1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
13 logger
= logging
.getLogger()
22 from utils
import HwsimSkip
23 from hwsim
import HWSimRadio
25 from test_dpp
import check_dpp_capab
, update_hapd_config
, wait_auth_success
26 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
27 from test_ap_eap
import check_eap_capa
, int_eap_server_params
, check_domain_match
, check_domain_suffix_match
28 from test_ap_hs20
import hs20_ap_params
30 def check_sigma_dut():
31 if not os
.path
.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
35 return binascii
.hexlify(s
.encode()).decode()
38 return binascii
.unhexlify(s
).decode()
40 def sigma_log_output(cmd
):
42 out
= cmd
.stdout
.read()
44 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
46 if e
.errno
!= errno
.EAGAIN
:
49 out
= cmd
.stderr
.read()
51 logger
.debug("sigma_dut stderr: " + str(out
.decode()))
53 if e
.errno
!= errno
.EAGAIN
:
58 def sigma_dut_cmd(cmd
, port
=9000, timeout
=2):
59 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
61 sock
.settimeout(timeout
)
62 addr
= ('127.0.0.1', port
)
64 sock
.send(cmd
.encode() + b
"\r\n")
66 res
= sock
.recv(1000).decode()
69 for line
in res
.splitlines():
70 if line
.startswith("status,RUNNING"):
72 elif line
.startswith("status,INVALID"):
74 elif line
.startswith("status,ERROR"):
76 elif line
.startswith("status,COMPLETE"):
78 if running
and not done
:
79 # Read the actual response
80 res
= sock
.recv(1000).decode()
86 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
89 sigma_log_output(sigma_prog
)
92 def sigma_dut_cmd_check(cmd
, port
=9000, timeout
=2):
93 res
= sigma_dut_cmd(cmd
, port
=port
, timeout
=timeout
)
94 if "COMPLETE" not in res
:
95 raise Exception("sigma_dut command failed: " + cmd
)
98 def start_sigma_dut(ifname
, hostapd_logdir
=None, cert_path
=None,
99 bridge
=None, sae_h2e
=False, owe_ptk_workaround
=False):
101 cmd
= ['./sigma_dut',
105 '-F', '../../hostapd/hostapd',
107 '-w', '/var/run/wpa_supplicant/',
110 cmd
+= ['-H', hostapd_logdir
]
112 cmd
+= ['-C', cert_path
]
114 cmd
+= ['-b', bridge
]
117 if owe_ptk_workaround
:
119 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
120 stderr
=subprocess
.PIPE
)
121 for stream
in [sigma
.stdout
, sigma
.stderr
]:
123 fl
= fcntl
.fcntl(fd
, fcntl
.F_GETFL
)
124 fcntl
.fcntl(fd
, fcntl
.F_SETFL
, fl | os
.O_NONBLOCK
)
131 res
= sigma_dut_cmd("HELLO")
135 if res
is None or "errorCode,Unknown command" not in res
:
136 raise Exception("Failed to start sigma_dut")
137 return {'cmd': sigma
, 'ifname': ifname
}
139 def stop_sigma_dut(sigma
):
143 sigma_log_output(cmd
)
144 logger
.debug("Terminating sigma_dut process")
147 out
, err
= cmd
.communicate()
148 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
149 logger
.debug("sigma_dut stderr: " + str(err
.decode()))
150 subprocess
.call(["ip", "addr", "del", "dev", sigma
['ifname'],
152 stderr
=open('/dev/null', 'w'))
154 def sigma_dut_wait_connected(ifname
):
156 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
157 if "connected,1" in res
:
161 raise Exception("Connection did not complete")
163 def test_sigma_dut_basic(dev
, apdev
):
164 """sigma_dut basic functionality"""
165 sigma
= start_sigma_dut(dev
[0].ifname
)
167 tests
= [("ca_get_version", "status,COMPLETE,version,1.0"),
168 ("device_get_info", "status,COMPLETE,vendor"),
169 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
170 ("device_list_interfaces,interfaceType,802.11",
171 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
)]
173 res
= sigma_dut_cmd("UNKNOWN")
174 if "status,INVALID,errorCode,Unknown command" not in res
:
175 raise Exception("Unexpected sigma_dut response to unknown command")
177 for cmd
, response
in tests
:
178 res
= sigma_dut_cmd(cmd
)
179 if response
not in res
:
180 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
182 stop_sigma_dut(sigma
)
184 def test_sigma_dut_open(dev
, apdev
):
185 """sigma_dut controlled open network association"""
187 run_sigma_dut_open(dev
, apdev
)
189 dev
[0].set("ignore_old_scan_res", "0")
191 def run_sigma_dut_open(dev
, apdev
):
192 ifname
= dev
[0].ifname
193 sigma
= start_sigma_dut(ifname
)
196 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "open"})
198 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
199 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
200 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"),
202 sigma_dut_wait_connected(ifname
)
203 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
204 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
205 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
207 stop_sigma_dut(sigma
)
209 def test_sigma_dut_psk_pmf(dev
, apdev
):
210 """sigma_dut controlled PSK+PMF association"""
212 run_sigma_dut_psk_pmf(dev
, apdev
)
214 dev
[0].set("ignore_old_scan_res", "0")
216 def run_sigma_dut_psk_pmf(dev
, apdev
):
217 ifname
= dev
[0].ifname
218 sigma
= start_sigma_dut(ifname
)
221 ssid
= "test-pmf-required"
222 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
223 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
224 params
["ieee80211w"] = "2"
225 hapd
= hostapd
.add_ap(apdev
[0], params
)
227 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
228 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
229 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
230 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
232 sigma_dut_wait_connected(ifname
)
233 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
234 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
235 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
237 stop_sigma_dut(sigma
)
239 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
240 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
242 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
244 dev
[0].set("ignore_old_scan_res", "0")
246 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
247 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
249 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
251 dev
[0].set("ignore_old_scan_res", "0")
253 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
254 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
256 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
258 dev
[0].set("ignore_old_scan_res", "0")
260 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
261 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
263 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
265 dev
[0].set("ignore_old_scan_res", "0")
267 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
268 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
270 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
273 dev
[0].set("ignore_old_scan_res", "0")
275 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
277 ifname
= dev
[0].ifname
278 sigma
= start_sigma_dut(ifname
)
281 ssid
= "test-pmf-required"
282 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
283 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
284 params
["ieee80211w"] = "2"
285 params
["group_mgmt_cipher"] = hostapd_cipher
286 hapd
= hostapd
.add_ap(apdev
[0], params
)
288 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
289 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
290 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
291 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
292 timeout
=2 if failure
else 10)
294 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
295 "CTRL-EVENT-CONNECTED"], timeout
=10)
297 raise Exception("Network selection result not indicated")
298 if "CTRL-EVENT-CONNECTED" in ev
:
299 raise Exception("Unexpected connection")
300 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
301 if "connected,1" in res
:
302 raise Exception("Connection reported")
304 sigma_dut_wait_connected(ifname
)
305 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
307 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
308 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
310 stop_sigma_dut(sigma
)
312 def test_sigma_dut_sae(dev
, apdev
):
313 """sigma_dut controlled SAE association"""
314 if "SAE" not in dev
[0].get_capability("auth_alg"):
315 raise HwsimSkip("SAE not supported")
317 ifname
= dev
[0].ifname
318 sigma
= start_sigma_dut(ifname
)
322 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
323 params
['wpa_key_mgmt'] = 'SAE'
324 params
["ieee80211w"] = "2"
325 params
['sae_groups'] = '19 20 21'
326 hapd
= hostapd
.add_ap(apdev
[0], params
)
328 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
329 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
330 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
331 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
333 sigma_dut_wait_connected(ifname
)
334 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
335 if dev
[0].get_status_field('sae_group') != '19':
336 raise Exception("Expected default SAE group not used")
337 res
= sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname
)
338 logger
.info("Reported PMK: " + res
)
339 if ",PMK," not in res
:
340 raise Exception("PMK not reported");
341 if hapd
.request("GET_PMK " + dev
[0].own_addr()) != res
.split(',')[3]:
342 raise Exception("Mismatch in reported PMK")
343 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
345 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
347 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
348 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
349 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
351 sigma_dut_wait_connected(ifname
)
352 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
353 if dev
[0].get_status_field('sae_group') != '20':
354 raise Exception("Expected SAE group not used")
355 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
356 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
358 stop_sigma_dut(sigma
)
360 def test_sigma_dut_sae_groups(dev
, apdev
):
361 """sigma_dut controlled SAE association with group negotiation"""
362 if "SAE" not in dev
[0].get_capability("auth_alg"):
363 raise HwsimSkip("SAE not supported")
365 ifname
= dev
[0].ifname
366 sigma
= start_sigma_dut(ifname
)
370 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
371 params
['wpa_key_mgmt'] = 'SAE'
372 params
["ieee80211w"] = "2"
373 params
['sae_groups'] = '19'
374 hapd
= hostapd
.add_ap(apdev
[0], params
)
376 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
377 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
378 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname
, "test-sae", "12345678"))
379 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
381 sigma_dut_wait_connected(ifname
)
382 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
383 if dev
[0].get_status_field('sae_group') != '19':
384 raise Exception("Expected default SAE group not used")
385 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
387 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
389 stop_sigma_dut(sigma
)
391 def test_sigma_dut_sae_pmkid_include(dev
, apdev
):
392 """sigma_dut controlled SAE association with PMKID"""
393 if "SAE" not in dev
[0].get_capability("auth_alg"):
394 raise HwsimSkip("SAE not supported")
396 ifname
= dev
[0].ifname
397 sigma
= start_sigma_dut(ifname
)
401 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
402 params
['wpa_key_mgmt'] = 'SAE'
403 params
["ieee80211w"] = "2"
404 params
["sae_confirm_immediate"] = "1"
405 hapd
= hostapd
.add_ap(apdev
[0], params
)
407 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
408 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
409 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname
, "test-sae", "12345678"))
410 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
412 sigma_dut_wait_connected(ifname
)
413 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
415 stop_sigma_dut(sigma
)
417 def test_sigma_dut_sae_password(dev
, apdev
):
418 """sigma_dut controlled SAE association and long password"""
419 if "SAE" not in dev
[0].get_capability("auth_alg"):
420 raise HwsimSkip("SAE not supported")
422 ifname
= dev
[0].ifname
423 sigma
= start_sigma_dut(ifname
)
427 params
= hostapd
.wpa2_params(ssid
=ssid
)
428 params
['sae_password'] = 100*'B'
429 params
['wpa_key_mgmt'] = 'SAE'
430 params
["ieee80211w"] = "2"
431 hapd
= hostapd
.add_ap(apdev
[0], params
)
433 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
434 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
435 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
436 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
438 sigma_dut_wait_connected(ifname
)
439 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
440 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
441 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
443 stop_sigma_dut(sigma
)
445 def test_sigma_dut_sae_pw_id(dev
, apdev
):
446 """sigma_dut controlled SAE association with Password Identifier"""
447 if "SAE" not in dev
[0].get_capability("auth_alg"):
448 raise HwsimSkip("SAE not supported")
450 ifname
= dev
[0].ifname
451 sigma
= start_sigma_dut(ifname
)
455 params
= hostapd
.wpa2_params(ssid
=ssid
)
456 params
['wpa_key_mgmt'] = 'SAE'
457 params
["ieee80211w"] = "2"
458 params
['sae_password'] = 'secret|id=pw id'
459 params
['sae_groups'] = '19'
460 hapd
= hostapd
.add_ap(apdev
[0], params
)
462 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
463 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
464 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname
, "test-sae", "secret"))
465 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
467 sigma_dut_wait_connected(ifname
)
468 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
469 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
471 stop_sigma_dut(sigma
)
473 def test_sigma_dut_sae_pw_id_pwe_loop(dev
, apdev
):
474 """sigma_dut controlled SAE association with Password Identifier and forced PWE looping"""
475 if "SAE" not in dev
[0].get_capability("auth_alg"):
476 raise HwsimSkip("SAE not supported")
478 ifname
= dev
[0].ifname
479 sigma
= start_sigma_dut(ifname
)
483 params
= hostapd
.wpa2_params(ssid
=ssid
)
484 params
['wpa_key_mgmt'] = 'SAE'
485 params
["ieee80211w"] = "2"
486 params
['sae_password'] = 'secret|id=pw id'
487 params
['sae_groups'] = '19'
488 hapd
= hostapd
.add_ap(apdev
[0], params
)
490 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
491 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
492 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id,sae_pwe,looping" % (ifname
, "test-sae", "secret"))
493 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
496 ev
= dev
[0].wait_event(["SME: Trying to authenticate",
497 "CTRL-EVENT-CONNECTED"], timeout
=10)
499 raise Exception("Network selection result not indicated")
500 if "CTRL-EVENT-CONNECTED" in ev
:
501 raise Exception("Unexpected connection")
502 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
503 if "connected,1" in res
:
504 raise Exception("Connection reported")
505 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
507 stop_sigma_dut(sigma
)
508 dev
[0].set("sae_pwe", "0")
510 def test_sigma_dut_sae_pw_id_ft(dev
, apdev
):
511 """sigma_dut controlled SAE association with Password Identifier and FT"""
512 run_sigma_dut_sae_pw_id_ft(dev
, apdev
)
514 def test_sigma_dut_sae_pw_id_ft_over_ds(dev
, apdev
):
515 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
516 run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=True)
518 def run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=False):
519 if "SAE" not in dev
[0].get_capability("auth_alg"):
520 raise HwsimSkip("SAE not supported")
522 ifname
= dev
[0].ifname
523 sigma
= start_sigma_dut(ifname
)
527 params
= hostapd
.wpa2_params(ssid
=ssid
)
528 params
['wpa_key_mgmt'] = 'SAE FT-SAE'
529 params
["ieee80211w"] = "2"
530 params
['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
531 params
['mobility_domain'] = 'aabb'
532 params
['ft_over_ds'] = '1' if over_ds
else '0'
533 bssid
= apdev
[0]['bssid'].replace(':', '')
534 params
['nas_identifier'] = bssid
+ '.nas.example.com'
535 params
['r1_key_holder'] = bssid
536 params
['pmk_r1_push'] = '0'
537 params
['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
538 params
['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
539 hapd
= hostapd
.add_ap(apdev
[0], params
)
541 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
543 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname
)
544 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
545 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname
, "test-sae", "pw2"))
546 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
548 sigma_dut_wait_connected(ifname
)
550 bssid
= apdev
[1]['bssid'].replace(':', '')
551 params
['nas_identifier'] = bssid
+ '.nas.example.com'
552 params
['r1_key_holder'] = bssid
553 hapd2
= hostapd
.add_ap(apdev
[1], params
)
554 bssid
= hapd2
.own_addr()
555 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
556 dev
[0].wait_connected()
558 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
559 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
561 stop_sigma_dut(sigma
)
563 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
564 """sigma_dut and RSNE override on STA"""
566 run_sigma_dut_sta_override_rsne(dev
, apdev
)
568 dev
[0].set("ignore_old_scan_res", "0")
570 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
571 ifname
= dev
[0].ifname
572 sigma
= start_sigma_dut(ifname
)
576 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
577 hapd
= hostapd
.add_ap(apdev
[0], params
)
579 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
581 tests
= ["30120100000fac040100000fac040100000fac02",
582 "30140100000fac040100000fac040100000fac02ffff"]
584 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
585 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
586 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
588 sigma_dut_wait_connected(ifname
)
589 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
590 dev
[0].dump_monitor()
592 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
593 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
594 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
597 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
599 raise Exception("Association rejection not reported")
600 if "status_code=40" not in ev
:
601 raise Exception("Unexpected status code: " + ev
)
603 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
605 stop_sigma_dut(sigma
)
607 def test_sigma_dut_ap_psk(dev
, apdev
):
608 """sigma_dut controlled AP"""
609 with
HWSimRadio() as (radio
, iface
):
610 sigma
= start_sigma_dut(iface
)
612 sigma_dut_cmd_check("ap_reset_default")
613 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
614 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
615 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
617 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
619 sigma_dut_cmd_check("ap_reset_default")
621 stop_sigma_dut(sigma
)
623 def test_sigma_dut_ap_pskhex(dev
, apdev
, params
):
624 """sigma_dut controlled AP and PSKHEX"""
625 logdir
= os
.path
.join(params
['logdir'],
626 "sigma_dut_ap_pskhex.sigma-hostapd")
627 with
HWSimRadio() as (radio
, iface
):
628 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
630 psk
= "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
631 sigma_dut_cmd_check("ap_reset_default")
632 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
633 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk
)
634 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
636 dev
[0].connect("test-psk", raw_psk
=psk
, scan_freq
="2412")
638 sigma_dut_cmd_check("ap_reset_default")
640 stop_sigma_dut(sigma
)
642 def test_sigma_dut_ap_psk_sha256(dev
, apdev
, params
):
643 """sigma_dut controlled AP PSK SHA256"""
644 logdir
= os
.path
.join(params
['logdir'],
645 "sigma_dut_ap_psk_sha256.sigma-hostapd")
646 with
HWSimRadio() as (radio
, iface
):
647 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
649 sigma_dut_cmd_check("ap_reset_default")
650 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
651 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
652 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
654 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
655 psk
="12345678", scan_freq
="2412")
657 sigma_dut_cmd_check("ap_reset_default")
659 stop_sigma_dut(sigma
)
661 def test_sigma_dut_ap_psk_deauth(dev
, apdev
, params
):
662 """sigma_dut controlled AP and deauth commands"""
663 logdir
= os
.path
.join(params
['logdir'],
664 "sigma_dut_ap_psk_deauth.sigma-hostapd")
665 with
HWSimRadio() as (radio
, iface
):
666 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
668 sigma_dut_cmd_check("ap_reset_default")
669 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
670 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
671 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
673 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
674 psk
="12345678", ieee80211w
="2", scan_freq
="2412")
675 addr
= dev
[0].own_addr()
676 dev
[0].dump_monitor()
678 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
)
679 ev
= dev
[0].wait_disconnected()
680 dev
[0].dump_monitor()
681 if "locally_generated=1" in ev
:
682 raise Exception("Unexpected disconnection reason")
683 dev
[0].wait_connected()
684 dev
[0].dump_monitor()
686 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
+ ",disconnect,silent")
687 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
688 if ev
and "locally_generated=1" not in ev
:
689 raise Exception("Unexpected disconnection")
691 sigma_dut_cmd_check("ap_reset_default")
693 stop_sigma_dut(sigma
)
695 def test_sigma_dut_eap_ttls(dev
, apdev
, params
):
696 """sigma_dut controlled STA and EAP-TTLS parameters"""
697 check_domain_match(dev
[0])
698 logdir
= params
['logdir']
700 with
open("auth_serv/ca.pem", "r") as f
:
701 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls.ca.pem"), "w") as f2
:
704 src
= "auth_serv/server.pem"
705 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.der")
706 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.pem.sha256")
707 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
709 stderr
=open('/dev/null', 'w'))
710 with
open(dst
, "rb") as f
:
712 hash = hashlib
.sha256(der
).digest()
713 with
open(hashdst
, "w") as f
:
714 f
.write(binascii
.hexlify(hash).decode())
716 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.incorrect.pem.sha256")
717 with
open(dst
, "w") as f
:
720 ssid
= "test-wpa2-eap"
721 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
722 hapd
= hostapd
.add_ap(apdev
[0], params
)
724 ifname
= dev
[0].ifname
725 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
727 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname
, ssid
)
731 ",Domain,server.w1.fi",
732 ",DomainSuffix,w1.fi",
733 ",DomainSuffix,server.w1.fi",
734 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
736 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
737 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
738 sigma_dut_cmd_check(cmd
+ extra
)
739 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
741 sigma_dut_wait_connected(ifname
)
742 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
743 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
744 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
745 dev
[0].dump_monitor()
747 tests
= [",Domain,w1.fi",
748 ",DomainSuffix,example.com",
749 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
751 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
752 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
753 sigma_dut_cmd_check(cmd
+ extra
)
754 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
756 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
758 raise Exception("Server certificate error not reported")
759 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
760 if "connected,1" in res
:
761 raise Exception("Unexpected connection reported")
762 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
763 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
764 dev
[0].dump_monitor()
766 stop_sigma_dut(sigma
)
768 def test_sigma_dut_suite_b(dev
, apdev
, params
):
769 """sigma_dut controlled STA Suite B"""
770 check_suite_b_192_capa(dev
)
771 logdir
= params
['logdir']
773 with
open("auth_serv/ec2-ca.pem", "r") as f
:
774 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
777 with
open("auth_serv/ec2-user.pem", "r") as f
:
778 with
open("auth_serv/ec2-user.key", "r") as f2
:
779 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
783 dev
[0].flush_scan_cache()
784 params
= suite_b_as_params()
785 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
786 params
['server_cert'] = 'auth_serv/ec2-server.pem'
787 params
['private_key'] = 'auth_serv/ec2-server.key'
788 params
['openssl_ciphers'] = 'SUITEB192'
789 hostapd
.add_ap(apdev
[1], params
)
791 params
= {"ssid": "test-suite-b",
793 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
794 "rsn_pairwise": "GCMP-256",
795 "group_mgmt_cipher": "BIP-GMAC-256",
798 'auth_server_addr': "127.0.0.1",
799 'auth_server_port': "18129",
800 'auth_server_shared_secret': "radius",
801 'nas_identifier': "nas.w1.fi"}
802 hapd
= hostapd
.add_ap(apdev
[0], params
)
804 ifname
= dev
[0].ifname
805 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
808 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
809 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
810 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
811 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
813 sigma_dut_wait_connected(ifname
)
814 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
815 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
816 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
818 stop_sigma_dut(sigma
)
820 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
821 """sigma_dut controlled STA Suite B (RSA)"""
822 check_suite_b_192_capa(dev
)
823 logdir
= params
['logdir']
825 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
826 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
829 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
830 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
831 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
835 dev
[0].flush_scan_cache()
836 params
= suite_b_192_rsa_ap_params()
837 hapd
= hostapd
.add_ap(apdev
[0], params
)
839 ifname
= dev
[0].ifname
840 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
842 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
846 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
847 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
849 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
850 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
851 sigma_dut_cmd_check(cmd
+ extra
)
852 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
854 sigma_dut_wait_connected(ifname
)
855 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
856 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
857 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
859 stop_sigma_dut(sigma
)
861 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
862 """sigma_dut controlled AP Suite B"""
863 check_suite_b_192_capa(dev
)
864 logdir
= os
.path
.join(params
['logdir'],
865 "sigma_dut_ap_suite_b.sigma-hostapd")
866 params
= suite_b_as_params()
867 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
868 params
['server_cert'] = 'auth_serv/ec2-server.pem'
869 params
['private_key'] = 'auth_serv/ec2-server.key'
870 params
['openssl_ciphers'] = 'SUITEB192'
871 hostapd
.add_ap(apdev
[1], params
)
872 with
HWSimRadio() as (radio
, iface
):
873 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
875 sigma_dut_cmd_check("ap_reset_default")
876 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
877 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
878 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
879 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
881 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
883 openssl_ciphers
="SUITEB192",
884 eap
="TLS", identity
="tls user",
885 ca_cert
="auth_serv/ec2-ca.pem",
886 client_cert
="auth_serv/ec2-user.pem",
887 private_key
="auth_serv/ec2-user.key",
888 pairwise
="GCMP-256", group
="GCMP-256",
891 sigma_dut_cmd_check("ap_reset_default")
893 stop_sigma_dut(sigma
)
895 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
896 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
897 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
900 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
901 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
902 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
905 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
906 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
907 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
910 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
911 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
912 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
915 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev
, apdev
, params
):
916 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
917 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
918 "BIP-GMAC-256", "CCMP")
920 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev
, apdev
, params
):
921 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
922 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
923 "BIP-GMAC-256", "GCMP-256", "CCMP")
925 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev
, apdev
, params
):
926 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
927 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
928 "GCMP-256", "CCMP", "AES-CCMP-128")
930 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
931 sta_cipher
, sta_cipher_group
=None, ap_group
=None):
932 check_suite_b_192_capa(dev
)
933 logdir
= os
.path
.join(params
['logdir'],
934 "sigma_dut_ap_cipher.sigma-hostapd")
935 params
= suite_b_as_params()
936 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
937 params
['server_cert'] = 'auth_serv/ec2-server.pem'
938 params
['private_key'] = 'auth_serv/ec2-server.key'
939 params
['openssl_ciphers'] = 'SUITEB192'
940 hostapd
.add_ap(apdev
[1], params
)
941 with
HWSimRadio() as (radio
, iface
):
942 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
944 sigma_dut_cmd_check("ap_reset_default")
945 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
946 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
947 cmd
= "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
)
949 cmd
+= ",GroupCipher,%s" % ap_group
950 sigma_dut_cmd_check(cmd
)
951 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
953 if sta_cipher_group
is None:
954 sta_cipher_group
= sta_cipher
955 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
957 openssl_ciphers
="SUITEB192",
958 eap
="TLS", identity
="tls user",
959 ca_cert
="auth_serv/ec2-ca.pem",
960 client_cert
="auth_serv/ec2-user.pem",
961 private_key
="auth_serv/ec2-user.key",
962 pairwise
=sta_cipher
, group
=sta_cipher_group
,
965 sigma_dut_cmd_check("ap_reset_default")
967 stop_sigma_dut(sigma
)
969 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
970 """sigma_dut controlled AP overriding RSNE"""
971 with
HWSimRadio() as (radio
, iface
):
972 sigma
= start_sigma_dut(iface
)
974 sigma_dut_cmd_check("ap_reset_default")
975 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
976 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
977 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
978 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
980 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
982 sigma_dut_cmd_check("ap_reset_default")
984 stop_sigma_dut(sigma
)
986 def test_sigma_dut_ap_sae(dev
, apdev
, params
):
987 """sigma_dut controlled AP with SAE"""
988 logdir
= os
.path
.join(params
['logdir'],
989 "sigma_dut_ap_sae.sigma-hostapd")
990 if "SAE" not in dev
[0].get_capability("auth_alg"):
991 raise HwsimSkip("SAE not supported")
992 with
HWSimRadio() as (radio
, iface
):
993 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
995 sigma_dut_cmd_check("ap_reset_default")
996 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
997 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
998 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1000 dev
[0].request("SET sae_groups ")
1001 id = dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1002 ieee80211w
="2", scan_freq
="2412")
1003 if dev
[0].get_status_field('sae_group') != '19':
1004 raise Exception("Expected default SAE group not used")
1006 res
= sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev
[0].own_addr())
1007 logger
.info("Reported PMK: " + res
)
1008 if ",PMK," not in res
:
1009 raise Exception("PMK not reported");
1010 if dev
[0].get_pmk(id) != res
.split(',')[3]:
1011 raise Exception("Mismatch in reported PMK")
1013 sigma_dut_cmd_check("ap_reset_default")
1015 stop_sigma_dut(sigma
)
1017 def test_sigma_dut_ap_sae_confirm_immediate(dev
, apdev
, params
):
1018 """sigma_dut controlled AP with SAE Confirm immediate"""
1019 logdir
= os
.path
.join(params
['logdir'],
1020 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
1021 if "SAE" not in dev
[0].get_capability("auth_alg"):
1022 raise HwsimSkip("SAE not supported")
1023 with
HWSimRadio() as (radio
, iface
):
1024 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1026 sigma_dut_cmd_check("ap_reset_default")
1027 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1028 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
1029 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1031 dev
[0].request("SET sae_groups ")
1032 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1033 ieee80211w
="2", scan_freq
="2412")
1034 if dev
[0].get_status_field('sae_group') != '19':
1035 raise Exception("Expected default SAE group not used")
1037 sigma_dut_cmd_check("ap_reset_default")
1039 stop_sigma_dut(sigma
)
1041 def test_sigma_dut_ap_sae_password(dev
, apdev
, params
):
1042 """sigma_dut controlled AP with SAE and long password"""
1043 logdir
= os
.path
.join(params
['logdir'],
1044 "sigma_dut_ap_sae_password.sigma-hostapd")
1045 if "SAE" not in dev
[0].get_capability("auth_alg"):
1046 raise HwsimSkip("SAE not supported")
1047 with
HWSimRadio() as (radio
, iface
):
1048 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1050 sigma_dut_cmd_check("ap_reset_default")
1051 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1052 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1053 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1055 dev
[0].request("SET sae_groups ")
1056 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
1057 ieee80211w
="2", scan_freq
="2412")
1058 if dev
[0].get_status_field('sae_group') != '19':
1059 raise Exception("Expected default SAE group not used")
1061 sigma_dut_cmd_check("ap_reset_default")
1063 stop_sigma_dut(sigma
)
1065 def test_sigma_dut_ap_sae_pw_id(dev
, apdev
, params
):
1066 """sigma_dut controlled AP with SAE Password Identifier"""
1067 logdir
= os
.path
.join(params
['logdir'],
1068 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1069 conffile
= os
.path
.join(params
['logdir'],
1070 "sigma_dut_ap_sae_pw_id.sigma-conf")
1071 if "SAE" not in dev
[0].get_capability("auth_alg"):
1072 raise HwsimSkip("SAE not supported")
1073 with
HWSimRadio() as (radio
, iface
):
1074 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1076 sigma_dut_cmd_check("ap_reset_default")
1077 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1078 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1079 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1081 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1082 with
open(conffile
, "wb") as f2
:
1085 dev
[0].request("SET sae_groups ")
1086 tests
= [("pw1", "id1"),
1090 for pw
, pw_id
in tests
:
1091 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=pw
,
1092 sae_password_id
=pw_id
,
1093 ieee80211w
="2", scan_freq
="2412")
1094 dev
[0].request("REMOVE_NETWORK all")
1095 dev
[0].wait_disconnected()
1097 sigma_dut_cmd_check("ap_reset_default")
1099 stop_sigma_dut(sigma
)
1101 def test_sigma_dut_ap_sae_pw_id_pwe_loop(dev
, apdev
, params
):
1102 """sigma_dut controlled AP with SAE Password Identifier and forced PWE looping"""
1103 logdir
= os
.path
.join(params
['logdir'],
1104 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-hostapd")
1105 conffile
= os
.path
.join(params
['logdir'],
1106 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-conf")
1107 if "SAE" not in dev
[0].get_capability("auth_alg"):
1108 raise HwsimSkip("SAE not supported")
1109 with
HWSimRadio() as (radio
, iface
):
1110 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1112 sigma_dut_cmd_check("ap_reset_default")
1113 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1114 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,12345678:pwid,PMF,Required,sae_pwe,looping")
1115 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1117 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1118 with
open(conffile
, "wb") as f2
:
1121 dev
[0].set("sae_groups", "")
1122 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
="12345678",
1123 sae_password_id
="pwid",
1124 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
1125 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
1126 "CTRL-EVENT-CONNECTED"], timeout
=10)
1128 raise Exception("Network selection result not indicated")
1129 if "CTRL-EVENT-CONNECTED" in ev
:
1130 raise Exception("Unexpected connection")
1131 dev
[0].request("REMOVE_NETWORK all")
1133 sigma_dut_cmd_check("ap_reset_default")
1135 stop_sigma_dut(sigma
)
1137 def test_sigma_dut_ap_sae_pw_id_ft(dev
, apdev
, params
):
1138 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1139 logdir
= os
.path
.join(params
['logdir'],
1140 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1141 conffile
= os
.path
.join(params
['logdir'],
1142 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1143 if "SAE" not in dev
[0].get_capability("auth_alg"):
1144 raise HwsimSkip("SAE not supported")
1145 with
HWSimRadio() as (radio
, iface
):
1146 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1148 sigma_dut_cmd_check("ap_reset_default")
1149 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1150 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1151 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1153 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1154 with
open(conffile
, "wb") as f2
:
1157 dev
[0].request("SET sae_groups ")
1158 tests
= [("pw1", "id1", "SAE"),
1159 ("pw2", "id2", "FT-SAE"),
1160 ("pw3", None, "FT-SAE"),
1161 ("pw4", "id4", "SAE")]
1162 for pw
, pw_id
, key_mgmt
in tests
:
1163 dev
[0].connect("test-sae", key_mgmt
=key_mgmt
, sae_password
=pw
,
1164 sae_password_id
=pw_id
,
1165 ieee80211w
="2", scan_freq
="2412")
1166 dev
[0].request("REMOVE_NETWORK all")
1167 dev
[0].wait_disconnected()
1169 sigma_dut_cmd_check("ap_reset_default")
1171 stop_sigma_dut(sigma
)
1173 def test_sigma_dut_ap_sae_group(dev
, apdev
, params
):
1174 """sigma_dut controlled AP with SAE and specific group"""
1175 logdir
= os
.path
.join(params
['logdir'],
1176 "sigma_dut_ap_sae_group.sigma-hostapd")
1177 if "SAE" not in dev
[0].get_capability("auth_alg"):
1178 raise HwsimSkip("SAE not supported")
1179 with
HWSimRadio() as (radio
, iface
):
1180 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1182 sigma_dut_cmd_check("ap_reset_default")
1183 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1184 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1185 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1187 dev
[0].request("SET sae_groups ")
1188 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1189 ieee80211w
="2", scan_freq
="2412")
1190 if dev
[0].get_status_field('sae_group') != '20':
1191 raise Exception("Expected SAE group not used")
1193 sigma_dut_cmd_check("ap_reset_default")
1195 stop_sigma_dut(sigma
)
1197 def test_sigma_dut_ap_psk_sae(dev
, apdev
, params
):
1198 """sigma_dut controlled AP with PSK+SAE"""
1199 if "SAE" not in dev
[0].get_capability("auth_alg"):
1200 raise HwsimSkip("SAE not supported")
1201 logdir
= os
.path
.join(params
['logdir'],
1202 "sigma_dut_ap_psk_sae.sigma-hostapd")
1203 with
HWSimRadio() as (radio
, iface
):
1204 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1206 sigma_dut_cmd_check("ap_reset_default")
1207 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1208 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1209 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1211 dev
[2].request("SET sae_groups ")
1212 dev
[2].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1213 scan_freq
="2412", ieee80211w
="0", wait_connect
=False)
1214 dev
[0].request("SET sae_groups ")
1215 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1216 scan_freq
="2412", ieee80211w
="2")
1217 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
1219 ev
= dev
[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1220 dev
[2].request("DISCONNECT")
1222 raise Exception("Unexpected connection without PMF")
1224 sigma_dut_cmd_check("ap_reset_default")
1226 stop_sigma_dut(sigma
)
1228 def test_sigma_dut_ap_psk_sae_ft(dev
, apdev
, params
):
1229 """sigma_dut controlled AP with PSK, SAE, FT"""
1230 logdir
= os
.path
.join(params
['logdir'],
1231 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1232 conffile
= os
.path
.join(params
['logdir'],
1233 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1234 if "SAE" not in dev
[0].get_capability("auth_alg"):
1235 raise HwsimSkip("SAE not supported")
1236 with
HWSimRadio() as (radio
, iface
):
1237 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1239 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1240 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1241 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1242 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1243 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev
[1]['bssid'])
1244 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1246 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1247 with
open(conffile
, "wb") as f2
:
1250 dev
[0].request("SET sae_groups ")
1251 dev
[0].connect("test-sae-psk", key_mgmt
="SAE FT-SAE",
1252 sae_password
="12345678", scan_freq
="2412")
1253 dev
[1].connect("test-sae-psk", key_mgmt
="WPA-PSK FT-PSK",
1254 psk
="12345678", scan_freq
="2412")
1255 dev
[2].connect("test-sae-psk", key_mgmt
="WPA-PSK",
1256 psk
="12345678", scan_freq
="2412")
1258 sigma_dut_cmd_check("ap_reset_default")
1260 stop_sigma_dut(sigma
)
1262 def test_sigma_dut_owe(dev
, apdev
):
1263 """sigma_dut controlled OWE station"""
1265 run_sigma_dut_owe(dev
, apdev
)
1267 dev
[0].set("ignore_old_scan_res", "0")
1269 def run_sigma_dut_owe(dev
, apdev
):
1270 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1271 raise HwsimSkip("OWE not supported")
1273 ifname
= dev
[0].ifname
1274 sigma
= start_sigma_dut(ifname
)
1277 params
= {"ssid": "owe",
1279 "wpa_key_mgmt": "OWE",
1281 "rsn_pairwise": "CCMP"}
1282 hapd
= hostapd
.add_ap(apdev
[0], params
)
1283 bssid
= hapd
.own_addr()
1285 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1286 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1287 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
1288 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1290 sigma_dut_wait_connected(ifname
)
1291 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1292 res
= sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname
)
1293 logger
.info("Reported PMK: " + res
)
1294 if ",PMK," not in res
:
1295 raise Exception("PMK not reported");
1296 if hapd
.request("GET_PMK " + dev
[0].own_addr()) != res
.split(',')[3]:
1297 raise Exception("Mismatch in reported PMK")
1299 dev
[0].dump_monitor()
1300 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
1301 dev
[0].wait_connected()
1302 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1303 dev
[0].wait_disconnected()
1304 dev
[0].dump_monitor()
1306 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1307 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1308 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1309 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1311 sigma_dut_wait_connected(ifname
)
1312 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1313 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1314 dev
[0].wait_disconnected()
1315 dev
[0].dump_monitor()
1317 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1318 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1319 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
1320 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1322 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1323 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1325 raise Exception("Association not rejected")
1326 if "status_code=77" not in ev
:
1327 raise Exception("Unexpected rejection reason: " + ev
)
1329 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1331 stop_sigma_dut(sigma
)
1333 def test_sigma_dut_owe_ptk_workaround(dev
, apdev
):
1334 """sigma_dut controlled OWE station with PTK workaround"""
1335 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1336 raise HwsimSkip("OWE not supported")
1338 params
= {"ssid": "owe",
1340 "wpa_key_mgmt": "OWE",
1341 "owe_ptk_workaround": "1",
1344 "rsn_pairwise": "CCMP"}
1345 hapd
= hostapd
.add_ap(apdev
[0], params
)
1347 ifname
= dev
[0].ifname
1348 sigma
= start_sigma_dut(ifname
, owe_ptk_workaround
=True)
1351 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1352 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1353 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1354 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1356 sigma_dut_wait_connected(ifname
)
1357 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1359 stop_sigma_dut(sigma
)
1360 dev
[0].set("ignore_old_scan_res", "0")
1362 def test_sigma_dut_ap_owe(dev
, apdev
, params
):
1363 """sigma_dut controlled AP with OWE"""
1364 logdir
= os
.path
.join(params
['logdir'],
1365 "sigma_dut_ap_owe.sigma-hostapd")
1366 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1367 raise HwsimSkip("OWE not supported")
1368 with
HWSimRadio() as (radio
, iface
):
1369 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1371 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1372 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1373 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1374 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1376 id = dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1379 res
= sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev
[0].own_addr())
1380 logger
.info("Reported PMK: " + res
)
1381 if ",PMK," not in res
:
1382 raise Exception("PMK not reported");
1383 if dev
[0].get_pmk(id) != res
.split(',')[3]:
1384 raise Exception("Mismatch in reported PMK")
1386 sigma_dut_cmd_check("ap_reset_default")
1388 stop_sigma_dut(sigma
)
1390 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
1391 """sigma_dut controlled AP with OWE and ECGroupID"""
1392 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1393 raise HwsimSkip("OWE not supported")
1394 with
HWSimRadio() as (radio
, iface
):
1395 sigma
= start_sigma_dut(iface
)
1397 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1398 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1399 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1400 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1402 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1403 owe_group
="20", scan_freq
="2412")
1404 dev
[0].request("REMOVE_NETWORK all")
1405 dev
[0].wait_disconnected()
1407 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1408 owe_group
="21", scan_freq
="2412")
1409 dev
[0].request("REMOVE_NETWORK all")
1410 dev
[0].wait_disconnected()
1412 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1413 owe_group
="19", scan_freq
="2412", wait_connect
=False)
1414 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1415 dev
[0].request("DISCONNECT")
1417 raise Exception("Association not rejected")
1418 if "status_code=77" not in ev
:
1419 raise Exception("Unexpected rejection reason: " + ev
)
1420 dev
[0].dump_monitor()
1422 sigma_dut_cmd_check("ap_reset_default")
1424 stop_sigma_dut(sigma
)
1426 def test_sigma_dut_ap_owe_ptk_workaround(dev
, apdev
):
1427 """sigma_dut controlled AP with OWE PTK workaround"""
1428 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1429 raise HwsimSkip("OWE not supported")
1430 with
HWSimRadio() as (radio
, iface
):
1431 sigma
= start_sigma_dut(iface
, owe_ptk_workaround
=True)
1433 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1434 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1435 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20,PMF,Required")
1436 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1438 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1439 owe_group
="20", owe_ptk_workaround
="1",
1441 sigma_dut_cmd_check("ap_reset_default")
1443 stop_sigma_dut(sigma
)
1445 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
1446 """sigma_dut controlled AP with OWE and transition mode"""
1447 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1448 raise HwsimSkip("OWE not supported")
1449 logdir
= os
.path
.join(params
['logdir'],
1450 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1451 with
HWSimRadio() as (radio
, iface
):
1452 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1454 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1455 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1456 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1457 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1458 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1459 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1461 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1462 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1464 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1466 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1467 if dev
[0].get_status_field('bssid') not in res1
:
1468 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
1469 if dev
[1].get_status_field('bssid') not in res2
:
1470 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
1472 sigma_dut_cmd_check("ap_reset_default")
1474 stop_sigma_dut(sigma
)
1476 def test_sigma_dut_ap_owe_transition_mode_2(dev
, apdev
, params
):
1477 """sigma_dut controlled AP with OWE and transition mode (2)"""
1478 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1479 raise HwsimSkip("OWE not supported")
1480 logdir
= os
.path
.join(params
['logdir'],
1481 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1482 with
HWSimRadio() as (radio
, iface
):
1483 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1485 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1486 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1487 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1488 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1489 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1490 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1492 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1493 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1495 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1497 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1498 if dev
[0].get_status_field('bssid') not in res2
:
1499 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1
)
1500 if dev
[1].get_status_field('bssid') not in res1
:
1501 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2
)
1503 sigma_dut_cmd_check("ap_reset_default")
1505 stop_sigma_dut(sigma
)
1507 def dpp_init_enrollee(dev
, id1
, enrollee_role
):
1508 logger
.info("Starting DPP initiator/enrollee in a thread")
1510 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1511 if enrollee_role
== "Configurator":
1512 cmd
+= " netrole=configurator"
1513 if "OK" not in dev
.request(cmd
):
1514 raise Exception("Failed to initiate DPP Authentication")
1515 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
1517 raise Exception("DPP configuration not completed (Enrollee)")
1518 logger
.info("DPP initiator/enrollee done")
1520 def test_sigma_dut_dpp_qr_resp_1(dev
, apdev
):
1521 """sigma_dut DPP/QR responder (conf index 1)"""
1522 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1)
1524 def test_sigma_dut_dpp_qr_resp_2(dev
, apdev
):
1525 """sigma_dut DPP/QR responder (conf index 2)"""
1526 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 2)
1528 def test_sigma_dut_dpp_qr_resp_3(dev
, apdev
):
1529 """sigma_dut DPP/QR responder (conf index 3)"""
1530 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3)
1532 def test_sigma_dut_dpp_qr_resp_4(dev
, apdev
):
1533 """sigma_dut DPP/QR responder (conf index 4)"""
1534 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 4)
1536 def test_sigma_dut_dpp_qr_resp_5(dev
, apdev
):
1537 """sigma_dut DPP/QR responder (conf index 5)"""
1538 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 5)
1540 def test_sigma_dut_dpp_qr_resp_6(dev
, apdev
):
1541 """sigma_dut DPP/QR responder (conf index 6)"""
1542 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 6)
1544 def test_sigma_dut_dpp_qr_resp_7(dev
, apdev
):
1545 """sigma_dut DPP/QR responder (conf index 7)"""
1546 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 7)
1548 def test_sigma_dut_dpp_qr_resp_8(dev
, apdev
):
1549 """sigma_dut DPP/QR responder (conf index 8)"""
1550 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 8)
1552 def test_sigma_dut_dpp_qr_resp_9(dev
, apdev
):
1553 """sigma_dut DPP/QR responder (conf index 9)"""
1554 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 9)
1556 def test_sigma_dut_dpp_qr_resp_10(dev
, apdev
):
1557 """sigma_dut DPP/QR responder (conf index 10)"""
1558 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 10)
1560 def test_sigma_dut_dpp_qr_resp_chan_list(dev
, apdev
):
1561 """sigma_dut DPP/QR responder (channel list override)"""
1562 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1, chan_list
='81/2 81/6 81/1',
1565 def test_sigma_dut_dpp_qr_resp_status_query(dev
, apdev
):
1566 """sigma_dut DPP/QR responder status query"""
1567 check_dpp_capab(dev
[1])
1568 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1569 passphrase
="ThisIsDppPassphrase")
1570 hapd
= hostapd
.add_ap(apdev
[0], params
)
1573 dev
[1].set("dpp_config_processing", "2")
1574 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3, status_query
=True)
1576 dev
[1].set("dpp_config_processing", "0", allow_fail
=True)
1578 def test_sigma_dut_dpp_qr_resp_configurator(dev
, apdev
):
1579 """sigma_dut DPP/QR responder (configurator provisioning)"""
1580 run_sigma_dut_dpp_qr_resp(dev
, apdev
, -1, enrollee_role
="Configurator")
1582 def run_sigma_dut_dpp_qr_resp(dev
, apdev
, conf_idx
, chan_list
=None,
1583 listen_chan
=None, status_query
=False,
1584 enrollee_role
="STA"):
1585 check_dpp_capab(dev
[0])
1586 check_dpp_capab(dev
[1])
1587 sigma
= start_sigma_dut(dev
[0].ifname
)
1589 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1591 cmd
+= ",DPPChannelList," + chan_list
1592 res
= sigma_dut_cmd(cmd
)
1593 if "status,COMPLETE" not in res
:
1594 raise Exception("dev_exec_action did not succeed: " + res
)
1595 hex = res
.split(',')[3]
1597 logger
.info("URI from sigma_dut: " + uri
)
1599 id1
= dev
[1].dpp_qr_code(uri
)
1601 t
= threading
.Thread(target
=dpp_init_enrollee
, args
=(dev
[1], id1
,
1604 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
1605 if conf_idx
is not None:
1606 cmd
+= ",DPPConfIndex,%d" % conf_idx
1608 cmd
+= ",DPPListenChannel," + str(listen_chan
)
1610 cmd
+= ",DPPStatusQuery,Yes"
1611 res
= sigma_dut_cmd(cmd
, timeout
=10)
1613 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1614 raise Exception("Unexpected result: " + res
)
1615 if status_query
and "StatusResult,0" not in res
:
1616 raise Exception("Status query did not succeed: " + res
)
1618 stop_sigma_dut(sigma
)
1620 def test_sigma_dut_dpp_qr_init_enrollee(dev
, apdev
):
1621 """sigma_dut DPP/QR initiator as Enrollee"""
1622 check_dpp_capab(dev
[0])
1623 check_dpp_capab(dev
[1])
1625 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1626 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1627 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1628 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1630 params
= {"ssid": "DPPNET01",
1633 "wpa_key_mgmt": "DPP",
1634 "rsn_pairwise": "CCMP",
1635 "dpp_connector": ap_connector
,
1636 "dpp_csign": csign_pub
,
1637 "dpp_netaccesskey": ap_netaccesskey
}
1639 hapd
= hostapd
.add_ap(apdev
[0], params
)
1641 raise HwsimSkip("DPP not supported")
1643 sigma
= start_sigma_dut(dev
[0].ifname
)
1645 dev
[0].set("dpp_config_processing", "2")
1647 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1648 res
= dev
[1].request(cmd
)
1650 raise Exception("Failed to add configurator")
1653 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1654 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1656 dev
[1].set("dpp_configurator_params",
1657 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1658 cmd
= "DPP_LISTEN 2437 role=configurator"
1659 if "OK" not in dev
[1].request(cmd
):
1660 raise Exception("Failed to start listen operation")
1662 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1663 if "status,COMPLETE" not in res
:
1664 raise Exception("dev_exec_action did not succeed: " + res
)
1666 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1667 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1668 raise Exception("Unexpected result: " + res
)
1670 dev
[0].set("dpp_config_processing", "0")
1671 stop_sigma_dut(sigma
)
1673 def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev
, apdev
):
1674 """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
1675 check_dpp_capab(dev
[0])
1676 check_dpp_capab(dev
[1])
1678 sigma
= start_sigma_dut(dev
[0].ifname
)
1680 cmd
= "DPP_CONFIGURATOR_ADD"
1681 res
= dev
[1].request(cmd
)
1683 raise Exception("Failed to add configurator")
1686 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1687 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1689 dev
[1].set("dpp_configurator_params",
1690 " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1691 cmd
= "DPP_LISTEN 2437 role=configurator"
1692 if "OK" not in dev
[1].request(cmd
):
1693 raise Exception("Failed to start listen operation")
1695 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1696 if "status,COMPLETE" not in res
:
1697 raise Exception("dev_exec_action did not succeed: " + res
)
1699 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout
=10)
1700 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1701 raise Exception("Unexpected result: " + res
)
1703 dev
[0].set("dpp_config_processing", "0")
1704 stop_sigma_dut(sigma
)
1706 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1707 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1708 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
)
1710 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
):
1711 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1712 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
,
1713 extra
="DPPAuthDirection,Mutual,")
1715 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
, extra
=''):
1716 check_dpp_capab(dev
[0])
1717 check_dpp_capab(dev
[1])
1719 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1720 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1721 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1722 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1724 params
= {"ssid": "DPPNET01",
1727 "wpa_key_mgmt": "DPP",
1728 "rsn_pairwise": "CCMP",
1729 "dpp_connector": ap_connector
,
1730 "dpp_csign": csign_pub
,
1731 "dpp_netaccesskey": ap_netaccesskey
}
1733 hapd
= hostapd
.add_ap(apdev
[0], params
)
1735 raise HwsimSkip("DPP not supported")
1737 sigma
= start_sigma_dut(dev
[0].ifname
)
1739 dev
[0].set("dpp_config_processing", "2")
1741 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1742 res
= dev
[1].request(cmd
)
1744 raise Exception("Failed to add configurator")
1747 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1748 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1750 dev
[1].set("dpp_configurator_params",
1751 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1752 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1753 if "OK" not in dev
[1].request(cmd
):
1754 raise Exception("Failed to start listen operation")
1756 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1757 if "status,COMPLETE" not in res
:
1758 raise Exception("dev_exec_action did not succeed: " + res
)
1759 hex = res
.split(',')[3]
1761 logger
.info("URI from sigma_dut: " + uri
)
1763 id1
= dev
[1].dpp_qr_code(uri
)
1765 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1766 if "status,COMPLETE" not in res
:
1767 raise Exception("dev_exec_action did not succeed: " + res
)
1769 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
, timeout
=10)
1770 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1771 raise Exception("Unexpected result: " + res
)
1773 dev
[0].set("dpp_config_processing", "0")
1774 stop_sigma_dut(sigma
)
1776 def dpp_init_conf_mutual(dev
, id1
, conf_id
, own_id
=None):
1778 logger
.info("Starting DPP initiator/configurator in a thread")
1779 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1
, to_hex("DPPNET01"), conf_id
)
1780 if own_id
is not None:
1781 cmd
+= " own=%d" % own_id
1782 if "OK" not in dev
.request(cmd
):
1783 raise Exception("Failed to initiate DPP Authentication")
1784 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1786 raise Exception("DPP configuration not completed (Configurator)")
1787 logger
.info("DPP initiator/configurator done")
1789 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
):
1790 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1791 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
)
1793 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev
, apdev
):
1794 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1795 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, ',DPPDelayQRResponse,1')
1797 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, extra
=None):
1798 check_dpp_capab(dev
[0])
1799 check_dpp_capab(dev
[1])
1801 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1802 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1803 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1804 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1806 params
= {"ssid": "DPPNET01",
1809 "wpa_key_mgmt": "DPP",
1810 "rsn_pairwise": "CCMP",
1811 "dpp_connector": ap_connector
,
1812 "dpp_csign": csign_pub
,
1813 "dpp_netaccesskey": ap_netaccesskey
}
1815 hapd
= hostapd
.add_ap(apdev
[0], params
)
1817 raise HwsimSkip("DPP not supported")
1819 sigma
= start_sigma_dut(dev
[0].ifname
)
1821 dev
[0].set("dpp_config_processing", "2")
1823 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1824 res
= dev
[1].request(cmd
)
1826 raise Exception("Failed to add configurator")
1829 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1830 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1832 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1833 if "status,COMPLETE" not in res
:
1834 raise Exception("dev_exec_action did not succeed: " + res
)
1835 hex = res
.split(',')[3]
1837 logger
.info("URI from sigma_dut: " + uri
)
1839 id1
= dev
[1].dpp_qr_code(uri
)
1841 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1842 if "status,COMPLETE" not in res
:
1843 raise Exception("dev_exec_action did not succeed: " + res
)
1845 t
= threading
.Thread(target
=dpp_init_conf_mutual
,
1846 args
=(dev
[1], id1
, conf_id
, id0
))
1849 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1852 res
= sigma_dut_cmd(cmd
, timeout
=25)
1854 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1855 raise Exception("Unexpected result: " + res
)
1857 dev
[0].set("dpp_config_processing", "0")
1858 stop_sigma_dut(sigma
)
1860 def dpp_resp_conf_mutual(dev
, conf_id
, uri
):
1861 logger
.info("Starting DPP responder/configurator in a thread")
1862 dev
.set("dpp_configurator_params",
1863 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1865 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1866 if "OK" not in dev
.request(cmd
):
1867 raise Exception("Failed to initiate DPP listen")
1869 ev
= dev
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=10)
1871 raise Exception("QR Code scan for mutual authentication not requested")
1872 dev
.dpp_qr_code(uri
)
1873 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1875 raise Exception("DPP configuration not completed (Configurator)")
1876 logger
.info("DPP responder/configurator done")
1878 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1879 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1880 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, False)
1882 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev
, apdev
):
1883 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1884 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, True)
1886 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, resp_pending
):
1887 check_dpp_capab(dev
[0])
1888 check_dpp_capab(dev
[1])
1890 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1891 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1892 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1893 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1895 params
= {"ssid": "DPPNET01",
1898 "wpa_key_mgmt": "DPP",
1899 "rsn_pairwise": "CCMP",
1900 "dpp_connector": ap_connector
,
1901 "dpp_csign": csign_pub
,
1902 "dpp_netaccesskey": ap_netaccesskey
}
1904 hapd
= hostapd
.add_ap(apdev
[0], params
)
1906 raise HwsimSkip("DPP not supported")
1908 sigma
= start_sigma_dut(dev
[0].ifname
)
1910 dev
[0].set("dpp_config_processing", "2")
1912 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1913 res
= dev
[1].request(cmd
)
1915 raise Exception("Failed to add configurator")
1918 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1919 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1921 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1922 if "status,COMPLETE" not in res
:
1923 raise Exception("dev_exec_action did not succeed: " + res
)
1924 hex = res
.split(',')[3]
1926 logger
.info("URI from sigma_dut: " + uri
)
1928 if not resp_pending
:
1929 dev
[1].dpp_qr_code(uri
)
1932 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1933 if "status,COMPLETE" not in res
:
1934 raise Exception("dev_exec_action did not succeed: " + res
)
1936 t
= threading
.Thread(target
=dpp_resp_conf_mutual
,
1937 args
=(dev
[1], conf_id
, uri
))
1941 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1942 res
= sigma_dut_cmd(cmd
, timeout
=15)
1944 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1945 raise Exception("Unexpected result: " + res
)
1947 dev
[0].set("dpp_config_processing", "0")
1948 stop_sigma_dut(sigma
)
1950 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev
, apdev
):
1951 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1952 check_dpp_capab(dev
[0])
1953 check_dpp_capab(dev
[1])
1955 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1956 passphrase
="ThisIsDppPassphrase")
1957 hapd
= hostapd
.add_ap(apdev
[0], params
)
1959 sigma
= start_sigma_dut(dev
[0].ifname
)
1961 dev
[0].set("dpp_config_processing", "2")
1963 cmd
= "DPP_CONFIGURATOR_ADD"
1964 res
= dev
[1].request(cmd
)
1966 raise Exception("Failed to add configurator")
1969 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1970 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1972 dev
[1].set("dpp_configurator_params",
1973 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1974 cmd
= "DPP_LISTEN 2437 role=configurator"
1975 if "OK" not in dev
[1].request(cmd
):
1976 raise Exception("Failed to start listen operation")
1978 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1979 if "status,COMPLETE" not in res
:
1980 raise Exception("dev_exec_action did not succeed: " + res
)
1982 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1983 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1984 raise Exception("Unexpected result: " + res
)
1986 dev
[0].set("dpp_config_processing", "0")
1987 stop_sigma_dut(sigma
)
1989 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev
, apdev
):
1990 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1991 check_dpp_capab(dev
[0])
1992 check_dpp_capab(dev
[1])
1993 if "SAE" not in dev
[0].get_capability("auth_alg"):
1994 raise HwsimSkip("SAE not supported")
1996 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1997 passphrase
="ThisIsDppPassphrase")
1998 params
['wpa_key_mgmt'] = 'SAE'
1999 params
["ieee80211w"] = "2"
2000 hapd
= hostapd
.add_ap(apdev
[0], params
)
2002 sigma
= start_sigma_dut(dev
[0].ifname
)
2004 dev
[0].set("dpp_config_processing", "2")
2005 dev
[0].set("sae_groups", "")
2007 cmd
= "DPP_CONFIGURATOR_ADD"
2008 res
= dev
[1].request(cmd
)
2010 raise Exception("Failed to add configurator")
2013 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2014 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2016 dev
[1].set("dpp_configurator_params",
2017 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
2018 cmd
= "DPP_LISTEN 2437 role=configurator"
2019 if "OK" not in dev
[1].request(cmd
):
2020 raise Exception("Failed to start listen operation")
2022 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2023 if "status,COMPLETE" not in res
:
2024 raise Exception("dev_exec_action did not succeed: " + res
)
2026 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
2027 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
2028 raise Exception("Unexpected result: " + res
)
2030 dev
[0].set("dpp_config_processing", "0")
2031 stop_sigma_dut(sigma
)
2033 def test_sigma_dut_dpp_qr_init_configurator_1(dev
, apdev
):
2034 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
2035 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1)
2037 def test_sigma_dut_dpp_qr_init_configurator_2(dev
, apdev
):
2038 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
2039 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 2)
2041 def test_sigma_dut_dpp_qr_init_configurator_3(dev
, apdev
):
2042 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
2043 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 3)
2045 def test_sigma_dut_dpp_qr_init_configurator_4(dev
, apdev
):
2046 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
2047 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 4)
2049 def test_sigma_dut_dpp_qr_init_configurator_5(dev
, apdev
):
2050 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
2051 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 5)
2053 def test_sigma_dut_dpp_qr_init_configurator_6(dev
, apdev
):
2054 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
2055 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 6)
2057 def test_sigma_dut_dpp_qr_init_configurator_7(dev
, apdev
):
2058 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
2059 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 7)
2061 def test_sigma_dut_dpp_qr_init_configurator_both(dev
, apdev
):
2062 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
2063 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, "Both")
2065 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev
, apdev
):
2066 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
2067 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, extra
='DPPSubsequentChannel,81/11')
2069 def run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, conf_idx
,
2070 prov_role
="Configurator",
2072 check_dpp_capab(dev
[0])
2073 check_dpp_capab(dev
[1])
2074 sigma
= start_sigma_dut(dev
[0].ifname
)
2076 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2077 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2079 cmd
= "DPP_LISTEN 2437 role=enrollee"
2080 if "OK" not in dev
[1].request(cmd
):
2081 raise Exception("Failed to start listen operation")
2083 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2084 if "status,COMPLETE" not in res
:
2085 raise Exception("dev_exec_action did not succeed: " + res
)
2087 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role
, conf_idx
)
2090 res
= sigma_dut_cmd(cmd
)
2091 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2092 raise Exception("Unexpected result: " + res
)
2094 stop_sigma_dut(sigma
)
2096 def test_sigma_dut_dpp_incompatible_roles_init(dev
, apdev
):
2097 """sigma_dut DPP roles incompatible (Initiator)"""
2098 check_dpp_capab(dev
[0])
2099 check_dpp_capab(dev
[1])
2100 sigma
= start_sigma_dut(dev
[0].ifname
)
2102 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2103 if "status,COMPLETE" not in res
:
2104 raise Exception("dev_exec_action did not succeed: " + res
)
2105 hex = res
.split(',')[3]
2107 logger
.info("URI from sigma_dut: " + uri
)
2109 id1
= dev
[1].dpp_qr_code(uri
)
2111 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2112 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2114 cmd
= "DPP_LISTEN 2437 role=enrollee"
2115 if "OK" not in dev
[1].request(cmd
):
2116 raise Exception("Failed to start listen operation")
2118 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2119 if "status,COMPLETE" not in res
:
2120 raise Exception("dev_exec_action did not succeed: " + res
)
2122 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2123 res
= sigma_dut_cmd(cmd
)
2124 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
2125 raise Exception("Unexpected result: " + res
)
2127 stop_sigma_dut(sigma
)
2129 def dpp_init_enrollee_mutual(dev
, id1
, own_id
):
2130 logger
.info("Starting DPP initiator/enrollee in a thread")
2132 cmd
= "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1
, own_id
)
2133 if "OK" not in dev
.request(cmd
):
2134 raise Exception("Failed to initiate DPP Authentication")
2135 ev
= dev
.wait_event(["DPP-CONF-RECEIVED",
2136 "DPP-NOT-COMPATIBLE"], timeout
=5)
2138 raise Exception("DPP configuration not completed (Enrollee)")
2139 logger
.info("DPP initiator/enrollee done")
2141 def test_sigma_dut_dpp_incompatible_roles_resp(dev
, apdev
):
2142 """sigma_dut DPP roles incompatible (Responder)"""
2143 check_dpp_capab(dev
[0])
2144 check_dpp_capab(dev
[1])
2145 sigma
= start_sigma_dut(dev
[0].ifname
)
2147 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2148 res
= sigma_dut_cmd(cmd
)
2149 if "status,COMPLETE" not in res
:
2150 raise Exception("dev_exec_action did not succeed: " + res
)
2151 hex = res
.split(',')[3]
2153 logger
.info("URI from sigma_dut: " + uri
)
2155 id1
= dev
[1].dpp_qr_code(uri
)
2157 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2158 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2160 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2161 if "status,COMPLETE" not in res
:
2162 raise Exception("dev_exec_action did not succeed: " + res
)
2164 t
= threading
.Thread(target
=dpp_init_enrollee_mutual
, args
=(dev
[1], id1
, id0
))
2166 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2167 res
= sigma_dut_cmd(cmd
, timeout
=10)
2169 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
2170 raise Exception("Unexpected result: " + res
)
2172 stop_sigma_dut(sigma
)
2174 def test_sigma_dut_dpp_pkex_init_configurator(dev
, apdev
):
2175 """sigma_dut DPP/PKEX initiator as Configurator"""
2176 check_dpp_capab(dev
[0])
2177 check_dpp_capab(dev
[1])
2178 sigma
= start_sigma_dut(dev
[0].ifname
)
2180 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2181 cmd
= "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1
)
2182 res
= dev
[1].request(cmd
)
2184 raise Exception("Failed to set PKEX data (responder)")
2185 cmd
= "DPP_LISTEN 2437 role=enrollee"
2186 if "OK" not in dev
[1].request(cmd
):
2187 raise Exception("Failed to start listen operation")
2189 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
2190 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2191 raise Exception("Unexpected result: " + res
)
2193 stop_sigma_dut(sigma
)
2195 def dpp_init_conf(dev
, id1
, conf
, conf_id
, extra
):
2196 logger
.info("Starting DPP initiator/configurator in a thread")
2197 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1
, conf
, extra
, conf_id
)
2198 if "OK" not in dev
.request(cmd
):
2199 raise Exception("Failed to initiate DPP Authentication")
2200 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2202 raise Exception("DPP configuration not completed (Configurator)")
2203 logger
.info("DPP initiator/configurator done")
2205 def test_sigma_dut_ap_dpp_qr(dev
, apdev
, params
):
2206 """sigma_dut controlled AP (DPP)"""
2207 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-dpp", "sta-dpp")
2209 def test_sigma_dut_ap_dpp_qr_legacy(dev
, apdev
, params
):
2210 """sigma_dut controlled AP (legacy)"""
2211 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2212 extra
="pass=%s" % to_hex("qwertyuiop"))
2214 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev
, apdev
, params
):
2215 """sigma_dut controlled AP (legacy)"""
2216 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2217 extra
="psk=%s" % (32*"12"))
2219 def run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, ap_conf
, sta_conf
, extra
=""):
2220 check_dpp_capab(dev
[0])
2221 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2222 with
HWSimRadio() as (radio
, iface
):
2223 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2225 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2226 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2227 if "status,COMPLETE" not in res
:
2228 raise Exception("dev_exec_action did not succeed: " + res
)
2229 hex = res
.split(',')[3]
2231 logger
.info("URI from sigma_dut: " + uri
)
2233 cmd
= "DPP_CONFIGURATOR_ADD"
2234 res
= dev
[0].request(cmd
)
2236 raise Exception("Failed to add configurator")
2239 id1
= dev
[0].dpp_qr_code(uri
)
2241 t
= threading
.Thread(target
=dpp_init_conf
,
2242 args
=(dev
[0], id1
, ap_conf
, conf_id
, extra
))
2244 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2246 if "ConfResult,OK" not in res
:
2247 raise Exception("Unexpected result: " + res
)
2249 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2250 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
2252 id0b
= dev
[0].dpp_qr_code(uri1
)
2254 dev
[1].set("dpp_config_processing", "2")
2255 cmd
= "DPP_LISTEN 2412"
2256 if "OK" not in dev
[1].request(cmd
):
2257 raise Exception("Failed to start listen operation")
2258 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b
, sta_conf
, extra
, conf_id
)
2259 if "OK" not in dev
[0].request(cmd
):
2260 raise Exception("Failed to initiate DPP Authentication")
2261 dev
[1].wait_connected()
2263 sigma_dut_cmd_check("ap_reset_default")
2265 dev
[1].set("dpp_config_processing", "0")
2266 stop_sigma_dut(sigma
)
2268 def test_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
, params
):
2269 """sigma_dut controlled AP as DPP PKEX responder"""
2270 check_dpp_capab(dev
[0])
2271 logdir
= os
.path
.join(params
['logdir'],
2272 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2273 with
HWSimRadio() as (radio
, iface
):
2274 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2276 run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
)
2278 stop_sigma_dut(sigma
)
2280 def dpp_init_conf_pkex(dev
, conf_id
, check_config
=True):
2281 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2283 id = dev
.dpp_bootstrap_gen(type="pkex")
2284 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id
)
2285 res
= dev
.request(cmd
)
2287 raise Exception("Failed to initiate DPP PKEX")
2288 if not check_config
:
2290 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2292 raise Exception("DPP configuration not completed (Configurator)")
2293 logger
.info("DPP initiator/configurator done")
2295 def run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
):
2296 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2298 cmd
= "DPP_CONFIGURATOR_ADD"
2299 res
= dev
[0].request(cmd
)
2301 raise Exception("Failed to add configurator")
2304 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[0], conf_id
))
2306 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout
=10)
2308 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2309 raise Exception("Unexpected result: " + res
)
2311 sigma_dut_cmd_check("ap_reset_default")
2313 def test_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2314 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2315 check_dpp_capab(dev
[0])
2316 sigma
= start_sigma_dut(dev
[0].ifname
)
2318 run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
)
2320 stop_sigma_dut(sigma
)
2322 def run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2323 cmd
= "DPP_CONFIGURATOR_ADD"
2324 res
= dev
[1].request(cmd
)
2326 raise Exception("Failed to add configurator")
2329 dev
[1].set("dpp_test", "44")
2331 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[1], conf_id
,
2334 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout
=10)
2336 if "BootstrapResult,Timeout" not in res
:
2337 raise Exception("Unexpected result: " + res
)
2339 def dpp_proto_init(dev
, id1
):
2341 logger
.info("Starting DPP initiator/configurator in a thread")
2342 cmd
= "DPP_CONFIGURATOR_ADD"
2343 res
= dev
.request(cmd
)
2345 raise Exception("Failed to add configurator")
2348 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1
, conf_id
)
2349 if "OK" not in dev
.request(cmd
):
2350 raise Exception("Failed to initiate DPP Authentication")
2352 def test_sigma_dut_dpp_proto_initiator(dev
, apdev
):
2353 """sigma_dut DPP protocol testing - Initiator"""
2354 check_dpp_capab(dev
[0])
2355 check_dpp_capab(dev
[1])
2356 tests
= [("InvalidValue", "AuthenticationRequest", "WrappedData",
2357 "BootstrapResult,OK,AuthResult,Errorsent",
2359 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2360 "BootstrapResult,OK,AuthResult,Errorsent",
2362 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2363 "BootstrapResult,OK,AuthResult,Errorsent",
2364 "Missing or invalid I-capabilities"),
2365 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2366 "BootstrapResult,OK,AuthResult,Errorsent",
2367 "Mismatching Initiator Authenticating Tag"),
2368 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2369 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2370 "Missing or invalid Enrollee Nonce attribute")]
2371 for step
, frame
, attr
, result
, fail
in tests
:
2372 dev
[0].request("FLUSH")
2373 dev
[1].request("FLUSH")
2374 sigma
= start_sigma_dut(dev
[0].ifname
)
2376 run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
,
2379 stop_sigma_dut(sigma
)
2381 def run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
, fail
):
2382 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2383 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2385 cmd
= "DPP_LISTEN 2437 role=enrollee"
2386 if "OK" not in dev
[1].request(cmd
):
2387 raise Exception("Failed to start listen operation")
2389 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2390 if "status,COMPLETE" not in res
:
2391 raise Exception("dev_exec_action did not succeed: " + res
)
2393 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
),
2395 if result
not in res
:
2396 raise Exception("Unexpected result: " + res
)
2398 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2399 if ev
is None or fail
not in ev
:
2400 raise Exception("Failure not reported correctly: " + str(ev
))
2402 dev
[1].request("DPP_STOP_LISTEN")
2403 dev
[0].dump_monitor()
2404 dev
[1].dump_monitor()
2406 def test_sigma_dut_dpp_proto_responder(dev
, apdev
):
2407 """sigma_dut DPP protocol testing - Responder"""
2408 check_dpp_capab(dev
[0])
2409 check_dpp_capab(dev
[1])
2410 tests
= [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2411 "BootstrapResult,OK,AuthResult,Errorsent",
2412 "Missing or invalid required DPP Status attribute"),
2413 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2414 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2415 "Missing or invalid Enrollee Nonce attribute")]
2416 for step
, frame
, attr
, result
, fail
in tests
:
2417 dev
[0].request("FLUSH")
2418 dev
[1].request("FLUSH")
2419 sigma
= start_sigma_dut(dev
[0].ifname
)
2421 run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
,
2424 stop_sigma_dut(sigma
)
2426 def run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
, fail
):
2427 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2428 if "status,COMPLETE" not in res
:
2429 raise Exception("dev_exec_action did not succeed: " + res
)
2430 hex = res
.split(',')[3]
2432 logger
.info("URI from sigma_dut: " + uri
)
2434 id1
= dev
[1].dpp_qr_code(uri
)
2436 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2438 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2440 if result
not in res
:
2441 raise Exception("Unexpected result: " + res
)
2443 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2444 if ev
is None or fail
not in ev
:
2445 raise Exception("Failure not reported correctly:" + str(ev
))
2447 dev
[1].request("DPP_STOP_LISTEN")
2448 dev
[0].dump_monitor()
2449 dev
[1].dump_monitor()
2451 def test_sigma_dut_dpp_proto_stop_at_initiator(dev
, apdev
):
2452 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2453 check_dpp_capab(dev
[0])
2454 check_dpp_capab(dev
[1])
2455 tests
= [("AuthenticationResponse",
2456 "BootstrapResult,OK,AuthResult,Errorsent",
2458 ("ConfigurationRequest",
2459 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2461 for frame
, result
, fail
in tests
:
2462 dev
[0].request("FLUSH")
2463 dev
[1].request("FLUSH")
2464 sigma
= start_sigma_dut(dev
[0].ifname
)
2466 run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
)
2468 stop_sigma_dut(sigma
)
2470 def run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
):
2471 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2472 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2474 cmd
= "DPP_LISTEN 2437 role=enrollee"
2475 if "OK" not in dev
[1].request(cmd
):
2476 raise Exception("Failed to start listen operation")
2478 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2479 if "status,COMPLETE" not in res
:
2480 raise Exception("dev_exec_action did not succeed: " + res
)
2482 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
))
2483 if result
not in res
:
2484 raise Exception("Unexpected result: " + res
)
2486 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2487 if ev
is None or fail
not in ev
:
2488 raise Exception("Failure not reported correctly: " + str(ev
))
2490 dev
[1].request("DPP_STOP_LISTEN")
2491 dev
[0].dump_monitor()
2492 dev
[1].dump_monitor()
2494 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, apdev
):
2495 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2496 check_dpp_capab(dev
[0])
2497 check_dpp_capab(dev
[1])
2498 tests
= [("AuthenticationConfirm",
2499 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2501 for frame
, result
, fail
in tests
:
2502 dev
[0].request("FLUSH")
2503 dev
[1].request("FLUSH")
2504 sigma
= start_sigma_dut(dev
[0].ifname
)
2506 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
,
2509 stop_sigma_dut(sigma
)
2511 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
, result
,
2513 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2514 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2516 cmd
= "DPP_LISTEN 2437 role=configurator"
2517 if "OK" not in dev
[1].request(cmd
):
2518 raise Exception("Failed to start listen operation")
2520 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2521 if "status,COMPLETE" not in res
:
2522 raise Exception("dev_exec_action did not succeed: " + res
)
2524 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2525 if result
not in res
:
2526 raise Exception("Unexpected result: " + res
)
2528 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2529 if ev
is None or fail
not in ev
:
2530 raise Exception("Failure not reported correctly: " + str(ev
))
2532 dev
[1].request("DPP_STOP_LISTEN")
2533 dev
[0].dump_monitor()
2534 dev
[1].dump_monitor()
2536 def test_sigma_dut_dpp_proto_stop_at_responder(dev
, apdev
):
2537 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2538 check_dpp_capab(dev
[0])
2539 check_dpp_capab(dev
[1])
2540 tests
= [("AuthenticationRequest",
2541 "BootstrapResult,OK,AuthResult,Errorsent",
2543 ("AuthenticationConfirm",
2544 "BootstrapResult,OK,AuthResult,Errorsent",
2546 for frame
, result
, fail
in tests
:
2547 dev
[0].request("FLUSH")
2548 dev
[1].request("FLUSH")
2549 sigma
= start_sigma_dut(dev
[0].ifname
)
2551 run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
)
2553 stop_sigma_dut(sigma
)
2555 def run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
):
2556 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2557 if "status,COMPLETE" not in res
:
2558 raise Exception("dev_exec_action did not succeed: " + res
)
2559 hex = res
.split(',')[3]
2561 logger
.info("URI from sigma_dut: " + uri
)
2563 id1
= dev
[1].dpp_qr_code(uri
)
2565 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2567 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2569 if result
not in res
:
2570 raise Exception("Unexpected result: " + res
)
2572 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2573 if ev
is None or fail
not in ev
:
2574 raise Exception("Failure not reported correctly:" + str(ev
))
2576 dev
[1].request("DPP_STOP_LISTEN")
2577 dev
[0].dump_monitor()
2578 dev
[1].dump_monitor()
2580 def dpp_proto_init_pkex(dev
):
2582 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2583 cmd
= "DPP_CONFIGURATOR_ADD"
2584 res
= dev
.request(cmd
)
2586 raise Exception("Failed to add configurator")
2589 id = dev
.dpp_bootstrap_gen(type="pkex")
2591 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id
)
2592 if "FAIL" in dev
.request(cmd
):
2593 raise Exception("Failed to initiate DPP PKEX")
2595 def test_sigma_dut_dpp_proto_initiator_pkex(dev
, apdev
):
2596 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2597 check_dpp_capab(dev
[0])
2598 check_dpp_capab(dev
[1])
2599 tests
= [("InvalidValue", "PKEXCRRequest", "WrappedData",
2600 "BootstrapResult,Errorsent",
2602 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2603 "BootstrapResult,Errorsent",
2604 "Missing or invalid Finite Cyclic Group attribute"),
2605 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2606 "BootstrapResult,Errorsent",
2607 "No valid peer bootstrapping key found")]
2608 for step
, frame
, attr
, result
, fail
in tests
:
2609 dev
[0].request("FLUSH")
2610 dev
[1].request("FLUSH")
2611 sigma
= start_sigma_dut(dev
[0].ifname
)
2613 run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
,
2616 stop_sigma_dut(sigma
)
2618 def run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
, result
, fail
):
2619 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2621 cmd
= "DPP_PKEX_ADD own=%d code=secret" % (id1
)
2622 res
= dev
[1].request(cmd
)
2624 raise Exception("Failed to set PKEX data (responder)")
2626 cmd
= "DPP_LISTEN 2437 role=enrollee"
2627 if "OK" not in dev
[1].request(cmd
):
2628 raise Exception("Failed to start listen operation")
2630 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
))
2631 if result
not in res
:
2632 raise Exception("Unexpected result: " + res
)
2634 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2635 if ev
is None or fail
not in ev
:
2636 raise Exception("Failure not reported correctly: " + str(ev
))
2638 dev
[1].request("DPP_STOP_LISTEN")
2639 dev
[0].dump_monitor()
2640 dev
[1].dump_monitor()
2642 def test_sigma_dut_dpp_proto_responder_pkex(dev
, apdev
):
2643 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2644 check_dpp_capab(dev
[0])
2645 check_dpp_capab(dev
[1])
2646 tests
= [("InvalidValue", "PKEXCRResponse", "WrappedData",
2647 "BootstrapResult,Errorsent",
2649 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2650 "BootstrapResult,Errorsent",
2651 "No DPP Status attribute"),
2652 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2653 "BootstrapResult,Errorsent",
2654 "No valid peer bootstrapping key found")]
2655 for step
, frame
, attr
, result
, fail
in tests
:
2656 dev
[0].request("FLUSH")
2657 dev
[1].request("FLUSH")
2658 sigma
= start_sigma_dut(dev
[0].ifname
)
2660 run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
,
2663 stop_sigma_dut(sigma
)
2665 def run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
, result
, fail
):
2666 t
= threading
.Thread(target
=dpp_proto_init_pkex
, args
=(dev
[1],))
2668 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2670 if result
not in res
:
2671 raise Exception("Unexpected result: " + res
)
2673 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2674 if ev
is None or fail
not in ev
:
2675 raise Exception("Failure not reported correctly:" + str(ev
))
2677 dev
[1].request("DPP_STOP_LISTEN")
2678 dev
[0].dump_monitor()
2679 dev
[1].dump_monitor()
2681 def init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2682 check_dpp_capab(dev
[0])
2683 check_dpp_capab(dev
[1])
2685 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2686 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2687 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2688 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2690 params
= {"ssid": "DPPNET01",
2693 "wpa_key_mgmt": "DPP",
2694 "rsn_pairwise": "CCMP",
2695 "dpp_connector": ap_connector
,
2696 "dpp_csign": csign_pub
,
2697 "dpp_netaccesskey": ap_netaccesskey
}
2699 hapd
= hostapd
.add_ap(apdev
[0], params
)
2701 raise HwsimSkip("DPP not supported")
2703 dev
[0].set("dpp_config_processing", "2")
2705 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
2706 res
= dev
[1].request(cmd
)
2708 raise Exception("Failed to add configurator")
2711 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2712 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2714 dev
[1].set("dpp_configurator_params",
2715 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2717 cmd
= "DPP_LISTEN 2437 role=configurator"
2718 if "OK" not in dev
[1].request(cmd
):
2719 raise Exception("Failed to start listen operation")
2721 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2722 if "status,COMPLETE" not in res
:
2723 raise Exception("dev_exec_action did not succeed: " + res
)
2725 def test_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2726 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2727 sigma
= start_sigma_dut(dev
[0].ifname
)
2729 init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
)
2731 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout
=10)
2732 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res
:
2733 raise Exception("Unexpected result: " + res
)
2735 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2736 stop_sigma_dut(sigma
)
2738 def test_sigma_dut_dpp_self_config(dev
, apdev
):
2739 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2740 check_dpp_capab(dev
[0])
2742 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2743 check_dpp_capab(hapd
)
2745 sigma
= start_sigma_dut(dev
[0].ifname
)
2747 dev
[0].set("dpp_config_processing", "2")
2748 id = hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2749 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2751 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2752 if "status,COMPLETE" not in res
:
2753 raise Exception("dev_exec_action did not succeed: " + res
)
2755 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2756 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2757 raise Exception("Unexpected result: " + res
)
2758 update_hapd_config(hapd
)
2760 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2761 res
= sigma_dut_cmd(cmd
, timeout
=10)
2762 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
2763 raise Exception("Unexpected result: " + res
)
2765 stop_sigma_dut(sigma
)
2766 dev
[0].set("dpp_config_processing", "0")
2768 def test_sigma_dut_ap_dpp_self_config(dev
, apdev
, params
):
2769 """sigma_dut DPP AP Configurator using self-configuration"""
2770 logdir
= os
.path
.join(params
['logdir'],
2771 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2772 with
HWSimRadio() as (radio
, iface
):
2773 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2775 run_sigma_dut_ap_dpp_self_config(dev
, apdev
)
2777 stop_sigma_dut(sigma
)
2778 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2780 def run_sigma_dut_ap_dpp_self_config(dev
, apdev
):
2781 check_dpp_capab(dev
[0])
2783 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2785 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout
=10)
2786 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2787 raise Exception("Unexpected result: " + res
)
2789 dev
[0].set("dpp_config_processing", "2")
2791 id = dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True)
2792 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2793 cmd
= "DPP_LISTEN 2462 role=enrollee"
2794 if "OK" not in dev
[0].request(cmd
):
2795 raise Exception("Failed to start listen operation")
2797 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2798 if "status,COMPLETE" not in res
:
2799 raise Exception("dev_exec_action did not succeed: " + res
)
2800 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2801 res
= sigma_dut_cmd(cmd
)
2802 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2803 raise Exception("Unexpected result: " + res
)
2804 dev
[0].wait_connected()
2805 dev
[0].request("DISCONNECT")
2806 dev
[0].wait_disconnected()
2807 sigma_dut_cmd_check("ap_reset_default")
2810 def test_sigma_dut_ap_dpp_relay(dev
, apdev
, params
):
2811 """sigma_dut DPP AP as Relay to Controller"""
2812 logdir
= os
.path
.join(params
['logdir'],
2813 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2814 with
HWSimRadio() as (radio
, iface
):
2815 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2817 run_sigma_dut_ap_dpp_relay(dev
, apdev
)
2819 stop_sigma_dut(sigma
)
2820 dev
[1].request("DPP_CONTROLLER_STOP")
2822 def run_sigma_dut_ap_dpp_relay(dev
, apdev
):
2823 check_dpp_capab(dev
[0])
2824 check_dpp_capab(dev
[1])
2827 conf_id
= dev
[1].dpp_configurator_add()
2828 dev
[1].set("dpp_configurator_params",
2829 " conf=sta-dpp configurator=%d" % conf_id
)
2830 id_c
= dev
[1].dpp_bootstrap_gen()
2831 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2832 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
2834 for line
in res
.splitlines():
2835 name
, value
= line
.split('=')
2836 if name
== "pkhash":
2840 raise Exception("Could not fetch public key hash from Controller")
2841 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2842 raise Exception("Failed to start Controller")
2844 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2845 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash
)
2846 res
= sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2848 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
2849 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0])
2851 sigma_dut_cmd_check("ap_reset_default")
2853 def dpp_init_tcp_enrollee(dev
, id1
):
2854 logger
.info("Starting DPP initiator/enrollee (TCP) in a thread")
2856 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2857 if "OK" not in dev
.request(cmd
):
2858 raise Exception("Failed to initiate DPP Authentication")
2859 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
2861 raise Exception("DPP configuration not completed (Enrollee)")
2862 logger
.info("DPP initiator/enrollee done")
2864 def test_sigma_dut_dpp_tcp_conf_resp(dev
, apdev
):
2865 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2866 run_sigma_dut_dpp_tcp_conf_resp(dev
)
2868 def run_sigma_dut_dpp_tcp_conf_resp(dev
, status_query
=False):
2869 check_dpp_capab(dev
[0])
2870 check_dpp_capab(dev
[1])
2871 sigma
= start_sigma_dut(dev
[0].ifname
)
2873 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2874 res
= sigma_dut_cmd(cmd
)
2875 if "status,COMPLETE" not in res
:
2876 raise Exception("dev_exec_action did not succeed: " + res
)
2877 hex = res
.split(',')[3]
2879 logger
.info("URI from sigma_dut: " + uri
)
2881 id1
= dev
[1].dpp_qr_code(uri
)
2883 t
= threading
.Thread(target
=dpp_init_tcp_enrollee
, args
=(dev
[1], id1
))
2885 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2887 cmd
+= ",DPPStatusQuery,Yes"
2888 res
= sigma_dut_cmd(cmd
, timeout
=10)
2890 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2891 raise Exception("Unexpected result: " + res
)
2892 if status_query
and "StatusResult,0" not in res
:
2893 raise Exception("Status query did not succeed: " + res
)
2895 stop_sigma_dut(sigma
)
2897 def test_sigma_dut_dpp_tcp_enrollee_init(dev
, apdev
):
2898 """sigma_dut DPP TCP Enrollee as initiator"""
2899 check_dpp_capab(dev
[0])
2900 check_dpp_capab(dev
[1])
2901 sigma
= start_sigma_dut(dev
[0].ifname
)
2904 conf_id
= dev
[1].dpp_configurator_add()
2905 dev
[1].set("dpp_configurator_params",
2906 " conf=sta-dpp configurator=%d" % conf_id
)
2907 id_c
= dev
[1].dpp_bootstrap_gen()
2908 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2909 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2910 raise Exception("Failed to start Controller")
2912 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c
))
2913 if "status,COMPLETE" not in res
:
2914 raise Exception("dev_exec_action did not succeed: " + res
)
2916 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2917 res
= sigma_dut_cmd(cmd
, timeout
=10)
2918 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2919 raise Exception("Unexpected result: " + res
)
2921 stop_sigma_dut(sigma
)
2922 dev
[1].request("DPP_CONTROLLER_STOP")
2924 def test_sigma_dut_preconfigured_profile(dev
, apdev
):
2925 """sigma_dut controlled connection using preconfigured profile"""
2927 run_sigma_dut_preconfigured_profile(dev
, apdev
)
2929 dev
[0].set("ignore_old_scan_res", "0")
2931 def run_sigma_dut_preconfigured_profile(dev
, apdev
):
2932 ifname
= dev
[0].ifname
2933 sigma
= start_sigma_dut(ifname
)
2936 params
= hostapd
.wpa2_params(ssid
="test-psk", passphrase
="12345678")
2937 hapd
= hostapd
.add_ap(apdev
[0], params
)
2938 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412",
2939 only_add_network
=True)
2941 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2942 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "test-psk"),
2944 sigma_dut_wait_connected(ifname
)
2945 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2946 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2947 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2949 stop_sigma_dut(sigma
)
2951 def test_sigma_dut_wps_pbc(dev
, apdev
):
2952 """sigma_dut and WPS PBC Enrollee"""
2954 run_sigma_dut_wps_pbc(dev
, apdev
)
2956 dev
[0].set("ignore_old_scan_res", "0")
2958 def run_sigma_dut_wps_pbc(dev
, apdev
):
2959 ssid
= "test-wps-conf"
2960 hapd
= hostapd
.add_ap(apdev
[0],
2961 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2962 "wpa_passphrase": "12345678", "wpa": "2",
2963 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2964 hapd
.request("WPS_PBC")
2966 ifname
= dev
[0].ifname
2967 sigma
= start_sigma_dut(ifname
)
2970 cmd
= "start_wps_registration,interface,%s" % ifname
2971 cmd
+= ",WpsRole,Enrollee"
2972 cmd
+= ",WpsConfigMethod,PBC"
2973 sigma_dut_cmd_check(cmd
, timeout
=15)
2975 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2977 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2979 stop_sigma_dut(sigma
)
2980 dev
[0].flush_scan_cache()
2982 def test_sigma_dut_sta_scan_bss(dev
, apdev
):
2983 """sigma_dut sta_scan_bss"""
2984 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "test"})
2985 sigma
= start_sigma_dut(dev
[0].ifname
)
2987 cmd
= "sta_scan_bss,Interface,%s,BSSID,%s" % (dev
[0].ifname
, \
2989 res
= sigma_dut_cmd(cmd
, timeout
=10)
2990 if "ssid,test,bsschannel,1" not in res
:
2991 raise Exception("Unexpected result: " + res
)
2993 stop_sigma_dut(sigma
)
2995 def test_sigma_dut_sta_scan_ssid_bssid(dev
, apdev
):
2996 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2997 hostapd
.add_ap(apdev
[0], {"ssid": "abcdef"})
2998 hostapd
.add_ap(apdev
[1], {"ssid": "qwerty"})
2999 sigma
= start_sigma_dut(dev
[0].ifname
)
3001 cmd
= "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev
[0].ifname
3002 res
= sigma_dut_cmd(cmd
, timeout
=10)
3003 if "abcdef" not in res
or "qwerty" not in res
:
3004 raise Exception("Unexpected result: " + res
)
3006 stop_sigma_dut(sigma
)
3008 def test_sigma_dut_sta_scan_short_ssid(dev
, apdev
):
3009 """sigma_dut sta_scan ShortSSID"""
3010 dev
[0].flush_scan_cache()
3011 ssid
= "test-short-ssid-list"
3012 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": ssid
,
3013 "ignore_broadcast_ssid": "1"})
3014 bssid
= apdev
[0]['bssid']
3015 payload
= struct
.pack('>L', binascii
.crc32(ssid
.encode()))
3016 val
= binascii
.hexlify(payload
).decode()
3017 sigma
= start_sigma_dut(dev
[0].ifname
)
3020 cmd
= "sta_scan,Interface,%s,ChnlFreq,2412,ShortSSID,%s" % (dev
[0].ifname
, val
)
3022 sigma_dut_cmd_check(cmd
, timeout
=5)
3023 ev
= dev
[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
3025 raise Exception("Scan did not complete")
3026 if bssid
in dev
[0].request("SCAN_RESULTS"):
3030 stop_sigma_dut(sigma
)
3031 dev
[0].request("VENDOR_ELEM_REMOVE 14 *")
3034 raise Exception("AP not found in scan results")
3036 def test_sigma_dut_ap_osen(dev
, apdev
, params
):
3037 """sigma_dut controlled AP with OSEN"""
3038 logdir
= os
.path
.join(params
['logdir'],
3039 "sigma_dut_ap_osen.sigma-hostapd")
3040 with
HWSimRadio() as (radio
, iface
):
3041 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3043 sigma_dut_cmd_check("ap_reset_default")
3044 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3045 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3046 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
3047 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3049 # RSN-OSEN (for OSU)
3050 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
3051 pairwise
="CCMP", group
="GTK_NOT_USED",
3052 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
3053 ca_cert
="auth_serv/ca.pem", scan_freq
="2412")
3055 sigma_dut_cmd_check("ap_reset_default")
3057 stop_sigma_dut(sigma
)
3059 def test_sigma_dut_ap_eap_osen(dev
, apdev
, params
):
3060 """sigma_dut controlled AP with EAP+OSEN"""
3061 logdir
= os
.path
.join(params
['logdir'],
3062 "sigma_dut_ap_eap_osen.sigma-hostapd")
3063 with
HWSimRadio() as (radio
, iface
):
3064 sigma
= start_sigma_dut(iface
, bridge
="ap-br0", hostapd_logdir
=logdir
)
3066 sigma_dut_cmd_check("ap_reset_default")
3067 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3068 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3069 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
3070 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3072 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
3073 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
3075 # RSN-OSEN (for OSU)
3076 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
3078 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
3079 ca_cert
="auth_serv/ca.pem", ieee80211w
='2',
3081 # RSN-EAP (for data connection)
3082 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
3083 identity
="hs20-test", password
="password",
3084 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
3085 ieee80211w
='2', scan_freq
="2412")
3087 hwsim_utils
.test_connectivity(dev
[0], dev
[1], broadcast
=False,
3088 success_expected
=False, timeout
=1)
3090 sigma_dut_cmd_check("ap_reset_default")
3092 stop_sigma_dut(sigma
)
3093 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3094 stderr
=open('/dev/null', 'w'))
3095 subprocess
.call(['brctl', 'delbr', 'ap-br0'],
3096 stderr
=open('/dev/null', 'w'))
3098 def test_sigma_dut_ap_eap(dev
, apdev
, params
):
3099 """sigma_dut controlled AP WPA2-Enterprise"""
3100 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
3101 with
HWSimRadio() as (radio
, iface
):
3102 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3104 sigma_dut_cmd_check("ap_reset_default")
3105 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3106 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3107 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
3108 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3110 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
3111 identity
="gpsk user",
3112 password
="abcdefghijklmnop0123456789abcdef",
3115 sigma_dut_cmd_check("ap_reset_default")
3117 stop_sigma_dut(sigma
)
3119 def test_sigma_dut_ap_eap_sha256(dev
, apdev
, params
):
3120 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
3121 logdir
= os
.path
.join(params
['logdir'],
3122 "sigma_dut_ap_eap_sha256.sigma-hostapd")
3123 with
HWSimRadio() as (radio
, iface
):
3124 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3126 sigma_dut_cmd_check("ap_reset_default")
3127 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3128 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3129 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
3130 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3132 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP-SHA256", eap
="GPSK",
3133 identity
="gpsk user",
3134 password
="abcdefghijklmnop0123456789abcdef",
3137 sigma_dut_cmd_check("ap_reset_default")
3139 stop_sigma_dut(sigma
)
3141 def test_sigma_dut_ap_ft_eap(dev
, apdev
, params
):
3142 """sigma_dut controlled AP FT-EAP"""
3143 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
3144 with
HWSimRadio() as (radio
, iface
):
3145 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3147 sigma_dut_cmd_check("ap_reset_default")
3148 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3149 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3150 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
3151 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3153 dev
[0].connect("test-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
3154 identity
="gpsk user",
3155 password
="abcdefghijklmnop0123456789abcdef",
3158 sigma_dut_cmd_check("ap_reset_default")
3160 stop_sigma_dut(sigma
)
3162 def test_sigma_dut_ap_ft_psk(dev
, apdev
, params
):
3163 """sigma_dut controlled AP FT-PSK"""
3164 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
3165 with
HWSimRadio() as (radio
, iface
):
3166 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3168 sigma_dut_cmd_check("ap_reset_default")
3169 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3170 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3171 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3173 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
3176 sigma_dut_cmd_check("ap_reset_default")
3178 stop_sigma_dut(sigma
)
3180 def test_sigma_dut_ap_ft_over_ds_psk(dev
, apdev
, params
):
3181 """sigma_dut controlled AP FT-PSK (over-DS)"""
3182 logdir
= os
.path
.join(params
['logdir'],
3183 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
3184 conffile
= os
.path
.join(params
['logdir'],
3185 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
3186 with
HWSimRadio() as (radio
, iface
):
3187 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3189 sigma_dut_cmd_check("ap_reset_default")
3190 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
3191 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3192 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3194 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3195 with
open(conffile
, "wb") as f2
:
3198 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
3201 sigma_dut_cmd_check("ap_reset_default")
3203 stop_sigma_dut(sigma
)
3205 def test_sigma_dut_ap_ent_ft_eap(dev
, apdev
, params
):
3206 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
3207 logdir
= os
.path
.join(params
['logdir'],
3208 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
3209 with
HWSimRadio() as (radio
, iface
):
3210 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3212 sigma_dut_cmd_check("ap_reset_default")
3213 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3214 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3215 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
3216 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3218 dev
[0].connect("test-ent-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
3219 identity
="gpsk user",
3220 password
="abcdefghijklmnop0123456789abcdef",
3222 dev
[1].connect("test-ent-ft-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
3223 identity
="gpsk user",
3224 password
="abcdefghijklmnop0123456789abcdef",
3227 sigma_dut_cmd_check("ap_reset_default")
3229 stop_sigma_dut(sigma
)
3231 def test_sigma_dut_venue_url(dev
, apdev
):
3232 """sigma_dut controlled Venue URL fetch"""
3234 run_sigma_dut_venue_url(dev
, apdev
)
3236 dev
[0].set("ignore_old_scan_res", "0")
3238 def run_sigma_dut_venue_url(dev
, apdev
):
3239 ifname
= dev
[0].ifname
3240 sigma
= start_sigma_dut(ifname
)
3244 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3245 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3246 params
["ieee80211w"] = "2"
3250 venue_info
= struct
.pack('BB', venue_group
, venue_type
)
3252 name1
= "Example venue"
3254 name2
= "Esimerkkipaikka"
3255 venue1
= struct
.pack('B', len(lang1
+ name1
)) + lang1
.encode() + name1
.encode()
3256 venue2
= struct
.pack('B', len(lang2
+ name2
)) + lang2
.encode() + name2
.encode()
3257 venue_name
= binascii
.hexlify(venue_info
+ venue1
+ venue2
)
3259 url1
= "http://example.com/venue"
3260 url2
= "https://example.org/venue-info/"
3261 params
["venue_group"] = str(venue_group
)
3262 params
["venue_type"] = str(venue_type
)
3263 params
["venue_name"] = [lang1
+ ":" + name1
, lang2
+ ":" + name2
]
3264 params
["venue_url"] = ["1:" + url1
, "2:" + url2
]
3266 hapd
= hostapd
.add_ap(apdev
[0], params
)
3268 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
3269 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3270 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "venue", "12345678"))
3271 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "venue"),
3273 sigma_dut_wait_connected(ifname
)
3274 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3275 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname
+ ",Display,Yes")
3276 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3277 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3279 stop_sigma_dut(sigma
)
3281 def test_sigma_dut_hs20_assoc_24(dev
, apdev
):
3282 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3283 run_sigma_dut_hs20_assoc(dev
, apdev
, True)
3285 def test_sigma_dut_hs20_assoc_5(dev
, apdev
):
3286 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3287 run_sigma_dut_hs20_assoc(dev
, apdev
, False)
3289 def run_sigma_dut_hs20_assoc(dev
, apdev
, band24
):
3293 bssid0
= apdev
[0]['bssid']
3294 params
= hs20_ap_params()
3295 params
['hessid'] = bssid0
3296 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3298 bssid1
= apdev
[1]['bssid']
3299 params
= hs20_ap_params()
3300 params
['hessid'] = bssid0
3301 params
["hw_mode"] = "a"
3302 params
["channel"] = "36"
3303 params
["country_code"] = "US"
3304 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3306 band
= "2.4" if band24
else "5"
3307 exp_bssid
= bssid0
if band24
else bssid1
3308 run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, exp_bssid
)
3310 dev
[0].request("DISCONNECT")
3312 hapd0
.request("DISABLE")
3314 hapd1
.request("DISABLE")
3315 subprocess
.call(['iw', 'reg', 'set', '00'])
3316 dev
[0].flush_scan_cache()
3318 def run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, expect_bssid
):
3319 check_eap_capa(dev
[0], "MSCHAPV2")
3320 dev
[0].flush_scan_cache()
3322 ifname
= dev
[0].ifname
3323 sigma
= start_sigma_dut(ifname
)
3326 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname
)
3327 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3328 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname
)
3329 res
= sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname
, band
),
3331 sigma_dut_wait_connected(ifname
)
3332 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3333 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3334 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3336 stop_sigma_dut(sigma
)
3338 if "BSSID," + expect_bssid
not in res
:
3339 raise Exception("Unexpected BSSID: " + res
)
3341 def test_sigma_dut_ap_hs20(dev
, apdev
, params
):
3342 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3343 logdir
= os
.path
.join(params
['logdir'],
3344 "sigma_dut_ap_hs20.sigma-hostapd")
3345 conffile
= os
.path
.join(params
['logdir'],
3346 "sigma_dut_ap_hs20.sigma-conf")
3347 with
HWSimRadio() as (radio
, iface
):
3348 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3350 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3351 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3352 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3353 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3354 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3355 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3356 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3357 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3358 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3359 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3360 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3361 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3362 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3363 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3365 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3366 with
open(conffile
, "wb") as f2
:
3369 sigma_dut_cmd_check("ap_reset_default")
3371 stop_sigma_dut(sigma
)
3373 def test_sigma_dut_eap_ttls_uosc(dev
, apdev
, params
):
3374 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3375 logdir
= params
['logdir']
3377 with
open("auth_serv/ca.pem", "r") as f
:
3378 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.ca.pem"),
3382 src
= "auth_serv/server.pem"
3383 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.der")
3384 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3385 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3387 stderr
=open('/dev/null', 'w'))
3388 with
open(dst
, "rb") as f
:
3390 hash = hashlib
.sha256(der
).digest()
3391 with
open(hashdst
, "w") as f
:
3392 f
.write(binascii
.hexlify(hash).decode())
3394 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3395 with
open(dst
, "w") as f
:
3398 ssid
= "test-wpa2-eap"
3399 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3400 hapd
= hostapd
.add_ap(apdev
[0], params
)
3402 ifname
= dev
[0].ifname
3403 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3406 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname
, ssid
)
3408 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3409 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3410 sigma_dut_cmd_check(cmd
)
3411 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3413 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3415 raise Exception("Server certificate error not reported")
3417 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3418 if "ServerCertTrustResult,Accepted" not in res
:
3419 raise Exception("Server certificate trust was not accepted")
3420 sigma_dut_wait_connected(ifname
)
3421 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3422 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3423 dev
[0].dump_monitor()
3425 stop_sigma_dut(sigma
)
3427 def test_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
):
3428 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3429 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, False)
3431 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev
, apdev
, params
):
3432 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3433 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, True)
3435 def run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, tofu
):
3436 logdir
= params
['logdir']
3438 name
= "sigma_dut_eap_ttls_uosc_tod"
3441 with
open("auth_serv/ca.pem", "r") as f
:
3442 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3446 src
= "auth_serv/server-certpol2.pem"
3448 src
= "auth_serv/server-certpol.pem"
3449 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3450 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3451 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3453 stderr
=open('/dev/null', 'w'))
3454 with
open(dst
, "rb") as f
:
3456 hash = hashlib
.sha256(der
).digest()
3457 with
open(hashdst
, "w") as f
:
3458 f
.write(binascii
.hexlify(hash).decode())
3460 ssid
= "test-wpa2-eap"
3461 params
= int_eap_server_params()
3462 params
["ssid"] = ssid
3464 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3465 params
["private_key"] = "auth_serv/server-certpol2.key"
3467 params
["server_cert"] = "auth_serv/server-certpol.pem"
3468 params
["private_key"] = "auth_serv/server-certpol.key"
3469 hapd
= hostapd
.add_ap(apdev
[0], params
)
3471 ifname
= dev
[0].ifname
3472 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3475 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name
+ ".server.pem") % (ifname
, ssid
)
3476 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3477 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3478 sigma_dut_cmd_check(cmd
)
3479 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3481 sigma_dut_wait_connected(ifname
)
3482 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3483 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
+ ",maintain_profile,1")
3484 dev
[0].wait_disconnected()
3485 dev
[0].dump_monitor()
3488 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3489 hapd
= hostapd
.add_ap(apdev
[0], params
)
3491 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3493 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3495 raise Exception("Server certificate error not reported")
3497 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3498 if "ServerCertTrustResult,Accepted" in res
:
3499 raise Exception("Server certificate trust override was accepted unexpectedly")
3500 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3501 dev
[0].dump_monitor()
3503 stop_sigma_dut(sigma
)
3505 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev
, apdev
, params
):
3506 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3507 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, False)
3509 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev
, apdev
, params
):
3510 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3511 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, True)
3513 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, tofu
):
3514 logdir
= params
['logdir']
3516 name
= "sigma_dut_eap_ttls_uosc_initial_tod"
3519 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
3520 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3524 src
= "auth_serv/server-certpol2.pem"
3526 src
= "auth_serv/server-certpol.pem"
3527 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3528 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3529 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3531 stderr
=open('/dev/null', 'w'))
3532 with
open(dst
, "rb") as f
:
3534 hash = hashlib
.sha256(der
).digest()
3535 with
open(hashdst
, "w") as f
:
3536 f
.write(binascii
.hexlify(hash).decode())
3538 ssid
= "test-wpa2-eap"
3539 params
= int_eap_server_params()
3540 params
["ssid"] = ssid
3542 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3543 params
["private_key"] = "auth_serv/server-certpol2.key"
3545 params
["server_cert"] = "auth_serv/server-certpol.pem"
3546 params
["private_key"] = "auth_serv/server-certpol.key"
3547 hapd
= hostapd
.add_ap(apdev
[0], params
)
3549 ifname
= dev
[0].ifname
3550 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3553 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname
, ssid
)
3554 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3555 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3556 sigma_dut_cmd_check(cmd
)
3557 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3559 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=15)
3561 raise Exception("Server certificate validation failure not reported")
3563 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3564 if not tofu
and "ServerCertTrustResult,Accepted" in res
:
3565 raise Exception("Server certificate trust override was accepted unexpectedly")
3566 if tofu
and "ServerCertTrustResult,Accepted" not in res
:
3567 raise Exception("Server certificate trust override was not accepted")
3568 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3569 dev
[0].dump_monitor()
3571 stop_sigma_dut(sigma
)
3573 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev
, apdev
, params
):
3574 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3575 check_domain_suffix_match(dev
[0])
3576 logdir
= params
['logdir']
3578 with
open("auth_serv/ca.pem", "r") as f
:
3579 with
open(os
.path
.join(logdir
,
3580 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3584 ssid
= "test-wpa2-eap"
3585 params
= int_eap_server_params()
3586 params
["ssid"] = ssid
3587 params
["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3588 params
["server_cert"] = "auth_serv/rsa3072-server.pem"
3589 params
["private_key"] = "auth_serv/rsa3072-server.key"
3590 hapd
= hostapd
.add_ap(apdev
[0], params
)
3592 ifname
= dev
[0].ifname
3593 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3596 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname
, ssid
)
3597 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3598 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3599 sigma_dut_cmd_check(cmd
)
3600 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3602 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3604 raise Exception("Server certificate error not reported")
3606 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3607 if "ServerCertTrustResult,Accepted" not in res
:
3608 raise Exception("Server certificate trust was not accepted")
3609 sigma_dut_wait_connected(ifname
)
3610 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3611 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3612 dev
[0].dump_monitor()
3614 stop_sigma_dut(sigma
)
3616 def start_sae_pwe_ap(apdev
, sae_pwe
):
3618 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3619 params
['wpa_key_mgmt'] = 'SAE'
3620 params
["ieee80211w"] = "2"
3621 params
['sae_groups'] = '19'
3622 params
['sae_pwe'] = str(sae_pwe
)
3623 return hostapd
.add_ap(apdev
, params
)
3625 def connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3627 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3628 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3629 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3632 sigma_dut_cmd_check(cmd
)
3633 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3635 sigma_dut_wait_connected(ifname
)
3636 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3637 dev
.wait_disconnected()
3638 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3641 def no_connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3643 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3644 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3645 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3648 sigma_dut_cmd_check(cmd
)
3649 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3651 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
3652 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3653 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3654 raise Exception("Unexpected connection result")
3655 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3658 def test_sigma_dut_sae_h2e(dev
, apdev
):
3659 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3660 if "SAE" not in dev
[0].get_capability("auth_alg"):
3661 raise HwsimSkip("SAE not supported")
3663 start_sae_pwe_ap(apdev
[0], 2)
3665 ifname
= dev
[0].ifname
3666 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3668 connect_sae_pwe_sta(dev
[0], ifname
)
3669 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3670 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3671 res
= sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname
, "test-sae", "12345678"))
3672 if res
!= "status,ERROR,errorCode,Unsupported sae_pwe value":
3673 raise Exception("Unexpected error result: " + res
)
3675 stop_sigma_dut(sigma
)
3676 dev
[0].set("sae_pwe", "0")
3678 def test_sigma_dut_sae_h2e_ap_loop(dev
, apdev
):
3679 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3680 if "SAE" not in dev
[0].get_capability("auth_alg"):
3681 raise HwsimSkip("SAE not supported")
3683 start_sae_pwe_ap(apdev
[0], 0)
3685 ifname
= dev
[0].ifname
3686 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3688 connect_sae_pwe_sta(dev
[0], ifname
)
3689 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3690 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3692 stop_sigma_dut(sigma
)
3693 dev
[0].set("sae_pwe", "0")
3695 def test_sigma_dut_sae_h2e_ap_h2e(dev
, apdev
):
3696 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3697 if "SAE" not in dev
[0].get_capability("auth_alg"):
3698 raise HwsimSkip("SAE not supported")
3700 start_sae_pwe_ap(apdev
[0], 1)
3702 ifname
= dev
[0].ifname
3703 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3705 connect_sae_pwe_sta(dev
[0], ifname
)
3706 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3707 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3709 stop_sigma_dut(sigma
)
3710 dev
[0].set("sae_pwe", "0")
3712 def test_sigma_dut_ap_sae_h2e(dev
, apdev
, params
):
3713 """sigma_dut controlled AP with SAE H2E"""
3714 logdir
= os
.path
.join(params
['logdir'],
3715 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3716 if "SAE" not in dev
[0].get_capability("auth_alg"):
3717 raise HwsimSkip("SAE not supported")
3718 with
HWSimRadio() as (radio
, iface
):
3719 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3721 sigma_dut_cmd_check("ap_reset_default")
3722 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3723 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3724 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3726 for sae_pwe
in [0, 1, 2]:
3727 dev
[0].request("SET sae_groups ")
3728 dev
[0].set("sae_pwe", str(sae_pwe
))
3729 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3730 ieee80211w
="2", scan_freq
="2412")
3731 dev
[0].request("REMOVE_NETWORK all")
3732 dev
[0].wait_disconnected()
3733 dev
[0].dump_monitor()
3735 sigma_dut_cmd_check("ap_reset_default")
3737 stop_sigma_dut(sigma
)
3738 dev
[0].set("sae_pwe", "0")
3740 def test_sigma_dut_ap_sae_h2e_only(dev
, apdev
, params
):
3741 """sigma_dut controlled AP with SAE H2E-only"""
3742 logdir
= os
.path
.join(params
['logdir'],
3743 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3744 if "SAE" not in dev
[0].get_capability("auth_alg"):
3745 raise HwsimSkip("SAE not supported")
3746 with
HWSimRadio() as (radio
, iface
):
3747 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3749 sigma_dut_cmd_check("ap_reset_default")
3750 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3751 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3752 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3754 dev
[0].request("SET sae_groups ")
3755 dev
[0].set("sae_pwe", "1")
3756 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3757 ieee80211w
="2", scan_freq
="2412")
3758 dev
[0].request("REMOVE_NETWORK all")
3759 dev
[0].wait_disconnected()
3760 dev
[0].dump_monitor()
3762 dev
[0].set("sae_pwe", "0")
3763 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3764 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3765 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3766 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3767 dev
[0].request("DISCONNECT")
3768 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3769 raise Exception("Unexpected connection result")
3771 sigma_dut_cmd_check("ap_reset_default")
3773 stop_sigma_dut(sigma
)
3774 dev
[0].set("sae_pwe", "0")
3776 def test_sigma_dut_ap_sae_loop_only(dev
, apdev
, params
):
3777 """sigma_dut controlled AP with SAE looping-only"""
3778 logdir
= os
.path
.join(params
['logdir'],
3779 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3780 if "SAE" not in dev
[0].get_capability("auth_alg"):
3781 raise HwsimSkip("SAE not supported")
3782 with
HWSimRadio() as (radio
, iface
):
3783 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3785 sigma_dut_cmd_check("ap_reset_default")
3786 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3787 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3788 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3790 dev
[0].request("SET sae_groups ")
3791 dev
[0].set("sae_pwe", "0")
3792 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3793 ieee80211w
="2", scan_freq
="2412")
3794 dev
[0].request("REMOVE_NETWORK all")
3795 dev
[0].wait_disconnected()
3796 dev
[0].dump_monitor()
3798 dev
[0].set("sae_pwe", "1")
3799 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3800 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3801 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3802 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3803 dev
[0].request("DISCONNECT")
3804 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3805 raise Exception("Unexpected connection result")
3807 sigma_dut_cmd_check("ap_reset_default")
3809 stop_sigma_dut(sigma
)
3810 dev
[0].set("sae_pwe", "0")
3812 def test_sigma_dut_sae_h2e_loop_forcing(dev
, apdev
):
3813 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3814 if "SAE" not in dev
[0].get_capability("auth_alg"):
3815 raise HwsimSkip("SAE not supported")
3818 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3819 params
['wpa_key_mgmt'] = 'SAE'
3820 params
["ieee80211w"] = "2"
3821 params
['sae_pwe'] = '1'
3822 hapd
= hostapd
.add_ap(apdev
[0], params
)
3824 ifname
= dev
[0].ifname
3825 sigma
= start_sigma_dut(ifname
)
3827 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3828 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3829 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname
, "test-sae", "12345678"))
3830 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3832 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3834 raise Exception("No authentication attempt reported")
3835 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3837 raise Exception("Unexpected connection reported")
3839 stop_sigma_dut(sigma
)
3841 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev
, apdev
):
3842 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3843 if "SAE" not in dev
[0].get_capability("auth_alg"):
3844 raise HwsimSkip("SAE not supported")
3847 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3848 params
['wpa_key_mgmt'] = 'SAE'
3849 params
["ieee80211w"] = "2"
3850 params
['sae_groups'] = "19 20"
3851 params
['sae_pwe'] = '1'
3852 hapd
= hostapd
.add_ap(apdev
[0], params
)
3854 ifname
= dev
[0].ifname
3855 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3857 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3858 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3859 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname
, "test-sae", "12345678"))
3860 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3862 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3864 raise Exception("No authentication attempt reported")
3865 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3867 raise Exception("Unexpected connection reported")
3869 stop_sigma_dut(sigma
)
3871 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev
, apdev
):
3872 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3873 if "SAE" not in dev
[0].get_capability("auth_alg"):
3874 raise HwsimSkip("SAE not supported")
3877 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3878 params
['wpa_key_mgmt'] = 'SAE'
3879 params
["ieee80211w"] = "2"
3880 params
['sae_groups'] = "19"
3881 params
['sae_pwe'] = '1'
3882 hapd
= hostapd
.add_ap(apdev
[0], params
)
3884 ifname
= dev
[0].ifname
3885 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3887 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3888 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3889 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname
, "test-sae", "12345678"))
3890 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3892 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3894 raise Exception("No authentication attempt reported")
3895 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3897 raise Exception("Unexpected connection reported")
3899 stop_sigma_dut(sigma
)
3900 dev
[0].set("sae_pwe", "0")
3902 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev
, apdev
, params
):
3903 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3904 logdir
= os
.path
.join(params
['logdir'],
3905 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3906 if "SAE" not in dev
[0].get_capability("auth_alg"):
3907 raise HwsimSkip("SAE not supported")
3908 with
HWSimRadio() as (radio
, iface
):
3909 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3911 sigma_dut_cmd_check("ap_reset_default")
3912 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3913 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3914 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3916 dev
[0].request("SET sae_groups ")
3917 dev
[0].set("sae_pwe", "1")
3918 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3919 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3920 ev
= dev
[0].wait_event(["Associated with"], timeout
=10)
3922 raise Exception("No indication of association seen")
3923 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3924 "CTRL-EVENT-DISCONNECTED"], timeout
=10)
3925 dev
[0].request("DISCONNECT")
3927 raise Exception("No disconnection seen")
3928 if "CTRL-EVENT-DISCONNECTED" not in ev
:
3929 raise Exception("Unexpected connection")
3931 sigma_dut_cmd_check("ap_reset_default")
3933 stop_sigma_dut(sigma
)
3934 dev
[0].set("sae_pwe", "0")
3936 def test_sigma_dut_ap_sae_h2e_group_rejection(dev
, apdev
, params
):
3937 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3938 logdir
= os
.path
.join(params
['logdir'],
3939 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3940 if "SAE" not in dev
[0].get_capability("auth_alg"):
3941 raise HwsimSkip("SAE not supported")
3942 with
HWSimRadio() as (radio
, iface
):
3943 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3945 sigma_dut_cmd_check("ap_reset_default")
3946 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3947 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3948 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3950 dev
[0].request("SET sae_groups 21 20 19")
3951 dev
[0].set("sae_pwe", "1")
3952 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3953 ieee80211w
="2", scan_freq
="2412")
3954 addr
= dev
[0].own_addr()
3955 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr
)
3956 if "DHGroupVerResult,21 20" not in res
:
3957 raise Exception("Unexpected dev_exec_action response: " + res
)
3959 sigma_dut_cmd_check("ap_reset_default")
3961 stop_sigma_dut(sigma
)
3962 dev
[0].set("sae_pwe", "0")
3964 def test_sigma_dut_ap_sae_h2e_anti_clogging(dev
, apdev
, params
):
3965 """sigma_dut controlled AP with SAE H2E and anti-clogging token"""
3966 logdir
= os
.path
.join(params
['logdir'],
3967 "sigma_dut_ap_sae_h2e_anti_clogging.sigma-hostapd")
3968 if "SAE" not in dev
[0].get_capability("auth_alg"):
3969 raise HwsimSkip("SAE not supported")
3970 with
HWSimRadio() as (radio
, iface
):
3971 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3973 sigma_dut_cmd_check("ap_reset_default")
3974 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3975 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SAE,PSK,12345678,AntiCloggingThreshold,0")
3976 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3978 dev
[0].set("sae_groups", "")
3979 dev
[0].set("sae_pwe", "2")
3980 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3981 ieee80211w
="2", scan_freq
="2412")
3983 sigma_dut_cmd_check("ap_reset_default")
3985 stop_sigma_dut(sigma
)
3986 dev
[0].set("sae_pwe", "0")
3988 def test_sigma_dut_ap_5ghz(dev
, apdev
, params
):
3989 """sigma_dut controlled AP on 5 GHz"""
3990 run_sigma_dut_ap_channel(dev
, apdev
, params
, 36, '11na', 5180,
3991 check_signal
="WIDTH=20 MHz")
3993 def test_sigma_dut_ap_ht40plus(dev
, apdev
, params
):
3994 """sigma_dut controlled AP and HT40+"""
3995 run_sigma_dut_ap_channel(dev
, apdev
, params
, 36, '11na', 5180,
3996 extra
="width,40", check_signal
="WIDTH=40 MHz")
3998 def test_sigma_dut_ap_ht40minus(dev
, apdev
, params
):
3999 """sigma_dut controlled AP and HT40-"""
4000 run_sigma_dut_ap_channel(dev
, apdev
, params
, 40, '11na', 5200,
4001 extra
="width,40", check_signal
="WIDTH=40 MHz")
4003 def test_sigma_dut_ap_vht40(dev
, apdev
, params
):
4004 """sigma_dut controlled AP and VHT40"""
4005 run_sigma_dut_ap_channel(dev
, apdev
, params
, 36, '11ac', 5180,
4006 extra
="width,40", check_signal
="WIDTH=40 MHz",
4009 def test_sigma_dut_ap_vht80(dev
, apdev
, params
):
4010 """sigma_dut controlled AP and VHT80"""
4011 run_sigma_dut_ap_channel(dev
, apdev
, params
, 36, '11ac', 5180,
4012 extra
="width,80", check_signal
="WIDTH=80 MHz",
4015 def run_sigma_dut_ap_channel(dev
, apdev
, params
, channel
, mode
, scan_freq
,
4016 extra
=None, check_signal
=None, program
=None):
4017 logdir
= params
['prefix'] + ".sigma-hostapd"
4018 with
HWSimRadio() as (radio
, iface
):
4019 subprocess
.call(['iw', 'reg', 'set', 'US'])
4020 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
4022 cmd
= "ap_reset_default"
4024 cmd
+= ",program," + program
4025 sigma_dut_cmd_check(cmd
)
4026 cmd
= "ap_set_wireless,NAME,AP,CHANNEL,%d,SSID,test-psk,MODE,%s" % (channel
, mode
)
4029 sigma_dut_cmd_check(cmd
)
4030 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
4031 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
4033 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
4034 with
open(params
['prefix'] + ".sigma-conf", "wb") as f2
:
4037 dev
[0].connect("test-psk", psk
="12345678", scan_freq
=str(scan_freq
))
4038 sig
= dev
[0].request("SIGNAL_POLL")
4039 logger
.info("SIGNAL_POLL:\n" + sig
.strip())
4040 dev
[0].request("DISCONNECT")
4041 dev
[0].wait_disconnected()
4043 sigma_dut_cmd_check("ap_reset_default")
4045 if check_signal
and check_signal
not in sig
:
4046 raise Exception("Unexpected SIGNAL_POLL data")
4048 stop_sigma_dut(sigma
)
4049 subprocess
.call(['iw', 'reg', 'set', '00'])
4050 dev
[0].flush_scan_cache()