1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
11 logger
= logging
.getLogger()
20 from utils
import HwsimSkip
21 from hwsim
import HWSimRadio
23 from test_dpp
import check_dpp_capab
, update_hapd_config
24 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
25 from test_ap_eap
import check_eap_capa
, int_eap_server_params
26 from test_ap_hs20
import hs20_ap_params
28 def check_sigma_dut():
29 if not os
.path
.exists("./sigma_dut"):
30 raise HwsimSkip("sigma_dut not available")
33 return binascii
.hexlify(s
.encode()).decode()
36 return binascii
.unhexlify(s
).decode()
38 def sigma_dut_cmd(cmd
, port
=9000, timeout
=2):
39 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
41 sock
.settimeout(timeout
)
42 addr
= ('127.0.0.1', port
)
44 sock
.send(cmd
.encode() + b
"\r\n")
46 res
= sock
.recv(1000).decode()
49 for line
in res
.splitlines():
50 if line
.startswith("status,RUNNING"):
52 elif line
.startswith("status,INVALID"):
54 elif line
.startswith("status,ERROR"):
56 elif line
.startswith("status,COMPLETE"):
58 if running
and not done
:
59 # Read the actual response
60 res
= sock
.recv(1000).decode()
66 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
69 def sigma_dut_cmd_check(cmd
, port
=9000, timeout
=2):
70 res
= sigma_dut_cmd(cmd
, port
=port
, timeout
=timeout
)
71 if "COMPLETE" not in res
:
72 raise Exception("sigma_dut command failed: " + cmd
)
75 def start_sigma_dut(ifname
, debug
=False, hostapd_logdir
=None, cert_path
=None,
81 '-F', '../../hostapd/hostapd',
83 '-w', '/var/run/wpa_supplicant/',
88 cmd
+= ['-H', hostapd_logdir
]
90 cmd
+= ['-C', cert_path
]
93 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
94 stderr
=subprocess
.PIPE
)
97 res
= sigma_dut_cmd("HELLO")
103 def stop_sigma_dut(sigma
):
106 out
, err
= sigma
.communicate()
107 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
108 logger
.debug("sigma_dut stderr: " + str(err
.decode()))
110 def sigma_dut_wait_connected(ifname
):
112 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
113 if "connected,1" in res
:
117 raise Exception("Connection did not complete")
119 def test_sigma_dut_basic(dev
, apdev
):
120 """sigma_dut basic functionality"""
121 sigma
= start_sigma_dut(dev
[0].ifname
)
123 res
= sigma_dut_cmd("UNKNOWN")
124 if "status,INVALID,errorCode,Unknown command" not in res
:
125 raise Exception("Unexpected sigma_dut response to unknown command")
127 tests
= [("ca_get_version", "status,COMPLETE,version,1.0"),
128 ("device_get_info", "status,COMPLETE,vendor"),
129 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
130 ("device_list_interfaces,interfaceType,802.11",
131 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
)]
132 for cmd
, response
in tests
:
133 res
= sigma_dut_cmd(cmd
)
134 if response
not in res
:
135 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
137 stop_sigma_dut(sigma
)
139 def test_sigma_dut_open(dev
, apdev
):
140 """sigma_dut controlled open network association"""
142 run_sigma_dut_open(dev
, apdev
)
144 dev
[0].set("ignore_old_scan_res", "0")
146 def run_sigma_dut_open(dev
, apdev
):
147 ifname
= dev
[0].ifname
148 sigma
= start_sigma_dut(ifname
)
150 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "open"})
152 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
153 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
154 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"))
155 sigma_dut_wait_connected(ifname
)
156 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
157 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
158 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
160 stop_sigma_dut(sigma
)
162 def test_sigma_dut_psk_pmf(dev
, apdev
):
163 """sigma_dut controlled PSK+PMF association"""
165 run_sigma_dut_psk_pmf(dev
, apdev
)
167 dev
[0].set("ignore_old_scan_res", "0")
169 def run_sigma_dut_psk_pmf(dev
, apdev
):
170 ifname
= dev
[0].ifname
171 sigma
= start_sigma_dut(ifname
)
173 ssid
= "test-pmf-required"
174 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
175 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
176 params
["ieee80211w"] = "2"
177 hapd
= hostapd
.add_ap(apdev
[0], params
)
179 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
180 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
181 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
182 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"))
183 sigma_dut_wait_connected(ifname
)
184 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
185 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
186 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
188 stop_sigma_dut(sigma
)
190 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
191 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
193 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
195 dev
[0].set("ignore_old_scan_res", "0")
197 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
198 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
200 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
202 dev
[0].set("ignore_old_scan_res", "0")
204 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
205 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
207 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
209 dev
[0].set("ignore_old_scan_res", "0")
211 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
212 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
214 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
216 dev
[0].set("ignore_old_scan_res", "0")
218 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
219 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
221 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
224 dev
[0].set("ignore_old_scan_res", "0")
226 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
228 ifname
= dev
[0].ifname
229 sigma
= start_sigma_dut(ifname
)
231 ssid
= "test-pmf-required"
232 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
233 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
234 params
["ieee80211w"] = "2"
235 params
["group_mgmt_cipher"] = hostapd_cipher
236 hapd
= hostapd
.add_ap(apdev
[0], params
)
238 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
239 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
240 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
241 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"))
243 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
244 "CTRL-EVENT-CONNECTED"], timeout
=10)
246 raise Exception("Network selection result not indicated")
247 if "CTRL-EVENT-CONNECTED" in ev
:
248 raise Exception("Unexpected connection")
249 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
250 if "connected,1" in res
:
251 raise Exception("Connection reported")
253 sigma_dut_wait_connected(ifname
)
254 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
256 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
257 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
259 stop_sigma_dut(sigma
)
261 def test_sigma_dut_sae(dev
, apdev
):
262 """sigma_dut controlled SAE association"""
263 if "SAE" not in dev
[0].get_capability("auth_alg"):
264 raise HwsimSkip("SAE not supported")
266 ifname
= dev
[0].ifname
267 sigma
= start_sigma_dut(ifname
)
270 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
271 params
['wpa_key_mgmt'] = 'SAE'
272 params
["ieee80211w"] = "2"
273 params
['sae_groups'] = '19 20 21'
274 hapd
= hostapd
.add_ap(apdev
[0], params
)
276 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
277 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
278 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
279 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
280 sigma_dut_wait_connected(ifname
)
281 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
282 if dev
[0].get_status_field('sae_group') != '19':
283 raise Exception("Expected default SAE group not used")
284 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
286 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
288 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
289 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
290 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
291 sigma_dut_wait_connected(ifname
)
292 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
293 if dev
[0].get_status_field('sae_group') != '20':
294 raise Exception("Expected SAE group not used")
295 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
296 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
298 stop_sigma_dut(sigma
)
300 def test_sigma_dut_sae_password(dev
, apdev
):
301 """sigma_dut controlled SAE association and long password"""
302 if "SAE" not in dev
[0].get_capability("auth_alg"):
303 raise HwsimSkip("SAE not supported")
305 ifname
= dev
[0].ifname
306 sigma
= start_sigma_dut(ifname
)
310 params
= hostapd
.wpa2_params(ssid
=ssid
)
311 params
['sae_password'] = 100*'B'
312 params
['wpa_key_mgmt'] = 'SAE'
313 params
["ieee80211w"] = "2"
314 hapd
= hostapd
.add_ap(apdev
[0], params
)
316 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
317 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
318 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
319 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
320 sigma_dut_wait_connected(ifname
)
321 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
322 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
323 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
325 stop_sigma_dut(sigma
)
327 def test_sigma_dut_sae_pw_id(dev
, apdev
):
328 """sigma_dut controlled SAE association with Password Identifier"""
329 if "SAE" not in dev
[0].get_capability("auth_alg"):
330 raise HwsimSkip("SAE not supported")
332 ifname
= dev
[0].ifname
333 sigma
= start_sigma_dut(ifname
, debug
=True)
336 params
= hostapd
.wpa2_params(ssid
=ssid
)
337 params
['wpa_key_mgmt'] = 'SAE'
338 params
["ieee80211w"] = "2"
339 params
['sae_password'] = 'secret|id=pw id'
340 params
['sae_groups'] = '19'
341 hapd
= hostapd
.add_ap(apdev
[0], params
)
343 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
344 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
345 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname
, "test-sae", "secret"))
346 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
347 sigma_dut_wait_connected(ifname
)
348 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
349 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
351 stop_sigma_dut(sigma
)
353 def test_sigma_dut_sae_pw_id_ft(dev
, apdev
):
354 """sigma_dut controlled SAE association with Password Identifier and FT"""
355 if "SAE" not in dev
[0].get_capability("auth_alg"):
356 raise HwsimSkip("SAE not supported")
358 ifname
= dev
[0].ifname
359 sigma
= start_sigma_dut(ifname
, debug
=True)
362 params
= hostapd
.wpa2_params(ssid
=ssid
)
363 params
['wpa_key_mgmt'] = 'SAE FT-SAE'
364 params
["ieee80211w"] = "2"
365 params
['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
366 params
['mobility_domain'] = 'aabb'
367 params
['ft_over_ds'] = '0'
368 bssid
= apdev
[0]['bssid'].replace(':', '')
369 params
['nas_identifier'] = bssid
+ '.nas.example.com'
370 params
['r1_key_holder'] = bssid
371 params
['pmk_r1_push'] = '0'
372 params
['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
373 params
['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
374 hapd
= hostapd
.add_ap(apdev
[0], params
)
376 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
377 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
378 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname
, "test-sae", "pw2"))
379 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
380 sigma_dut_wait_connected(ifname
)
382 bssid
= apdev
[1]['bssid'].replace(':', '')
383 params
['nas_identifier'] = bssid
+ '.nas.example.com'
384 params
['r1_key_holder'] = bssid
385 hapd2
= hostapd
.add_ap(apdev
[1], params
)
386 bssid
= hapd2
.own_addr()
387 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
388 dev
[0].wait_connected()
390 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
391 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
393 stop_sigma_dut(sigma
)
395 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
396 """sigma_dut and RSNE override on STA"""
398 run_sigma_dut_sta_override_rsne(dev
, apdev
)
400 dev
[0].set("ignore_old_scan_res", "0")
402 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
403 ifname
= dev
[0].ifname
404 sigma
= start_sigma_dut(ifname
)
407 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
408 hapd
= hostapd
.add_ap(apdev
[0], params
)
410 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
412 tests
= ["30120100000fac040100000fac040100000fac02",
413 "30140100000fac040100000fac040100000fac02ffff"]
415 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
416 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
417 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"))
418 sigma_dut_wait_connected(ifname
)
419 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
420 dev
[0].dump_monitor()
422 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
423 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
424 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"))
426 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
428 raise Exception("Association rejection not reported")
429 if "status_code=40" not in ev
:
430 raise Exception("Unexpected status code: " + ev
)
432 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
434 stop_sigma_dut(sigma
)
436 def test_sigma_dut_ap_psk(dev
, apdev
):
437 """sigma_dut controlled AP"""
438 with
HWSimRadio() as (radio
, iface
):
439 sigma
= start_sigma_dut(iface
)
441 sigma_dut_cmd_check("ap_reset_default")
442 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
443 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
444 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
446 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
448 sigma_dut_cmd_check("ap_reset_default")
450 stop_sigma_dut(sigma
)
452 def test_sigma_dut_ap_pskhex(dev
, apdev
, params
):
453 """sigma_dut controlled AP and PSKHEX"""
454 logdir
= os
.path
.join(params
['logdir'],
455 "sigma_dut_ap_pskhex.sigma-hostapd")
456 with
HWSimRadio() as (radio
, iface
):
457 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
459 psk
= "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
460 sigma_dut_cmd_check("ap_reset_default")
461 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
462 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk
)
463 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
465 dev
[0].connect("test-psk", raw_psk
=psk
, scan_freq
="2412")
467 sigma_dut_cmd_check("ap_reset_default")
469 stop_sigma_dut(sigma
)
471 def test_sigma_dut_ap_psk_sha256(dev
, apdev
, params
):
472 """sigma_dut controlled AP PSK SHA256"""
473 logdir
= os
.path
.join(params
['logdir'],
474 "sigma_dut_ap_psk_sha256.sigma-hostapd")
475 with
HWSimRadio() as (radio
, iface
):
476 sigma
= start_sigma_dut(iface
)
478 sigma_dut_cmd_check("ap_reset_default")
479 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
480 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
481 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
483 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
484 psk
="12345678", scan_freq
="2412")
486 sigma_dut_cmd_check("ap_reset_default")
488 stop_sigma_dut(sigma
)
490 def test_sigma_dut_eap_ttls(dev
, apdev
, params
):
491 """sigma_dut controlled STA and EAP-TTLS parameters"""
492 logdir
= params
['logdir']
494 with
open("auth_serv/ca.pem", "r") as f
:
495 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls.ca.pem"), "w") as f2
:
498 src
= "auth_serv/server.pem"
499 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.der")
500 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.pem.sha256")
501 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
503 stderr
=open('/dev/null', 'w'))
504 with
open(dst
, "rb") as f
:
506 hash = hashlib
.sha256(der
).digest()
507 with
open(hashdst
, "w") as f
:
508 f
.write(binascii
.hexlify(hash).decode())
510 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.incorrect.pem.sha256")
511 with
open(dst
, "w") as f
:
514 ssid
= "test-wpa2-eap"
515 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
516 hapd
= hostapd
.add_ap(apdev
[0], params
)
518 ifname
= dev
[0].ifname
519 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
521 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname
, ssid
)
524 ",Domain,server.w1.fi",
525 ",DomainSuffix,w1.fi",
526 ",DomainSuffix,server.w1.fi",
527 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
529 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
530 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
531 sigma_dut_cmd_check(cmd
+ extra
)
532 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
533 sigma_dut_wait_connected(ifname
)
534 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
535 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
536 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
537 dev
[0].dump_monitor()
539 tests
= [",Domain,w1.fi",
540 ",DomainSuffix,example.com",
541 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
543 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
544 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
545 sigma_dut_cmd_check(cmd
+ extra
)
546 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
547 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
549 raise Exception("Server certificate error not reported")
550 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
551 if "connected,1" in res
:
552 raise Exception("Unexpected connection reported")
553 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
554 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
555 dev
[0].dump_monitor()
557 stop_sigma_dut(sigma
)
559 def test_sigma_dut_suite_b(dev
, apdev
, params
):
560 """sigma_dut controlled STA Suite B"""
561 check_suite_b_192_capa(dev
)
562 logdir
= params
['logdir']
564 with
open("auth_serv/ec2-ca.pem", "r") as f
:
565 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
568 with
open("auth_serv/ec2-user.pem", "r") as f
:
569 with
open("auth_serv/ec2-user.key", "r") as f2
:
570 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
574 dev
[0].flush_scan_cache()
575 params
= suite_b_as_params()
576 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
577 params
['server_cert'] = 'auth_serv/ec2-server.pem'
578 params
['private_key'] = 'auth_serv/ec2-server.key'
579 params
['openssl_ciphers'] = 'SUITEB192'
580 hostapd
.add_ap(apdev
[1], params
)
582 params
= {"ssid": "test-suite-b",
584 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
585 "rsn_pairwise": "GCMP-256",
586 "group_mgmt_cipher": "BIP-GMAC-256",
589 'auth_server_addr': "127.0.0.1",
590 'auth_server_port': "18129",
591 'auth_server_shared_secret': "radius",
592 'nas_identifier': "nas.w1.fi"}
593 hapd
= hostapd
.add_ap(apdev
[0], params
)
595 ifname
= dev
[0].ifname
596 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
598 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
599 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
600 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
601 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"))
602 sigma_dut_wait_connected(ifname
)
603 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
604 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
605 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
607 stop_sigma_dut(sigma
)
609 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
610 """sigma_dut controlled STA Suite B (RSA)"""
611 check_suite_b_192_capa(dev
)
612 logdir
= params
['logdir']
614 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
615 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
618 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
619 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
620 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
624 dev
[0].flush_scan_cache()
625 params
= suite_b_192_rsa_ap_params()
626 hapd
= hostapd
.add_ap(apdev
[0], params
)
628 ifname
= dev
[0].ifname
629 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
631 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
634 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
635 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
637 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
638 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
639 sigma_dut_cmd_check(cmd
+ extra
)
640 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"))
641 sigma_dut_wait_connected(ifname
)
642 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
643 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
644 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
646 stop_sigma_dut(sigma
)
648 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
649 """sigma_dut controlled AP Suite B"""
650 check_suite_b_192_capa(dev
)
651 logdir
= os
.path
.join(params
['logdir'],
652 "sigma_dut_ap_suite_b.sigma-hostapd")
653 params
= suite_b_as_params()
654 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
655 params
['server_cert'] = 'auth_serv/ec2-server.pem'
656 params
['private_key'] = 'auth_serv/ec2-server.key'
657 params
['openssl_ciphers'] = 'SUITEB192'
658 hostapd
.add_ap(apdev
[1], params
)
659 with
HWSimRadio() as (radio
, iface
):
660 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
662 sigma_dut_cmd_check("ap_reset_default")
663 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
664 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
665 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
666 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
668 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
670 openssl_ciphers
="SUITEB192",
671 eap
="TLS", identity
="tls user",
672 ca_cert
="auth_serv/ec2-ca.pem",
673 client_cert
="auth_serv/ec2-user.pem",
674 private_key
="auth_serv/ec2-user.key",
675 pairwise
="GCMP-256", group
="GCMP-256",
678 sigma_dut_cmd_check("ap_reset_default")
680 stop_sigma_dut(sigma
)
682 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
683 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
684 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
687 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
688 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
689 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
692 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
693 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
694 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
697 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
698 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
699 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
702 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev
, apdev
, params
):
703 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
704 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
705 "BIP-GMAC-256", "CCMP")
707 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev
, apdev
, params
):
708 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
709 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
710 "BIP-GMAC-256", "GCMP-256", "CCMP")
712 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev
, apdev
, params
):
713 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
714 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
715 "GCMP-256", "CCMP", "AES-CCMP-128")
717 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
718 sta_cipher
, sta_cipher_group
=None, ap_group
=None):
719 check_suite_b_192_capa(dev
)
720 logdir
= os
.path
.join(params
['logdir'],
721 "sigma_dut_ap_cipher.sigma-hostapd")
722 params
= suite_b_as_params()
723 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
724 params
['server_cert'] = 'auth_serv/ec2-server.pem'
725 params
['private_key'] = 'auth_serv/ec2-server.key'
726 params
['openssl_ciphers'] = 'SUITEB192'
727 hostapd
.add_ap(apdev
[1], params
)
728 with
HWSimRadio() as (radio
, iface
):
729 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
731 sigma_dut_cmd_check("ap_reset_default")
732 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
733 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
734 cmd
= "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
)
736 cmd
+= ",GroupCipher,%s" % ap_group
737 sigma_dut_cmd_check(cmd
)
738 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
740 if sta_cipher_group
is None:
741 sta_cipher_group
= sta_cipher
742 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
744 openssl_ciphers
="SUITEB192",
745 eap
="TLS", identity
="tls user",
746 ca_cert
="auth_serv/ec2-ca.pem",
747 client_cert
="auth_serv/ec2-user.pem",
748 private_key
="auth_serv/ec2-user.key",
749 pairwise
=sta_cipher
, group
=sta_cipher_group
,
752 sigma_dut_cmd_check("ap_reset_default")
754 stop_sigma_dut(sigma
)
756 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
757 """sigma_dut controlled AP overriding RSNE"""
758 with
HWSimRadio() as (radio
, iface
):
759 sigma
= start_sigma_dut(iface
)
761 sigma_dut_cmd_check("ap_reset_default")
762 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
763 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
764 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
765 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
767 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
769 sigma_dut_cmd_check("ap_reset_default")
771 stop_sigma_dut(sigma
)
773 def test_sigma_dut_ap_sae(dev
, apdev
, params
):
774 """sigma_dut controlled AP with SAE"""
775 logdir
= os
.path
.join(params
['logdir'],
776 "sigma_dut_ap_sae.sigma-hostapd")
777 if "SAE" not in dev
[0].get_capability("auth_alg"):
778 raise HwsimSkip("SAE not supported")
779 with
HWSimRadio() as (radio
, iface
):
780 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
782 sigma_dut_cmd_check("ap_reset_default")
783 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
784 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
785 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
787 dev
[0].request("SET sae_groups ")
788 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
789 ieee80211w
="2", scan_freq
="2412")
790 if dev
[0].get_status_field('sae_group') != '19':
791 raise Exception("Expected default SAE group not used")
793 sigma_dut_cmd_check("ap_reset_default")
795 stop_sigma_dut(sigma
)
797 def test_sigma_dut_ap_sae_password(dev
, apdev
, params
):
798 """sigma_dut controlled AP with SAE and long password"""
799 logdir
= os
.path
.join(params
['logdir'],
800 "sigma_dut_ap_sae_password.sigma-hostapd")
801 if "SAE" not in dev
[0].get_capability("auth_alg"):
802 raise HwsimSkip("SAE not supported")
803 with
HWSimRadio() as (radio
, iface
):
804 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
806 sigma_dut_cmd_check("ap_reset_default")
807 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
808 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
809 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
811 dev
[0].request("SET sae_groups ")
812 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
813 ieee80211w
="2", scan_freq
="2412")
814 if dev
[0].get_status_field('sae_group') != '19':
815 raise Exception("Expected default SAE group not used")
817 sigma_dut_cmd_check("ap_reset_default")
819 stop_sigma_dut(sigma
)
821 def test_sigma_dut_ap_sae_pw_id(dev
, apdev
, params
):
822 """sigma_dut controlled AP with SAE Password Identifier"""
823 logdir
= os
.path
.join(params
['logdir'],
824 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
825 conffile
= os
.path
.join(params
['logdir'],
826 "sigma_dut_ap_sae_pw_id.sigma-conf")
827 if "SAE" not in dev
[0].get_capability("auth_alg"):
828 raise HwsimSkip("SAE not supported")
829 with
HWSimRadio() as (radio
, iface
):
830 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
832 sigma_dut_cmd_check("ap_reset_default")
833 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
834 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
835 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
837 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
838 with
open(conffile
, "wb") as f2
:
841 dev
[0].request("SET sae_groups ")
842 tests
= [("pw1", "id1"),
846 for pw
, pw_id
in tests
:
847 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=pw
,
848 sae_password_id
=pw_id
,
849 ieee80211w
="2", scan_freq
="2412")
850 dev
[0].request("REMOVE_NETWORK all")
851 dev
[0].wait_disconnected()
853 sigma_dut_cmd_check("ap_reset_default")
855 stop_sigma_dut(sigma
)
857 def test_sigma_dut_ap_sae_pw_id_ft(dev
, apdev
, params
):
858 """sigma_dut controlled AP with SAE Password Identifier and FT"""
859 logdir
= os
.path
.join(params
['logdir'],
860 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
861 conffile
= os
.path
.join(params
['logdir'],
862 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
863 if "SAE" not in dev
[0].get_capability("auth_alg"):
864 raise HwsimSkip("SAE not supported")
865 with
HWSimRadio() as (radio
, iface
):
866 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
868 sigma_dut_cmd_check("ap_reset_default")
869 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
870 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
871 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
873 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
874 with
open(conffile
, "wb") as f2
:
877 dev
[0].request("SET sae_groups ")
878 tests
= [("pw1", "id1", "SAE"),
879 ("pw2", "id2", "FT-SAE"),
880 ("pw3", None, "FT-SAE"),
881 ("pw4", "id4", "SAE")]
882 for pw
, pw_id
, key_mgmt
in tests
:
883 dev
[0].connect("test-sae", key_mgmt
=key_mgmt
, sae_password
=pw
,
884 sae_password_id
=pw_id
,
885 ieee80211w
="2", scan_freq
="2412")
886 dev
[0].request("REMOVE_NETWORK all")
887 dev
[0].wait_disconnected()
889 sigma_dut_cmd_check("ap_reset_default")
891 stop_sigma_dut(sigma
)
893 def test_sigma_dut_ap_sae_group(dev
, apdev
, params
):
894 """sigma_dut controlled AP with SAE and specific group"""
895 logdir
= os
.path
.join(params
['logdir'],
896 "sigma_dut_ap_sae_group.sigma-hostapd")
897 if "SAE" not in dev
[0].get_capability("auth_alg"):
898 raise HwsimSkip("SAE not supported")
899 with
HWSimRadio() as (radio
, iface
):
900 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
902 sigma_dut_cmd_check("ap_reset_default")
903 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
904 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
905 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
907 dev
[0].request("SET sae_groups ")
908 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
909 ieee80211w
="2", scan_freq
="2412")
910 if dev
[0].get_status_field('sae_group') != '20':
911 raise Exception("Expected SAE group not used")
913 sigma_dut_cmd_check("ap_reset_default")
915 stop_sigma_dut(sigma
)
917 def test_sigma_dut_ap_psk_sae(dev
, apdev
, params
):
918 """sigma_dut controlled AP with PSK+SAE"""
919 if "SAE" not in dev
[0].get_capability("auth_alg"):
920 raise HwsimSkip("SAE not supported")
921 logdir
= os
.path
.join(params
['logdir'],
922 "sigma_dut_ap_psk_sae.sigma-hostapd")
923 with
HWSimRadio() as (radio
, iface
):
924 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
926 sigma_dut_cmd_check("ap_reset_default")
927 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
928 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
929 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
931 dev
[2].request("SET sae_groups ")
932 dev
[2].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
933 scan_freq
="2412", ieee80211w
="0", wait_connect
=False)
934 dev
[0].request("SET sae_groups ")
935 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
936 scan_freq
="2412", ieee80211w
="2")
937 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
939 ev
= dev
[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
940 dev
[2].request("DISCONNECT")
942 raise Exception("Unexpected connection without PMF")
944 sigma_dut_cmd_check("ap_reset_default")
946 stop_sigma_dut(sigma
)
948 def test_sigma_dut_ap_psk_sae_ft(dev
, apdev
, params
):
949 """sigma_dut controlled AP with PSK, SAE, FT"""
950 logdir
= os
.path
.join(params
['logdir'],
951 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
952 conffile
= os
.path
.join(params
['logdir'],
953 "sigma_dut_ap_psk_sae_ft.sigma-conf")
954 if "SAE" not in dev
[0].get_capability("auth_alg"):
955 raise HwsimSkip("SAE not supported")
956 with
HWSimRadio() as (radio
, iface
):
957 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
959 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
960 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
961 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
962 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
963 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev
[1]['bssid'])
964 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
966 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
967 with
open(conffile
, "wb") as f2
:
970 dev
[0].request("SET sae_groups ")
971 dev
[0].connect("test-sae-psk", key_mgmt
="SAE FT-SAE",
972 sae_password
="12345678", scan_freq
="2412")
973 dev
[1].connect("test-sae-psk", key_mgmt
="WPA-PSK FT-PSK",
974 psk
="12345678", scan_freq
="2412")
975 dev
[2].connect("test-sae-psk", key_mgmt
="WPA-PSK",
976 psk
="12345678", scan_freq
="2412")
978 sigma_dut_cmd_check("ap_reset_default")
980 stop_sigma_dut(sigma
)
982 def test_sigma_dut_owe(dev
, apdev
):
983 """sigma_dut controlled OWE station"""
985 run_sigma_dut_owe(dev
, apdev
)
987 dev
[0].set("ignore_old_scan_res", "0")
989 def run_sigma_dut_owe(dev
, apdev
):
990 if "OWE" not in dev
[0].get_capability("key_mgmt"):
991 raise HwsimSkip("OWE not supported")
993 ifname
= dev
[0].ifname
994 sigma
= start_sigma_dut(ifname
)
997 params
= {"ssid": "owe",
999 "wpa_key_mgmt": "OWE",
1001 "rsn_pairwise": "CCMP"}
1002 hapd
= hostapd
.add_ap(apdev
[0], params
)
1003 bssid
= hapd
.own_addr()
1005 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1006 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1007 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
1008 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
1009 sigma_dut_wait_connected(ifname
)
1010 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1012 dev
[0].dump_monitor()
1013 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
1014 dev
[0].wait_connected()
1015 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1016 dev
[0].wait_disconnected()
1017 dev
[0].dump_monitor()
1019 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1020 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1021 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1022 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
1023 sigma_dut_wait_connected(ifname
)
1024 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1025 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1026 dev
[0].wait_disconnected()
1027 dev
[0].dump_monitor()
1029 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1030 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1031 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
1032 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
1033 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1034 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1036 raise Exception("Association not rejected")
1037 if "status_code=77" not in ev
:
1038 raise Exception("Unexpected rejection reason: " + ev
)
1040 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1042 stop_sigma_dut(sigma
)
1044 def test_sigma_dut_ap_owe(dev
, apdev
, params
):
1045 """sigma_dut controlled AP with OWE"""
1046 logdir
= os
.path
.join(params
['logdir'],
1047 "sigma_dut_ap_owe.sigma-hostapd")
1048 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1049 raise HwsimSkip("OWE not supported")
1050 with
HWSimRadio() as (radio
, iface
):
1051 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1053 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1054 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1055 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1056 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1058 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1061 sigma_dut_cmd_check("ap_reset_default")
1063 stop_sigma_dut(sigma
)
1065 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
1066 """sigma_dut controlled AP with OWE and ECGroupID"""
1067 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1068 raise HwsimSkip("OWE not supported")
1069 with
HWSimRadio() as (radio
, iface
):
1070 sigma
= start_sigma_dut(iface
)
1072 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1073 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1074 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1075 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1077 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1078 owe_group
="20", scan_freq
="2412")
1079 dev
[0].request("REMOVE_NETWORK all")
1080 dev
[0].wait_disconnected()
1082 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1083 owe_group
="21", scan_freq
="2412")
1084 dev
[0].request("REMOVE_NETWORK all")
1085 dev
[0].wait_disconnected()
1087 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1088 owe_group
="19", scan_freq
="2412", wait_connect
=False)
1089 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1090 dev
[0].request("DISCONNECT")
1092 raise Exception("Association not rejected")
1093 if "status_code=77" not in ev
:
1094 raise Exception("Unexpected rejection reason: " + ev
)
1095 dev
[0].dump_monitor()
1097 sigma_dut_cmd_check("ap_reset_default")
1099 stop_sigma_dut(sigma
)
1101 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
1102 """sigma_dut controlled AP with OWE and transition mode"""
1103 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1104 raise HwsimSkip("OWE not supported")
1105 logdir
= os
.path
.join(params
['logdir'],
1106 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1107 with
HWSimRadio() as (radio
, iface
):
1108 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1110 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1111 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1112 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1113 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1114 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1115 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1117 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1118 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1120 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1122 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1123 if dev
[0].get_status_field('bssid') not in res1
:
1124 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
1125 if dev
[1].get_status_field('bssid') not in res2
:
1126 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
1128 sigma_dut_cmd_check("ap_reset_default")
1130 stop_sigma_dut(sigma
)
1132 def test_sigma_dut_ap_owe_transition_mode_2(dev
, apdev
, params
):
1133 """sigma_dut controlled AP with OWE and transition mode (2)"""
1134 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1135 raise HwsimSkip("OWE not supported")
1136 logdir
= os
.path
.join(params
['logdir'],
1137 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1138 with
HWSimRadio() as (radio
, iface
):
1139 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1141 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1142 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1143 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1144 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1145 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1146 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1148 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1149 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1151 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1153 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1154 if dev
[0].get_status_field('bssid') not in res2
:
1155 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1
)
1156 if dev
[1].get_status_field('bssid') not in res1
:
1157 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2
)
1159 sigma_dut_cmd_check("ap_reset_default")
1161 stop_sigma_dut(sigma
)
1163 def dpp_init_enrollee(dev
, id1
):
1164 logger
.info("Starting DPP initiator/enrollee in a thread")
1166 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1167 if "OK" not in dev
.request(cmd
):
1168 raise Exception("Failed to initiate DPP Authentication")
1169 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
1171 raise Exception("DPP configuration not completed (Enrollee)")
1172 logger
.info("DPP initiator/enrollee done")
1174 def test_sigma_dut_dpp_qr_resp_1(dev
, apdev
):
1175 """sigma_dut DPP/QR responder (conf index 1)"""
1176 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1)
1178 def test_sigma_dut_dpp_qr_resp_2(dev
, apdev
):
1179 """sigma_dut DPP/QR responder (conf index 2)"""
1180 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 2)
1182 def test_sigma_dut_dpp_qr_resp_3(dev
, apdev
):
1183 """sigma_dut DPP/QR responder (conf index 3)"""
1184 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3)
1186 def test_sigma_dut_dpp_qr_resp_4(dev
, apdev
):
1187 """sigma_dut DPP/QR responder (conf index 4)"""
1188 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 4)
1190 def test_sigma_dut_dpp_qr_resp_5(dev
, apdev
):
1191 """sigma_dut DPP/QR responder (conf index 5)"""
1192 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 5)
1194 def test_sigma_dut_dpp_qr_resp_6(dev
, apdev
):
1195 """sigma_dut DPP/QR responder (conf index 6)"""
1196 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 6)
1198 def test_sigma_dut_dpp_qr_resp_7(dev
, apdev
):
1199 """sigma_dut DPP/QR responder (conf index 7)"""
1200 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 7)
1202 def test_sigma_dut_dpp_qr_resp_8(dev
, apdev
):
1203 """sigma_dut DPP/QR responder (conf index 8)"""
1204 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 8)
1206 def test_sigma_dut_dpp_qr_resp_chan_list(dev
, apdev
):
1207 """sigma_dut DPP/QR responder (channel list override)"""
1208 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1, chan_list
='81/2 81/6 81/1',
1211 def run_sigma_dut_dpp_qr_resp(dev
, apdev
, conf_idx
, chan_list
=None,
1213 check_dpp_capab(dev
[0])
1214 check_dpp_capab(dev
[1])
1215 sigma
= start_sigma_dut(dev
[0].ifname
)
1217 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1219 cmd
+= ",DPPChannelList," + chan_list
1220 res
= sigma_dut_cmd(cmd
)
1221 if "status,COMPLETE" not in res
:
1222 raise Exception("dev_exec_action did not succeed: " + res
)
1223 hex = res
.split(',')[3]
1225 logger
.info("URI from sigma_dut: " + uri
)
1227 id1
= dev
[1].dpp_qr_code(uri
)
1229 t
= threading
.Thread(target
=dpp_init_enrollee
, args
=(dev
[1], id1
))
1231 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1233 cmd
+= ",DPPListenChannel," + str(listen_chan
)
1234 res
= sigma_dut_cmd(cmd
, timeout
=10)
1236 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1237 raise Exception("Unexpected result: " + res
)
1239 stop_sigma_dut(sigma
)
1241 def test_sigma_dut_dpp_qr_init_enrollee(dev
, apdev
):
1242 """sigma_dut DPP/QR initiator as Enrollee"""
1243 check_dpp_capab(dev
[0])
1244 check_dpp_capab(dev
[1])
1246 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1247 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1248 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1249 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1251 params
= {"ssid": "DPPNET01",
1254 "wpa_key_mgmt": "DPP",
1255 "rsn_pairwise": "CCMP",
1256 "dpp_connector": ap_connector
,
1257 "dpp_csign": csign_pub
,
1258 "dpp_netaccesskey": ap_netaccesskey
}
1260 hapd
= hostapd
.add_ap(apdev
[0], params
)
1262 raise HwsimSkip("DPP not supported")
1264 sigma
= start_sigma_dut(dev
[0].ifname
)
1266 dev
[0].set("dpp_config_processing", "2")
1268 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1269 res
= dev
[1].request(cmd
)
1271 raise Exception("Failed to add configurator")
1274 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1275 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1277 dev
[1].set("dpp_configurator_params",
1278 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1279 cmd
= "DPP_LISTEN 2437 role=configurator"
1280 if "OK" not in dev
[1].request(cmd
):
1281 raise Exception("Failed to start listen operation")
1283 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1284 if "status,COMPLETE" not in res
:
1285 raise Exception("dev_exec_action did not succeed: " + res
)
1287 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1288 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1289 raise Exception("Unexpected result: " + res
)
1291 dev
[0].set("dpp_config_processing", "0")
1292 stop_sigma_dut(sigma
)
1294 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1295 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1296 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
)
1298 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
):
1299 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1300 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
,
1301 extra
="DPPAuthDirection,Mutual,")
1303 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
, extra
=''):
1304 check_dpp_capab(dev
[0])
1305 check_dpp_capab(dev
[1])
1307 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1308 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1309 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1310 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1312 params
= {"ssid": "DPPNET01",
1315 "wpa_key_mgmt": "DPP",
1316 "rsn_pairwise": "CCMP",
1317 "dpp_connector": ap_connector
,
1318 "dpp_csign": csign_pub
,
1319 "dpp_netaccesskey": ap_netaccesskey
}
1321 hapd
= hostapd
.add_ap(apdev
[0], params
)
1323 raise HwsimSkip("DPP not supported")
1325 sigma
= start_sigma_dut(dev
[0].ifname
)
1327 dev
[0].set("dpp_config_processing", "2")
1329 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1330 res
= dev
[1].request(cmd
)
1332 raise Exception("Failed to add configurator")
1335 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1336 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1338 dev
[1].set("dpp_configurator_params",
1339 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1340 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1341 if "OK" not in dev
[1].request(cmd
):
1342 raise Exception("Failed to start listen operation")
1344 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1345 if "status,COMPLETE" not in res
:
1346 raise Exception("dev_exec_action did not succeed: " + res
)
1347 hex = res
.split(',')[3]
1349 logger
.info("URI from sigma_dut: " + uri
)
1351 id1
= dev
[1].dpp_qr_code(uri
)
1353 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1354 if "status,COMPLETE" not in res
:
1355 raise Exception("dev_exec_action did not succeed: " + res
)
1357 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
, timeout
=10)
1358 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1359 raise Exception("Unexpected result: " + res
)
1361 dev
[0].set("dpp_config_processing", "0")
1362 stop_sigma_dut(sigma
)
1364 def dpp_init_conf_mutual(dev
, id1
, conf_id
, own_id
=None):
1366 logger
.info("Starting DPP initiator/configurator in a thread")
1367 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1
, to_hex("DPPNET01"), conf_id
)
1368 if own_id
is not None:
1369 cmd
+= " own=%d" % own_id
1370 if "OK" not in dev
.request(cmd
):
1371 raise Exception("Failed to initiate DPP Authentication")
1372 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1374 raise Exception("DPP configuration not completed (Configurator)")
1375 logger
.info("DPP initiator/configurator done")
1377 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
):
1378 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1379 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
)
1381 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev
, apdev
):
1382 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1383 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, ',DPPDelayQRResponse,1')
1385 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, extra
=None):
1386 check_dpp_capab(dev
[0])
1387 check_dpp_capab(dev
[1])
1389 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1390 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1391 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1392 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1394 params
= {"ssid": "DPPNET01",
1397 "wpa_key_mgmt": "DPP",
1398 "rsn_pairwise": "CCMP",
1399 "dpp_connector": ap_connector
,
1400 "dpp_csign": csign_pub
,
1401 "dpp_netaccesskey": ap_netaccesskey
}
1403 hapd
= hostapd
.add_ap(apdev
[0], params
)
1405 raise HwsimSkip("DPP not supported")
1407 sigma
= start_sigma_dut(dev
[0].ifname
)
1409 dev
[0].set("dpp_config_processing", "2")
1411 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1412 res
= dev
[1].request(cmd
)
1414 raise Exception("Failed to add configurator")
1417 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1418 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1420 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1421 if "status,COMPLETE" not in res
:
1422 raise Exception("dev_exec_action did not succeed: " + res
)
1423 hex = res
.split(',')[3]
1425 logger
.info("URI from sigma_dut: " + uri
)
1427 id1
= dev
[1].dpp_qr_code(uri
)
1429 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1430 if "status,COMPLETE" not in res
:
1431 raise Exception("dev_exec_action did not succeed: " + res
)
1433 t
= threading
.Thread(target
=dpp_init_conf_mutual
,
1434 args
=(dev
[1], id1
, conf_id
, id0
))
1437 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1440 res
= sigma_dut_cmd(cmd
, timeout
=25)
1442 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1443 raise Exception("Unexpected result: " + res
)
1445 dev
[0].set("dpp_config_processing", "0")
1446 stop_sigma_dut(sigma
)
1448 def dpp_resp_conf_mutual(dev
, conf_id
, uri
):
1449 logger
.info("Starting DPP responder/configurator in a thread")
1450 dev
.set("dpp_configurator_params",
1451 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1453 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1454 if "OK" not in dev
.request(cmd
):
1455 raise Exception("Failed to initiate DPP listen")
1457 ev
= dev
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=10)
1459 raise Exception("QR Code scan for mutual authentication not requested")
1460 dev
.dpp_qr_code(uri
)
1461 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1463 raise Exception("DPP configuration not completed (Configurator)")
1464 logger
.info("DPP responder/configurator done")
1466 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1467 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1468 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, False)
1470 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev
, apdev
):
1471 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1472 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, True)
1474 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, resp_pending
):
1475 check_dpp_capab(dev
[0])
1476 check_dpp_capab(dev
[1])
1478 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1479 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1480 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1481 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1483 params
= {"ssid": "DPPNET01",
1486 "wpa_key_mgmt": "DPP",
1487 "rsn_pairwise": "CCMP",
1488 "dpp_connector": ap_connector
,
1489 "dpp_csign": csign_pub
,
1490 "dpp_netaccesskey": ap_netaccesskey
}
1492 hapd
= hostapd
.add_ap(apdev
[0], params
)
1494 raise HwsimSkip("DPP not supported")
1496 sigma
= start_sigma_dut(dev
[0].ifname
)
1498 dev
[0].set("dpp_config_processing", "2")
1500 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1501 res
= dev
[1].request(cmd
)
1503 raise Exception("Failed to add configurator")
1506 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1507 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1509 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1510 if "status,COMPLETE" not in res
:
1511 raise Exception("dev_exec_action did not succeed: " + res
)
1512 hex = res
.split(',')[3]
1514 logger
.info("URI from sigma_dut: " + uri
)
1516 if not resp_pending
:
1517 dev
[1].dpp_qr_code(uri
)
1520 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1521 if "status,COMPLETE" not in res
:
1522 raise Exception("dev_exec_action did not succeed: " + res
)
1524 t
= threading
.Thread(target
=dpp_resp_conf_mutual
,
1525 args
=(dev
[1], conf_id
, uri
))
1529 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1530 res
= sigma_dut_cmd(cmd
, timeout
=15)
1532 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1533 raise Exception("Unexpected result: " + res
)
1535 dev
[0].set("dpp_config_processing", "0")
1536 stop_sigma_dut(sigma
)
1538 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev
, apdev
):
1539 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1540 check_dpp_capab(dev
[0])
1541 check_dpp_capab(dev
[1])
1543 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1544 passphrase
="ThisIsDppPassphrase")
1545 hapd
= hostapd
.add_ap(apdev
[0], params
)
1547 sigma
= start_sigma_dut(dev
[0].ifname
)
1549 dev
[0].set("dpp_config_processing", "2")
1551 cmd
= "DPP_CONFIGURATOR_ADD"
1552 res
= dev
[1].request(cmd
)
1554 raise Exception("Failed to add configurator")
1557 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1558 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1560 dev
[1].set("dpp_configurator_params",
1561 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1562 cmd
= "DPP_LISTEN 2437 role=configurator"
1563 if "OK" not in dev
[1].request(cmd
):
1564 raise Exception("Failed to start listen operation")
1566 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1567 if "status,COMPLETE" not in res
:
1568 raise Exception("dev_exec_action did not succeed: " + res
)
1570 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1571 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1572 raise Exception("Unexpected result: " + res
)
1574 dev
[0].set("dpp_config_processing", "0")
1575 stop_sigma_dut(sigma
)
1577 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev
, apdev
):
1578 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1579 check_dpp_capab(dev
[0])
1580 check_dpp_capab(dev
[1])
1581 if "SAE" not in dev
[0].get_capability("auth_alg"):
1582 raise HwsimSkip("SAE not supported")
1584 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1585 passphrase
="ThisIsDppPassphrase")
1586 params
['wpa_key_mgmt'] = 'SAE'
1587 params
["ieee80211w"] = "2"
1588 hapd
= hostapd
.add_ap(apdev
[0], params
)
1590 sigma
= start_sigma_dut(dev
[0].ifname
)
1592 dev
[0].set("dpp_config_processing", "2")
1593 dev
[0].set("sae_groups", "")
1595 cmd
= "DPP_CONFIGURATOR_ADD"
1596 res
= dev
[1].request(cmd
)
1598 raise Exception("Failed to add configurator")
1601 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1602 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1604 dev
[1].set("dpp_configurator_params",
1605 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1606 cmd
= "DPP_LISTEN 2437 role=configurator"
1607 if "OK" not in dev
[1].request(cmd
):
1608 raise Exception("Failed to start listen operation")
1610 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1611 if "status,COMPLETE" not in res
:
1612 raise Exception("dev_exec_action did not succeed: " + res
)
1614 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1615 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1616 raise Exception("Unexpected result: " + res
)
1618 dev
[0].set("dpp_config_processing", "0")
1619 stop_sigma_dut(sigma
)
1621 def test_sigma_dut_dpp_qr_init_configurator_1(dev
, apdev
):
1622 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1623 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1)
1625 def test_sigma_dut_dpp_qr_init_configurator_2(dev
, apdev
):
1626 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1627 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 2)
1629 def test_sigma_dut_dpp_qr_init_configurator_3(dev
, apdev
):
1630 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1631 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 3)
1633 def test_sigma_dut_dpp_qr_init_configurator_4(dev
, apdev
):
1634 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1635 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 4)
1637 def test_sigma_dut_dpp_qr_init_configurator_5(dev
, apdev
):
1638 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1639 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 5)
1641 def test_sigma_dut_dpp_qr_init_configurator_6(dev
, apdev
):
1642 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1643 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 6)
1645 def test_sigma_dut_dpp_qr_init_configurator_7(dev
, apdev
):
1646 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1647 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 7)
1649 def test_sigma_dut_dpp_qr_init_configurator_both(dev
, apdev
):
1650 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1651 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, "Both")
1653 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev
, apdev
):
1654 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1655 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, extra
='DPPSubsequentChannel,81/11')
1657 def run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, conf_idx
,
1658 prov_role
="Configurator",
1660 check_dpp_capab(dev
[0])
1661 check_dpp_capab(dev
[1])
1662 sigma
= start_sigma_dut(dev
[0].ifname
)
1664 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1665 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1667 cmd
= "DPP_LISTEN 2437 role=enrollee"
1668 if "OK" not in dev
[1].request(cmd
):
1669 raise Exception("Failed to start listen operation")
1671 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1672 if "status,COMPLETE" not in res
:
1673 raise Exception("dev_exec_action did not succeed: " + res
)
1675 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role
, conf_idx
)
1678 res
= sigma_dut_cmd(cmd
)
1679 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1680 raise Exception("Unexpected result: " + res
)
1682 stop_sigma_dut(sigma
)
1684 def test_sigma_dut_dpp_incompatible_roles_init(dev
, apdev
):
1685 """sigma_dut DPP roles incompatible (Initiator)"""
1686 check_dpp_capab(dev
[0])
1687 check_dpp_capab(dev
[1])
1688 sigma
= start_sigma_dut(dev
[0].ifname
)
1690 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1691 if "status,COMPLETE" not in res
:
1692 raise Exception("dev_exec_action did not succeed: " + res
)
1693 hex = res
.split(',')[3]
1695 logger
.info("URI from sigma_dut: " + uri
)
1697 id1
= dev
[1].dpp_qr_code(uri
)
1699 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1700 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1702 cmd
= "DPP_LISTEN 2437 role=enrollee"
1703 if "OK" not in dev
[1].request(cmd
):
1704 raise Exception("Failed to start listen operation")
1706 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1707 if "status,COMPLETE" not in res
:
1708 raise Exception("dev_exec_action did not succeed: " + res
)
1710 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1711 res
= sigma_dut_cmd(cmd
)
1712 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
1713 raise Exception("Unexpected result: " + res
)
1715 stop_sigma_dut(sigma
)
1717 def dpp_init_enrollee_mutual(dev
, id1
, own_id
):
1718 logger
.info("Starting DPP initiator/enrollee in a thread")
1720 cmd
= "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1
, own_id
)
1721 if "OK" not in dev
.request(cmd
):
1722 raise Exception("Failed to initiate DPP Authentication")
1723 ev
= dev
.wait_event(["DPP-CONF-RECEIVED",
1724 "DPP-NOT-COMPATIBLE"], timeout
=5)
1726 raise Exception("DPP configuration not completed (Enrollee)")
1727 logger
.info("DPP initiator/enrollee done")
1729 def test_sigma_dut_dpp_incompatible_roles_resp(dev
, apdev
):
1730 """sigma_dut DPP roles incompatible (Responder)"""
1731 check_dpp_capab(dev
[0])
1732 check_dpp_capab(dev
[1])
1733 sigma
= start_sigma_dut(dev
[0].ifname
)
1735 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1736 res
= sigma_dut_cmd(cmd
)
1737 if "status,COMPLETE" not in res
:
1738 raise Exception("dev_exec_action did not succeed: " + res
)
1739 hex = res
.split(',')[3]
1741 logger
.info("URI from sigma_dut: " + uri
)
1743 id1
= dev
[1].dpp_qr_code(uri
)
1745 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1746 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1748 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1749 if "status,COMPLETE" not in res
:
1750 raise Exception("dev_exec_action did not succeed: " + res
)
1752 t
= threading
.Thread(target
=dpp_init_enrollee_mutual
, args
=(dev
[1], id1
, id0
))
1754 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1755 res
= sigma_dut_cmd(cmd
, timeout
=10)
1757 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
1758 raise Exception("Unexpected result: " + res
)
1760 stop_sigma_dut(sigma
)
1762 def test_sigma_dut_dpp_pkex_init_configurator(dev
, apdev
):
1763 """sigma_dut DPP/PKEX initiator as Configurator"""
1764 check_dpp_capab(dev
[0])
1765 check_dpp_capab(dev
[1])
1766 sigma
= start_sigma_dut(dev
[0].ifname
)
1768 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
1769 cmd
= "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1
)
1770 res
= dev
[1].request(cmd
)
1772 raise Exception("Failed to set PKEX data (responder)")
1773 cmd
= "DPP_LISTEN 2437 role=enrollee"
1774 if "OK" not in dev
[1].request(cmd
):
1775 raise Exception("Failed to start listen operation")
1777 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1778 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1779 raise Exception("Unexpected result: " + res
)
1781 stop_sigma_dut(sigma
)
1783 def dpp_init_conf(dev
, id1
, conf
, conf_id
, extra
):
1784 logger
.info("Starting DPP initiator/configurator in a thread")
1785 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1
, conf
, extra
, conf_id
)
1786 if "OK" not in dev
.request(cmd
):
1787 raise Exception("Failed to initiate DPP Authentication")
1788 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
1790 raise Exception("DPP configuration not completed (Configurator)")
1791 logger
.info("DPP initiator/configurator done")
1793 def test_sigma_dut_ap_dpp_qr(dev
, apdev
, params
):
1794 """sigma_dut controlled AP (DPP)"""
1795 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-dpp", "sta-dpp")
1797 def test_sigma_dut_ap_dpp_qr_legacy(dev
, apdev
, params
):
1798 """sigma_dut controlled AP (legacy)"""
1799 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
1800 extra
="pass=%s" % to_hex("qwertyuiop"))
1802 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev
, apdev
, params
):
1803 """sigma_dut controlled AP (legacy)"""
1804 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
1805 extra
="psk=%s" % (32*"12"))
1807 def run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, ap_conf
, sta_conf
, extra
=""):
1808 check_dpp_capab(dev
[0])
1809 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
1810 with
HWSimRadio() as (radio
, iface
):
1811 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1813 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1814 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1815 if "status,COMPLETE" not in res
:
1816 raise Exception("dev_exec_action did not succeed: " + res
)
1817 hex = res
.split(',')[3]
1819 logger
.info("URI from sigma_dut: " + uri
)
1821 cmd
= "DPP_CONFIGURATOR_ADD"
1822 res
= dev
[0].request(cmd
)
1824 raise Exception("Failed to add configurator")
1827 id1
= dev
[0].dpp_qr_code(uri
)
1829 t
= threading
.Thread(target
=dpp_init_conf
,
1830 args
=(dev
[0], id1
, ap_conf
, conf_id
, extra
))
1832 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
1834 if "ConfResult,OK" not in res
:
1835 raise Exception("Unexpected result: " + res
)
1837 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1838 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
1840 id0b
= dev
[0].dpp_qr_code(uri1
)
1842 dev
[1].set("dpp_config_processing", "2")
1843 cmd
= "DPP_LISTEN 2412"
1844 if "OK" not in dev
[1].request(cmd
):
1845 raise Exception("Failed to start listen operation")
1846 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b
, sta_conf
, extra
, conf_id
)
1847 if "OK" not in dev
[0].request(cmd
):
1848 raise Exception("Failed to initiate DPP Authentication")
1849 dev
[1].wait_connected()
1851 sigma_dut_cmd_check("ap_reset_default")
1853 dev
[1].set("dpp_config_processing", "0")
1854 stop_sigma_dut(sigma
)
1856 def test_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
, params
):
1857 """sigma_dut controlled AP as DPP PKEX responder"""
1858 check_dpp_capab(dev
[0])
1859 logdir
= os
.path
.join(params
['logdir'],
1860 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
1861 with
HWSimRadio() as (radio
, iface
):
1862 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1864 run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
)
1866 stop_sigma_dut(sigma
)
1868 def dpp_init_conf_pkex(dev
, conf_id
, check_config
=True):
1869 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
1871 id = dev
.dpp_bootstrap_gen(type="pkex")
1872 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id
)
1873 res
= dev
.request(cmd
)
1875 raise Exception("Failed to initiate DPP PKEX")
1876 if not check_config
:
1878 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
1880 raise Exception("DPP configuration not completed (Configurator)")
1881 logger
.info("DPP initiator/configurator done")
1883 def run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
):
1884 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1886 cmd
= "DPP_CONFIGURATOR_ADD"
1887 res
= dev
[0].request(cmd
)
1889 raise Exception("Failed to add configurator")
1892 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[0], conf_id
))
1894 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout
=10)
1896 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1897 raise Exception("Unexpected result: " + res
)
1899 sigma_dut_cmd_check("ap_reset_default")
1901 def test_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
1902 """sigma_dut controlled STA as DPP PKEX responder and error case"""
1903 check_dpp_capab(dev
[0])
1904 sigma
= start_sigma_dut(dev
[0].ifname
)
1906 run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
)
1908 stop_sigma_dut(sigma
)
1910 def run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
1911 cmd
= "DPP_CONFIGURATOR_ADD"
1912 res
= dev
[1].request(cmd
)
1914 raise Exception("Failed to add configurator")
1917 dev
[1].set("dpp_test", "44")
1919 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[1], conf_id
,
1922 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout
=10)
1924 if "BootstrapResult,Timeout" not in res
:
1925 raise Exception("Unexpected result: " + res
)
1927 def dpp_proto_init(dev
, id1
):
1929 logger
.info("Starting DPP initiator/configurator in a thread")
1930 cmd
= "DPP_CONFIGURATOR_ADD"
1931 res
= dev
.request(cmd
)
1933 raise Exception("Failed to add configurator")
1936 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1
, conf_id
)
1937 if "OK" not in dev
.request(cmd
):
1938 raise Exception("Failed to initiate DPP Authentication")
1940 def test_sigma_dut_dpp_proto_initiator(dev
, apdev
):
1941 """sigma_dut DPP protocol testing - Initiator"""
1942 check_dpp_capab(dev
[0])
1943 check_dpp_capab(dev
[1])
1944 tests
= [("InvalidValue", "AuthenticationRequest", "WrappedData",
1945 "BootstrapResult,OK,AuthResult,Errorsent",
1947 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
1948 "BootstrapResult,OK,AuthResult,Errorsent",
1950 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
1951 "BootstrapResult,OK,AuthResult,Errorsent",
1952 "Missing or invalid I-capabilities"),
1953 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
1954 "BootstrapResult,OK,AuthResult,Errorsent",
1955 "Mismatching Initiator Authenticating Tag"),
1956 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
1957 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
1958 "Missing or invalid Enrollee Nonce attribute")]
1959 for step
, frame
, attr
, result
, fail
in tests
:
1960 dev
[0].request("FLUSH")
1961 dev
[1].request("FLUSH")
1962 sigma
= start_sigma_dut(dev
[0].ifname
)
1964 run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
,
1967 stop_sigma_dut(sigma
)
1969 def run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
, fail
):
1970 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1971 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1973 cmd
= "DPP_LISTEN 2437 role=enrollee"
1974 if "OK" not in dev
[1].request(cmd
):
1975 raise Exception("Failed to start listen operation")
1977 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1978 if "status,COMPLETE" not in res
:
1979 raise Exception("dev_exec_action did not succeed: " + res
)
1981 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
),
1983 if result
not in res
:
1984 raise Exception("Unexpected result: " + res
)
1986 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
1987 if ev
is None or fail
not in ev
:
1988 raise Exception("Failure not reported correctly: " + str(ev
))
1990 dev
[1].request("DPP_STOP_LISTEN")
1991 dev
[0].dump_monitor()
1992 dev
[1].dump_monitor()
1994 def test_sigma_dut_dpp_proto_responder(dev
, apdev
):
1995 """sigma_dut DPP protocol testing - Responder"""
1996 check_dpp_capab(dev
[0])
1997 check_dpp_capab(dev
[1])
1998 tests
= [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
1999 "BootstrapResult,OK,AuthResult,Errorsent",
2000 "Missing or invalid required DPP Status attribute"),
2001 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2002 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2003 "Missing or invalid Enrollee Nonce attribute")]
2004 for step
, frame
, attr
, result
, fail
in tests
:
2005 dev
[0].request("FLUSH")
2006 dev
[1].request("FLUSH")
2007 sigma
= start_sigma_dut(dev
[0].ifname
)
2009 run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
,
2012 stop_sigma_dut(sigma
)
2014 def run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
, fail
):
2015 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2016 if "status,COMPLETE" not in res
:
2017 raise Exception("dev_exec_action did not succeed: " + res
)
2018 hex = res
.split(',')[3]
2020 logger
.info("URI from sigma_dut: " + uri
)
2022 id1
= dev
[1].dpp_qr_code(uri
)
2024 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2026 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2028 if result
not in res
:
2029 raise Exception("Unexpected result: " + res
)
2031 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2032 if ev
is None or fail
not in ev
:
2033 raise Exception("Failure not reported correctly:" + str(ev
))
2035 dev
[1].request("DPP_STOP_LISTEN")
2036 dev
[0].dump_monitor()
2037 dev
[1].dump_monitor()
2039 def test_sigma_dut_dpp_proto_stop_at_initiator(dev
, apdev
):
2040 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2041 check_dpp_capab(dev
[0])
2042 check_dpp_capab(dev
[1])
2043 tests
= [("AuthenticationResponse",
2044 "BootstrapResult,OK,AuthResult,Errorsent",
2046 ("ConfigurationRequest",
2047 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2049 for frame
, result
, fail
in tests
:
2050 dev
[0].request("FLUSH")
2051 dev
[1].request("FLUSH")
2052 sigma
= start_sigma_dut(dev
[0].ifname
)
2054 run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
)
2056 stop_sigma_dut(sigma
)
2058 def run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
):
2059 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2060 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2062 cmd
= "DPP_LISTEN 2437 role=enrollee"
2063 if "OK" not in dev
[1].request(cmd
):
2064 raise Exception("Failed to start listen operation")
2066 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2067 if "status,COMPLETE" not in res
:
2068 raise Exception("dev_exec_action did not succeed: " + res
)
2070 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
))
2071 if result
not in res
:
2072 raise Exception("Unexpected result: " + res
)
2074 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2075 if ev
is None or fail
not in ev
:
2076 raise Exception("Failure not reported correctly: " + str(ev
))
2078 dev
[1].request("DPP_STOP_LISTEN")
2079 dev
[0].dump_monitor()
2080 dev
[1].dump_monitor()
2082 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, apdev
):
2083 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2084 check_dpp_capab(dev
[0])
2085 check_dpp_capab(dev
[1])
2086 tests
= [("AuthenticationConfirm",
2087 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2089 for frame
, result
, fail
in tests
:
2090 dev
[0].request("FLUSH")
2091 dev
[1].request("FLUSH")
2092 sigma
= start_sigma_dut(dev
[0].ifname
, debug
=True)
2094 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
,
2097 stop_sigma_dut(sigma
)
2099 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
, result
,
2101 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2102 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2104 cmd
= "DPP_LISTEN 2437 role=configurator"
2105 if "OK" not in dev
[1].request(cmd
):
2106 raise Exception("Failed to start listen operation")
2108 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2109 if "status,COMPLETE" not in res
:
2110 raise Exception("dev_exec_action did not succeed: " + res
)
2112 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2113 if result
not in res
:
2114 raise Exception("Unexpected result: " + res
)
2116 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2117 if ev
is None or fail
not in ev
:
2118 raise Exception("Failure not reported correctly: " + str(ev
))
2120 dev
[1].request("DPP_STOP_LISTEN")
2121 dev
[0].dump_monitor()
2122 dev
[1].dump_monitor()
2124 def test_sigma_dut_dpp_proto_stop_at_responder(dev
, apdev
):
2125 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2126 check_dpp_capab(dev
[0])
2127 check_dpp_capab(dev
[1])
2128 tests
= [("AuthenticationRequest",
2129 "BootstrapResult,OK,AuthResult,Errorsent",
2131 ("AuthenticationConfirm",
2132 "BootstrapResult,OK,AuthResult,Errorsent",
2134 for frame
, result
, fail
in tests
:
2135 dev
[0].request("FLUSH")
2136 dev
[1].request("FLUSH")
2137 sigma
= start_sigma_dut(dev
[0].ifname
)
2139 run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
)
2141 stop_sigma_dut(sigma
)
2143 def run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
):
2144 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2145 if "status,COMPLETE" not in res
:
2146 raise Exception("dev_exec_action did not succeed: " + res
)
2147 hex = res
.split(',')[3]
2149 logger
.info("URI from sigma_dut: " + uri
)
2151 id1
= dev
[1].dpp_qr_code(uri
)
2153 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2155 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2157 if result
not in res
:
2158 raise Exception("Unexpected result: " + res
)
2160 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2161 if ev
is None or fail
not in ev
:
2162 raise Exception("Failure not reported correctly:" + str(ev
))
2164 dev
[1].request("DPP_STOP_LISTEN")
2165 dev
[0].dump_monitor()
2166 dev
[1].dump_monitor()
2168 def dpp_proto_init_pkex(dev
):
2170 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2171 cmd
= "DPP_CONFIGURATOR_ADD"
2172 res
= dev
.request(cmd
)
2174 raise Exception("Failed to add configurator")
2177 id = dev
.dpp_bootstrap_gen(type="pkex")
2179 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id
)
2180 if "FAIL" in dev
.request(cmd
):
2181 raise Exception("Failed to initiate DPP PKEX")
2183 def test_sigma_dut_dpp_proto_initiator_pkex(dev
, apdev
):
2184 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2185 check_dpp_capab(dev
[0])
2186 check_dpp_capab(dev
[1])
2187 tests
= [("InvalidValue", "PKEXCRRequest", "WrappedData",
2188 "BootstrapResult,Errorsent",
2190 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2191 "BootstrapResult,Errorsent",
2192 "Missing or invalid Finite Cyclic Group attribute"),
2193 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2194 "BootstrapResult,Errorsent",
2195 "No valid peer bootstrapping key found")]
2196 for step
, frame
, attr
, result
, fail
in tests
:
2197 dev
[0].request("FLUSH")
2198 dev
[1].request("FLUSH")
2199 sigma
= start_sigma_dut(dev
[0].ifname
)
2201 run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
,
2204 stop_sigma_dut(sigma
)
2206 def run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
, result
, fail
):
2207 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2209 cmd
= "DPP_PKEX_ADD own=%d code=secret" % (id1
)
2210 res
= dev
[1].request(cmd
)
2212 raise Exception("Failed to set PKEX data (responder)")
2214 cmd
= "DPP_LISTEN 2437 role=enrollee"
2215 if "OK" not in dev
[1].request(cmd
):
2216 raise Exception("Failed to start listen operation")
2218 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
))
2219 if result
not in res
:
2220 raise Exception("Unexpected result: " + res
)
2222 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2223 if ev
is None or fail
not in ev
:
2224 raise Exception("Failure not reported correctly: " + str(ev
))
2226 dev
[1].request("DPP_STOP_LISTEN")
2227 dev
[0].dump_monitor()
2228 dev
[1].dump_monitor()
2230 def test_sigma_dut_dpp_proto_responder_pkex(dev
, apdev
):
2231 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2232 check_dpp_capab(dev
[0])
2233 check_dpp_capab(dev
[1])
2234 tests
= [("InvalidValue", "PKEXCRResponse", "WrappedData",
2235 "BootstrapResult,Errorsent",
2237 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2238 "BootstrapResult,Errorsent",
2239 "No DPP Status attribute"),
2240 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2241 "BootstrapResult,Errorsent",
2242 "No valid peer bootstrapping key found")]
2243 for step
, frame
, attr
, result
, fail
in tests
:
2244 dev
[0].request("FLUSH")
2245 dev
[1].request("FLUSH")
2246 sigma
= start_sigma_dut(dev
[0].ifname
)
2248 run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
,
2251 stop_sigma_dut(sigma
)
2253 def run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
, result
, fail
):
2254 t
= threading
.Thread(target
=dpp_proto_init_pkex
, args
=(dev
[1],))
2256 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2258 if result
not in res
:
2259 raise Exception("Unexpected result: " + res
)
2261 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2262 if ev
is None or fail
not in ev
:
2263 raise Exception("Failure not reported correctly:" + str(ev
))
2265 dev
[1].request("DPP_STOP_LISTEN")
2266 dev
[0].dump_monitor()
2267 dev
[1].dump_monitor()
2269 def init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2270 check_dpp_capab(dev
[0])
2271 check_dpp_capab(dev
[1])
2273 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2274 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2275 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2276 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2278 params
= {"ssid": "DPPNET01",
2281 "wpa_key_mgmt": "DPP",
2282 "rsn_pairwise": "CCMP",
2283 "dpp_connector": ap_connector
,
2284 "dpp_csign": csign_pub
,
2285 "dpp_netaccesskey": ap_netaccesskey
}
2287 hapd
= hostapd
.add_ap(apdev
[0], params
)
2289 raise HwsimSkip("DPP not supported")
2291 dev
[0].set("dpp_config_processing", "2")
2293 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
2294 res
= dev
[1].request(cmd
)
2296 raise Exception("Failed to add configurator")
2299 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2300 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2302 dev
[1].set("dpp_configurator_params",
2303 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2305 cmd
= "DPP_LISTEN 2437 role=configurator"
2306 if "OK" not in dev
[1].request(cmd
):
2307 raise Exception("Failed to start listen operation")
2309 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2310 if "status,COMPLETE" not in res
:
2311 raise Exception("dev_exec_action did not succeed: " + res
)
2313 def test_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2314 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2315 sigma
= start_sigma_dut(dev
[0].ifname
)
2317 init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
)
2319 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout
=10)
2320 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res
:
2321 raise Exception("Unexpected result: " + res
)
2323 dev
[0].set("dpp_config_processing", "0")
2324 stop_sigma_dut(sigma
)
2326 def test_sigma_dut_dpp_self_config(dev
, apdev
):
2327 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2328 check_dpp_capab(dev
[0])
2330 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2331 check_dpp_capab(hapd
)
2333 sigma
= start_sigma_dut(dev
[0].ifname
)
2335 dev
[0].set("dpp_config_processing", "2")
2336 id = hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2337 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2339 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2340 if "status,COMPLETE" not in res
:
2341 raise Exception("dev_exec_action did not succeed: " + res
)
2343 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2344 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2345 raise Exception("Unexpected result: " + res
)
2346 update_hapd_config(hapd
)
2348 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2349 res
= sigma_dut_cmd(cmd
, timeout
=10)
2350 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
2351 raise Exception("Unexpected result: " + res
)
2353 stop_sigma_dut(sigma
)
2354 dev
[0].set("dpp_config_processing", "0")
2356 def test_sigma_dut_ap_dpp_self_config(dev
, apdev
, params
):
2357 """sigma_dut DPP AP Configurator using self-configuration"""
2358 logdir
= os
.path
.join(params
['logdir'],
2359 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2360 with
HWSimRadio() as (radio
, iface
):
2361 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2363 run_sigma_dut_ap_dpp_self_config(dev
, apdev
)
2365 stop_sigma_dut(sigma
)
2366 dev
[0].set("dpp_config_processing", "0")
2368 def run_sigma_dut_ap_dpp_self_config(dev
, apdev
):
2369 check_dpp_capab(dev
[0])
2371 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2373 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout
=10)
2374 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2375 raise Exception("Unexpected result: " + res
)
2377 dev
[0].set("dpp_config_processing", "2")
2379 id = dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True)
2380 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2381 cmd
= "DPP_LISTEN 2462 role=enrollee"
2382 if "OK" not in dev
[0].request(cmd
):
2383 raise Exception("Failed to start listen operation")
2385 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2386 if "status,COMPLETE" not in res
:
2387 raise Exception("dev_exec_action did not succeed: " + res
)
2388 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2389 res
= sigma_dut_cmd(cmd
)
2390 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2391 raise Exception("Unexpected result: " + res
)
2392 dev
[0].wait_connected()
2393 dev
[0].request("DISCONNECT")
2394 dev
[0].wait_disconnected()
2395 sigma_dut_cmd_check("ap_reset_default")
2397 def test_sigma_dut_preconfigured_profile(dev
, apdev
):
2398 """sigma_dut controlled connection using preconfigured profile"""
2400 run_sigma_dut_preconfigured_profile(dev
, apdev
)
2402 dev
[0].set("ignore_old_scan_res", "0")
2404 def run_sigma_dut_preconfigured_profile(dev
, apdev
):
2405 ifname
= dev
[0].ifname
2406 sigma
= start_sigma_dut(ifname
)
2408 params
= hostapd
.wpa2_params(ssid
="test-psk", passphrase
="12345678")
2409 hapd
= hostapd
.add_ap(apdev
[0], params
)
2410 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412",
2411 only_add_network
=True)
2413 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2414 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "test-psk"))
2415 sigma_dut_wait_connected(ifname
)
2416 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2417 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2418 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2420 stop_sigma_dut(sigma
)
2422 def test_sigma_dut_wps_pbc(dev
, apdev
):
2423 """sigma_dut and WPS PBC Enrollee"""
2425 run_sigma_dut_wps_pbc(dev
, apdev
)
2427 dev
[0].set("ignore_old_scan_res", "0")
2429 def run_sigma_dut_wps_pbc(dev
, apdev
):
2430 ssid
= "test-wps-conf"
2431 hapd
= hostapd
.add_ap(apdev
[0],
2432 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2433 "wpa_passphrase": "12345678", "wpa": "2",
2434 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2435 hapd
.request("WPS_PBC")
2437 ifname
= dev
[0].ifname
2438 sigma
= start_sigma_dut(ifname
)
2440 cmd
= "start_wps_registration,interface,%s" % ifname
2441 cmd
+= ",WpsRole,Enrollee"
2442 cmd
+= ",WpsConfigMethod,PBC"
2443 sigma_dut_cmd_check(cmd
, timeout
=15)
2445 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2447 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2448 stop_sigma_dut(sigma
)
2449 dev
[0].flush_scan_cache()
2451 def test_sigma_dut_sta_scan_bss(dev
, apdev
):
2452 """sigma_dut sta_scan_bss"""
2453 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "test"})
2454 sigma
= start_sigma_dut(dev
[0].ifname
)
2456 cmd
= "sta_scan_bss,Interface,%s,BSSID,%s" % (dev
[0].ifname
, \
2458 res
= sigma_dut_cmd(cmd
, timeout
=10)
2459 if "ssid,test,bsschannel,1" not in res
:
2460 raise Exception("Unexpected result: " + res
)
2462 stop_sigma_dut(sigma
)
2464 def test_sigma_dut_sta_scan_ssid_bssid(dev
, apdev
):
2465 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2466 hostapd
.add_ap(apdev
[0], {"ssid": "abcdef"})
2467 hostapd
.add_ap(apdev
[1], {"ssid": "qwerty"})
2468 sigma
= start_sigma_dut(dev
[0].ifname
, debug
=True)
2470 cmd
= "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev
[0].ifname
2471 res
= sigma_dut_cmd(cmd
, timeout
=10)
2472 if "abcdef" not in res
or "qwerty" not in res
:
2473 raise Exception("Unexpected result: " + res
)
2475 stop_sigma_dut(sigma
)
2477 def test_sigma_dut_ap_osen(dev
, apdev
, params
):
2478 """sigma_dut controlled AP with OSEN"""
2479 logdir
= os
.path
.join(params
['logdir'],
2480 "sigma_dut_ap_osen.sigma-hostapd")
2481 with
HWSimRadio() as (radio
, iface
):
2482 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2484 sigma_dut_cmd_check("ap_reset_default")
2485 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2486 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2487 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2488 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2490 # RSN-OSEN (for OSU)
2491 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2492 pairwise
="CCMP", group
="GTK_NOT_USED",
2493 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2494 ca_cert
="auth_serv/ca.pem", scan_freq
="2412")
2496 sigma_dut_cmd_check("ap_reset_default")
2498 stop_sigma_dut(sigma
)
2500 def test_sigma_dut_ap_eap_osen(dev
, apdev
, params
):
2501 """sigma_dut controlled AP with EAP+OSEN"""
2502 logdir
= os
.path
.join(params
['logdir'],
2503 "sigma_dut_ap_eap_osen.sigma-hostapd")
2504 with
HWSimRadio() as (radio
, iface
):
2505 sigma
= start_sigma_dut(iface
, bridge
="ap-br0", hostapd_logdir
=logdir
)
2507 sigma_dut_cmd_check("ap_reset_default")
2508 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2509 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2510 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2511 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2513 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
2514 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2516 # RSN-OSEN (for OSU)
2517 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2519 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2520 ca_cert
="auth_serv/ca.pem", ieee80211w
='2',
2522 # RSN-EAP (for data connection)
2523 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
2524 identity
="hs20-test", password
="password",
2525 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
2526 ieee80211w
='2', scan_freq
="2412")
2528 hwsim_utils
.test_connectivity(dev
[0], dev
[1], broadcast
=False,
2529 success_expected
=False, timeout
=1)
2531 sigma_dut_cmd_check("ap_reset_default")
2533 stop_sigma_dut(sigma
)
2534 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2535 stderr
=open('/dev/null', 'w'))
2536 subprocess
.call(['brctl', 'delbr', 'ap-br0'],
2537 stderr
=open('/dev/null', 'w'))
2539 def test_sigma_dut_ap_eap(dev
, apdev
, params
):
2540 """sigma_dut controlled AP WPA2-Enterprise"""
2541 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2542 with
HWSimRadio() as (radio
, iface
):
2543 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2545 sigma_dut_cmd_check("ap_reset_default")
2546 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2547 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2548 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2549 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2551 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
2552 identity
="gpsk user",
2553 password
="abcdefghijklmnop0123456789abcdef",
2556 sigma_dut_cmd_check("ap_reset_default")
2558 stop_sigma_dut(sigma
)
2560 def test_sigma_dut_ap_eap_sha256(dev
, apdev
, params
):
2561 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2562 logdir
= os
.path
.join(params
['logdir'],
2563 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2564 with
HWSimRadio() as (radio
, iface
):
2565 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2567 sigma_dut_cmd_check("ap_reset_default")
2568 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2569 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2570 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2571 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2573 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP-SHA256", eap
="GPSK",
2574 identity
="gpsk user",
2575 password
="abcdefghijklmnop0123456789abcdef",
2578 sigma_dut_cmd_check("ap_reset_default")
2580 stop_sigma_dut(sigma
)
2582 def test_sigma_dut_ap_ft_eap(dev
, apdev
, params
):
2583 """sigma_dut controlled AP FT-EAP"""
2584 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2585 with
HWSimRadio() as (radio
, iface
):
2586 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2588 sigma_dut_cmd_check("ap_reset_default")
2589 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2590 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2591 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2592 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2594 dev
[0].connect("test-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
2595 identity
="gpsk user",
2596 password
="abcdefghijklmnop0123456789abcdef",
2599 sigma_dut_cmd_check("ap_reset_default")
2601 stop_sigma_dut(sigma
)
2603 def test_sigma_dut_ap_ft_psk(dev
, apdev
, params
):
2604 """sigma_dut controlled AP FT-PSK"""
2605 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2606 with
HWSimRadio() as (radio
, iface
):
2607 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2609 sigma_dut_cmd_check("ap_reset_default")
2610 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2611 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2612 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2614 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
2617 sigma_dut_cmd_check("ap_reset_default")
2619 stop_sigma_dut(sigma
)
2621 def test_sigma_dut_ap_ent_ft_eap(dev
, apdev
, params
):
2622 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2623 logdir
= os
.path
.join(params
['logdir'],
2624 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2625 with
HWSimRadio() as (radio
, iface
):
2626 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2628 sigma_dut_cmd_check("ap_reset_default")
2629 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2630 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2631 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2632 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2634 dev
[0].connect("test-ent-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
2635 identity
="gpsk user",
2636 password
="abcdefghijklmnop0123456789abcdef",
2638 dev
[1].connect("test-ent-ft-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
2639 identity
="gpsk user",
2640 password
="abcdefghijklmnop0123456789abcdef",
2643 sigma_dut_cmd_check("ap_reset_default")
2645 stop_sigma_dut(sigma
)
2647 def test_sigma_dut_venue_url(dev
, apdev
):
2648 """sigma_dut controlled Venue URL fetch"""
2650 run_sigma_dut_venue_url(dev
, apdev
)
2652 dev
[0].set("ignore_old_scan_res", "0")
2654 def run_sigma_dut_venue_url(dev
, apdev
):
2655 ifname
= dev
[0].ifname
2656 sigma
= start_sigma_dut(ifname
, debug
=True)
2659 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
2660 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
2661 params
["ieee80211w"] = "2"
2665 venue_info
= struct
.pack('BB', venue_group
, venue_type
)
2667 name1
= "Example venue"
2669 name2
= "Esimerkkipaikka"
2670 venue1
= struct
.pack('B', len(lang1
+ name1
)) + lang1
.encode() + name1
.encode()
2671 venue2
= struct
.pack('B', len(lang2
+ name2
)) + lang2
.encode() + name2
.encode()
2672 venue_name
= binascii
.hexlify(venue_info
+ venue1
+ venue2
)
2674 url1
= "http://example.com/venue"
2675 url2
= "https://example.org/venue-info/"
2676 params
["venue_group"] = str(venue_group
)
2677 params
["venue_type"] = str(venue_type
)
2678 params
["venue_name"] = [lang1
+ ":" + name1
, lang2
+ ":" + name2
]
2679 params
["venue_url"] = ["1:" + url1
, "2:" + url2
]
2681 hapd
= hostapd
.add_ap(apdev
[0], params
)
2683 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
2684 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2685 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "venue", "12345678"))
2686 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "venue"))
2687 sigma_dut_wait_connected(ifname
)
2688 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2689 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname
+ ",Display,Yes")
2690 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2691 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2693 stop_sigma_dut(sigma
)
2695 def test_sigma_dut_hs20_assoc_24(dev
, apdev
):
2696 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
2697 run_sigma_dut_hs20_assoc(dev
, apdev
, True)
2699 def test_sigma_dut_hs20_assoc_5(dev
, apdev
):
2700 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
2701 run_sigma_dut_hs20_assoc(dev
, apdev
, False)
2703 def run_sigma_dut_hs20_assoc(dev
, apdev
, band24
):
2707 bssid0
= apdev
[0]['bssid']
2708 params
= hs20_ap_params()
2709 params
['hessid'] = bssid0
2710 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2712 bssid1
= apdev
[1]['bssid']
2713 params
= hs20_ap_params()
2714 params
['hessid'] = bssid0
2715 params
["hw_mode"] = "a"
2716 params
["channel"] = "36"
2717 params
["country_code"] = "US"
2718 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2720 band
= "2.4" if band24
else "5"
2721 exp_bssid
= bssid0
if band24
else bssid1
2722 run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, exp_bssid
)
2724 dev
[0].request("DISCONNECT")
2726 hapd0
.request("DISABLE")
2728 hapd1
.request("DISABLE")
2729 subprocess
.call(['iw', 'reg', 'set', '00'])
2730 dev
[0].flush_scan_cache()
2732 def run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, expect_bssid
):
2733 check_eap_capa(dev
[0], "MSCHAPV2")
2734 dev
[0].flush_scan_cache()
2736 ifname
= dev
[0].ifname
2737 sigma
= start_sigma_dut(ifname
, debug
=True)
2739 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname
)
2740 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2741 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname
)
2742 res
= sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname
, band
),
2744 sigma_dut_wait_connected(ifname
)
2745 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2746 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2747 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2749 stop_sigma_dut(sigma
)
2751 if "BSSID," + expect_bssid
not in res
:
2752 raise Exception("Unexpected BSSID: " + res
)
2754 def test_sigma_dut_ap_hs20(dev
, apdev
, params
):
2755 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
2756 logdir
= os
.path
.join(params
['logdir'],
2757 "sigma_dut_ap_hs20.sigma-hostapd")
2758 conffile
= os
.path
.join(params
['logdir'],
2759 "sigma_dut_ap_hs20.sigma-conf")
2760 with
HWSimRadio() as (radio
, iface
):
2761 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2763 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
2764 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2765 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2766 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
2767 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
2768 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
2769 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
2770 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
2771 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
2772 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
2773 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
2774 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
2775 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
2776 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2778 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
2779 with
open(conffile
, "wb") as f2
:
2782 sigma_dut_cmd_check("ap_reset_default")
2784 stop_sigma_dut(sigma
)
2786 def test_sigma_dut_eap_ttls_uosc(dev
, apdev
, params
):
2787 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
2788 logdir
= params
['logdir']
2790 with
open("auth_serv/ca.pem", "r") as f
:
2791 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.ca.pem"),
2795 src
= "auth_serv/server.pem"
2796 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.der")
2797 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
2798 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
2800 stderr
=open('/dev/null', 'w'))
2801 with
open(dst
, "rb") as f
:
2803 hash = hashlib
.sha256(der
).digest()
2804 with
open(hashdst
, "w") as f
:
2805 f
.write(binascii
.hexlify(hash).decode())
2807 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
2808 with
open(dst
, "w") as f
:
2811 ssid
= "test-wpa2-eap"
2812 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
2813 hapd
= hostapd
.add_ap(apdev
[0], params
)
2815 ifname
= dev
[0].ifname
2816 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
2819 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname
, ssid
)
2821 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
2822 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2823 sigma_dut_cmd_check(cmd
)
2824 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
2825 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
2827 raise Exception("Server certificate error not reported")
2829 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
2830 if "ServerCertTrustResult,Accepted" not in res
:
2831 raise Exception("Server certificate trust was not accepted")
2832 sigma_dut_wait_connected(ifname
)
2833 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2834 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2835 dev
[0].dump_monitor()
2837 stop_sigma_dut(sigma
)
2839 def test_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
):
2840 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD"""
2841 logdir
= params
['logdir']
2843 with
open("auth_serv/ca.pem", "r") as f
:
2844 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc_tod.ca.pem"),
2848 src
= "auth_serv/server-certpol.pem"
2849 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc_tod.server.der")
2850 hashdst
= os
.path
.join(logdir
,
2851 "sigma_dut_eap_ttls_uosc_tod.server.pem.sha256")
2852 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
2854 stderr
=open('/dev/null', 'w'))
2855 with
open(dst
, "rb") as f
:
2857 hash = hashlib
.sha256(der
).digest()
2858 with
open(hashdst
, "w") as f
:
2859 f
.write(binascii
.hexlify(hash).decode())
2861 dst
= os
.path
.join(logdir
,
2862 "sigma_dut_eap_ttls_uosc_tod.incorrect.pem.sha256")
2863 with
open(dst
, "w") as f
:
2866 ssid
= "test-wpa2-eap"
2867 params
= int_eap_server_params()
2868 params
["ssid"] = ssid
2869 params
["server_cert"] = "auth_serv/server-certpol.pem"
2870 params
["private_key"] = "auth_serv/server-certpol.key"
2871 hapd
= hostapd
.add_ap(apdev
[0], params
)
2873 ifname
= dev
[0].ifname
2874 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
2877 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_tod.ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc_tod.server.pem" % (ifname
, ssid
)
2878 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
2879 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2880 sigma_dut_cmd_check(cmd
)
2881 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
2882 sigma_dut_wait_connected(ifname
)
2883 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2884 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
+ ",maintain_profile,1")
2885 dev
[0].wait_disconnected()
2886 dev
[0].dump_monitor()
2889 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
2890 hapd
= hostapd
.add_ap(apdev
[0], params
)
2892 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
2893 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
2895 raise Exception("Server certificate error not reported")
2897 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
2898 if "ServerCertTrustResult,Accepted" in res
:
2899 raise Exception("Server certificate trust override was accepted unexpectedly")
2900 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2901 dev
[0].dump_monitor()
2903 stop_sigma_dut(sigma
)
2905 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev
, apdev
, params
):
2906 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
2907 logdir
= params
['logdir']
2909 with
open("auth_serv/ca.pem", "r") as f
:
2910 with
open(os
.path
.join(logdir
,
2911 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
2915 ssid
= "test-wpa2-eap"
2916 params
= int_eap_server_params()
2917 params
["ssid"] = ssid
2918 params
["ca_cert"] = "auth_serv/rsa3072-ca.pem"
2919 params
["server_cert"] = "auth_serv/rsa3072-server.pem"
2920 params
["private_key"] = "auth_serv/rsa3072-server.key"
2921 hapd
= hostapd
.add_ap(apdev
[0], params
)
2923 ifname
= dev
[0].ifname
2924 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
2927 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname
, ssid
)
2928 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
2929 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2930 sigma_dut_cmd_check(cmd
)
2931 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
2932 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
2934 raise Exception("Server certificate error not reported")
2936 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
2937 if "ServerCertTrustResult,Accepted" not in res
:
2938 raise Exception("Server certificate trust was not accepted")
2939 sigma_dut_wait_connected(ifname
)
2940 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2941 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2942 dev
[0].dump_monitor()
2944 stop_sigma_dut(sigma
)