppPassphrase")
1875 params
['wpa_key_mgmt'] = 'SAE'
1876 params
["ieee80211w"] = "2"
1877 hapd
= hostapd
.add_ap(apdev
[0], params
)
1879 sigma
= start_sigma_dut(dev
[0].ifname
)
1881 dev
[0].set("dpp_config_processing", "2")
1882 dev
[0].set("sae_groups", "")
1884 cmd
= "DPP_CONFIGURATOR_ADD"
1885 res
= dev
[1].request(cmd
)
1887 raise Exception("Failed to add configurator")
1890 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1891 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1893 dev
[1].set("dpp_configurator_params",
1894 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1895 cmd
= "DPP_LISTEN 2437 role=configurator"
1896 if "OK" not in dev
[1].request(cmd
):
1897 raise Exception("Failed to start listen operation")
1899 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1900 if "status,COMPLETE" not in res
:
1901 raise Exception("dev_exec_action did not succeed: " + res
)
1903 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1904 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1905 raise Exception("Unexpected result: " + res
)
1907 dev
[0].set("dpp_config_processing", "0")
1908 stop_sigma_dut(sigma
)
1910 def test_sigma_dut_dpp_qr_init_configurator_1(dev
, apdev
):
1911 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1912 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1)
1914 def test_sigma_dut_dpp_qr_init_configurator_2(dev
, apdev
):
1915 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1916 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 2)
1918 def test_sigma_dut_dpp_qr_init_configurator_3(dev
, apdev
):
1919 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1920 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 3)
1922 def test_sigma_dut_dpp_qr_init_configurator_4(dev
, apdev
):
1923 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1924 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 4)
1926 def test_sigma_dut_dpp_qr_init_configurator_5(dev
, apdev
):
1927 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1928 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 5)
1930 def test_sigma_dut_dpp_qr_init_configurator_6(dev
, apdev
):
1931 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1932 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 6)
1934 def test_sigma_dut_dpp_qr_init_configurator_7(dev
, apdev
):
1935 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1936 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 7)
1938 def test_sigma_dut_dpp_qr_init_configurator_both(dev
, apdev
):
1939 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1940 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, "Both")
1942 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev
, apdev
):
1943 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1944 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, extra
='DPPSubsequentChannel,81/11')
1946 def run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, conf_idx
,
1947 prov_role
="Configurator",
1949 check_dpp_capab(dev
[0])
1950 check_dpp_capab(dev
[1])
1951 sigma
= start_sigma_dut(dev
[0].ifname
)
1953 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1954 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1956 cmd
= "DPP_LISTEN 2437 role=enrollee"
1957 if "OK" not in dev
[1].request(cmd
):
1958 raise Exception("Failed to start listen operation")
1960 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1961 if "status,COMPLETE" not in res
:
1962 raise Exception("dev_exec_action did not succeed: " + res
)
1964 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role
, conf_idx
)
1967 res
= sigma_dut_cmd(cmd
)
1968 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1969 raise Exception("Unexpected result: " + res
)
1971 stop_sigma_dut(sigma
)
1973 def test_sigma_dut_dpp_incompatible_roles_init(dev
, apdev
):
1974 """sigma_dut DPP roles incompatible (Initiator)"""
1975 check_dpp_capab(dev
[0])
1976 check_dpp_capab(dev
[1])
1977 sigma
= start_sigma_dut(dev
[0].ifname
)
1979 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1980 if "status,COMPLETE" not in res
:
1981 raise Exception("dev_exec_action did not succeed: " + res
)
1982 hex = res
.split(',')[3]
1984 logger
.info("URI from sigma_dut: " + uri
)
1986 id1
= dev
[1].dpp_qr_code(uri
)
1988 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1989 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1991 cmd
= "DPP_LISTEN 2437 role=enrollee"
1992 if "OK" not in dev
[1].request(cmd
):
1993 raise Exception("Failed to start listen operation")
1995 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1996 if "status,COMPLETE" not in res
:
1997 raise Exception("dev_exec_action did not succeed: " + res
)
1999 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2000 res
= sigma_dut_cmd(cmd
)
2001 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
2002 raise Exception("Unexpected result: " + res
)
2004 stop_sigma_dut(sigma
)
2006 def dpp_init_enrollee_mutual(dev
, id1
, own_id
):
2007 logger
.info("Starting DPP initiator/enrollee in a thread")
2009 cmd
= "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1
, own_id
)
2010 if "OK" not in dev
.request(cmd
):
2011 raise Exception("Failed to initiate DPP Authentication")
2012 ev
= dev
.wait_event(["DPP-CONF-RECEIVED",
2013 "DPP-NOT-COMPATIBLE"], timeout
=5)
2015 raise Exception("DPP configuration not completed (Enrollee)")
2016 logger
.info("DPP initiator/enrollee done")
2018 def test_sigma_dut_dpp_incompatible_roles_resp(dev
, apdev
):
2019 """sigma_dut DPP roles incompatible (Responder)"""
2020 check_dpp_capab(dev
[0])
2021 check_dpp_capab(dev
[1])
2022 sigma
= start_sigma_dut(dev
[0].ifname
)
2024 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2025 res
= sigma_dut_cmd(cmd
)
2026 if "status,COMPLETE" not in res
:
2027 raise Exception("dev_exec_action did not succeed: " + res
)
2028 hex = res
.split(',')[3]
2030 logger
.info("URI from sigma_dut: " + uri
)
2032 id1
= dev
[1].dpp_qr_code(uri
)
2034 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2035 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2037 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2038 if "status,COMPLETE" not in res
:
2039 raise Exception("dev_exec_action did not succeed: " + res
)
2041 t
= threading
.Thread(target
=dpp_init_enrollee_mutual
, args
=(dev
[1], id1
, id0
))
2043 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2044 res
= sigma_dut_cmd(cmd
, timeout
=10)
2046 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
2047 raise Exception("Unexpected result: " + res
)
2049 stop_sigma_dut(sigma
)
2051 def test_sigma_dut_dpp_pkex_init_configurator(dev
, apdev
):
2052 """sigma_dut DPP/PKEX initiator as Configurator"""
2053 check_dpp_capab(dev
[0])
2054 check_dpp_capab(dev
[1])
2055 sigma
= start_sigma_dut(dev
[0].ifname
)
2057 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2058 cmd
= "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1
)
2059 res
= dev
[1].request(cmd
)
2061 raise Exception("Failed to set PKEX data (responder)")
2062 cmd
= "DPP_LISTEN 2437 role=enrollee"
2063 if "OK" not in dev
[1].request(cmd
):
2064 raise Exception("Failed to start listen operation")
2066 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
2067 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2068 raise Exception("Unexpected result: " + res
)
2070 stop_sigma_dut(sigma
)
2072 def dpp_init_conf(dev
, id1
, conf
, conf_id
, extra
):
2073 logger
.info("Starting DPP initiator/configurator in a thread")
2074 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1
, conf
, extra
, conf_id
)
2075 if "OK" not in dev
.request(cmd
):
2076 raise Exception("Failed to initiate DPP Authentication")
2077 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2079 raise Exception("DPP configuration not completed (Configurator)")
2080 logger
.info("DPP initiator/configurator done")
2082 def test_sigma_dut_ap_dpp_qr(dev
, apdev
, params
):
2083 """sigma_dut controlled AP (DPP)"""
2084 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-dpp", "sta-dpp")
2086 def test_sigma_dut_ap_dpp_qr_legacy(dev
, apdev
, params
):
2087 """sigma_dut controlled AP (legacy)"""
2088 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2089 extra
="pass=%s" % to_hex("qwertyuiop"))
2091 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev
, apdev
, params
):
2092 """sigma_dut controlled AP (legacy)"""
2093 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2094 extra
="psk=%s" % (32*"12"))
2096 def run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, ap_conf
, sta_conf
, extra
=""):
2097 check_dpp_capab(dev
[0])
2098 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2099 with
HWSimRadio() as (radio
, iface
):
2100 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2102 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2103 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2104 if "status,COMPLETE" not in res
:
2105 raise Exception("dev_exec_action did not succeed: " + res
)
2106 hex = res
.split(',')[3]
2108 logger
.info("URI from sigma_dut: " + uri
)
2110 cmd
= "DPP_CONFIGURATOR_ADD"
2111 res
= dev
[0].request(cmd
)
2113 raise Exception("Failed to add configurator")
2116 id1
= dev
[0].dpp_qr_code(uri
)
2118 t
= threading
.Thread(target
=dpp_init_conf
,
2119 args
=(dev
[0], id1
, ap_conf
, conf_id
, extra
))
2121 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2123 if "ConfResult,OK" not in res
:
2124 raise Exception("Unexpected result: " + res
)
2126 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2127 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
2129 id0b
= dev
[0].dpp_qr_code(uri1
)
2131 dev
[1].set("dpp_config_processing", "2")
2132 cmd
= "DPP_LISTEN 2412"
2133 if "OK" not in dev
[1].request(cmd
):
2134 raise Exception("Failed to start listen operation")
2135 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b
, sta_conf
, extra
, conf_id
)
2136 if "OK" not in dev
[0].request(cmd
):
2137 raise Exception("Failed to initiate DPP Authentication")
2138 dev
[1].wait_connected()
2140 sigma_dut_cmd_check("ap_reset_default")
2142 dev
[1].set("dpp_config_processing", "0")
2143 stop_sigma_dut(sigma
)
2145 def test_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
, params
):
2146 """sigma_dut controlled AP as DPP PKEX responder"""
2147 check_dpp_capab(dev
[0])
2148 logdir
= os
.path
.join(params
['logdir'],
2149 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2150 with
HWSimRadio() as (radio
, iface
):
2151 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2153 run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
)
2155 stop_sigma_dut(sigma
)
2157 def dpp_init_conf_pkex(dev
, conf_id
, check_config
=True):
2158 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2160 id = dev
.dpp_bootstrap_gen(type="pkex")
2161 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id
)
2162 res
= dev
.request(cmd
)
2164 raise Exception("Failed to initiate DPP PKEX")
2165 if not check_config
:
2167 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2169 raise Exception("DPP configuration not completed (Configurator)")
2170 logger
.info("DPP initiator/configurator done")
2172 def run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
):
2173 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2175 cmd
= "DPP_CONFIGURATOR_ADD"
2176 res
= dev
[0].request(cmd
)
2178 raise Exception("Failed to add configurator")
2181 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[0], conf_id
))
2183 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout
=10)
2185 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2186 raise Exception("Unexpected result: " + res
)
2188 sigma_dut_cmd_check("ap_reset_default")
2190 def test_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2191 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2192 check_dpp_capab(dev
[0])
2193 sigma
= start_sigma_dut(dev
[0].ifname
)
2195 run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
)
2197 stop_sigma_dut(sigma
)
2199 def run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2200 cmd
= "DPP_CONFIGURATOR_ADD"
2201 res
= dev
[1].request(cmd
)
2203 raise Exception("Failed to add configurator")
2206 dev
[1].set("dpp_test", "44")
2208 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[1], conf_id
,
2211 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout
=10)
2213 if "BootstrapResult,Timeout" not in res
:
2214 raise Exception("Unexpected result: " + res
)
2216 def dpp_proto_init(dev
, id1
):
2218 logger
.info("Starting DPP initiator/configurator in a thread")
2219 cmd
= "DPP_CONFIGURATOR_ADD"
2220 res
= dev
.request(cmd
)
2222 raise Exception("Failed to add configurator")
2225 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1
, conf_id
)
2226 if "OK" not in dev
.request(cmd
):
2227 raise Exception("Failed to initiate DPP Authentication")
2229 def test_sigma_dut_dpp_proto_initiator(dev
, apdev
):
2230 """sigma_dut DPP protocol testing - Initiator"""
2231 check_dpp_capab(dev
[0])
2232 check_dpp_capab(dev
[1])
2233 tests
= [("InvalidValue", "AuthenticationRequest", "WrappedData",
2234 "BootstrapResult,OK,AuthResult,Errorsent",
2236 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2237 "BootstrapResult,OK,AuthResult,Errorsent",
2239 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2240 "BootstrapResult,OK,AuthResult,Errorsent",
2241 "Missing or invalid I-capabilities"),
2242 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2243 "BootstrapResult,OK,AuthResult,Errorsent",
2244 "Mismatching Initiator Authenticating Tag"),
2245 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2246 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2247 "Missing or invalid Enrollee Nonce attribute")]
2248 for step
, frame
, attr
, result
, fail
in tests
:
2249 dev
[0].request("FLUSH")
2250 dev
[1].request("FLUSH")
2251 sigma
= start_sigma_dut(dev
[0].ifname
)
2253 run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
,
2256 stop_sigma_dut(sigma
)
2258 def run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
, fail
):
2259 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2260 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2262 cmd
= "DPP_LISTEN 2437 role=enrollee"
2263 if "OK" not in dev
[1].request(cmd
):
2264 raise Exception("Failed to start listen operation")
2266 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2267 if "status,COMPLETE" not in res
:
2268 raise Exception("dev_exec_action did not succeed: " + res
)
2270 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
),
2272 if result
not in res
:
2273 raise Exception("Unexpected result: " + res
)
2275 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2276 if ev
is None or fail
not in ev
:
2277 raise Exception("Failure not reported correctly: " + str(ev
))
2279 dev
[1].request("DPP_STOP_LISTEN")
2280 dev
[0].dump_monitor()
2281 dev
[1].dump_monitor()
2283 def test_sigma_dut_dpp_proto_responder(dev
, apdev
):
2284 """sigma_dut DPP protocol testing - Responder"""
2285 check_dpp_capab(dev
[0])
2286 check_dpp_capab(dev
[1])
2287 tests
= [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2288 "BootstrapResult,OK,AuthResult,Errorsent",
2289 "Missing or invalid required DPP Status attribute"),
2290 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2291 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2292 "Missing or invalid Enrollee Nonce attribute")]
2293 for step
, frame
, attr
, result
, fail
in tests
:
2294 dev
[0].request("FLUSH")
2295 dev
[1].request("FLUSH")
2296 sigma
= start_sigma_dut(dev
[0].ifname
)
2298 run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
,
2301 stop_sigma_dut(sigma
)
2303 def run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
, fail
):
2304 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2305 if "status,COMPLETE" not in res
:
2306 raise Exception("dev_exec_action did not succeed: " + res
)
2307 hex = res
.split(',')[3]
2309 logger
.info("URI from sigma_dut: " + uri
)
2311 id1
= dev
[1].dpp_qr_code(uri
)
2313 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2315 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2317 if result
not in res
:
2318 raise Exception("Unexpected result: " + res
)
2320 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2321 if ev
is None or fail
not in ev
:
2322 raise Exception("Failure not reported correctly:" + str(ev
))
2324 dev
[1].request("DPP_STOP_LISTEN")
2325 dev
[0].dump_monitor()
2326 dev
[1].dump_monitor()
2328 def test_sigma_dut_dpp_proto_stop_at_initiator(dev
, apdev
):
2329 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2330 check_dpp_capab(dev
[0])
2331 check_dpp_capab(dev
[1])
2332 tests
= [("AuthenticationResponse",
2333 "BootstrapResult,OK,AuthResult,Errorsent",
2335 ("ConfigurationRequest",
2336 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2338 for frame
, result
, fail
in tests
:
2339 dev
[0].request("FLUSH")
2340 dev
[1].request("FLUSH")
2341 sigma
= start_sigma_dut(dev
[0].ifname
)
2343 run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
)
2345 stop_sigma_dut(sigma
)
2347 def run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
):
2348 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2349 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2351 cmd
= "DPP_LISTEN 2437 role=enrollee"
2352 if "OK" not in dev
[1].request(cmd
):
2353 raise Exception("Failed to start listen operation")
2355 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2356 if "status,COMPLETE" not in res
:
2357 raise Exception("dev_exec_action did not succeed: " + res
)
2359 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
))
2360 if result
not in res
:
2361 raise Exception("Unexpected result: " + res
)
2363 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2364 if ev
is None or fail
not in ev
:
2365 raise Exception("Failure not reported correctly: " + str(ev
))
2367 dev
[1].request("DPP_STOP_LISTEN")
2368 dev
[0].dump_monitor()
2369 dev
[1].dump_monitor()
2371 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, apdev
):
2372 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2373 check_dpp_capab(dev
[0])
2374 check_dpp_capab(dev
[1])
2375 tests
= [("AuthenticationConfirm",
2376 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2378 for frame
, result
, fail
in tests
:
2379 dev
[0].request("FLUSH")
2380 dev
[1].request("FLUSH")
2381 sigma
= start_sigma_dut(dev
[0].ifname
)
2383 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
,
2386 stop_sigma_dut(sigma
)
2388 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
, result
,
2390 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2391 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2393 cmd
= "DPP_LISTEN 2437 role=configurator"
2394 if "OK" not in dev
[1].request(cmd
):
2395 raise Exception("Failed to start listen operation")
2397 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2398 if "status,COMPLETE" not in res
:
2399 raise Exception("dev_exec_action did not succeed: " + res
)
2401 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2402 if result
not in res
:
2403 raise Exception("Unexpected result: " + res
)
2405 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2406 if ev
is None or fail
not in ev
:
2407 raise Exception("Failure not reported correctly: " + str(ev
))
2409 dev
[1].request("DPP_STOP_LISTEN")
2410 dev
[0].dump_monitor()
2411 dev
[1].dump_monitor()
2413 def test_sigma_dut_dpp_proto_stop_at_responder(dev
, apdev
):
2414 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2415 check_dpp_capab(dev
[0])
2416 check_dpp_capab(dev
[1])
2417 tests
= [("AuthenticationRequest",
2418 "BootstrapResult,OK,AuthResult,Errorsent",
2420 ("AuthenticationConfirm",
2421 "BootstrapResult,OK,AuthResult,Errorsent",
2423 for frame
, result
, fail
in tests
:
2424 dev
[0].request("FLUSH")
2425 dev
[1].request("FLUSH")
2426 sigma
= start_sigma_dut(dev
[0].ifname
)
2428 run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
)
2430 stop_sigma_dut(sigma
)
2432 def run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
):
2433 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2434 if "status,COMPLETE" not in res
:
2435 raise Exception("dev_exec_action did not succeed: " + res
)
2436 hex = res
.split(',')[3]
2438 logger
.info("URI from sigma_dut: " + uri
)
2440 id1
= dev
[1].dpp_qr_code(uri
)
2442 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2444 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2446 if result
not in res
:
2447 raise Exception("Unexpected result: " + res
)
2449 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2450 if ev
is None or fail
not in ev
:
2451 raise Exception("Failure not reported correctly:" + str(ev
))
2453 dev
[1].request("DPP_STOP_LISTEN")
2454 dev
[0].dump_monitor()
2455 dev
[1].dump_monitor()
2457 def dpp_proto_init_pkex(dev
):
2459 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2460 cmd
= "DPP_CONFIGURATOR_ADD"
2461 res
= dev
.request(cmd
)
2463 raise Exception("Failed to add configurator")
2466 id = dev
.dpp_bootstrap_gen(type="pkex")
2468 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id
)
2469 if "FAIL" in dev
.request(cmd
):
2470 raise Exception("Failed to initiate DPP PKEX")
2472 def test_sigma_dut_dpp_proto_initiator_pkex(dev
, apdev
):
2473 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2474 check_dpp_capab(dev
[0])
2475 check_dpp_capab(dev
[1])
2476 tests
= [("InvalidValue", "PKEXCRRequest", "WrappedData",
2477 "BootstrapResult,Errorsent",
2479 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2480 "BootstrapResult,Errorsent",
2481 "Missing or invalid Finite Cyclic Group attribute"),
2482 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2483 "BootstrapResult,Errorsent",
2484 "No valid peer bootstrapping key found")]
2485 for step
, frame
, attr
, result
, fail
in tests
:
2486 dev
[0].request("FLUSH")
2487 dev
[1].request("FLUSH")
2488 sigma
= start_sigma_dut(dev
[0].ifname
)
2490 run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
,
2493 stop_sigma_dut(sigma
)
2495 def run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
, result
, fail
):
2496 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2498 cmd
= "DPP_PKEX_ADD own=%d code=secret" % (id1
)
2499 res
= dev
[1].request(cmd
)
2501 raise Exception("Failed to set PKEX data (responder)")
2503 cmd
= "DPP_LISTEN 2437 role=enrollee"
2504 if "OK" not in dev
[1].request(cmd
):
2505 raise Exception("Failed to start listen operation")
2507 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
))
2508 if result
not in res
:
2509 raise Exception("Unexpected result: " + res
)
2511 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2512 if ev
is None or fail
not in ev
:
2513 raise Exception("Failure not reported correctly: " + str(ev
))
2515 dev
[1].request("DPP_STOP_LISTEN")
2516 dev
[0].dump_monitor()
2517 dev
[1].dump_monitor()
2519 def test_sigma_dut_dpp_proto_responder_pkex(dev
, apdev
):
2520 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2521 check_dpp_capab(dev
[0])
2522 check_dpp_capab(dev
[1])
2523 tests
= [("InvalidValue", "PKEXCRResponse", "WrappedData",
2524 "BootstrapResult,Errorsent",
2526 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2527 "BootstrapResult,Errorsent",
2528 "No DPP Status attribute"),
2529 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2530 "BootstrapResult,Errorsent",
2531 "No valid peer bootstrapping key found")]
2532 for step
, frame
, attr
, result
, fail
in tests
:
2533 dev
[0].request("FLUSH")
2534 dev
[1].request("FLUSH")
2535 sigma
= start_sigma_dut(dev
[0].ifname
)
2537 run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
,
2540 stop_sigma_dut(sigma
)
2542 def run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
, result
, fail
):
2543 t
= threading
.Thread(target
=dpp_proto_init_pkex
, args
=(dev
[1],))
2545 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2547 if result
not in res
:
2548 raise Exception("Unexpected result: " + res
)
2550 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2551 if ev
is None or fail
not in ev
:
2552 raise Exception("Failure not reported correctly:" + str(ev
))
2554 dev
[1].request("DPP_STOP_LISTEN")
2555 dev
[0].dump_monitor()
2556 dev
[1].dump_monitor()
2558 def init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2559 check_dpp_capab(dev
[0])
2560 check_dpp_capab(dev
[1])
2562 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2563 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2564 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2565 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2567 params
= {"ssid": "DPPNET01",
2570 "wpa_key_mgmt": "DPP",
2571 "rsn_pairwise": "CCMP",
2572 "dpp_connector": ap_connector
,
2573 "dpp_csign": csign_pub
,
2574 "dpp_netaccesskey": ap_netaccesskey
}
2576 hapd
= hostapd
.add_ap(apdev
[0], params
)
2578 raise HwsimSkip("DPP not supported")
2580 dev
[0].set("dpp_config_processing", "2")
2582 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
2583 res
= dev
[1].request(cmd
)
2585 raise Exception("Failed to add configurator")
2588 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2589 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2591 dev
[1].set("dpp_configurator_params",
2592 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2594 cmd
= "DPP_LISTEN 2437 role=configurator"
2595 if "OK" not in dev
[1].request(cmd
):
2596 raise Exception("Failed to start listen operation")
2598 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2599 if "status,COMPLETE" not in res
:
2600 raise Exception("dev_exec_action did not succeed: " + res
)
2602 def test_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2603 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2604 sigma
= start_sigma_dut(dev
[0].ifname
)
2606 init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
)
2608 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout
=10)
2609 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res
:
2610 raise Exception("Unexpected result: " + res
)
2612 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2613 stop_sigma_dut(sigma
)
2615 def test_sigma_dut_dpp_self_config(dev
, apdev
):
2616 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2617 check_dpp_capab(dev
[0])
2619 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2620 check_dpp_capab(hapd
)
2622 sigma
= start_sigma_dut(dev
[0].ifname
)
2624 dev
[0].set("dpp_config_processing", "2")
2625 id = hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2626 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2628 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2629 if "status,COMPLETE" not in res
:
2630 raise Exception("dev_exec_action did not succeed: " + res
)
2632 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2633 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2634 raise Exception("Unexpected result: " + res
)
2635 update_hapd_config(hapd
)
2637 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2638 res
= sigma_dut_cmd(cmd
, timeout
=10)
2639 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
2640 raise Exception("Unexpected result: " + res
)
2642 stop_sigma_dut(sigma
)
2643 dev
[0].set("dpp_config_processing", "0")
2645 def test_sigma_dut_ap_dpp_self_config(dev
, apdev
, params
):
2646 """sigma_dut DPP AP Configurator using self-configuration"""
2647 logdir
= os
.path
.join(params
['logdir'],
2648 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2649 with
HWSimRadio() as (radio
, iface
):
2650 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2652 run_sigma_dut_ap_dpp_self_config(dev
, apdev
)
2654 stop_sigma_dut(sigma
)
2655 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2657 def run_sigma_dut_ap_dpp_self_config(dev
, apdev
):
2658 check_dpp_capab(dev
[0])
2660 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2662 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout
=10)
2663 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2664 raise Exception("Unexpected result: " + res
)
2666 dev
[0].set("dpp_config_processing", "2")
2668 id = dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True)
2669 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2670 cmd
= "DPP_LISTEN 2462 role=enrollee"
2671 if "OK" not in dev
[0].request(cmd
):
2672 raise Exception("Failed to start listen operation")
2674 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2675 if "status,COMPLETE" not in res
:
2676 raise Exception("dev_exec_action did not succeed: " + res
)
2677 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2678 res
= sigma_dut_cmd(cmd
)
2679 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2680 raise Exception("Unexpected result: " + res
)
2681 dev
[0].wait_connected()
2682 dev
[0].request("DISCONNECT")
2683 dev
[0].wait_disconnected()
2684 sigma_dut_cmd_check("ap_reset_default")
2687 def test_sigma_dut_ap_dpp_relay(dev
, apdev
, params
):
2688 """sigma_dut DPP AP as Relay to Controller"""
2689 logdir
= os
.path
.join(params
['logdir'],
2690 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2691 with
HWSimRadio() as (radio
, iface
):
2692 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2694 run_sigma_dut_ap_dpp_relay(dev
, apdev
)
2696 stop_sigma_dut(sigma
)
2697 dev
[1].request("DPP_CONTROLLER_STOP")
2699 def run_sigma_dut_ap_dpp_relay(dev
, apdev
):
2700 check_dpp_capab(dev
[0])
2701 check_dpp_capab(dev
[1])
2704 conf_id
= dev
[1].dpp_configurator_add()
2705 dev
[1].set("dpp_configurator_params",
2706 " conf=sta-dpp configurator=%d" % conf_id
)
2707 id_c
= dev
[1].dpp_bootstrap_gen()
2708 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2709 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
2711 for line
in res
.splitlines():
2712 name
, value
= line
.split('=')
2713 if name
== "pkhash":
2717 raise Exception("Could not fetch public key hash from Controller")
2718 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2719 raise Exception("Failed to start Controller")
2721 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2722 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash
)
2723 res
= sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2725 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
2726 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0])
2728 sigma_dut_cmd_check("ap_reset_default")
2730 def dpp_init_tcp_enrollee(dev
, id1
):
2731 logger
.info("Starting DPP initiator/enrollee (TCP) in a thread")
2733 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2734 if "OK" not in dev
.request(cmd
):
2735 raise Exception("Failed to initiate DPP Authentication")
2736 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
2738 raise Exception("DPP configuration not completed (Enrollee)")
2739 logger
.info("DPP initiator/enrollee done")
2741 def test_sigma_dut_dpp_tcp_conf_resp(dev
, apdev
):
2742 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2743 run_sigma_dut_dpp_tcp_conf_resp(dev
)
2745 def run_sigma_dut_dpp_tcp_conf_resp(dev
, status_query
=False):
2746 check_dpp_capab(dev
[0])
2747 check_dpp_capab(dev
[1])
2748 sigma
= start_sigma_dut(dev
[0].ifname
)
2750 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2751 res
= sigma_dut_cmd(cmd
)
2752 if "status,COMPLETE" not in res
:
2753 raise Exception("dev_exec_action did not succeed: " + res
)
2754 hex = res
.split(',')[3]
2756 logger
.info("URI from sigma_dut: " + uri
)
2758 id1
= dev
[1].dpp_qr_code(uri
)
2760 t
= threading
.Thread(target
=dpp_init_tcp_enrollee
, args
=(dev
[1], id1
))
2762 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2764 cmd
+= ",DPPStatusQuery,Yes"
2765 res
= sigma_dut_cmd(cmd
, timeout
=10)
2767 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2768 raise Exception("Unexpected result: " + res
)
2769 if status_query
and "StatusResult,0" not in res
:
2770 raise Exception("Status query did not succeed: " + res
)
2772 stop_sigma_dut(sigma
)
2774 def test_sigma_dut_dpp_tcp_enrollee_init(dev
, apdev
):
2775 """sigma_dut DPP TCP Enrollee as initiator"""
2776 check_dpp_capab(dev
[0])
2777 check_dpp_capab(dev
[1])
2778 sigma
= start_sigma_dut(dev
[0].ifname
)
2781 conf_id
= dev
[1].dpp_configurator_add()
2782 dev
[1].set("dpp_configurator_params",
2783 " conf=sta-dpp configurator=%d" % conf_id
)
2784 id_c
= dev
[1].dpp_bootstrap_gen()
2785 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2786 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2787 raise Exception("Failed to start Controller")
2789 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c
))
2790 if "status,COMPLETE" not in res
:
2791 raise Exception("dev_exec_action did not succeed: " + res
)
2793 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2794 res
= sigma_dut_cmd(cmd
, timeout
=10)
2795 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2796 raise Exception("Unexpected result: " + res
)
2798 stop_sigma_dut(sigma
)
2799 dev
[1].request("DPP_CONTROLLER_STOP")
2801 def test_sigma_dut_preconfigured_profile(dev
, apdev
):
2802 """sigma_dut controlled connection using preconfigured profile"""
2804 run_sigma_dut_preconfigured_profile(dev
, apdev
)
2806 dev
[0].set("ignore_old_scan_res", "0")
2808 def run_sigma_dut_preconfigured_profile(dev
, apdev
):
2809 ifname
= dev
[0].ifname
2810 sigma
= start_sigma_dut(ifname
)
2813 params
= hostapd
.wpa2_params(ssid
="test-psk", passphrase
="12345678")
2814 hapd
= hostapd
.add_ap(apdev
[0], params
)
2815 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412",
2816 only_add_network
=True)
2818 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2819 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "test-psk"),
2821 sigma_dut_wait_connected(ifname
)
2822 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2823 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2824 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2826 stop_sigma_dut(sigma
)
2828 def test_sigma_dut_wps_pbc(dev
, apdev
):
2829 """sigma_dut and WPS PBC Enrollee"""
2831 run_sigma_dut_wps_pbc(dev
, apdev
)
2833 dev
[0].set("ignore_old_scan_res", "0")
2835 def run_sigma_dut_wps_pbc(dev
, apdev
):
2836 ssid
= "test-wps-conf"
2837 hapd
= hostapd
.add_ap(apdev
[0],
2838 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2839 "wpa_passphrase": "12345678", "wpa": "2",
2840 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2841 hapd
.request("WPS_PBC")
2843 ifname
= dev
[0].ifname
2844 sigma
= start_sigma_dut(ifname
)
2847 cmd
= "start_wps_registration,interface,%s" % ifname
2848 cmd
+= ",WpsRole,Enrollee"
2849 cmd
+= ",WpsConfigMethod,PBC"
2850 sigma_dut_cmd_check(cmd
, timeout
=15)
2852 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2854 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2856 stop_sigma_dut(sigma
)
2857 dev
[0].flush_scan_cache()
2859 def test_sigma_dut_sta_scan_bss(dev
, apdev
):
2860 """sigma_dut sta_scan_bss"""
2861 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "test"})
2862 sigma
= start_sigma_dut(dev
[0].ifname
)
2864 cmd
= "sta_scan_bss,Interface,%s,BSSID,%s" % (dev
[0].ifname
, \
2866 res
= sigma_dut_cmd(cmd
, timeout
=10)
2867 if "ssid,test,bsschannel,1" not in res
:
2868 raise Exception("Unexpected result: " + res
)
2870 stop_sigma_dut(sigma
)
2872 def test_sigma_dut_sta_scan_ssid_bssid(dev
, apdev
):
2873 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2874 hostapd
.add_ap(apdev
[0], {"ssid": "abcdef"})
2875 hostapd
.add_ap(apdev
[1], {"ssid": "qwerty"})
2876 sigma
= start_sigma_dut(dev
[0].ifname
)
2878 cmd
= "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev
[0].ifname
2879 res
= sigma_dut_cmd(cmd
, timeout
=10)
2880 if "abcdef" not in res
or "qwerty" not in res
:
2881 raise Exception("Unexpected result: " + res
)
2883 stop_sigma_dut(sigma
)
2885 def test_sigma_dut_ap_osen(dev
, apdev
, params
):
2886 """sigma_dut controlled AP with OSEN"""
2887 logdir
= os
.path
.join(params
['logdir'],
2888 "sigma_dut_ap_osen.sigma-hostapd")
2889 with
HWSimRadio() as (radio
, iface
):
2890 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2892 sigma_dut_cmd_check("ap_reset_default")
2893 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2894 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2895 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2896 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2898 # RSN-OSEN (for OSU)
2899 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2900 pairwise
="CCMP", group
="GTK_NOT_USED",
2901 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2902 ca_cert
="auth_serv/ca.pem", scan_freq
="2412")
2904 sigma_dut_cmd_check("ap_reset_default")
2906 stop_sigma_dut(sigma
)
2908 def test_sigma_dut_ap_eap_osen(dev
, apdev
, params
):
2909 """sigma_dut controlled AP with EAP+OSEN"""
2910 logdir
= os
.path
.join(params
['logdir'],
2911 "sigma_dut_ap_eap_osen.sigma-hostapd")
2912 with
HWSimRadio() as (radio
, iface
):
2913 sigma
= start_sigma_dut(iface
, bridge
="ap-br0", hostapd_logdir
=logdir
)
2915 sigma_dut_cmd_check("ap_reset_default")
2916 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2917 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2918 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2919 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2921 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
2922 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2924 # RSN-OSEN (for OSU)
2925 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2927 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2928 ca_cert
="auth_serv/ca.pem", ieee80211w
='2',
2930 # RSN-EAP (for data connection)
2931 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
2932 identity
="hs20-test", password
="password",
2933 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
2934 ieee80211w
='2', scan_freq
="2412")
2936 hwsim_utils
.test_connectivity(dev
[0], dev
[1], broadcast
=False,
2937 success_expected
=False, timeout
=1)
2939 sigma_dut_cmd_check("ap_reset_default")
2941 stop_sigma_dut(sigma
)
2942 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2943 stderr
=open('/dev/null', 'w'))
2944 subprocess
.call(['brctl', 'delbr', 'ap-br0'],
2945 stderr
=open('/dev/null', 'w'))
2947 def test_sigma_dut_ap_eap(dev
, apdev
, params
):
2948 """sigma_dut controlled AP WPA2-Enterprise"""
2949 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2950 with
HWSimRadio() as (radio
, iface
):
2951 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2953 sigma_dut_cmd_check("ap_reset_default")
2954 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2955 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2956 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2957 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2959 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
2960 identity
="gpsk user",
2961 password
="abcdefghijklmnop0123456789abcdef",
2964 sigma_dut_cmd_check("ap_reset_default")
2966 stop_sigma_dut(sigma
)
2968 def test_sigma_dut_ap_eap_sha256(dev
, apdev
, params
):
2969 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2970 logdir
= os
.path
.join(params
['logdir'],
2971 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2972 with
HWSimRadio() as (radio
, iface
):
2973 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2975 sigma_dut_cmd_check("ap_reset_default")
2976 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2977 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2978 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2979 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2981 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP-SHA256", eap
="GPSK",
2982 identity
="gpsk user",
2983 password
="abcdefghijklmnop0123456789abcdef",
2986 sigma_dut_cmd_check("ap_reset_default")
2988 stop_sigma_dut(sigma
)
2990 def test_sigma_dut_ap_ft_eap(dev
, apdev
, params
):
2991 """sigma_dut controlled AP FT-EAP"""
2992 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2993 with
HWSimRadio() as (radio
, iface
):
2994 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2996 sigma_dut_cmd_check("ap_reset_default")
2997 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2998 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2999 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
3000 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3002 dev
[0].connect("test-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
3003 identity
="gpsk user",
3004 password
="abcdefghijklmnop0123456789abcdef",
3007 sigma_dut_cmd_check("ap_reset_default")
3009 stop_sigma_dut(sigma
)
3011 def test_sigma_dut_ap_ft_psk(dev
, apdev
, params
):
3012 """sigma_dut controlled AP FT-PSK"""
3013 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
3014 with
HWSimRadio() as (radio
, iface
):
3015 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3017 sigma_dut_cmd_check("ap_reset_default")
3018 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3019 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3020 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3022 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
3025 sigma_dut_cmd_check("ap_reset_default")
3027 stop_sigma_dut(sigma
)
3029 def test_sigma_dut_ap_ft_over_ds_psk(dev
, apdev
, params
):
3030 """sigma_dut controlled AP FT-PSK (over-DS)"""
3031 logdir
= os
.path
.join(params
['logdir'],
3032 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
3033 conffile
= os
.path
.join(params
['logdir'],
3034 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
3035 with
HWSimRadio() as (radio
, iface
):
3036 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3038 sigma_dut_cmd_check("ap_reset_default")
3039 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
3040 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3041 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3043 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3044 with
open(conffile
, "wb") as f2
:
3047 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
3050 sigma_dut_cmd_check("ap_reset_default")
3052 stop_sigma_dut(sigma
)
3054 def test_sigma_dut_ap_ent_ft_eap(dev
, apdev
, params
):
3055 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
3056 logdir
= os
.path
.join(params
['logdir'],
3057 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
3058 with
HWSimRadio() as (radio
, iface
):
3059 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3061 sigma_dut_cmd_check("ap_reset_default")
3062 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3063 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3064 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
3065 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3067 dev
[0].connect("test-ent-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
3068 identity
="gpsk user",
3069 password
="abcdefghijklmnop0123456789abcdef",
3071 dev
[1].connect("test-ent-ft-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
3072 identity
="gpsk user",
3073 password
="abcdefghijklmnop0123456789abcdef",
3076 sigma_dut_cmd_check("ap_reset_default")
3078 stop_sigma_dut(sigma
)
3080 def test_sigma_dut_venue_url(dev
, apdev
):
3081 """sigma_dut controlled Venue URL fetch"""
3083 run_sigma_dut_venue_url(dev
, apdev
)
3085 dev
[0].set("ignore_old_scan_res", "0")
3087 def run_sigma_dut_venue_url(dev
, apdev
):
3088 ifname
= dev
[0].ifname
3089 sigma
= start_sigma_dut(ifname
)
3093 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3094 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3095 params
["ieee80211w"] = "2"
3099 venue_info
= struct
.pack('BB', venue_group
, venue_type
)
3101 name1
= "Example venue"
3103 name2
= "Esimerkkipaikka"
3104 venue1
= struct
.pack('B', len(lang1
+ name1
)) + lang1
.encode() + name1
.encode()
3105 venue2
= struct
.pack('B', len(lang2
+ name2
)) + lang2
.encode() + name2
.encode()
3106 venue_name
= binascii
.hexlify(venue_info
+ venue1
+ venue2
)
3108 url1
= "http://example.com/venue"
3109 url2
= "https://example.org/venue-info/"
3110 params
["venue_group"] = str(venue_group
)
3111 params
["venue_type"] = str(venue_type
)
3112 params
["venue_name"] = [lang1
+ ":" + name1
, lang2
+ ":" + name2
]
3113 params
["venue_url"] = ["1:" + url1
, "2:" + url2
]
3115 hapd
= hostapd
.add_ap(apdev
[0], params
)
3117 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
3118 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3119 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "venue", "12345678"))
3120 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "venue"),
3122 sigma_dut_wait_connected(ifname
)
3123 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3124 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname
+ ",Display,Yes")
3125 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3126 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3128 stop_sigma_dut(sigma
)
3130 def test_sigma_dut_hs20_assoc_24(dev
, apdev
):
3131 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3132 run_sigma_dut_hs20_assoc(dev
, apdev
, True)
3134 def test_sigma_dut_hs20_assoc_5(dev
, apdev
):
3135 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3136 run_sigma_dut_hs20_assoc(dev
, apdev
, False)
3138 def run_sigma_dut_hs20_assoc(dev
, apdev
, band24
):
3142 bssid0
= apdev
[0]['bssid']
3143 params
= hs20_ap_params()
3144 params
['hessid'] = bssid0
3145 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3147 bssid1
= apdev
[1]['bssid']
3148 params
= hs20_ap_params()
3149 params
['hessid'] = bssid0
3150 params
["hw_mode"] = "a"
3151 params
["channel"] = "36"
3152 params
["country_code"] = "US"
3153 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3155 band
= "2.4" if band24
else "5"
3156 exp_bssid
= bssid0
if band24
else bssid1
3157 run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, exp_bssid
)
3159 dev
[0].request("DISCONNECT")
3161 hapd0
.request("DISABLE")
3163 hapd1
.request("DISABLE")
3164 subprocess
.call(['iw', 'reg', 'set', '00'])
3165 dev
[0].flush_scan_cache()
3167 def run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, expect_bssid
):
3168 check_eap_capa(dev
[0], "MSCHAPV2")
3169 dev
[0].flush_scan_cache()
3171 ifname
= dev
[0].ifname
3172 sigma
= start_sigma_dut(ifname
)
3175 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname
)
3176 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3177 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname
)
3178 res
= sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname
, band
),
3180 sigma_dut_wait_connected(ifname
)
3181 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3182 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3183 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3185 stop_sigma_dut(sigma
)
3187 if "BSSID," + expect_bssid
not in res
:
3188 raise Exception("Unexpected BSSID: " + res
)
3190 def test_sigma_dut_ap_hs20(dev
, apdev
, params
):
3191 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3192 logdir
= os
.path
.join(params
['logdir'],
3193 "sigma_dut_ap_hs20.sigma-hostapd")
3194 conffile
= os
.path
.join(params
['logdir'],
3195 "sigma_dut_ap_hs20.sigma-conf")
3196 with
HWSimRadio() as (radio
, iface
):
3197 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3199 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3200 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3201 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3202 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3203 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3204 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3205 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3206 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3207 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3208 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3209 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3210 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3211 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3212 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3214 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3215 with
open(conffile
, "wb") as f2
:
3218 sigma_dut_cmd_check("ap_reset_default")
3220 stop_sigma_dut(sigma
)
3222 def test_sigma_dut_eap_ttls_uosc(dev
, apdev
, params
):
3223 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3224 logdir
= params
['logdir']
3226 with
open("auth_serv/ca.pem", "r") as f
:
3227 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.ca.pem"),
3231 src
= "auth_serv/server.pem"
3232 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.der")
3233 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3234 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3236 stderr
=open('/dev/null', 'w'))
3237 with
open(dst
, "rb") as f
:
3239 hash = hashlib
.sha256(der
).digest()
3240 with
open(hashdst
, "w") as f
:
3241 f
.write(binascii
.hexlify(hash).decode())
3243 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3244 with
open(dst
, "w") as f
:
3247 ssid
= "test-wpa2-eap"
3248 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3249 hapd
= hostapd
.add_ap(apdev
[0], params
)
3251 ifname
= dev
[0].ifname
3252 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3255 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname
, ssid
)
3257 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3258 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3259 sigma_dut_cmd_check(cmd
)
3260 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3262 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3264 raise Exception("Server certificate error not reported")
3266 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3267 if "ServerCertTrustResult,Accepted" not in res
:
3268 raise Exception("Server certificate trust was not accepted")
3269 sigma_dut_wait_connected(ifname
)
3270 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3271 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3272 dev
[0].dump_monitor()
3274 stop_sigma_dut(sigma
)
3276 def test_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
):
3277 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3278 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, False)
3280 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev
, apdev
, params
):
3281 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3282 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, True)
3284 def run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, tofu
):
3285 logdir
= params
['logdir']
3287 name
= "sigma_dut_eap_ttls_uosc_tod"
3290 with
open("auth_serv/ca.pem", "r") as f
:
3291 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3295 src
= "auth_serv/server-certpol2.pem"
3297 src
= "auth_serv/server-certpol.pem"
3298 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3299 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3300 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3302 stderr
=open('/dev/null', 'w'))
3303 with
open(dst
, "rb") as f
:
3305 hash = hashlib
.sha256(der
).digest()
3306 with
open(hashdst
, "w") as f
:
3307 f
.write(binascii
.hexlify(hash).decode())
3309 ssid
= "test-wpa2-eap"
3310 params
= int_eap_server_params()
3311 params
["ssid"] = ssid
3313 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3314 params
["private_key"] = "auth_serv/server-certpol2.key"
3316 params
["server_cert"] = "auth_serv/server-certpol.pem"
3317 params
["private_key"] = "auth_serv/server-certpol.key"
3318 hapd
= hostapd
.add_ap(apdev
[0], params
)
3320 ifname
= dev
[0].ifname
3321 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3324 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name
+ ".server.pem") % (ifname
, ssid
)
3325 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3326 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3327 sigma_dut_cmd_check(cmd
)
3328 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3330 sigma_dut_wait_connected(ifname
)
3331 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3332 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
+ ",maintain_profile,1")
3333 dev
[0].wait_disconnected()
3334 dev
[0].dump_monitor()
3337 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3338 hapd
= hostapd
.add_ap(apdev
[0], params
)
3340 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3342 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3344 raise Exception("Server certificate error not reported")
3346 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3347 if "ServerCertTrustResult,Accepted" in res
:
3348 raise Exception("Server certificate trust override was accepted unexpectedly")
3349 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3350 dev
[0].dump_monitor()
3352 stop_sigma_dut(sigma
)
3354 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev
, apdev
, params
):
3355 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3356 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, False)
3358 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev
, apdev
, params
):
3359 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3360 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, True)
3362 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, tofu
):
3363 logdir
= params
['logdir']
3365 name
= "sigma_dut_eap_ttls_uosc_initial_tod"
3368 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
3369 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3373 src
= "auth_serv/server-certpol2.pem"
3375 src
= "auth_serv/server-certpol.pem"
3376 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3377 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3378 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3380 stderr
=open('/dev/null', 'w'))
3381 with
open(dst
, "rb") as f
:
3383 hash = hashlib
.sha256(der
).digest()
3384 with
open(hashdst
, "w") as f
:
3385 f
.write(binascii
.hexlify(hash).decode())
3387 ssid
= "test-wpa2-eap"
3388 params
= int_eap_server_params()
3389 params
["ssid"] = ssid
3391 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3392 params
["private_key"] = "auth_serv/server-certpol2.key"
3394 params
["server_cert"] = "auth_serv/server-certpol.pem"
3395 params
["private_key"] = "auth_serv/server-certpol.key"
3396 hapd
= hostapd
.add_ap(apdev
[0], params
)
3398 ifname
= dev
[0].ifname
3399 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3402 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname
, ssid
)
3403 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3404 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3405 sigma_dut_cmd_check(cmd
)
3406 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3408 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=15)
3410 raise Exception("Server certificate validation failure not reported")
3412 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3413 if not tofu
and "ServerCertTrustResult,Accepted" in res
:
3414 raise Exception("Server certificate trust override was accepted unexpectedly")
3415 if tofu
and "ServerCertTrustResult,Accepted" not in res
:
3416 raise Exception("Server certificate trust override was not accepted")
3417 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3418 dev
[0].dump_monitor()
3420 stop_sigma_dut(sigma
)
3422 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev
, apdev
, params
):
3423 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3424 check_domain_suffix_match(dev
[0])
3425 logdir
= params
['logdir']
3427 with
open("auth_serv/ca.pem", "r") as f
:
3428 with
open(os
.path
.join(logdir
,
3429 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3433 ssid
= "test-wpa2-eap"
3434 params
= int_eap_server_params()
3435 params
["ssid"] = ssid
3436 params
["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3437 params
["server_cert"] = "auth_serv/rsa3072-server.pem"
3438 params
["private_key"] = "auth_serv/rsa3072-server.key"
3439 hapd
= hostapd
.add_ap(apdev
[0], params
)
3441 ifname
= dev
[0].ifname
3442 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3445 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname
, ssid
)
3446 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3447 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3448 sigma_dut_cmd_check(cmd
)
3449 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3451 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3453 raise Exception("Server certificate error not reported")
3455 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3456 if "ServerCertTrustResult,Accepted" not in res
:
3457 raise Exception("Server certificate trust was not accepted")
3458 sigma_dut_wait_connected(ifname
)
3459 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3460 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3461 dev
[0].dump_monitor()
3463 stop_sigma_dut(sigma
)
3465 def start_sae_pwe_ap(apdev
, sae_pwe
):
3467 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3468 params
['wpa_key_mgmt'] = 'SAE'
3469 params
["ieee80211w"] = "2"
3470 params
['sae_groups'] = '19'
3471 params
['sae_pwe'] = str(sae_pwe
)
3472 return hostapd
.add_ap(apdev
, params
)
3474 def connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3476 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3477 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3478 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3481 sigma_dut_cmd_check(cmd
)
3482 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3484 sigma_dut_wait_connected(ifname
)
3485 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3486 dev
.wait_disconnected()
3487 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3490 def no_connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3492 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3493 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3494 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3497 sigma_dut_cmd_check(cmd
)
3498 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3500 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
3501 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3502 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3503 raise Exception("Unexpected connection result")
3504 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3507 def test_sigma_dut_sae_h2e(dev
, apdev
):
3508 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3509 if "SAE" not in dev
[0].get_capability("auth_alg"):
3510 raise HwsimSkip("SAE not supported")
3512 start_sae_pwe_ap(apdev
[0], 2)
3514 ifname
= dev
[0].ifname
3515 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3517 connect_sae_pwe_sta(dev
[0], ifname
)
3518 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3519 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3520 res
= sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname
, "test-sae", "12345678"))
3521 if res
!= "status,ERROR,errorCode,Unsupported sae_pwe value":
3522 raise Exception("Unexpected error result: " + res
)
3524 stop_sigma_dut(sigma
)
3525 dev
[0].set("sae_pwe", "0")
3527 def test_sigma_dut_sae_h2e_ap_loop(dev
, apdev
):
3528 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3529 if "SAE" not in dev
[0].get_capability("auth_alg"):
3530 raise HwsimSkip("SAE not supported")
3532 start_sae_pwe_ap(apdev
[0], 0)
3534 ifname
= dev
[0].ifname
3535 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3537 connect_sae_pwe_sta(dev
[0], ifname
)
3538 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3539 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3541 stop_sigma_dut(sigma
)
3542 dev
[0].set("sae_pwe", "0")
3544 def test_sigma_dut_sae_h2e_ap_h2e(dev
, apdev
):
3545 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3546 if "SAE" not in dev
[0].get_capability("auth_alg"):
3547 raise HwsimSkip("SAE not supported")
3549 start_sae_pwe_ap(apdev
[0], 1)
3551 ifname
= dev
[0].ifname
3552 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3554 connect_sae_pwe_sta(dev
[0], ifname
)
3555 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3556 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3558 stop_sigma_dut(sigma
)
3559 dev
[0].set("sae_pwe", "0")
3561 def test_sigma_dut_ap_sae_h2e(dev
, apdev
, params
):
3562 """sigma_dut controlled AP with SAE H2E"""
3563 logdir
= os
.path
.join(params
['logdir'],
3564 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3565 if "SAE" not in dev
[0].get_capability("auth_alg"):
3566 raise HwsimSkip("SAE not supported")
3567 with
HWSimRadio() as (radio
, iface
):
3568 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3570 sigma_dut_cmd_check("ap_reset_default")
3571 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3572 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3573 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3575 for sae_pwe
in [0, 1, 2]:
3576 dev
[0].request("SET sae_groups ")
3577 dev
[0].set("sae_pwe", str(sae_pwe
))
3578 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3579 ieee80211w
="2", scan_freq
="2412")
3580 dev
[0].request("REMOVE_NETWORK all")
3581 dev
[0].wait_disconnected()
3582 dev
[0].dump_monitor()
3584 sigma_dut_cmd_check("ap_reset_default")
3586 stop_sigma_dut(sigma
)
3587 dev
[0].set("sae_pwe", "0")
3589 def test_sigma_dut_ap_sae_h2e_only(dev
, apdev
, params
):
3590 """sigma_dut controlled AP with SAE H2E-only"""
3591 logdir
= os
.path
.join(params
['logdir'],
3592 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3593 if "SAE" not in dev
[0].get_capability("auth_alg"):
3594 raise HwsimSkip("SAE not supported")
3595 with
HWSimRadio() as (radio
, iface
):
3596 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3598 sigma_dut_cmd_check("ap_reset_default")
3599 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3600 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3601 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3603 dev
[0].request("SET sae_groups ")
3604 dev
[0].set("sae_pwe", "1")
3605 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3606 ieee80211w
="2", scan_freq
="2412")
3607 dev
[0].request("REMOVE_NETWORK all")
3608 dev
[0].wait_disconnected()
3609 dev
[0].dump_monitor()
3611 dev
[0].set("sae_pwe", "0")
3612 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3613 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3614 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3615 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3616 dev
[0].request("DISCONNECT")
3617 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3618 raise Exception("Unexpected connection result")
3620 sigma_dut_cmd_check("ap_reset_default")
3622 stop_sigma_dut(sigma
)
3623 dev
[0].set("sae_pwe", "0")
3625 def test_sigma_dut_ap_sae_loop_only(dev
, apdev
, params
):
3626 """sigma_dut controlled AP with SAE looping-only"""
3627 logdir
= os
.path
.join(params
['logdir'],
3628 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3629 if "SAE" not in dev
[0].get_capability("auth_alg"):
3630 raise HwsimSkip("SAE not supported")
3631 with
HWSimRadio() as (radio
, iface
):
3632 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3634 sigma_dut_cmd_check("ap_reset_default")
3635 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3636 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3637 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3639 dev
[0].request("SET sae_groups ")
3640 dev
[0].set("sae_pwe", "0")
3641 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3642 ieee80211w
="2", scan_freq
="2412")
3643 dev
[0].request("REMOVE_NETWORK all")
3644 dev
[0].wait_disconnected()
3645 dev
[0].dump_monitor()
3647 dev
[0].set("sae_pwe", "1")
3648 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3649 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3650 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3651 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3652 dev
[0].request("DISCONNECT")
3653 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3654 raise Exception("Unexpected connection result")
3656 sigma_dut_cmd_check("ap_reset_default")
3658 stop_sigma_dut(sigma
)
3659 dev
[0].set("sae_pwe", "0")
3661 def test_sigma_dut_sae_h2e_loop_forcing(dev
, apdev
):
3662 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3663 if "SAE" not in dev
[0].get_capability("auth_alg"):
3664 raise HwsimSkip("SAE not supported")
3667 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3668 params
['wpa_key_mgmt'] = 'SAE'
3669 params
["ieee80211w"] = "2"
3670 params
['sae_pwe'] = '1'
3671 hapd
= hostapd
.add_ap(apdev
[0], params
)
3673 ifname
= dev
[0].ifname
3674 sigma
= start_sigma_dut(ifname
)
3676 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3677 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3678 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname
, "test-sae", "12345678"))
3679 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3681 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3683 raise Exception("No authentication attempt reported")
3684 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3686 raise Exception("Unexpected connection reported")
3688 stop_sigma_dut(sigma
)
3690 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev
, apdev
):
3691 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3692 if "SAE" not in dev
[0].get_capability("auth_alg"):
3693 raise HwsimSkip("SAE not supported")
3696 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3697 params
['wpa_key_mgmt'] = 'SAE'
3698 params
["ieee80211w"] = "2"
3699 params
['sae_groups'] = "19 20"
3700 params
['sae_pwe'] = '1'
3701 hapd
= hostapd
.add_ap(apdev
[0], params
)
3703 ifname
= dev
[0].ifname
3704 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3706 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3707 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3708 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname
, "test-sae", "12345678"))
3709 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3711 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3713 raise Exception("No authentication attempt reported")
3714 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3716 raise Exception("Unexpected connection reported")
3718 stop_sigma_dut(sigma
)
3720 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev
, apdev
):
3721 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3722 if "SAE" not in dev
[0].get_capability("auth_alg"):
3723 raise HwsimSkip("SAE not supported")
3726 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3727 params
['wpa_key_mgmt'] = 'SAE'
3728 params
["ieee80211w"] = "2"
3729 params
['sae_groups'] = "19"
3730 params
['sae_pwe'] = '1'
3731 hapd
= hostapd
.add_ap(apdev
[0], params
)
3733 ifname
= dev
[0].ifname
3734 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3736 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3737 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3738 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname
, "test-sae", "12345678"))
3739 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3741 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3743 raise Exception("No authentication attempt reported")
3744 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3746 raise Exception("Unexpected connection reported")
3748 stop_sigma_dut(sigma
)
3749 dev
[0].set("sae_pwe", "0")
3751 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev
, apdev
, params
):
3752 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3753 logdir
= os
.path
.join(params
['logdir'],
3754 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3755 if "SAE" not in dev
[0].get_capability("auth_alg"):
3756 raise HwsimSkip("SAE not supported")
3757 with
HWSimRadio() as (radio
, iface
):
3758 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3760 sigma_dut_cmd_check("ap_reset_default")
3761 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3762 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3763 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3765 dev
[0].request("SET sae_groups ")
3766 dev
[0].set("sae_pwe", "1")
3767 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3768 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3769 ev
= dev
[0].wait_event(["Associated with"], timeout
=10)
3771 raise Exception("No indication of association seen")
3772 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3773 "CTRL-EVENT-DISCONNECTED"], timeout
=10)
3774 dev
[0].request("DISCONNECT")
3776 raise Exception("No disconnection seen")
3777 if "CTRL-EVENT-DISCONNECTED" not in ev
:
3778 raise Exception("Unexpected connection")
3780 sigma_dut_cmd_check("ap_reset_default")
3782 stop_sigma_dut(sigma
)
3783 dev
[0].set("sae_pwe", "0")
3785 def test_sigma_dut_ap_sae_h2e_group_rejection(dev
, apdev
, params
):
3786 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3787 logdir
= os
.path
.join(params
['logdir'],
3788 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3789 if "SAE" not in dev
[0].get_capability("auth_alg"):
3790 raise HwsimSkip("SAE not supported")
3791 with
HWSimRadio() as (radio
, iface
):
3792 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3794 sigma_dut_cmd_check("ap_reset_default")
3795 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3796 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3797 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3799 dev
[0].request("SET sae_groups 21 20 19")
3800 dev
[0].set("sae_pwe", "1")
3801 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3802 ieee80211w
="2", scan_freq
="2412")
3803 addr
= dev
[0].own_addr()
3804 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr
)
3805 if "DHGroupVerResult,21 20" not in res
:
3806 raise Exception("Unexpected dev_exec_action response: " + res
)
3808 sigma_dut_cmd_check("ap_reset_default")
3810 stop_sigma_dut(sigma
)
3811 dev
[0].set("sae_pwe", "0")