]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: sigma_dut sta_scan ShortSSID
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import binascii
9 import errno
10 import fcntl
11 import hashlib
12 import logging
13 logger = logging.getLogger()
14 import os
15 import socket
16 import struct
17 import subprocess
18 import threading
19 import time
20
21 import hostapd
22 from utils import HwsimSkip
23 from hwsim import HWSimRadio
24 import hwsim_utils
25 from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
26 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
27 from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match
28 from test_ap_hs20 import hs20_ap_params
29
30 def check_sigma_dut():
31 if not os.path.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
33
34 def to_hex(s):
35 return binascii.hexlify(s.encode()).decode()
36
37 def from_hex(s):
38 return binascii.unhexlify(s).decode()
39
40 def sigma_log_output(cmd):
41 try:
42 out = cmd.stdout.read()
43 if out:
44 logger.debug("sigma_dut stdout: " + str(out.decode()))
45 except IOError as e:
46 if e.errno != errno.EAGAIN:
47 raise
48 try:
49 out = cmd.stderr.read()
50 if out:
51 logger.debug("sigma_dut stderr: " + str(out.decode()))
52 except IOError as e:
53 if e.errno != errno.EAGAIN:
54 raise
55
56 sigma_prog = None
57
58 def sigma_dut_cmd(cmd, port=9000, timeout=2):
59 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
60 socket.IPPROTO_TCP)
61 sock.settimeout(timeout)
62 addr = ('127.0.0.1', port)
63 sock.connect(addr)
64 sock.send(cmd.encode() + b"\r\n")
65 try:
66 res = sock.recv(1000).decode()
67 running = False
68 done = False
69 for line in res.splitlines():
70 if line.startswith("status,RUNNING"):
71 running = True
72 elif line.startswith("status,INVALID"):
73 done = True
74 elif line.startswith("status,ERROR"):
75 done = True
76 elif line.startswith("status,COMPLETE"):
77 done = True
78 if running and not done:
79 # Read the actual response
80 res = sock.recv(1000).decode()
81 except:
82 res = ''
83 pass
84 sock.close()
85 res = res.rstrip()
86 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
87 global sigma_prog
88 if sigma_prog:
89 sigma_log_output(sigma_prog)
90 return res
91
92 def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
93 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
94 if "COMPLETE" not in res:
95 raise Exception("sigma_dut command failed: " + cmd)
96 return res
97
98 def start_sigma_dut(ifname, hostapd_logdir=None, cert_path=None,
99 bridge=None, sae_h2e=False, owe_ptk_workaround=False):
100 check_sigma_dut()
101 cmd = ['./sigma_dut',
102 '-d',
103 '-M', ifname,
104 '-S', ifname,
105 '-F', '../../hostapd/hostapd',
106 '-G',
107 '-w', '/var/run/wpa_supplicant/',
108 '-j', ifname]
109 if hostapd_logdir:
110 cmd += ['-H', hostapd_logdir]
111 if cert_path:
112 cmd += ['-C', cert_path]
113 if bridge:
114 cmd += ['-b', bridge]
115 if sae_h2e:
116 cmd += ['-2']
117 if owe_ptk_workaround:
118 cmd += ['-3']
119 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
120 stderr=subprocess.PIPE)
121 for stream in [sigma.stdout, sigma.stderr]:
122 fd = stream.fileno()
123 fl = fcntl.fcntl(fd, fcntl.F_GETFL)
124 fcntl.fcntl(fd, fcntl.F_SETFL, fl | os.O_NONBLOCK)
125
126 global sigma_prog
127 sigma_prog = sigma
128 res = None
129 for i in range(20):
130 try:
131 res = sigma_dut_cmd("HELLO")
132 break
133 except:
134 time.sleep(0.05)
135 if res is None or "errorCode,Unknown command" not in res:
136 raise Exception("Failed to start sigma_dut")
137 return {'cmd': sigma, 'ifname': ifname}
138
139 def stop_sigma_dut(sigma):
140 global sigma_prog
141 sigma_prog = None
142 cmd = sigma['cmd']
143 sigma_log_output(cmd)
144 logger.debug("Terminating sigma_dut process")
145 cmd.terminate()
146 cmd.wait()
147 out, err = cmd.communicate()
148 logger.debug("sigma_dut stdout: " + str(out.decode()))
149 logger.debug("sigma_dut stderr: " + str(err.decode()))
150 subprocess.call(["ip", "addr", "del", "dev", sigma['ifname'],
151 "127.0.0.11/24"],
152 stderr=open('/dev/null', 'w'))
153
154 def sigma_dut_wait_connected(ifname):
155 for i in range(50):
156 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
157 if "connected,1" in res:
158 break
159 time.sleep(0.2)
160 if i == 49:
161 raise Exception("Connection did not complete")
162
163 def test_sigma_dut_basic(dev, apdev):
164 """sigma_dut basic functionality"""
165 sigma = start_sigma_dut(dev[0].ifname)
166
167 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
168 ("device_get_info", "status,COMPLETE,vendor"),
169 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
170 ("device_list_interfaces,interfaceType,802.11",
171 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
172 try:
173 res = sigma_dut_cmd("UNKNOWN")
174 if "status,INVALID,errorCode,Unknown command" not in res:
175 raise Exception("Unexpected sigma_dut response to unknown command")
176
177 for cmd, response in tests:
178 res = sigma_dut_cmd(cmd)
179 if response not in res:
180 raise Exception("Unexpected %s response: %s" % (cmd, res))
181 finally:
182 stop_sigma_dut(sigma)
183
184 def test_sigma_dut_open(dev, apdev):
185 """sigma_dut controlled open network association"""
186 try:
187 run_sigma_dut_open(dev, apdev)
188 finally:
189 dev[0].set("ignore_old_scan_res", "0")
190
191 def run_sigma_dut_open(dev, apdev):
192 ifname = dev[0].ifname
193 sigma = start_sigma_dut(ifname)
194
195 try:
196 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
197
198 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
199 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
200 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"),
201 timeout=10)
202 sigma_dut_wait_connected(ifname)
203 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
204 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
205 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
206 finally:
207 stop_sigma_dut(sigma)
208
209 def test_sigma_dut_psk_pmf(dev, apdev):
210 """sigma_dut controlled PSK+PMF association"""
211 try:
212 run_sigma_dut_psk_pmf(dev, apdev)
213 finally:
214 dev[0].set("ignore_old_scan_res", "0")
215
216 def run_sigma_dut_psk_pmf(dev, apdev):
217 ifname = dev[0].ifname
218 sigma = start_sigma_dut(ifname)
219
220 try:
221 ssid = "test-pmf-required"
222 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
223 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
224 params["ieee80211w"] = "2"
225 hapd = hostapd.add_ap(apdev[0], params)
226
227 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
228 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
229 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
230 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
231 timeout=10)
232 sigma_dut_wait_connected(ifname)
233 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
234 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
235 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
236 finally:
237 stop_sigma_dut(sigma)
238
239 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
240 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
241 try:
242 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
243 finally:
244 dev[0].set("ignore_old_scan_res", "0")
245
246 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
247 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
248 try:
249 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
250 finally:
251 dev[0].set("ignore_old_scan_res", "0")
252
253 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
254 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
255 try:
256 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
257 finally:
258 dev[0].set("ignore_old_scan_res", "0")
259
260 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
261 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
262 try:
263 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
264 finally:
265 dev[0].set("ignore_old_scan_res", "0")
266
267 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
268 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
269 try:
270 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
271 failure=True)
272 finally:
273 dev[0].set("ignore_old_scan_res", "0")
274
275 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
276 failure=False):
277 ifname = dev[0].ifname
278 sigma = start_sigma_dut(ifname)
279
280 try:
281 ssid = "test-pmf-required"
282 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
283 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
284 params["ieee80211w"] = "2"
285 params["group_mgmt_cipher"] = hostapd_cipher
286 hapd = hostapd.add_ap(apdev[0], params)
287
288 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
289 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
290 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
291 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
292 timeout=2 if failure else 10)
293 if failure:
294 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
295 "CTRL-EVENT-CONNECTED"], timeout=10)
296 if ev is None:
297 raise Exception("Network selection result not indicated")
298 if "CTRL-EVENT-CONNECTED" in ev:
299 raise Exception("Unexpected connection")
300 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
301 if "connected,1" in res:
302 raise Exception("Connection reported")
303 else:
304 sigma_dut_wait_connected(ifname)
305 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
306
307 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
308 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
309 finally:
310 stop_sigma_dut(sigma)
311
312 def test_sigma_dut_sae(dev, apdev):
313 """sigma_dut controlled SAE association"""
314 if "SAE" not in dev[0].get_capability("auth_alg"):
315 raise HwsimSkip("SAE not supported")
316
317 ifname = dev[0].ifname
318 sigma = start_sigma_dut(ifname)
319
320 try:
321 ssid = "test-sae"
322 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
323 params['wpa_key_mgmt'] = 'SAE'
324 params["ieee80211w"] = "2"
325 params['sae_groups'] = '19 20 21'
326 hapd = hostapd.add_ap(apdev[0], params)
327
328 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
329 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
330 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
331 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
332 timeout=10)
333 sigma_dut_wait_connected(ifname)
334 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
335 if dev[0].get_status_field('sae_group') != '19':
336 raise Exception("Expected default SAE group not used")
337 res = sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname)
338 logger.info("Reported PMK: " + res)
339 if ",PMK," not in res:
340 raise Exception("PMK not reported");
341 if hapd.request("GET_PMK " + dev[0].own_addr()) != res.split(',')[3]:
342 raise Exception("Mismatch in reported PMK")
343 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
344
345 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
346
347 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
348 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
349 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
350 timeout=10)
351 sigma_dut_wait_connected(ifname)
352 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
353 if dev[0].get_status_field('sae_group') != '20':
354 raise Exception("Expected SAE group not used")
355 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
356 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
357 finally:
358 stop_sigma_dut(sigma)
359
360 def test_sigma_dut_sae_groups(dev, apdev):
361 """sigma_dut controlled SAE association with group negotiation"""
362 if "SAE" not in dev[0].get_capability("auth_alg"):
363 raise HwsimSkip("SAE not supported")
364
365 ifname = dev[0].ifname
366 sigma = start_sigma_dut(ifname)
367
368 try:
369 ssid = "test-sae"
370 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
371 params['wpa_key_mgmt'] = 'SAE'
372 params["ieee80211w"] = "2"
373 params['sae_groups'] = '19'
374 hapd = hostapd.add_ap(apdev[0], params)
375
376 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
377 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
378 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname, "test-sae", "12345678"))
379 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
380 timeout=10)
381 sigma_dut_wait_connected(ifname)
382 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
383 if dev[0].get_status_field('sae_group') != '19':
384 raise Exception("Expected default SAE group not used")
385 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
386
387 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
388 finally:
389 stop_sigma_dut(sigma)
390
391 def test_sigma_dut_sae_pmkid_include(dev, apdev):
392 """sigma_dut controlled SAE association with PMKID"""
393 if "SAE" not in dev[0].get_capability("auth_alg"):
394 raise HwsimSkip("SAE not supported")
395
396 ifname = dev[0].ifname
397 sigma = start_sigma_dut(ifname)
398
399 try:
400 ssid = "test-sae"
401 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
402 params['wpa_key_mgmt'] = 'SAE'
403 params["ieee80211w"] = "2"
404 params["sae_confirm_immediate"] = "1"
405 hapd = hostapd.add_ap(apdev[0], params)
406
407 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
408 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
409 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname, "test-sae", "12345678"))
410 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
411 timeout=10)
412 sigma_dut_wait_connected(ifname)
413 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
414 finally:
415 stop_sigma_dut(sigma)
416
417 def test_sigma_dut_sae_password(dev, apdev):
418 """sigma_dut controlled SAE association and long password"""
419 if "SAE" not in dev[0].get_capability("auth_alg"):
420 raise HwsimSkip("SAE not supported")
421
422 ifname = dev[0].ifname
423 sigma = start_sigma_dut(ifname)
424
425 try:
426 ssid = "test-sae"
427 params = hostapd.wpa2_params(ssid=ssid)
428 params['sae_password'] = 100*'B'
429 params['wpa_key_mgmt'] = 'SAE'
430 params["ieee80211w"] = "2"
431 hapd = hostapd.add_ap(apdev[0], params)
432
433 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
434 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
435 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
436 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
437 timeout=10)
438 sigma_dut_wait_connected(ifname)
439 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
440 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
441 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
442 finally:
443 stop_sigma_dut(sigma)
444
445 def test_sigma_dut_sae_pw_id(dev, apdev):
446 """sigma_dut controlled SAE association with Password Identifier"""
447 if "SAE" not in dev[0].get_capability("auth_alg"):
448 raise HwsimSkip("SAE not supported")
449
450 ifname = dev[0].ifname
451 sigma = start_sigma_dut(ifname)
452
453 try:
454 ssid = "test-sae"
455 params = hostapd.wpa2_params(ssid=ssid)
456 params['wpa_key_mgmt'] = 'SAE'
457 params["ieee80211w"] = "2"
458 params['sae_password'] = 'secret|id=pw id'
459 params['sae_groups'] = '19'
460 hapd = hostapd.add_ap(apdev[0], params)
461
462 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
463 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
464 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
465 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
466 timeout=10)
467 sigma_dut_wait_connected(ifname)
468 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
469 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
470 finally:
471 stop_sigma_dut(sigma)
472
473 def test_sigma_dut_sae_pw_id_pwe_loop(dev, apdev):
474 """sigma_dut controlled SAE association with Password Identifier and forced PWE looping"""
475 if "SAE" not in dev[0].get_capability("auth_alg"):
476 raise HwsimSkip("SAE not supported")
477
478 ifname = dev[0].ifname
479 sigma = start_sigma_dut(ifname)
480
481 try:
482 ssid = "test-sae"
483 params = hostapd.wpa2_params(ssid=ssid)
484 params['wpa_key_mgmt'] = 'SAE'
485 params["ieee80211w"] = "2"
486 params['sae_password'] = 'secret|id=pw id'
487 params['sae_groups'] = '19'
488 hapd = hostapd.add_ap(apdev[0], params)
489
490 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
491 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
492 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id,sae_pwe,looping" % (ifname, "test-sae", "secret"))
493 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
494 timeout=10)
495 for i in range(3):
496 ev = dev[0].wait_event(["SME: Trying to authenticate",
497 "CTRL-EVENT-CONNECTED"], timeout=10)
498 if ev is None:
499 raise Exception("Network selection result not indicated")
500 if "CTRL-EVENT-CONNECTED" in ev:
501 raise Exception("Unexpected connection")
502 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
503 if "connected,1" in res:
504 raise Exception("Connection reported")
505 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
506 finally:
507 stop_sigma_dut(sigma)
508 dev[0].set("sae_pwe", "0")
509
510 def test_sigma_dut_sae_pw_id_ft(dev, apdev):
511 """sigma_dut controlled SAE association with Password Identifier and FT"""
512 run_sigma_dut_sae_pw_id_ft(dev, apdev)
513
514 def test_sigma_dut_sae_pw_id_ft_over_ds(dev, apdev):
515 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
516 run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=True)
517
518 def run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=False):
519 if "SAE" not in dev[0].get_capability("auth_alg"):
520 raise HwsimSkip("SAE not supported")
521
522 ifname = dev[0].ifname
523 sigma = start_sigma_dut(ifname)
524
525 try:
526 ssid = "test-sae"
527 params = hostapd.wpa2_params(ssid=ssid)
528 params['wpa_key_mgmt'] = 'SAE FT-SAE'
529 params["ieee80211w"] = "2"
530 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
531 params['mobility_domain'] = 'aabb'
532 params['ft_over_ds'] = '1' if over_ds else '0'
533 bssid = apdev[0]['bssid'].replace(':', '')
534 params['nas_identifier'] = bssid + '.nas.example.com'
535 params['r1_key_holder'] = bssid
536 params['pmk_r1_push'] = '0'
537 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
538 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
539 hapd = hostapd.add_ap(apdev[0], params)
540
541 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
542 if over_ds:
543 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname)
544 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
545 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
546 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
547 timeout=10)
548 sigma_dut_wait_connected(ifname)
549
550 bssid = apdev[1]['bssid'].replace(':', '')
551 params['nas_identifier'] = bssid + '.nas.example.com'
552 params['r1_key_holder'] = bssid
553 hapd2 = hostapd.add_ap(apdev[1], params)
554 bssid = hapd2.own_addr()
555 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
556 dev[0].wait_connected()
557
558 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
559 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
560 finally:
561 stop_sigma_dut(sigma)
562
563 def test_sigma_dut_sta_override_rsne(dev, apdev):
564 """sigma_dut and RSNE override on STA"""
565 try:
566 run_sigma_dut_sta_override_rsne(dev, apdev)
567 finally:
568 dev[0].set("ignore_old_scan_res", "0")
569
570 def run_sigma_dut_sta_override_rsne(dev, apdev):
571 ifname = dev[0].ifname
572 sigma = start_sigma_dut(ifname)
573
574 try:
575 ssid = "test-psk"
576 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
577 hapd = hostapd.add_ap(apdev[0], params)
578
579 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
580
581 tests = ["30120100000fac040100000fac040100000fac02",
582 "30140100000fac040100000fac040100000fac02ffff"]
583 for test in tests:
584 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
585 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
586 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
587 timeout=10)
588 sigma_dut_wait_connected(ifname)
589 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
590 dev[0].dump_monitor()
591
592 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
593 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
594 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
595 timeout=10)
596
597 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
598 if ev is None:
599 raise Exception("Association rejection not reported")
600 if "status_code=40" not in ev:
601 raise Exception("Unexpected status code: " + ev)
602
603 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
604 finally:
605 stop_sigma_dut(sigma)
606
607 def test_sigma_dut_ap_psk(dev, apdev):
608 """sigma_dut controlled AP"""
609 with HWSimRadio() as (radio, iface):
610 sigma = start_sigma_dut(iface)
611 try:
612 sigma_dut_cmd_check("ap_reset_default")
613 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
614 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
615 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
616
617 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
618
619 sigma_dut_cmd_check("ap_reset_default")
620 finally:
621 stop_sigma_dut(sigma)
622
623 def test_sigma_dut_ap_pskhex(dev, apdev, params):
624 """sigma_dut controlled AP and PSKHEX"""
625 logdir = os.path.join(params['logdir'],
626 "sigma_dut_ap_pskhex.sigma-hostapd")
627 with HWSimRadio() as (radio, iface):
628 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
629 try:
630 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
631 sigma_dut_cmd_check("ap_reset_default")
632 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
633 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
634 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
635
636 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
637
638 sigma_dut_cmd_check("ap_reset_default")
639 finally:
640 stop_sigma_dut(sigma)
641
642 def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
643 """sigma_dut controlled AP PSK SHA256"""
644 logdir = os.path.join(params['logdir'],
645 "sigma_dut_ap_psk_sha256.sigma-hostapd")
646 with HWSimRadio() as (radio, iface):
647 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
648 try:
649 sigma_dut_cmd_check("ap_reset_default")
650 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
651 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
652 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
653
654 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
655 psk="12345678", scan_freq="2412")
656
657 sigma_dut_cmd_check("ap_reset_default")
658 finally:
659 stop_sigma_dut(sigma)
660
661 def test_sigma_dut_ap_psk_deauth(dev, apdev, params):
662 """sigma_dut controlled AP and deauth commands"""
663 logdir = os.path.join(params['logdir'],
664 "sigma_dut_ap_psk_deauth.sigma-hostapd")
665 with HWSimRadio() as (radio, iface):
666 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
667 try:
668 sigma_dut_cmd_check("ap_reset_default")
669 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
670 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
671 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
672
673 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
674 psk="12345678", ieee80211w="2", scan_freq="2412")
675 addr = dev[0].own_addr()
676 dev[0].dump_monitor()
677
678 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr)
679 ev = dev[0].wait_disconnected()
680 dev[0].dump_monitor()
681 if "locally_generated=1" in ev:
682 raise Exception("Unexpected disconnection reason")
683 dev[0].wait_connected()
684 dev[0].dump_monitor()
685
686 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr + ",disconnect,silent")
687 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
688 if ev and "locally_generated=1" not in ev:
689 raise Exception("Unexpected disconnection")
690
691 sigma_dut_cmd_check("ap_reset_default")
692 finally:
693 stop_sigma_dut(sigma)
694
695 def test_sigma_dut_eap_ttls(dev, apdev, params):
696 """sigma_dut controlled STA and EAP-TTLS parameters"""
697 check_domain_match(dev[0])
698 logdir = params['logdir']
699
700 with open("auth_serv/ca.pem", "r") as f:
701 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
702 f2.write(f.read())
703
704 src = "auth_serv/server.pem"
705 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
706 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
707 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
708 "-outform", "DER"],
709 stderr=open('/dev/null', 'w'))
710 with open(dst, "rb") as f:
711 der = f.read()
712 hash = hashlib.sha256(der).digest()
713 with open(hashdst, "w") as f:
714 f.write(binascii.hexlify(hash).decode())
715
716 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
717 with open(dst, "w") as f:
718 f.write(32*"00")
719
720 ssid = "test-wpa2-eap"
721 params = hostapd.wpa2_eap_params(ssid=ssid)
722 hapd = hostapd.add_ap(apdev[0], params)
723
724 ifname = dev[0].ifname
725 sigma = start_sigma_dut(ifname, cert_path=logdir)
726
727 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
728
729 try:
730 tests = ["",
731 ",Domain,server.w1.fi",
732 ",DomainSuffix,w1.fi",
733 ",DomainSuffix,server.w1.fi",
734 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
735 for extra in tests:
736 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
737 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
738 sigma_dut_cmd_check(cmd + extra)
739 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
740 timeout=10)
741 sigma_dut_wait_connected(ifname)
742 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
743 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
744 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
745 dev[0].dump_monitor()
746
747 tests = [",Domain,w1.fi",
748 ",DomainSuffix,example.com",
749 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
750 for extra in tests:
751 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
752 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
753 sigma_dut_cmd_check(cmd + extra)
754 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
755 timeout=10)
756 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
757 if ev is None:
758 raise Exception("Server certificate error not reported")
759 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
760 if "connected,1" in res:
761 raise Exception("Unexpected connection reported")
762 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
763 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
764 dev[0].dump_monitor()
765 finally:
766 stop_sigma_dut(sigma)
767
768 def test_sigma_dut_suite_b(dev, apdev, params):
769 """sigma_dut controlled STA Suite B"""
770 check_suite_b_192_capa(dev)
771 logdir = params['logdir']
772
773 with open("auth_serv/ec2-ca.pem", "r") as f:
774 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
775 f2.write(f.read())
776
777 with open("auth_serv/ec2-user.pem", "r") as f:
778 with open("auth_serv/ec2-user.key", "r") as f2:
779 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
780 f3.write(f.read())
781 f3.write(f2.read())
782
783 dev[0].flush_scan_cache()
784 params = suite_b_as_params()
785 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
786 params['server_cert'] = 'auth_serv/ec2-server.pem'
787 params['private_key'] = 'auth_serv/ec2-server.key'
788 params['openssl_ciphers'] = 'SUITEB192'
789 hostapd.add_ap(apdev[1], params)
790
791 params = {"ssid": "test-suite-b",
792 "wpa": "2",
793 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
794 "rsn_pairwise": "GCMP-256",
795 "group_mgmt_cipher": "BIP-GMAC-256",
796 "ieee80211w": "2",
797 "ieee8021x": "1",
798 'auth_server_addr': "127.0.0.1",
799 'auth_server_port': "18129",
800 'auth_server_shared_secret': "radius",
801 'nas_identifier': "nas.w1.fi"}
802 hapd = hostapd.add_ap(apdev[0], params)
803
804 ifname = dev[0].ifname
805 sigma = start_sigma_dut(ifname, cert_path=logdir)
806
807 try:
808 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
809 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
810 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
811 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
812 timeout=10)
813 sigma_dut_wait_connected(ifname)
814 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
815 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
816 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
817 finally:
818 stop_sigma_dut(sigma)
819
820 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
821 """sigma_dut controlled STA Suite B (RSA)"""
822 check_suite_b_192_capa(dev)
823 logdir = params['logdir']
824
825 with open("auth_serv/rsa3072-ca.pem", "r") as f:
826 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
827 f2.write(f.read())
828
829 with open("auth_serv/rsa3072-user.pem", "r") as f:
830 with open("auth_serv/rsa3072-user.key", "r") as f2:
831 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
832 f3.write(f.read())
833 f3.write(f2.read())
834
835 dev[0].flush_scan_cache()
836 params = suite_b_192_rsa_ap_params()
837 hapd = hostapd.add_ap(apdev[0], params)
838
839 ifname = dev[0].ifname
840 sigma = start_sigma_dut(ifname, cert_path=logdir)
841
842 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
843
844 try:
845 tests = ["",
846 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
847 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
848 for extra in tests:
849 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
850 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
851 sigma_dut_cmd_check(cmd + extra)
852 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
853 timeout=10)
854 sigma_dut_wait_connected(ifname)
855 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
856 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
857 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
858 finally:
859 stop_sigma_dut(sigma)
860
861 def test_sigma_dut_ap_suite_b(dev, apdev, params):
862 """sigma_dut controlled AP Suite B"""
863 check_suite_b_192_capa(dev)
864 logdir = os.path.join(params['logdir'],
865 "sigma_dut_ap_suite_b.sigma-hostapd")
866 params = suite_b_as_params()
867 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
868 params['server_cert'] = 'auth_serv/ec2-server.pem'
869 params['private_key'] = 'auth_serv/ec2-server.key'
870 params['openssl_ciphers'] = 'SUITEB192'
871 hostapd.add_ap(apdev[1], params)
872 with HWSimRadio() as (radio, iface):
873 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
874 try:
875 sigma_dut_cmd_check("ap_reset_default")
876 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
877 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
878 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
879 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
880
881 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
882 ieee80211w="2",
883 openssl_ciphers="SUITEB192",
884 eap="TLS", identity="tls user",
885 ca_cert="auth_serv/ec2-ca.pem",
886 client_cert="auth_serv/ec2-user.pem",
887 private_key="auth_serv/ec2-user.key",
888 pairwise="GCMP-256", group="GCMP-256",
889 scan_freq="2412")
890
891 sigma_dut_cmd_check("ap_reset_default")
892 finally:
893 stop_sigma_dut(sigma)
894
895 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
896 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
897 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
898 "GCMP")
899
900 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
901 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
902 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
903 "GCMP-256")
904
905 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
906 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
907 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
908 "CCMP")
909
910 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
911 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
912 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
913 "CCMP-256")
914
915 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
916 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
917 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
918 "BIP-GMAC-256", "CCMP")
919
920 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
921 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
922 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
923 "BIP-GMAC-256", "GCMP-256", "CCMP")
924
925 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
926 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
927 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
928 "GCMP-256", "CCMP", "AES-CCMP-128")
929
930 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
931 sta_cipher, sta_cipher_group=None, ap_group=None):
932 check_suite_b_192_capa(dev)
933 logdir = os.path.join(params['logdir'],
934 "sigma_dut_ap_cipher.sigma-hostapd")
935 params = suite_b_as_params()
936 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
937 params['server_cert'] = 'auth_serv/ec2-server.pem'
938 params['private_key'] = 'auth_serv/ec2-server.key'
939 params['openssl_ciphers'] = 'SUITEB192'
940 hostapd.add_ap(apdev[1], params)
941 with HWSimRadio() as (radio, iface):
942 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
943 try:
944 sigma_dut_cmd_check("ap_reset_default")
945 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
946 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
947 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
948 if ap_group:
949 cmd += ",GroupCipher,%s" % ap_group
950 sigma_dut_cmd_check(cmd)
951 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
952
953 if sta_cipher_group is None:
954 sta_cipher_group = sta_cipher
955 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
956 ieee80211w="2",
957 openssl_ciphers="SUITEB192",
958 eap="TLS", identity="tls user",
959 ca_cert="auth_serv/ec2-ca.pem",
960 client_cert="auth_serv/ec2-user.pem",
961 private_key="auth_serv/ec2-user.key",
962 pairwise=sta_cipher, group=sta_cipher_group,
963 scan_freq="2412")
964
965 sigma_dut_cmd_check("ap_reset_default")
966 finally:
967 stop_sigma_dut(sigma)
968
969 def test_sigma_dut_ap_override_rsne(dev, apdev):
970 """sigma_dut controlled AP overriding RSNE"""
971 with HWSimRadio() as (radio, iface):
972 sigma = start_sigma_dut(iface)
973 try:
974 sigma_dut_cmd_check("ap_reset_default")
975 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
976 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
977 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
978 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
979
980 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
981
982 sigma_dut_cmd_check("ap_reset_default")
983 finally:
984 stop_sigma_dut(sigma)
985
986 def test_sigma_dut_ap_sae(dev, apdev, params):
987 """sigma_dut controlled AP with SAE"""
988 logdir = os.path.join(params['logdir'],
989 "sigma_dut_ap_sae.sigma-hostapd")
990 if "SAE" not in dev[0].get_capability("auth_alg"):
991 raise HwsimSkip("SAE not supported")
992 with HWSimRadio() as (radio, iface):
993 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
994 try:
995 sigma_dut_cmd_check("ap_reset_default")
996 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
997 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
998 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
999
1000 dev[0].request("SET sae_groups ")
1001 id = dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1002 ieee80211w="2", scan_freq="2412")
1003 if dev[0].get_status_field('sae_group') != '19':
1004 raise Exception("Expected default SAE group not used")
1005
1006 res = sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev[0].own_addr())
1007 logger.info("Reported PMK: " + res)
1008 if ",PMK," not in res:
1009 raise Exception("PMK not reported");
1010 if dev[0].get_pmk(id) != res.split(',')[3]:
1011 raise Exception("Mismatch in reported PMK")
1012
1013 sigma_dut_cmd_check("ap_reset_default")
1014 finally:
1015 stop_sigma_dut(sigma)
1016
1017 def test_sigma_dut_ap_sae_confirm_immediate(dev, apdev, params):
1018 """sigma_dut controlled AP with SAE Confirm immediate"""
1019 logdir = os.path.join(params['logdir'],
1020 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
1021 if "SAE" not in dev[0].get_capability("auth_alg"):
1022 raise HwsimSkip("SAE not supported")
1023 with HWSimRadio() as (radio, iface):
1024 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1025 try:
1026 sigma_dut_cmd_check("ap_reset_default")
1027 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1028 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
1029 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1030
1031 dev[0].request("SET sae_groups ")
1032 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1033 ieee80211w="2", scan_freq="2412")
1034 if dev[0].get_status_field('sae_group') != '19':
1035 raise Exception("Expected default SAE group not used")
1036
1037 sigma_dut_cmd_check("ap_reset_default")
1038 finally:
1039 stop_sigma_dut(sigma)
1040
1041 def test_sigma_dut_ap_sae_password(dev, apdev, params):
1042 """sigma_dut controlled AP with SAE and long password"""
1043 logdir = os.path.join(params['logdir'],
1044 "sigma_dut_ap_sae_password.sigma-hostapd")
1045 if "SAE" not in dev[0].get_capability("auth_alg"):
1046 raise HwsimSkip("SAE not supported")
1047 with HWSimRadio() as (radio, iface):
1048 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1049 try:
1050 sigma_dut_cmd_check("ap_reset_default")
1051 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1052 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1053 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1054
1055 dev[0].request("SET sae_groups ")
1056 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
1057 ieee80211w="2", scan_freq="2412")
1058 if dev[0].get_status_field('sae_group') != '19':
1059 raise Exception("Expected default SAE group not used")
1060
1061 sigma_dut_cmd_check("ap_reset_default")
1062 finally:
1063 stop_sigma_dut(sigma)
1064
1065 def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
1066 """sigma_dut controlled AP with SAE Password Identifier"""
1067 logdir = os.path.join(params['logdir'],
1068 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1069 conffile = os.path.join(params['logdir'],
1070 "sigma_dut_ap_sae_pw_id.sigma-conf")
1071 if "SAE" not in dev[0].get_capability("auth_alg"):
1072 raise HwsimSkip("SAE not supported")
1073 with HWSimRadio() as (radio, iface):
1074 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1075 try:
1076 sigma_dut_cmd_check("ap_reset_default")
1077 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1078 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1079 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1080
1081 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1082 with open(conffile, "wb") as f2:
1083 f2.write(f.read())
1084
1085 dev[0].request("SET sae_groups ")
1086 tests = [("pw1", "id1"),
1087 ("pw2", "id2"),
1088 ("pw3", None),
1089 ("pw4", "id4")]
1090 for pw, pw_id in tests:
1091 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
1092 sae_password_id=pw_id,
1093 ieee80211w="2", scan_freq="2412")
1094 dev[0].request("REMOVE_NETWORK all")
1095 dev[0].wait_disconnected()
1096
1097 sigma_dut_cmd_check("ap_reset_default")
1098 finally:
1099 stop_sigma_dut(sigma)
1100
1101 def test_sigma_dut_ap_sae_pw_id_pwe_loop(dev, apdev, params):
1102 """sigma_dut controlled AP with SAE Password Identifier and forced PWE looping"""
1103 logdir = os.path.join(params['logdir'],
1104 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-hostapd")
1105 conffile = os.path.join(params['logdir'],
1106 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-conf")
1107 if "SAE" not in dev[0].get_capability("auth_alg"):
1108 raise HwsimSkip("SAE not supported")
1109 with HWSimRadio() as (radio, iface):
1110 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1111 try:
1112 sigma_dut_cmd_check("ap_reset_default")
1113 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1114 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,12345678:pwid,PMF,Required,sae_pwe,looping")
1115 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1116
1117 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1118 with open(conffile, "wb") as f2:
1119 f2.write(f.read())
1120
1121 dev[0].set("sae_groups", "")
1122 dev[0].connect("test-sae", key_mgmt="SAE", sae_password="12345678",
1123 sae_password_id="pwid",
1124 ieee80211w="2", scan_freq="2412", wait_connect=False)
1125 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
1126 "CTRL-EVENT-CONNECTED"], timeout=10)
1127 if ev is None:
1128 raise Exception("Network selection result not indicated")
1129 if "CTRL-EVENT-CONNECTED" in ev:
1130 raise Exception("Unexpected connection")
1131 dev[0].request("REMOVE_NETWORK all")
1132
1133 sigma_dut_cmd_check("ap_reset_default")
1134 finally:
1135 stop_sigma_dut(sigma)
1136
1137 def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
1138 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1139 logdir = os.path.join(params['logdir'],
1140 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1141 conffile = os.path.join(params['logdir'],
1142 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1143 if "SAE" not in dev[0].get_capability("auth_alg"):
1144 raise HwsimSkip("SAE not supported")
1145 with HWSimRadio() as (radio, iface):
1146 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1147 try:
1148 sigma_dut_cmd_check("ap_reset_default")
1149 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1150 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1151 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1152
1153 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1154 with open(conffile, "wb") as f2:
1155 f2.write(f.read())
1156
1157 dev[0].request("SET sae_groups ")
1158 tests = [("pw1", "id1", "SAE"),
1159 ("pw2", "id2", "FT-SAE"),
1160 ("pw3", None, "FT-SAE"),
1161 ("pw4", "id4", "SAE")]
1162 for pw, pw_id, key_mgmt in tests:
1163 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
1164 sae_password_id=pw_id,
1165 ieee80211w="2", scan_freq="2412")
1166 dev[0].request("REMOVE_NETWORK all")
1167 dev[0].wait_disconnected()
1168
1169 sigma_dut_cmd_check("ap_reset_default")
1170 finally:
1171 stop_sigma_dut(sigma)
1172
1173 def test_sigma_dut_ap_sae_group(dev, apdev, params):
1174 """sigma_dut controlled AP with SAE and specific group"""
1175 logdir = os.path.join(params['logdir'],
1176 "sigma_dut_ap_sae_group.sigma-hostapd")
1177 if "SAE" not in dev[0].get_capability("auth_alg"):
1178 raise HwsimSkip("SAE not supported")
1179 with HWSimRadio() as (radio, iface):
1180 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1181 try:
1182 sigma_dut_cmd_check("ap_reset_default")
1183 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1184 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1185 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1186
1187 dev[0].request("SET sae_groups ")
1188 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1189 ieee80211w="2", scan_freq="2412")
1190 if dev[0].get_status_field('sae_group') != '20':
1191 raise Exception("Expected SAE group not used")
1192
1193 sigma_dut_cmd_check("ap_reset_default")
1194 finally:
1195 stop_sigma_dut(sigma)
1196
1197 def test_sigma_dut_ap_psk_sae(dev, apdev, params):
1198 """sigma_dut controlled AP with PSK+SAE"""
1199 if "SAE" not in dev[0].get_capability("auth_alg"):
1200 raise HwsimSkip("SAE not supported")
1201 logdir = os.path.join(params['logdir'],
1202 "sigma_dut_ap_psk_sae.sigma-hostapd")
1203 with HWSimRadio() as (radio, iface):
1204 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1205 try:
1206 sigma_dut_cmd_check("ap_reset_default")
1207 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1208 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1209 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1210
1211 dev[2].request("SET sae_groups ")
1212 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
1213 scan_freq="2412", ieee80211w="0", wait_connect=False)
1214 dev[0].request("SET sae_groups ")
1215 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1216 scan_freq="2412", ieee80211w="2")
1217 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
1218
1219 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1220 dev[2].request("DISCONNECT")
1221 if ev is not None:
1222 raise Exception("Unexpected connection without PMF")
1223
1224 sigma_dut_cmd_check("ap_reset_default")
1225 finally:
1226 stop_sigma_dut(sigma)
1227
1228 def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
1229 """sigma_dut controlled AP with PSK, SAE, FT"""
1230 logdir = os.path.join(params['logdir'],
1231 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1232 conffile = os.path.join(params['logdir'],
1233 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1234 if "SAE" not in dev[0].get_capability("auth_alg"):
1235 raise HwsimSkip("SAE not supported")
1236 with HWSimRadio() as (radio, iface):
1237 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1238 try:
1239 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1240 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1241 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1242 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1243 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
1244 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1245
1246 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1247 with open(conffile, "wb") as f2:
1248 f2.write(f.read())
1249
1250 dev[0].request("SET sae_groups ")
1251 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
1252 sae_password="12345678", scan_freq="2412")
1253 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
1254 psk="12345678", scan_freq="2412")
1255 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
1256 psk="12345678", scan_freq="2412")
1257
1258 sigma_dut_cmd_check("ap_reset_default")
1259 finally:
1260 stop_sigma_dut(sigma)
1261
1262 def test_sigma_dut_owe(dev, apdev):
1263 """sigma_dut controlled OWE station"""
1264 try:
1265 run_sigma_dut_owe(dev, apdev)
1266 finally:
1267 dev[0].set("ignore_old_scan_res", "0")
1268
1269 def run_sigma_dut_owe(dev, apdev):
1270 if "OWE" not in dev[0].get_capability("key_mgmt"):
1271 raise HwsimSkip("OWE not supported")
1272
1273 ifname = dev[0].ifname
1274 sigma = start_sigma_dut(ifname)
1275
1276 try:
1277 params = {"ssid": "owe",
1278 "wpa": "2",
1279 "wpa_key_mgmt": "OWE",
1280 "ieee80211w": "2",
1281 "rsn_pairwise": "CCMP"}
1282 hapd = hostapd.add_ap(apdev[0], params)
1283 bssid = hapd.own_addr()
1284
1285 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1286 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1287 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
1288 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1289 timeout=10)
1290 sigma_dut_wait_connected(ifname)
1291 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1292 res = sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname)
1293 logger.info("Reported PMK: " + res)
1294 if ",PMK," not in res:
1295 raise Exception("PMK not reported");
1296 if hapd.request("GET_PMK " + dev[0].own_addr()) != res.split(',')[3]:
1297 raise Exception("Mismatch in reported PMK")
1298
1299 dev[0].dump_monitor()
1300 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1301 dev[0].wait_connected()
1302 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1303 dev[0].wait_disconnected()
1304 dev[0].dump_monitor()
1305
1306 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1307 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1308 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1309 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1310 timeout=10)
1311 sigma_dut_wait_connected(ifname)
1312 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1313 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1314 dev[0].wait_disconnected()
1315 dev[0].dump_monitor()
1316
1317 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1318 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1319 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
1320 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1321 timeout=10)
1322 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1323 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1324 if ev is None:
1325 raise Exception("Association not rejected")
1326 if "status_code=77" not in ev:
1327 raise Exception("Unexpected rejection reason: " + ev)
1328
1329 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1330 finally:
1331 stop_sigma_dut(sigma)
1332
1333 def test_sigma_dut_owe_ptk_workaround(dev, apdev):
1334 """sigma_dut controlled OWE station with PTK workaround"""
1335 if "OWE" not in dev[0].get_capability("key_mgmt"):
1336 raise HwsimSkip("OWE not supported")
1337
1338 params = {"ssid": "owe",
1339 "wpa": "2",
1340 "wpa_key_mgmt": "OWE",
1341 "owe_ptk_workaround": "1",
1342 "owe_groups": "20",
1343 "ieee80211w": "2",
1344 "rsn_pairwise": "CCMP"}
1345 hapd = hostapd.add_ap(apdev[0], params)
1346
1347 ifname = dev[0].ifname
1348 sigma = start_sigma_dut(ifname, owe_ptk_workaround=True)
1349
1350 try:
1351 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1352 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1353 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1354 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1355 timeout=10)
1356 sigma_dut_wait_connected(ifname)
1357 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1358 finally:
1359 stop_sigma_dut(sigma)
1360 dev[0].set("ignore_old_scan_res", "0")
1361
1362 def test_sigma_dut_ap_owe(dev, apdev, params):
1363 """sigma_dut controlled AP with OWE"""
1364 logdir = os.path.join(params['logdir'],
1365 "sigma_dut_ap_owe.sigma-hostapd")
1366 if "OWE" not in dev[0].get_capability("key_mgmt"):
1367 raise HwsimSkip("OWE not supported")
1368 with HWSimRadio() as (radio, iface):
1369 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1370 try:
1371 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1372 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1373 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1374 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1375
1376 id = dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1377 scan_freq="2412")
1378
1379 res = sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev[0].own_addr())
1380 logger.info("Reported PMK: " + res)
1381 if ",PMK," not in res:
1382 raise Exception("PMK not reported");
1383 if dev[0].get_pmk(id) != res.split(',')[3]:
1384 raise Exception("Mismatch in reported PMK")
1385
1386 sigma_dut_cmd_check("ap_reset_default")
1387 finally:
1388 stop_sigma_dut(sigma)
1389
1390 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1391 """sigma_dut controlled AP with OWE and ECGroupID"""
1392 if "OWE" not in dev[0].get_capability("key_mgmt"):
1393 raise HwsimSkip("OWE not supported")
1394 with HWSimRadio() as (radio, iface):
1395 sigma = start_sigma_dut(iface)
1396 try:
1397 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1398 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1399 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1400 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1401
1402 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1403 owe_group="20", scan_freq="2412")
1404 dev[0].request("REMOVE_NETWORK all")
1405 dev[0].wait_disconnected()
1406
1407 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1408 owe_group="21", scan_freq="2412")
1409 dev[0].request("REMOVE_NETWORK all")
1410 dev[0].wait_disconnected()
1411
1412 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1413 owe_group="19", scan_freq="2412", wait_connect=False)
1414 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1415 dev[0].request("DISCONNECT")
1416 if ev is None:
1417 raise Exception("Association not rejected")
1418 if "status_code=77" not in ev:
1419 raise Exception("Unexpected rejection reason: " + ev)
1420 dev[0].dump_monitor()
1421
1422 sigma_dut_cmd_check("ap_reset_default")
1423 finally:
1424 stop_sigma_dut(sigma)
1425
1426 def test_sigma_dut_ap_owe_ptk_workaround(dev, apdev):
1427 """sigma_dut controlled AP with OWE PTK workaround"""
1428 if "OWE" not in dev[0].get_capability("key_mgmt"):
1429 raise HwsimSkip("OWE not supported")
1430 with HWSimRadio() as (radio, iface):
1431 sigma = start_sigma_dut(iface, owe_ptk_workaround=True)
1432 try:
1433 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1434 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1435 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20,PMF,Required")
1436 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1437
1438 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1439 owe_group="20", owe_ptk_workaround="1",
1440 scan_freq="2412")
1441 sigma_dut_cmd_check("ap_reset_default")
1442 finally:
1443 stop_sigma_dut(sigma)
1444
1445 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1446 """sigma_dut controlled AP with OWE and transition mode"""
1447 if "OWE" not in dev[0].get_capability("key_mgmt"):
1448 raise HwsimSkip("OWE not supported")
1449 logdir = os.path.join(params['logdir'],
1450 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1451 with HWSimRadio() as (radio, iface):
1452 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1453 try:
1454 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1455 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1456 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1457 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1458 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1459 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1460
1461 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1462 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1463
1464 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1465 scan_freq="2412")
1466 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1467 if dev[0].get_status_field('bssid') not in res1:
1468 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1469 if dev[1].get_status_field('bssid') not in res2:
1470 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
1471
1472 sigma_dut_cmd_check("ap_reset_default")
1473 finally:
1474 stop_sigma_dut(sigma)
1475
1476 def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1477 """sigma_dut controlled AP with OWE and transition mode (2)"""
1478 if "OWE" not in dev[0].get_capability("key_mgmt"):
1479 raise HwsimSkip("OWE not supported")
1480 logdir = os.path.join(params['logdir'],
1481 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1482 with HWSimRadio() as (radio, iface):
1483 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1484 try:
1485 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1486 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1487 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1488 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1489 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1490 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1491
1492 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1493 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1494
1495 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1496 scan_freq="2412")
1497 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1498 if dev[0].get_status_field('bssid') not in res2:
1499 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1500 if dev[1].get_status_field('bssid') not in res1:
1501 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1502
1503 sigma_dut_cmd_check("ap_reset_default")
1504 finally:
1505 stop_sigma_dut(sigma)
1506
1507 def dpp_init_enrollee(dev, id1, enrollee_role):
1508 logger.info("Starting DPP initiator/enrollee in a thread")
1509 time.sleep(1)
1510 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1511 if enrollee_role == "Configurator":
1512 cmd += " netrole=configurator"
1513 if "OK" not in dev.request(cmd):
1514 raise Exception("Failed to initiate DPP Authentication")
1515 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1516 if ev is None:
1517 raise Exception("DPP configuration not completed (Enrollee)")
1518 logger.info("DPP initiator/enrollee done")
1519
1520 def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1521 """sigma_dut DPP/QR responder (conf index 1)"""
1522 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1523
1524 def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1525 """sigma_dut DPP/QR responder (conf index 2)"""
1526 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1527
1528 def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1529 """sigma_dut DPP/QR responder (conf index 3)"""
1530 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1531
1532 def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1533 """sigma_dut DPP/QR responder (conf index 4)"""
1534 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1535
1536 def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1537 """sigma_dut DPP/QR responder (conf index 5)"""
1538 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1539
1540 def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1541 """sigma_dut DPP/QR responder (conf index 6)"""
1542 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1543
1544 def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1545 """sigma_dut DPP/QR responder (conf index 7)"""
1546 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1547
1548 def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1549 """sigma_dut DPP/QR responder (conf index 8)"""
1550 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1551
1552 def test_sigma_dut_dpp_qr_resp_9(dev, apdev):
1553 """sigma_dut DPP/QR responder (conf index 9)"""
1554 run_sigma_dut_dpp_qr_resp(dev, apdev, 9)
1555
1556 def test_sigma_dut_dpp_qr_resp_10(dev, apdev):
1557 """sigma_dut DPP/QR responder (conf index 10)"""
1558 run_sigma_dut_dpp_qr_resp(dev, apdev, 10)
1559
1560 def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1561 """sigma_dut DPP/QR responder (channel list override)"""
1562 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1563 listen_chan=2)
1564
1565 def test_sigma_dut_dpp_qr_resp_status_query(dev, apdev):
1566 """sigma_dut DPP/QR responder status query"""
1567 check_dpp_capab(dev[1])
1568 params = hostapd.wpa2_params(ssid="DPPNET01",
1569 passphrase="ThisIsDppPassphrase")
1570 hapd = hostapd.add_ap(apdev[0], params)
1571
1572 try:
1573 dev[1].set("dpp_config_processing", "2")
1574 run_sigma_dut_dpp_qr_resp(dev, apdev, 3, status_query=True)
1575 finally:
1576 dev[1].set("dpp_config_processing", "0", allow_fail=True)
1577
1578 def test_sigma_dut_dpp_qr_resp_configurator(dev, apdev):
1579 """sigma_dut DPP/QR responder (configurator provisioning)"""
1580 run_sigma_dut_dpp_qr_resp(dev, apdev, -1, enrollee_role="Configurator")
1581
1582 def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1583 listen_chan=None, status_query=False,
1584 enrollee_role="STA"):
1585 check_dpp_capab(dev[0])
1586 check_dpp_capab(dev[1])
1587 sigma = start_sigma_dut(dev[0].ifname)
1588 try:
1589 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1590 if chan_list:
1591 cmd += ",DPPChannelList," + chan_list
1592 res = sigma_dut_cmd(cmd)
1593 if "status,COMPLETE" not in res:
1594 raise Exception("dev_exec_action did not succeed: " + res)
1595 hex = res.split(',')[3]
1596 uri = from_hex(hex)
1597 logger.info("URI from sigma_dut: " + uri)
1598
1599 id1 = dev[1].dpp_qr_code(uri)
1600
1601 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1,
1602 enrollee_role))
1603 t.start()
1604 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
1605 if conf_idx is not None:
1606 cmd += ",DPPConfIndex,%d" % conf_idx
1607 if listen_chan:
1608 cmd += ",DPPListenChannel," + str(listen_chan)
1609 if status_query:
1610 cmd += ",DPPStatusQuery,Yes"
1611 res = sigma_dut_cmd(cmd, timeout=10)
1612 t.join()
1613 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1614 raise Exception("Unexpected result: " + res)
1615 if status_query and "StatusResult,0" not in res:
1616 raise Exception("Status query did not succeed: " + res)
1617 finally:
1618 stop_sigma_dut(sigma)
1619
1620 def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1621 """sigma_dut DPP/QR initiator as Enrollee"""
1622 check_dpp_capab(dev[0])
1623 check_dpp_capab(dev[1])
1624
1625 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1626 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1627 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1628 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1629
1630 params = {"ssid": "DPPNET01",
1631 "wpa": "2",
1632 "ieee80211w": "2",
1633 "wpa_key_mgmt": "DPP",
1634 "rsn_pairwise": "CCMP",
1635 "dpp_connector": ap_connector,
1636 "dpp_csign": csign_pub,
1637 "dpp_netaccesskey": ap_netaccesskey}
1638 try:
1639 hapd = hostapd.add_ap(apdev[0], params)
1640 except:
1641 raise HwsimSkip("DPP not supported")
1642
1643 sigma = start_sigma_dut(dev[0].ifname)
1644 try:
1645 dev[0].set("dpp_config_processing", "2")
1646
1647 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1648 res = dev[1].request(cmd)
1649 if "FAIL" in res:
1650 raise Exception("Failed to add configurator")
1651 conf_id = int(res)
1652
1653 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1654 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1655
1656 dev[1].set("dpp_configurator_params",
1657 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1658 cmd = "DPP_LISTEN 2437 role=configurator"
1659 if "OK" not in dev[1].request(cmd):
1660 raise Exception("Failed to start listen operation")
1661
1662 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1663 if "status,COMPLETE" not in res:
1664 raise Exception("dev_exec_action did not succeed: " + res)
1665
1666 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1667 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1668 raise Exception("Unexpected result: " + res)
1669 finally:
1670 dev[0].set("dpp_config_processing", "0")
1671 stop_sigma_dut(sigma)
1672
1673 def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev, apdev):
1674 """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
1675 check_dpp_capab(dev[0])
1676 check_dpp_capab(dev[1])
1677
1678 sigma = start_sigma_dut(dev[0].ifname)
1679 try:
1680 cmd = "DPP_CONFIGURATOR_ADD"
1681 res = dev[1].request(cmd)
1682 if "FAIL" in res:
1683 raise Exception("Failed to add configurator")
1684 conf_id = int(res)
1685
1686 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1687 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1688
1689 dev[1].set("dpp_configurator_params",
1690 " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1691 cmd = "DPP_LISTEN 2437 role=configurator"
1692 if "OK" not in dev[1].request(cmd):
1693 raise Exception("Failed to start listen operation")
1694
1695 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1696 if "status,COMPLETE" not in res:
1697 raise Exception("dev_exec_action did not succeed: " + res)
1698
1699 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout=10)
1700 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1701 raise Exception("Unexpected result: " + res)
1702 finally:
1703 dev[0].set("dpp_config_processing", "0")
1704 stop_sigma_dut(sigma)
1705
1706 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1707 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1708 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1709
1710 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1711 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1712 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1713 extra="DPPAuthDirection,Mutual,")
1714
1715 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
1716 check_dpp_capab(dev[0])
1717 check_dpp_capab(dev[1])
1718
1719 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1720 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1721 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1722 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1723
1724 params = {"ssid": "DPPNET01",
1725 "wpa": "2",
1726 "ieee80211w": "2",
1727 "wpa_key_mgmt": "DPP",
1728 "rsn_pairwise": "CCMP",
1729 "dpp_connector": ap_connector,
1730 "dpp_csign": csign_pub,
1731 "dpp_netaccesskey": ap_netaccesskey}
1732 try:
1733 hapd = hostapd.add_ap(apdev[0], params)
1734 except:
1735 raise HwsimSkip("DPP not supported")
1736
1737 sigma = start_sigma_dut(dev[0].ifname)
1738 try:
1739 dev[0].set("dpp_config_processing", "2")
1740
1741 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1742 res = dev[1].request(cmd)
1743 if "FAIL" in res:
1744 raise Exception("Failed to add configurator")
1745 conf_id = int(res)
1746
1747 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1748 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1749
1750 dev[1].set("dpp_configurator_params",
1751 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1752 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1753 if "OK" not in dev[1].request(cmd):
1754 raise Exception("Failed to start listen operation")
1755
1756 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1757 if "status,COMPLETE" not in res:
1758 raise Exception("dev_exec_action did not succeed: " + res)
1759 hex = res.split(',')[3]
1760 uri = from_hex(hex)
1761 logger.info("URI from sigma_dut: " + uri)
1762
1763 id1 = dev[1].dpp_qr_code(uri)
1764
1765 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1766 if "status,COMPLETE" not in res:
1767 raise Exception("dev_exec_action did not succeed: " + res)
1768
1769 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
1770 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1771 raise Exception("Unexpected result: " + res)
1772 finally:
1773 dev[0].set("dpp_config_processing", "0")
1774 stop_sigma_dut(sigma)
1775
1776 def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1777 time.sleep(1)
1778 logger.info("Starting DPP initiator/configurator in a thread")
1779 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
1780 if own_id is not None:
1781 cmd += " own=%d" % own_id
1782 if "OK" not in dev.request(cmd):
1783 raise Exception("Failed to initiate DPP Authentication")
1784 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1785 if ev is None:
1786 raise Exception("DPP configuration not completed (Configurator)")
1787 logger.info("DPP initiator/configurator done")
1788
1789 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1790 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1791 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1792
1793 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1794 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1795 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1796
1797 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
1798 check_dpp_capab(dev[0])
1799 check_dpp_capab(dev[1])
1800
1801 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1802 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1803 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1804 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1805
1806 params = {"ssid": "DPPNET01",
1807 "wpa": "2",
1808 "ieee80211w": "2",
1809 "wpa_key_mgmt": "DPP",
1810 "rsn_pairwise": "CCMP",
1811 "dpp_connector": ap_connector,
1812 "dpp_csign": csign_pub,
1813 "dpp_netaccesskey": ap_netaccesskey}
1814 try:
1815 hapd = hostapd.add_ap(apdev[0], params)
1816 except:
1817 raise HwsimSkip("DPP not supported")
1818
1819 sigma = start_sigma_dut(dev[0].ifname)
1820 try:
1821 dev[0].set("dpp_config_processing", "2")
1822
1823 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1824 res = dev[1].request(cmd)
1825 if "FAIL" in res:
1826 raise Exception("Failed to add configurator")
1827 conf_id = int(res)
1828
1829 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1830 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1831
1832 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1833 if "status,COMPLETE" not in res:
1834 raise Exception("dev_exec_action did not succeed: " + res)
1835 hex = res.split(',')[3]
1836 uri = from_hex(hex)
1837 logger.info("URI from sigma_dut: " + uri)
1838
1839 id1 = dev[1].dpp_qr_code(uri)
1840
1841 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1842 if "status,COMPLETE" not in res:
1843 raise Exception("dev_exec_action did not succeed: " + res)
1844
1845 t = threading.Thread(target=dpp_init_conf_mutual,
1846 args=(dev[1], id1, conf_id, id0))
1847 t.start()
1848
1849 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1850 if extra:
1851 cmd += extra
1852 res = sigma_dut_cmd(cmd, timeout=25)
1853 t.join()
1854 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1855 raise Exception("Unexpected result: " + res)
1856 finally:
1857 dev[0].set("dpp_config_processing", "0")
1858 stop_sigma_dut(sigma)
1859
1860 def dpp_resp_conf_mutual(dev, conf_id, uri):
1861 logger.info("Starting DPP responder/configurator in a thread")
1862 dev.set("dpp_configurator_params",
1863 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1864 conf_id))
1865 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1866 if "OK" not in dev.request(cmd):
1867 raise Exception("Failed to initiate DPP listen")
1868 if uri:
1869 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1870 if ev is None:
1871 raise Exception("QR Code scan for mutual authentication not requested")
1872 dev.dpp_qr_code(uri)
1873 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1874 if ev is None:
1875 raise Exception("DPP configuration not completed (Configurator)")
1876 logger.info("DPP responder/configurator done")
1877
1878 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1879 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1880 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1881
1882 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1883 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1884 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1885
1886 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1887 check_dpp_capab(dev[0])
1888 check_dpp_capab(dev[1])
1889
1890 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1891 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1892 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1893 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1894
1895 params = {"ssid": "DPPNET01",
1896 "wpa": "2",
1897 "ieee80211w": "2",
1898 "wpa_key_mgmt": "DPP",
1899 "rsn_pairwise": "CCMP",
1900 "dpp_connector": ap_connector,
1901 "dpp_csign": csign_pub,
1902 "dpp_netaccesskey": ap_netaccesskey}
1903 try:
1904 hapd = hostapd.add_ap(apdev[0], params)
1905 except:
1906 raise HwsimSkip("DPP not supported")
1907
1908 sigma = start_sigma_dut(dev[0].ifname)
1909 try:
1910 dev[0].set("dpp_config_processing", "2")
1911
1912 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1913 res = dev[1].request(cmd)
1914 if "FAIL" in res:
1915 raise Exception("Failed to add configurator")
1916 conf_id = int(res)
1917
1918 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1919 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1920
1921 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1922 if "status,COMPLETE" not in res:
1923 raise Exception("dev_exec_action did not succeed: " + res)
1924 hex = res.split(',')[3]
1925 uri = from_hex(hex)
1926 logger.info("URI from sigma_dut: " + uri)
1927
1928 if not resp_pending:
1929 dev[1].dpp_qr_code(uri)
1930 uri = None
1931
1932 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1933 if "status,COMPLETE" not in res:
1934 raise Exception("dev_exec_action did not succeed: " + res)
1935
1936 t = threading.Thread(target=dpp_resp_conf_mutual,
1937 args=(dev[1], conf_id, uri))
1938 t.start()
1939
1940 time.sleep(1)
1941 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1942 res = sigma_dut_cmd(cmd, timeout=15)
1943 t.join()
1944 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1945 raise Exception("Unexpected result: " + res)
1946 finally:
1947 dev[0].set("dpp_config_processing", "0")
1948 stop_sigma_dut(sigma)
1949
1950 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1951 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1952 check_dpp_capab(dev[0])
1953 check_dpp_capab(dev[1])
1954
1955 params = hostapd.wpa2_params(ssid="DPPNET01",
1956 passphrase="ThisIsDppPassphrase")
1957 hapd = hostapd.add_ap(apdev[0], params)
1958
1959 sigma = start_sigma_dut(dev[0].ifname)
1960 try:
1961 dev[0].set("dpp_config_processing", "2")
1962
1963 cmd = "DPP_CONFIGURATOR_ADD"
1964 res = dev[1].request(cmd)
1965 if "FAIL" in res:
1966 raise Exception("Failed to add configurator")
1967 conf_id = int(res)
1968
1969 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1970 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1971
1972 dev[1].set("dpp_configurator_params",
1973 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1974 cmd = "DPP_LISTEN 2437 role=configurator"
1975 if "OK" not in dev[1].request(cmd):
1976 raise Exception("Failed to start listen operation")
1977
1978 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1979 if "status,COMPLETE" not in res:
1980 raise Exception("dev_exec_action did not succeed: " + res)
1981
1982 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1983 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1984 raise Exception("Unexpected result: " + res)
1985 finally:
1986 dev[0].set("dpp_config_processing", "0")
1987 stop_sigma_dut(sigma)
1988
1989 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1990 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1991 check_dpp_capab(dev[0])
1992 check_dpp_capab(dev[1])
1993 if "SAE" not in dev[0].get_capability("auth_alg"):
1994 raise HwsimSkip("SAE not supported")
1995
1996 params = hostapd.wpa2_params(ssid="DPPNET01",
1997 passphrase="ThisIsDppPassphrase")
1998 params['wpa_key_mgmt'] = 'SAE'
1999 params["ieee80211w"] = "2"
2000 hapd = hostapd.add_ap(apdev[0], params)
2001
2002 sigma = start_sigma_dut(dev[0].ifname)
2003 try:
2004 dev[0].set("dpp_config_processing", "2")
2005 dev[0].set("sae_groups", "")
2006
2007 cmd = "DPP_CONFIGURATOR_ADD"
2008 res = dev[1].request(cmd)
2009 if "FAIL" in res:
2010 raise Exception("Failed to add configurator")
2011 conf_id = int(res)
2012
2013 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2014 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2015
2016 dev[1].set("dpp_configurator_params",
2017 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
2018 cmd = "DPP_LISTEN 2437 role=configurator"
2019 if "OK" not in dev[1].request(cmd):
2020 raise Exception("Failed to start listen operation")
2021
2022 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2023 if "status,COMPLETE" not in res:
2024 raise Exception("dev_exec_action did not succeed: " + res)
2025
2026 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
2027 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
2028 raise Exception("Unexpected result: " + res)
2029 finally:
2030 dev[0].set("dpp_config_processing", "0")
2031 stop_sigma_dut(sigma)
2032
2033 def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
2034 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
2035 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
2036
2037 def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
2038 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
2039 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
2040
2041 def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
2042 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
2043 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
2044
2045 def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
2046 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
2047 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
2048
2049 def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
2050 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
2051 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
2052
2053 def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
2054 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
2055 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
2056
2057 def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
2058 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
2059 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
2060
2061 def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
2062 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
2063 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
2064
2065 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
2066 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
2067 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
2068
2069 def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
2070 prov_role="Configurator",
2071 extra=None):
2072 check_dpp_capab(dev[0])
2073 check_dpp_capab(dev[1])
2074 sigma = start_sigma_dut(dev[0].ifname)
2075 try:
2076 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2077 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2078
2079 cmd = "DPP_LISTEN 2437 role=enrollee"
2080 if "OK" not in dev[1].request(cmd):
2081 raise Exception("Failed to start listen operation")
2082
2083 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2084 if "status,COMPLETE" not in res:
2085 raise Exception("dev_exec_action did not succeed: " + res)
2086
2087 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
2088 if extra:
2089 cmd += "," + extra
2090 res = sigma_dut_cmd(cmd)
2091 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2092 raise Exception("Unexpected result: " + res)
2093 finally:
2094 stop_sigma_dut(sigma)
2095
2096 def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
2097 """sigma_dut DPP roles incompatible (Initiator)"""
2098 check_dpp_capab(dev[0])
2099 check_dpp_capab(dev[1])
2100 sigma = start_sigma_dut(dev[0].ifname)
2101 try:
2102 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2103 if "status,COMPLETE" not in res:
2104 raise Exception("dev_exec_action did not succeed: " + res)
2105 hex = res.split(',')[3]
2106 uri = from_hex(hex)
2107 logger.info("URI from sigma_dut: " + uri)
2108
2109 id1 = dev[1].dpp_qr_code(uri)
2110
2111 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2112 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2113
2114 cmd = "DPP_LISTEN 2437 role=enrollee"
2115 if "OK" not in dev[1].request(cmd):
2116 raise Exception("Failed to start listen operation")
2117
2118 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2119 if "status,COMPLETE" not in res:
2120 raise Exception("dev_exec_action did not succeed: " + res)
2121
2122 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2123 res = sigma_dut_cmd(cmd)
2124 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
2125 raise Exception("Unexpected result: " + res)
2126 finally:
2127 stop_sigma_dut(sigma)
2128
2129 def dpp_init_enrollee_mutual(dev, id1, own_id):
2130 logger.info("Starting DPP initiator/enrollee in a thread")
2131 time.sleep(1)
2132 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
2133 if "OK" not in dev.request(cmd):
2134 raise Exception("Failed to initiate DPP Authentication")
2135 ev = dev.wait_event(["DPP-CONF-RECEIVED",
2136 "DPP-NOT-COMPATIBLE"], timeout=5)
2137 if ev is None:
2138 raise Exception("DPP configuration not completed (Enrollee)")
2139 logger.info("DPP initiator/enrollee done")
2140
2141 def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
2142 """sigma_dut DPP roles incompatible (Responder)"""
2143 check_dpp_capab(dev[0])
2144 check_dpp_capab(dev[1])
2145 sigma = start_sigma_dut(dev[0].ifname)
2146 try:
2147 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2148 res = sigma_dut_cmd(cmd)
2149 if "status,COMPLETE" not in res:
2150 raise Exception("dev_exec_action did not succeed: " + res)
2151 hex = res.split(',')[3]
2152 uri = from_hex(hex)
2153 logger.info("URI from sigma_dut: " + uri)
2154
2155 id1 = dev[1].dpp_qr_code(uri)
2156
2157 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2158 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2159
2160 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2161 if "status,COMPLETE" not in res:
2162 raise Exception("dev_exec_action did not succeed: " + res)
2163
2164 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
2165 t.start()
2166 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2167 res = sigma_dut_cmd(cmd, timeout=10)
2168 t.join()
2169 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
2170 raise Exception("Unexpected result: " + res)
2171 finally:
2172 stop_sigma_dut(sigma)
2173
2174 def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
2175 """sigma_dut DPP/PKEX initiator as Configurator"""
2176 check_dpp_capab(dev[0])
2177 check_dpp_capab(dev[1])
2178 sigma = start_sigma_dut(dev[0].ifname)
2179 try:
2180 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2181 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
2182 res = dev[1].request(cmd)
2183 if "FAIL" in res:
2184 raise Exception("Failed to set PKEX data (responder)")
2185 cmd = "DPP_LISTEN 2437 role=enrollee"
2186 if "OK" not in dev[1].request(cmd):
2187 raise Exception("Failed to start listen operation")
2188
2189 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
2190 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2191 raise Exception("Unexpected result: " + res)
2192 finally:
2193 stop_sigma_dut(sigma)
2194
2195 def dpp_init_conf(dev, id1, conf, conf_id, extra):
2196 logger.info("Starting DPP initiator/configurator in a thread")
2197 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
2198 if "OK" not in dev.request(cmd):
2199 raise Exception("Failed to initiate DPP Authentication")
2200 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2201 if ev is None:
2202 raise Exception("DPP configuration not completed (Configurator)")
2203 logger.info("DPP initiator/configurator done")
2204
2205 def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
2206 """sigma_dut controlled AP (DPP)"""
2207 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
2208
2209 def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
2210 """sigma_dut controlled AP (legacy)"""
2211 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
2212 extra="pass=%s" % to_hex("qwertyuiop"))
2213
2214 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
2215 """sigma_dut controlled AP (legacy)"""
2216 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
2217 extra="psk=%s" % (32*"12"))
2218
2219 def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
2220 check_dpp_capab(dev[0])
2221 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2222 with HWSimRadio() as (radio, iface):
2223 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2224 try:
2225 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2226 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2227 if "status,COMPLETE" not in res:
2228 raise Exception("dev_exec_action did not succeed: " + res)
2229 hex = res.split(',')[3]
2230 uri = from_hex(hex)
2231 logger.info("URI from sigma_dut: " + uri)
2232
2233 cmd = "DPP_CONFIGURATOR_ADD"
2234 res = dev[0].request(cmd)
2235 if "FAIL" in res:
2236 raise Exception("Failed to add configurator")
2237 conf_id = int(res)
2238
2239 id1 = dev[0].dpp_qr_code(uri)
2240
2241 t = threading.Thread(target=dpp_init_conf,
2242 args=(dev[0], id1, ap_conf, conf_id, extra))
2243 t.start()
2244 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2245 t.join()
2246 if "ConfResult,OK" not in res:
2247 raise Exception("Unexpected result: " + res)
2248
2249 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
2250 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2251
2252 id0b = dev[0].dpp_qr_code(uri1)
2253
2254 dev[1].set("dpp_config_processing", "2")
2255 cmd = "DPP_LISTEN 2412"
2256 if "OK" not in dev[1].request(cmd):
2257 raise Exception("Failed to start listen operation")
2258 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
2259 if "OK" not in dev[0].request(cmd):
2260 raise Exception("Failed to initiate DPP Authentication")
2261 dev[1].wait_connected()
2262
2263 sigma_dut_cmd_check("ap_reset_default")
2264 finally:
2265 dev[1].set("dpp_config_processing", "0")
2266 stop_sigma_dut(sigma)
2267
2268 def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
2269 """sigma_dut controlled AP as DPP PKEX responder"""
2270 check_dpp_capab(dev[0])
2271 logdir = os.path.join(params['logdir'],
2272 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2273 with HWSimRadio() as (radio, iface):
2274 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2275 try:
2276 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
2277 finally:
2278 stop_sigma_dut(sigma)
2279
2280 def dpp_init_conf_pkex(dev, conf_id, check_config=True):
2281 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2282 time.sleep(1.5)
2283 id = dev.dpp_bootstrap_gen(type="pkex")
2284 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
2285 res = dev.request(cmd)
2286 if "FAIL" in res:
2287 raise Exception("Failed to initiate DPP PKEX")
2288 if not check_config:
2289 return
2290 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2291 if ev is None:
2292 raise Exception("DPP configuration not completed (Configurator)")
2293 logger.info("DPP initiator/configurator done")
2294
2295 def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
2296 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2297
2298 cmd = "DPP_CONFIGURATOR_ADD"
2299 res = dev[0].request(cmd)
2300 if "FAIL" in res:
2301 raise Exception("Failed to add configurator")
2302 conf_id = int(res)
2303
2304 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
2305 t.start()
2306 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
2307 t.join()
2308 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2309 raise Exception("Unexpected result: " + res)
2310
2311 sigma_dut_cmd_check("ap_reset_default")
2312
2313 def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2314 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2315 check_dpp_capab(dev[0])
2316 sigma = start_sigma_dut(dev[0].ifname)
2317 try:
2318 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
2319 finally:
2320 stop_sigma_dut(sigma)
2321
2322 def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2323 cmd = "DPP_CONFIGURATOR_ADD"
2324 res = dev[1].request(cmd)
2325 if "FAIL" in res:
2326 raise Exception("Failed to add configurator")
2327 conf_id = int(res)
2328
2329 dev[1].set("dpp_test", "44")
2330
2331 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
2332 False))
2333 t.start()
2334 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
2335 t.join()
2336 if "BootstrapResult,Timeout" not in res:
2337 raise Exception("Unexpected result: " + res)
2338
2339 def dpp_proto_init(dev, id1):
2340 time.sleep(1)
2341 logger.info("Starting DPP initiator/configurator in a thread")
2342 cmd = "DPP_CONFIGURATOR_ADD"
2343 res = dev.request(cmd)
2344 if "FAIL" in res:
2345 raise Exception("Failed to add configurator")
2346 conf_id = int(res)
2347
2348 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
2349 if "OK" not in dev.request(cmd):
2350 raise Exception("Failed to initiate DPP Authentication")
2351
2352 def test_sigma_dut_dpp_proto_initiator(dev, apdev):
2353 """sigma_dut DPP protocol testing - Initiator"""
2354 check_dpp_capab(dev[0])
2355 check_dpp_capab(dev[1])
2356 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
2357 "BootstrapResult,OK,AuthResult,Errorsent",
2358 None),
2359 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2360 "BootstrapResult,OK,AuthResult,Errorsent",
2361 None),
2362 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2363 "BootstrapResult,OK,AuthResult,Errorsent",
2364 "Missing or invalid I-capabilities"),
2365 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2366 "BootstrapResult,OK,AuthResult,Errorsent",
2367 "Mismatching Initiator Authenticating Tag"),
2368 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2369 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2370 "Missing or invalid Enrollee Nonce attribute")]
2371 for step, frame, attr, result, fail in tests:
2372 dev[0].request("FLUSH")
2373 dev[1].request("FLUSH")
2374 sigma = start_sigma_dut(dev[0].ifname)
2375 try:
2376 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
2377 fail)
2378 finally:
2379 stop_sigma_dut(sigma)
2380
2381 def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
2382 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2383 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2384
2385 cmd = "DPP_LISTEN 2437 role=enrollee"
2386 if "OK" not in dev[1].request(cmd):
2387 raise Exception("Failed to start listen operation")
2388
2389 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2390 if "status,COMPLETE" not in res:
2391 raise Exception("dev_exec_action did not succeed: " + res)
2392
2393 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
2394 timeout=10)
2395 if result not in res:
2396 raise Exception("Unexpected result: " + res)
2397 if fail:
2398 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2399 if ev is None or fail not in ev:
2400 raise Exception("Failure not reported correctly: " + str(ev))
2401
2402 dev[1].request("DPP_STOP_LISTEN")
2403 dev[0].dump_monitor()
2404 dev[1].dump_monitor()
2405
2406 def test_sigma_dut_dpp_proto_responder(dev, apdev):
2407 """sigma_dut DPP protocol testing - Responder"""
2408 check_dpp_capab(dev[0])
2409 check_dpp_capab(dev[1])
2410 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2411 "BootstrapResult,OK,AuthResult,Errorsent",
2412 "Missing or invalid required DPP Status attribute"),
2413 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2414 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2415 "Missing or invalid Enrollee Nonce attribute")]
2416 for step, frame, attr, result, fail in tests:
2417 dev[0].request("FLUSH")
2418 dev[1].request("FLUSH")
2419 sigma = start_sigma_dut(dev[0].ifname)
2420 try:
2421 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2422 fail)
2423 finally:
2424 stop_sigma_dut(sigma)
2425
2426 def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2427 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2428 if "status,COMPLETE" not in res:
2429 raise Exception("dev_exec_action did not succeed: " + res)
2430 hex = res.split(',')[3]
2431 uri = from_hex(hex)
2432 logger.info("URI from sigma_dut: " + uri)
2433
2434 id1 = dev[1].dpp_qr_code(uri)
2435
2436 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2437 t.start()
2438 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2439 t.join()
2440 if result not in res:
2441 raise Exception("Unexpected result: " + res)
2442 if fail:
2443 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2444 if ev is None or fail not in ev:
2445 raise Exception("Failure not reported correctly:" + str(ev))
2446
2447 dev[1].request("DPP_STOP_LISTEN")
2448 dev[0].dump_monitor()
2449 dev[1].dump_monitor()
2450
2451 def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2452 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2453 check_dpp_capab(dev[0])
2454 check_dpp_capab(dev[1])
2455 tests = [("AuthenticationResponse",
2456 "BootstrapResult,OK,AuthResult,Errorsent",
2457 None),
2458 ("ConfigurationRequest",
2459 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2460 None)]
2461 for frame, result, fail in tests:
2462 dev[0].request("FLUSH")
2463 dev[1].request("FLUSH")
2464 sigma = start_sigma_dut(dev[0].ifname)
2465 try:
2466 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2467 finally:
2468 stop_sigma_dut(sigma)
2469
2470 def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
2471 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2472 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2473
2474 cmd = "DPP_LISTEN 2437 role=enrollee"
2475 if "OK" not in dev[1].request(cmd):
2476 raise Exception("Failed to start listen operation")
2477
2478 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2479 if "status,COMPLETE" not in res:
2480 raise Exception("dev_exec_action did not succeed: " + res)
2481
2482 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2483 if result not in res:
2484 raise Exception("Unexpected result: " + res)
2485 if fail:
2486 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2487 if ev is None or fail not in ev:
2488 raise Exception("Failure not reported correctly: " + str(ev))
2489
2490 dev[1].request("DPP_STOP_LISTEN")
2491 dev[0].dump_monitor()
2492 dev[1].dump_monitor()
2493
2494 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2495 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2496 check_dpp_capab(dev[0])
2497 check_dpp_capab(dev[1])
2498 tests = [("AuthenticationConfirm",
2499 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2500 None)]
2501 for frame, result, fail in tests:
2502 dev[0].request("FLUSH")
2503 dev[1].request("FLUSH")
2504 sigma = start_sigma_dut(dev[0].ifname)
2505 try:
2506 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2507 result, fail)
2508 finally:
2509 stop_sigma_dut(sigma)
2510
2511 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2512 fail):
2513 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2514 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2515
2516 cmd = "DPP_LISTEN 2437 role=configurator"
2517 if "OK" not in dev[1].request(cmd):
2518 raise Exception("Failed to start listen operation")
2519
2520 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2521 if "status,COMPLETE" not in res:
2522 raise Exception("dev_exec_action did not succeed: " + res)
2523
2524 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2525 if result not in res:
2526 raise Exception("Unexpected result: " + res)
2527 if fail:
2528 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2529 if ev is None or fail not in ev:
2530 raise Exception("Failure not reported correctly: " + str(ev))
2531
2532 dev[1].request("DPP_STOP_LISTEN")
2533 dev[0].dump_monitor()
2534 dev[1].dump_monitor()
2535
2536 def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2537 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2538 check_dpp_capab(dev[0])
2539 check_dpp_capab(dev[1])
2540 tests = [("AuthenticationRequest",
2541 "BootstrapResult,OK,AuthResult,Errorsent",
2542 None),
2543 ("AuthenticationConfirm",
2544 "BootstrapResult,OK,AuthResult,Errorsent",
2545 None)]
2546 for frame, result, fail in tests:
2547 dev[0].request("FLUSH")
2548 dev[1].request("FLUSH")
2549 sigma = start_sigma_dut(dev[0].ifname)
2550 try:
2551 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2552 finally:
2553 stop_sigma_dut(sigma)
2554
2555 def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2556 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2557 if "status,COMPLETE" not in res:
2558 raise Exception("dev_exec_action did not succeed: " + res)
2559 hex = res.split(',')[3]
2560 uri = from_hex(hex)
2561 logger.info("URI from sigma_dut: " + uri)
2562
2563 id1 = dev[1].dpp_qr_code(uri)
2564
2565 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2566 t.start()
2567 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2568 t.join()
2569 if result not in res:
2570 raise Exception("Unexpected result: " + res)
2571 if fail:
2572 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2573 if ev is None or fail not in ev:
2574 raise Exception("Failure not reported correctly:" + str(ev))
2575
2576 dev[1].request("DPP_STOP_LISTEN")
2577 dev[0].dump_monitor()
2578 dev[1].dump_monitor()
2579
2580 def dpp_proto_init_pkex(dev):
2581 time.sleep(1)
2582 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2583 cmd = "DPP_CONFIGURATOR_ADD"
2584 res = dev.request(cmd)
2585 if "FAIL" in res:
2586 raise Exception("Failed to add configurator")
2587 conf_id = int(res)
2588
2589 id = dev.dpp_bootstrap_gen(type="pkex")
2590
2591 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2592 if "FAIL" in dev.request(cmd):
2593 raise Exception("Failed to initiate DPP PKEX")
2594
2595 def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2596 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2597 check_dpp_capab(dev[0])
2598 check_dpp_capab(dev[1])
2599 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2600 "BootstrapResult,Errorsent",
2601 None),
2602 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2603 "BootstrapResult,Errorsent",
2604 "Missing or invalid Finite Cyclic Group attribute"),
2605 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2606 "BootstrapResult,Errorsent",
2607 "No valid peer bootstrapping key found")]
2608 for step, frame, attr, result, fail in tests:
2609 dev[0].request("FLUSH")
2610 dev[1].request("FLUSH")
2611 sigma = start_sigma_dut(dev[0].ifname)
2612 try:
2613 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2614 result, fail)
2615 finally:
2616 stop_sigma_dut(sigma)
2617
2618 def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
2619 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2620
2621 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2622 res = dev[1].request(cmd)
2623 if "FAIL" in res:
2624 raise Exception("Failed to set PKEX data (responder)")
2625
2626 cmd = "DPP_LISTEN 2437 role=enrollee"
2627 if "OK" not in dev[1].request(cmd):
2628 raise Exception("Failed to start listen operation")
2629
2630 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
2631 if result not in res:
2632 raise Exception("Unexpected result: " + res)
2633 if fail:
2634 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2635 if ev is None or fail not in ev:
2636 raise Exception("Failure not reported correctly: " + str(ev))
2637
2638 dev[1].request("DPP_STOP_LISTEN")
2639 dev[0].dump_monitor()
2640 dev[1].dump_monitor()
2641
2642 def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2643 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2644 check_dpp_capab(dev[0])
2645 check_dpp_capab(dev[1])
2646 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2647 "BootstrapResult,Errorsent",
2648 None),
2649 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2650 "BootstrapResult,Errorsent",
2651 "No DPP Status attribute"),
2652 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2653 "BootstrapResult,Errorsent",
2654 "No valid peer bootstrapping key found")]
2655 for step, frame, attr, result, fail in tests:
2656 dev[0].request("FLUSH")
2657 dev[1].request("FLUSH")
2658 sigma = start_sigma_dut(dev[0].ifname)
2659 try:
2660 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2661 result, fail)
2662 finally:
2663 stop_sigma_dut(sigma)
2664
2665 def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2666 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2667 t.start()
2668 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2669 t.join()
2670 if result not in res:
2671 raise Exception("Unexpected result: " + res)
2672 if fail:
2673 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2674 if ev is None or fail not in ev:
2675 raise Exception("Failure not reported correctly:" + str(ev))
2676
2677 dev[1].request("DPP_STOP_LISTEN")
2678 dev[0].dump_monitor()
2679 dev[1].dump_monitor()
2680
2681 def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2682 check_dpp_capab(dev[0])
2683 check_dpp_capab(dev[1])
2684
2685 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2686 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2687 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2688 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2689
2690 params = {"ssid": "DPPNET01",
2691 "wpa": "2",
2692 "ieee80211w": "2",
2693 "wpa_key_mgmt": "DPP",
2694 "rsn_pairwise": "CCMP",
2695 "dpp_connector": ap_connector,
2696 "dpp_csign": csign_pub,
2697 "dpp_netaccesskey": ap_netaccesskey}
2698 try:
2699 hapd = hostapd.add_ap(apdev[0], params)
2700 except:
2701 raise HwsimSkip("DPP not supported")
2702
2703 dev[0].set("dpp_config_processing", "2")
2704
2705 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2706 res = dev[1].request(cmd)
2707 if "FAIL" in res:
2708 raise Exception("Failed to add configurator")
2709 conf_id = int(res)
2710
2711 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2712 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2713
2714 dev[1].set("dpp_configurator_params",
2715 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2716 conf_id))
2717 cmd = "DPP_LISTEN 2437 role=configurator"
2718 if "OK" not in dev[1].request(cmd):
2719 raise Exception("Failed to start listen operation")
2720
2721 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2722 if "status,COMPLETE" not in res:
2723 raise Exception("dev_exec_action did not succeed: " + res)
2724
2725 def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2726 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2727 sigma = start_sigma_dut(dev[0].ifname)
2728 try:
2729 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2730
2731 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2732 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2733 raise Exception("Unexpected result: " + res)
2734 finally:
2735 dev[0].set("dpp_config_processing", "0", allow_fail=True)
2736 stop_sigma_dut(sigma)
2737
2738 def test_sigma_dut_dpp_self_config(dev, apdev):
2739 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2740 check_dpp_capab(dev[0])
2741
2742 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2743 check_dpp_capab(hapd)
2744
2745 sigma = start_sigma_dut(dev[0].ifname)
2746 try:
2747 dev[0].set("dpp_config_processing", "2")
2748 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2749 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2750
2751 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2752 if "status,COMPLETE" not in res:
2753 raise Exception("dev_exec_action did not succeed: " + res)
2754
2755 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2756 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2757 raise Exception("Unexpected result: " + res)
2758 update_hapd_config(hapd)
2759
2760 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2761 res = sigma_dut_cmd(cmd, timeout=10)
2762 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2763 raise Exception("Unexpected result: " + res)
2764 finally:
2765 stop_sigma_dut(sigma)
2766 dev[0].set("dpp_config_processing", "0")
2767
2768 def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2769 """sigma_dut DPP AP Configurator using self-configuration"""
2770 logdir = os.path.join(params['logdir'],
2771 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2772 with HWSimRadio() as (radio, iface):
2773 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2774 try:
2775 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2776 finally:
2777 stop_sigma_dut(sigma)
2778 dev[0].set("dpp_config_processing", "0", allow_fail=True)
2779
2780 def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2781 check_dpp_capab(dev[0])
2782
2783 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2784
2785 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2786 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2787 raise Exception("Unexpected result: " + res)
2788
2789 dev[0].set("dpp_config_processing", "2")
2790
2791 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
2792 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2793 cmd = "DPP_LISTEN 2462 role=enrollee"
2794 if "OK" not in dev[0].request(cmd):
2795 raise Exception("Failed to start listen operation")
2796
2797 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2798 if "status,COMPLETE" not in res:
2799 raise Exception("dev_exec_action did not succeed: " + res)
2800 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2801 res = sigma_dut_cmd(cmd)
2802 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2803 raise Exception("Unexpected result: " + res)
2804 dev[0].wait_connected()
2805 dev[0].request("DISCONNECT")
2806 dev[0].wait_disconnected()
2807 sigma_dut_cmd_check("ap_reset_default")
2808
2809
2810 def test_sigma_dut_ap_dpp_relay(dev, apdev, params):
2811 """sigma_dut DPP AP as Relay to Controller"""
2812 logdir = os.path.join(params['logdir'],
2813 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2814 with HWSimRadio() as (radio, iface):
2815 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2816 try:
2817 run_sigma_dut_ap_dpp_relay(dev, apdev)
2818 finally:
2819 stop_sigma_dut(sigma)
2820 dev[1].request("DPP_CONTROLLER_STOP")
2821
2822 def run_sigma_dut_ap_dpp_relay(dev, apdev):
2823 check_dpp_capab(dev[0])
2824 check_dpp_capab(dev[1])
2825
2826 # Controller
2827 conf_id = dev[1].dpp_configurator_add()
2828 dev[1].set("dpp_configurator_params",
2829 " conf=sta-dpp configurator=%d" % conf_id)
2830 id_c = dev[1].dpp_bootstrap_gen()
2831 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2832 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
2833 pkhash = None
2834 for line in res.splitlines():
2835 name, value = line.split('=')
2836 if name == "pkhash":
2837 pkhash = value
2838 break
2839 if not pkhash:
2840 raise Exception("Could not fetch public key hash from Controller")
2841 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2842 raise Exception("Failed to start Controller")
2843
2844 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2845 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash)
2846 res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2847
2848 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
2849 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0])
2850
2851 sigma_dut_cmd_check("ap_reset_default")
2852
2853 def dpp_init_tcp_enrollee(dev, id1):
2854 logger.info("Starting DPP initiator/enrollee (TCP) in a thread")
2855 time.sleep(1)
2856 cmd = "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2857 if "OK" not in dev.request(cmd):
2858 raise Exception("Failed to initiate DPP Authentication")
2859 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2860 if ev is None:
2861 raise Exception("DPP configuration not completed (Enrollee)")
2862 logger.info("DPP initiator/enrollee done")
2863
2864 def test_sigma_dut_dpp_tcp_conf_resp(dev, apdev):
2865 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2866 run_sigma_dut_dpp_tcp_conf_resp(dev)
2867
2868 def run_sigma_dut_dpp_tcp_conf_resp(dev, status_query=False):
2869 check_dpp_capab(dev[0])
2870 check_dpp_capab(dev[1])
2871 sigma = start_sigma_dut(dev[0].ifname)
2872 try:
2873 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2874 res = sigma_dut_cmd(cmd)
2875 if "status,COMPLETE" not in res:
2876 raise Exception("dev_exec_action did not succeed: " + res)
2877 hex = res.split(',')[3]
2878 uri = from_hex(hex)
2879 logger.info("URI from sigma_dut: " + uri)
2880
2881 id1 = dev[1].dpp_qr_code(uri)
2882
2883 t = threading.Thread(target=dpp_init_tcp_enrollee, args=(dev[1], id1))
2884 t.start()
2885 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2886 if status_query:
2887 cmd += ",DPPStatusQuery,Yes"
2888 res = sigma_dut_cmd(cmd, timeout=10)
2889 t.join()
2890 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2891 raise Exception("Unexpected result: " + res)
2892 if status_query and "StatusResult,0" not in res:
2893 raise Exception("Status query did not succeed: " + res)
2894 finally:
2895 stop_sigma_dut(sigma)
2896
2897 def test_sigma_dut_dpp_tcp_enrollee_init(dev, apdev):
2898 """sigma_dut DPP TCP Enrollee as initiator"""
2899 check_dpp_capab(dev[0])
2900 check_dpp_capab(dev[1])
2901 sigma = start_sigma_dut(dev[0].ifname)
2902 try:
2903 # Controller
2904 conf_id = dev[1].dpp_configurator_add()
2905 dev[1].set("dpp_configurator_params",
2906 " conf=sta-dpp configurator=%d" % conf_id)
2907 id_c = dev[1].dpp_bootstrap_gen()
2908 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2909 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2910 raise Exception("Failed to start Controller")
2911
2912 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
2913 if "status,COMPLETE" not in res:
2914 raise Exception("dev_exec_action did not succeed: " + res)
2915
2916 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2917 res = sigma_dut_cmd(cmd, timeout=10)
2918 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2919 raise Exception("Unexpected result: " + res)
2920 finally:
2921 stop_sigma_dut(sigma)
2922 dev[1].request("DPP_CONTROLLER_STOP")
2923
2924 def test_sigma_dut_preconfigured_profile(dev, apdev):
2925 """sigma_dut controlled connection using preconfigured profile"""
2926 try:
2927 run_sigma_dut_preconfigured_profile(dev, apdev)
2928 finally:
2929 dev[0].set("ignore_old_scan_res", "0")
2930
2931 def run_sigma_dut_preconfigured_profile(dev, apdev):
2932 ifname = dev[0].ifname
2933 sigma = start_sigma_dut(ifname)
2934
2935 try:
2936 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2937 hapd = hostapd.add_ap(apdev[0], params)
2938 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2939 only_add_network=True)
2940
2941 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2942 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"),
2943 timeout=10)
2944 sigma_dut_wait_connected(ifname)
2945 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2946 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2947 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2948 finally:
2949 stop_sigma_dut(sigma)
2950
2951 def test_sigma_dut_wps_pbc(dev, apdev):
2952 """sigma_dut and WPS PBC Enrollee"""
2953 try:
2954 run_sigma_dut_wps_pbc(dev, apdev)
2955 finally:
2956 dev[0].set("ignore_old_scan_res", "0")
2957
2958 def run_sigma_dut_wps_pbc(dev, apdev):
2959 ssid = "test-wps-conf"
2960 hapd = hostapd.add_ap(apdev[0],
2961 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2962 "wpa_passphrase": "12345678", "wpa": "2",
2963 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2964 hapd.request("WPS_PBC")
2965
2966 ifname = dev[0].ifname
2967 sigma = start_sigma_dut(ifname)
2968
2969 try:
2970 cmd = "start_wps_registration,interface,%s" % ifname
2971 cmd += ",WpsRole,Enrollee"
2972 cmd += ",WpsConfigMethod,PBC"
2973 sigma_dut_cmd_check(cmd, timeout=15)
2974
2975 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2976 hapd.disable()
2977 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2978 finally:
2979 stop_sigma_dut(sigma)
2980 dev[0].flush_scan_cache()
2981
2982 def test_sigma_dut_sta_scan_bss(dev, apdev):
2983 """sigma_dut sta_scan_bss"""
2984 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
2985 sigma = start_sigma_dut(dev[0].ifname)
2986 try:
2987 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2988 hapd.own_addr())
2989 res = sigma_dut_cmd(cmd, timeout=10)
2990 if "ssid,test,bsschannel,1" not in res:
2991 raise Exception("Unexpected result: " + res)
2992 finally:
2993 stop_sigma_dut(sigma)
2994
2995 def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2996 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2997 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2998 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2999 sigma = start_sigma_dut(dev[0].ifname)
3000 try:
3001 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
3002 res = sigma_dut_cmd(cmd, timeout=10)
3003 if "abcdef" not in res or "qwerty" not in res:
3004 raise Exception("Unexpected result: " + res)
3005 finally:
3006 stop_sigma_dut(sigma)
3007
3008 def test_sigma_dut_sta_scan_short_ssid(dev, apdev):
3009 """sigma_dut sta_scan ShortSSID"""
3010 dev[0].flush_scan_cache()
3011 ssid = "test-short-ssid-list"
3012 hapd = hostapd.add_ap(apdev[0], {"ssid": ssid,
3013 "ignore_broadcast_ssid": "1"})
3014 bssid = apdev[0]['bssid']
3015 payload = struct.pack('>L', binascii.crc32(ssid.encode()))
3016 val = binascii.hexlify(payload).decode()
3017 sigma = start_sigma_dut(dev[0].ifname)
3018 found = False
3019 try:
3020 cmd = "sta_scan,Interface,%s,ChnlFreq,2412,ShortSSID,%s" % (dev[0].ifname, val)
3021 for i in range(10):
3022 sigma_dut_cmd_check(cmd, timeout=5)
3023 ev = dev[0].wait_event(["CTRL-EVENT-SCAN-RESULTS"])
3024 if ev is None:
3025 raise Exception("Scan did not complete")
3026 if bssid in dev[0].request("SCAN_RESULTS"):
3027 found = True
3028 break
3029 finally:
3030 stop_sigma_dut(sigma)
3031 dev[0].request("VENDOR_ELEM_REMOVE 14 *")
3032
3033 if not found:
3034 raise Exception("AP not found in scan results")
3035
3036 def test_sigma_dut_ap_osen(dev, apdev, params):
3037 """sigma_dut controlled AP with OSEN"""
3038 logdir = os.path.join(params['logdir'],
3039 "sigma_dut_ap_osen.sigma-hostapd")
3040 with HWSimRadio() as (radio, iface):
3041 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3042 try:
3043 sigma_dut_cmd_check("ap_reset_default")
3044 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3045 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3046 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
3047 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3048
3049 # RSN-OSEN (for OSU)
3050 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
3051 pairwise="CCMP", group="GTK_NOT_USED",
3052 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
3053 ca_cert="auth_serv/ca.pem", scan_freq="2412")
3054
3055 sigma_dut_cmd_check("ap_reset_default")
3056 finally:
3057 stop_sigma_dut(sigma)
3058
3059 def test_sigma_dut_ap_eap_osen(dev, apdev, params):
3060 """sigma_dut controlled AP with EAP+OSEN"""
3061 logdir = os.path.join(params['logdir'],
3062 "sigma_dut_ap_eap_osen.sigma-hostapd")
3063 with HWSimRadio() as (radio, iface):
3064 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
3065 try:
3066 sigma_dut_cmd_check("ap_reset_default")
3067 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3068 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3069 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
3070 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3071
3072 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
3073 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
3074
3075 # RSN-OSEN (for OSU)
3076 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
3077 pairwise="CCMP",
3078 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
3079 ca_cert="auth_serv/ca.pem", ieee80211w='2',
3080 scan_freq="2412")
3081 # RSN-EAP (for data connection)
3082 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
3083 identity="hs20-test", password="password",
3084 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
3085 ieee80211w='2', scan_freq="2412")
3086
3087 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
3088 success_expected=False, timeout=1)
3089
3090 sigma_dut_cmd_check("ap_reset_default")
3091 finally:
3092 stop_sigma_dut(sigma)
3093 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3094 stderr=open('/dev/null', 'w'))
3095 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3096 stderr=open('/dev/null', 'w'))
3097
3098 def test_sigma_dut_ap_eap(dev, apdev, params):
3099 """sigma_dut controlled AP WPA2-Enterprise"""
3100 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
3101 with HWSimRadio() as (radio, iface):
3102 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3103 try:
3104 sigma_dut_cmd_check("ap_reset_default")
3105 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3106 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3107 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
3108 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3109
3110 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
3111 identity="gpsk user",
3112 password="abcdefghijklmnop0123456789abcdef",
3113 scan_freq="2412")
3114
3115 sigma_dut_cmd_check("ap_reset_default")
3116 finally:
3117 stop_sigma_dut(sigma)
3118
3119 def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
3120 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
3121 logdir = os.path.join(params['logdir'],
3122 "sigma_dut_ap_eap_sha256.sigma-hostapd")
3123 with HWSimRadio() as (radio, iface):
3124 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3125 try:
3126 sigma_dut_cmd_check("ap_reset_default")
3127 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3128 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3129 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
3130 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3131
3132 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
3133 identity="gpsk user",
3134 password="abcdefghijklmnop0123456789abcdef",
3135 scan_freq="2412")
3136
3137 sigma_dut_cmd_check("ap_reset_default")
3138 finally:
3139 stop_sigma_dut(sigma)
3140
3141 def test_sigma_dut_ap_ft_eap(dev, apdev, params):
3142 """sigma_dut controlled AP FT-EAP"""
3143 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
3144 with HWSimRadio() as (radio, iface):
3145 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3146 try:
3147 sigma_dut_cmd_check("ap_reset_default")
3148 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3149 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3150 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
3151 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3152
3153 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
3154 identity="gpsk user",
3155 password="abcdefghijklmnop0123456789abcdef",
3156 scan_freq="2412")
3157
3158 sigma_dut_cmd_check("ap_reset_default")
3159 finally:
3160 stop_sigma_dut(sigma)
3161
3162 def test_sigma_dut_ap_ft_psk(dev, apdev, params):
3163 """sigma_dut controlled AP FT-PSK"""
3164 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
3165 with HWSimRadio() as (radio, iface):
3166 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3167 try:
3168 sigma_dut_cmd_check("ap_reset_default")
3169 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3170 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3171 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3172
3173 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
3174 scan_freq="2412")
3175
3176 sigma_dut_cmd_check("ap_reset_default")
3177 finally:
3178 stop_sigma_dut(sigma)
3179
3180 def test_sigma_dut_ap_ft_over_ds_psk(dev, apdev, params):
3181 """sigma_dut controlled AP FT-PSK (over-DS)"""
3182 logdir = os.path.join(params['logdir'],
3183 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
3184 conffile = os.path.join(params['logdir'],
3185 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
3186 with HWSimRadio() as (radio, iface):
3187 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3188 try:
3189 sigma_dut_cmd_check("ap_reset_default")
3190 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
3191 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3192 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3193
3194 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3195 with open(conffile, "wb") as f2:
3196 f2.write(f.read())
3197
3198 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
3199 scan_freq="2412")
3200
3201 sigma_dut_cmd_check("ap_reset_default")
3202 finally:
3203 stop_sigma_dut(sigma)
3204
3205 def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
3206 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
3207 logdir = os.path.join(params['logdir'],
3208 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
3209 with HWSimRadio() as (radio, iface):
3210 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3211 try:
3212 sigma_dut_cmd_check("ap_reset_default")
3213 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3214 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3215 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
3216 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3217
3218 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
3219 identity="gpsk user",
3220 password="abcdefghijklmnop0123456789abcdef",
3221 scan_freq="2412")
3222 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
3223 identity="gpsk user",
3224 password="abcdefghijklmnop0123456789abcdef",
3225 scan_freq="2412")
3226
3227 sigma_dut_cmd_check("ap_reset_default")
3228 finally:
3229 stop_sigma_dut(sigma)
3230
3231 def test_sigma_dut_venue_url(dev, apdev):
3232 """sigma_dut controlled Venue URL fetch"""
3233 try:
3234 run_sigma_dut_venue_url(dev, apdev)
3235 finally:
3236 dev[0].set("ignore_old_scan_res", "0")
3237
3238 def run_sigma_dut_venue_url(dev, apdev):
3239 ifname = dev[0].ifname
3240 sigma = start_sigma_dut(ifname)
3241
3242 try:
3243 ssid = "venue"
3244 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3245 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3246 params["ieee80211w"] = "2"
3247
3248 venue_group = 1
3249 venue_type = 13
3250 venue_info = struct.pack('BB', venue_group, venue_type)
3251 lang1 = "eng"
3252 name1 = "Example venue"
3253 lang2 = "fin"
3254 name2 = "Esimerkkipaikka"
3255 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
3256 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
3257 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
3258
3259 url1 = "http://example.com/venue"
3260 url2 = "https://example.org/venue-info/"
3261 params["venue_group"] = str(venue_group)
3262 params["venue_type"] = str(venue_type)
3263 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
3264 params["venue_url"] = ["1:" + url1, "2:" + url2]
3265
3266 hapd = hostapd.add_ap(apdev[0], params)
3267
3268 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
3269 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3270 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
3271 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"),
3272 timeout=10)
3273 sigma_dut_wait_connected(ifname)
3274 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3275 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
3276 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3277 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3278 finally:
3279 stop_sigma_dut(sigma)
3280
3281 def test_sigma_dut_hs20_assoc_24(dev, apdev):
3282 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3283 run_sigma_dut_hs20_assoc(dev, apdev, True)
3284
3285 def test_sigma_dut_hs20_assoc_5(dev, apdev):
3286 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3287 run_sigma_dut_hs20_assoc(dev, apdev, False)
3288
3289 def run_sigma_dut_hs20_assoc(dev, apdev, band24):
3290 hapd0 = None
3291 hapd1 = None
3292 try:
3293 bssid0 = apdev[0]['bssid']
3294 params = hs20_ap_params()
3295 params['hessid'] = bssid0
3296 hapd0 = hostapd.add_ap(apdev[0], params)
3297
3298 bssid1 = apdev[1]['bssid']
3299 params = hs20_ap_params()
3300 params['hessid'] = bssid0
3301 params["hw_mode"] = "a"
3302 params["channel"] = "36"
3303 params["country_code"] = "US"
3304 hapd1 = hostapd.add_ap(apdev[1], params)
3305
3306 band = "2.4" if band24 else "5"
3307 exp_bssid = bssid0 if band24 else bssid1
3308 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
3309 finally:
3310 dev[0].request("DISCONNECT")
3311 if hapd0:
3312 hapd0.request("DISABLE")
3313 if hapd1:
3314 hapd1.request("DISABLE")
3315 subprocess.call(['iw', 'reg', 'set', '00'])
3316 dev[0].flush_scan_cache()
3317
3318 def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
3319 check_eap_capa(dev[0], "MSCHAPV2")
3320 dev[0].flush_scan_cache()
3321
3322 ifname = dev[0].ifname
3323 sigma = start_sigma_dut(ifname)
3324
3325 try:
3326 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
3327 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3328 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
3329 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
3330 timeout=15)
3331 sigma_dut_wait_connected(ifname)
3332 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3333 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3334 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3335 finally:
3336 stop_sigma_dut(sigma)
3337
3338 if "BSSID," + expect_bssid not in res:
3339 raise Exception("Unexpected BSSID: " + res)
3340
3341 def test_sigma_dut_ap_hs20(dev, apdev, params):
3342 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3343 logdir = os.path.join(params['logdir'],
3344 "sigma_dut_ap_hs20.sigma-hostapd")
3345 conffile = os.path.join(params['logdir'],
3346 "sigma_dut_ap_hs20.sigma-conf")
3347 with HWSimRadio() as (radio, iface):
3348 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3349 try:
3350 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3351 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3352 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3353 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3354 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3355 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3356 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3357 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3358 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3359 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3360 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3361 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3362 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3363 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3364
3365 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3366 with open(conffile, "wb") as f2:
3367 f2.write(f.read())
3368
3369 sigma_dut_cmd_check("ap_reset_default")
3370 finally:
3371 stop_sigma_dut(sigma)
3372
3373 def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
3374 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3375 logdir = params['logdir']
3376
3377 with open("auth_serv/ca.pem", "r") as f:
3378 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
3379 "w") as f2:
3380 f2.write(f.read())
3381
3382 src = "auth_serv/server.pem"
3383 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
3384 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3385 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3386 "-outform", "DER"],
3387 stderr=open('/dev/null', 'w'))
3388 with open(dst, "rb") as f:
3389 der = f.read()
3390 hash = hashlib.sha256(der).digest()
3391 with open(hashdst, "w") as f:
3392 f.write(binascii.hexlify(hash).decode())
3393
3394 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3395 with open(dst, "w") as f:
3396 f.write(32*"00")
3397
3398 ssid = "test-wpa2-eap"
3399 params = hostapd.wpa2_eap_params(ssid=ssid)
3400 hapd = hostapd.add_ap(apdev[0], params)
3401
3402 ifname = dev[0].ifname
3403 sigma = start_sigma_dut(ifname, cert_path=logdir)
3404
3405 try:
3406 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
3407
3408 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3409 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3410 sigma_dut_cmd_check(cmd)
3411 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3412 timeout=10)
3413 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3414 if ev is None:
3415 raise Exception("Server certificate error not reported")
3416
3417 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3418 if "ServerCertTrustResult,Accepted" not in res:
3419 raise Exception("Server certificate trust was not accepted")
3420 sigma_dut_wait_connected(ifname)
3421 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3422 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3423 dev[0].dump_monitor()
3424 finally:
3425 stop_sigma_dut(sigma)
3426
3427 def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
3428 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3429 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
3430
3431 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
3432 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3433 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
3434
3435 def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
3436 logdir = params['logdir']
3437
3438 name = "sigma_dut_eap_ttls_uosc_tod"
3439 if tofu:
3440 name += "_tofu"
3441 with open("auth_serv/ca.pem", "r") as f:
3442 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3443 f2.write(f.read())
3444
3445 if tofu:
3446 src = "auth_serv/server-certpol2.pem"
3447 else:
3448 src = "auth_serv/server-certpol.pem"
3449 dst = os.path.join(logdir, name + ".server.der")
3450 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3451 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3452 "-outform", "DER"],
3453 stderr=open('/dev/null', 'w'))
3454 with open(dst, "rb") as f:
3455 der = f.read()
3456 hash = hashlib.sha256(der).digest()
3457 with open(hashdst, "w") as f:
3458 f.write(binascii.hexlify(hash).decode())
3459
3460 ssid = "test-wpa2-eap"
3461 params = int_eap_server_params()
3462 params["ssid"] = ssid
3463 if tofu:
3464 params["server_cert"] = "auth_serv/server-certpol2.pem"
3465 params["private_key"] = "auth_serv/server-certpol2.key"
3466 else:
3467 params["server_cert"] = "auth_serv/server-certpol.pem"
3468 params["private_key"] = "auth_serv/server-certpol.key"
3469 hapd = hostapd.add_ap(apdev[0], params)
3470
3471 ifname = dev[0].ifname
3472 sigma = start_sigma_dut(ifname, cert_path=logdir)
3473
3474 try:
3475 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
3476 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3477 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3478 sigma_dut_cmd_check(cmd)
3479 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3480 timeout=10)
3481 sigma_dut_wait_connected(ifname)
3482 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3483 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
3484 dev[0].wait_disconnected()
3485 dev[0].dump_monitor()
3486
3487 hapd.disable()
3488 params = hostapd.wpa2_eap_params(ssid=ssid)
3489 hapd = hostapd.add_ap(apdev[0], params)
3490
3491 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3492 timeout=10)
3493 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3494 if ev is None:
3495 raise Exception("Server certificate error not reported")
3496
3497 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3498 if "ServerCertTrustResult,Accepted" in res:
3499 raise Exception("Server certificate trust override was accepted unexpectedly")
3500 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3501 dev[0].dump_monitor()
3502 finally:
3503 stop_sigma_dut(sigma)
3504
3505 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
3506 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3507 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
3508
3509 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
3510 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3511 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
3512
3513 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
3514 logdir = params['logdir']
3515
3516 name = "sigma_dut_eap_ttls_uosc_initial_tod"
3517 if tofu:
3518 name += "_tofu"
3519 with open("auth_serv/rsa3072-ca.pem", "r") as f:
3520 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3521 f2.write(f.read())
3522
3523 if tofu:
3524 src = "auth_serv/server-certpol2.pem"
3525 else:
3526 src = "auth_serv/server-certpol.pem"
3527 dst = os.path.join(logdir, name + ".server.der")
3528 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3529 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3530 "-outform", "DER"],
3531 stderr=open('/dev/null', 'w'))
3532 with open(dst, "rb") as f:
3533 der = f.read()
3534 hash = hashlib.sha256(der).digest()
3535 with open(hashdst, "w") as f:
3536 f.write(binascii.hexlify(hash).decode())
3537
3538 ssid = "test-wpa2-eap"
3539 params = int_eap_server_params()
3540 params["ssid"] = ssid
3541 if tofu:
3542 params["server_cert"] = "auth_serv/server-certpol2.pem"
3543 params["private_key"] = "auth_serv/server-certpol2.key"
3544 else:
3545 params["server_cert"] = "auth_serv/server-certpol.pem"
3546 params["private_key"] = "auth_serv/server-certpol.key"
3547 hapd = hostapd.add_ap(apdev[0], params)
3548
3549 ifname = dev[0].ifname
3550 sigma = start_sigma_dut(ifname, cert_path=logdir)
3551
3552 try:
3553 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
3554 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3555 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3556 sigma_dut_cmd_check(cmd)
3557 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3558 timeout=10)
3559 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
3560 if ev is None:
3561 raise Exception("Server certificate validation failure not reported")
3562
3563 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3564 if not tofu and "ServerCertTrustResult,Accepted" in res:
3565 raise Exception("Server certificate trust override was accepted unexpectedly")
3566 if tofu and "ServerCertTrustResult,Accepted" not in res:
3567 raise Exception("Server certificate trust override was not accepted")
3568 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3569 dev[0].dump_monitor()
3570 finally:
3571 stop_sigma_dut(sigma)
3572
3573 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
3574 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3575 check_domain_suffix_match(dev[0])
3576 logdir = params['logdir']
3577
3578 with open("auth_serv/ca.pem", "r") as f:
3579 with open(os.path.join(logdir,
3580 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3581 "w") as f2:
3582 f2.write(f.read())
3583
3584 ssid = "test-wpa2-eap"
3585 params = int_eap_server_params()
3586 params["ssid"] = ssid
3587 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3588 params["server_cert"] = "auth_serv/rsa3072-server.pem"
3589 params["private_key"] = "auth_serv/rsa3072-server.key"
3590 hapd = hostapd.add_ap(apdev[0], params)
3591
3592 ifname = dev[0].ifname
3593 sigma = start_sigma_dut(ifname, cert_path=logdir)
3594
3595 try:
3596 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
3597 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3598 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3599 sigma_dut_cmd_check(cmd)
3600 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3601 timeout=10)
3602 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3603 if ev is None:
3604 raise Exception("Server certificate error not reported")
3605
3606 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3607 if "ServerCertTrustResult,Accepted" not in res:
3608 raise Exception("Server certificate trust was not accepted")
3609 sigma_dut_wait_connected(ifname)
3610 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3611 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3612 dev[0].dump_monitor()
3613 finally:
3614 stop_sigma_dut(sigma)
3615
3616 def start_sae_pwe_ap(apdev, sae_pwe):
3617 ssid = "test-sae"
3618 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3619 params['wpa_key_mgmt'] = 'SAE'
3620 params["ieee80211w"] = "2"
3621 params['sae_groups'] = '19'
3622 params['sae_pwe'] = str(sae_pwe)
3623 return hostapd.add_ap(apdev, params)
3624
3625 def connect_sae_pwe_sta(dev, ifname, extra=None):
3626 dev.dump_monitor()
3627 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3628 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3629 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3630 if extra:
3631 cmd += "," + extra
3632 sigma_dut_cmd_check(cmd)
3633 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3634 timeout=10)
3635 sigma_dut_wait_connected(ifname)
3636 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3637 dev.wait_disconnected()
3638 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3639 dev.dump_monitor()
3640
3641 def no_connect_sae_pwe_sta(dev, ifname, extra=None):
3642 dev.dump_monitor()
3643 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3644 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3645 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3646 if extra:
3647 cmd += "," + extra
3648 sigma_dut_cmd_check(cmd)
3649 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3650 timeout=10)
3651 ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
3652 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3653 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3654 raise Exception("Unexpected connection result")
3655 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3656 dev.dump_monitor()
3657
3658 def test_sigma_dut_sae_h2e(dev, apdev):
3659 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3660 if "SAE" not in dev[0].get_capability("auth_alg"):
3661 raise HwsimSkip("SAE not supported")
3662
3663 start_sae_pwe_ap(apdev[0], 2)
3664
3665 ifname = dev[0].ifname
3666 sigma = start_sigma_dut(ifname, sae_h2e=True)
3667 try:
3668 connect_sae_pwe_sta(dev[0], ifname)
3669 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3670 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3671 res = sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname, "test-sae", "12345678"))
3672 if res != "status,ERROR,errorCode,Unsupported sae_pwe value":
3673 raise Exception("Unexpected error result: " + res)
3674 finally:
3675 stop_sigma_dut(sigma)
3676 dev[0].set("sae_pwe", "0")
3677
3678 def test_sigma_dut_sae_h2e_ap_loop(dev, apdev):
3679 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3680 if "SAE" not in dev[0].get_capability("auth_alg"):
3681 raise HwsimSkip("SAE not supported")
3682
3683 start_sae_pwe_ap(apdev[0], 0)
3684
3685 ifname = dev[0].ifname
3686 sigma = start_sigma_dut(ifname, sae_h2e=True)
3687 try:
3688 connect_sae_pwe_sta(dev[0], ifname)
3689 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3690 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3691 finally:
3692 stop_sigma_dut(sigma)
3693 dev[0].set("sae_pwe", "0")
3694
3695 def test_sigma_dut_sae_h2e_ap_h2e(dev, apdev):
3696 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3697 if "SAE" not in dev[0].get_capability("auth_alg"):
3698 raise HwsimSkip("SAE not supported")
3699
3700 start_sae_pwe_ap(apdev[0], 1)
3701
3702 ifname = dev[0].ifname
3703 sigma = start_sigma_dut(ifname, sae_h2e=True)
3704 try:
3705 connect_sae_pwe_sta(dev[0], ifname)
3706 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3707 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3708 finally:
3709 stop_sigma_dut(sigma)
3710 dev[0].set("sae_pwe", "0")
3711
3712 def test_sigma_dut_ap_sae_h2e(dev, apdev, params):
3713 """sigma_dut controlled AP with SAE H2E"""
3714 logdir = os.path.join(params['logdir'],
3715 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3716 if "SAE" not in dev[0].get_capability("auth_alg"):
3717 raise HwsimSkip("SAE not supported")
3718 with HWSimRadio() as (radio, iface):
3719 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3720 try:
3721 sigma_dut_cmd_check("ap_reset_default")
3722 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3723 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3724 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3725
3726 for sae_pwe in [0, 1, 2]:
3727 dev[0].request("SET sae_groups ")
3728 dev[0].set("sae_pwe", str(sae_pwe))
3729 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3730 ieee80211w="2", scan_freq="2412")
3731 dev[0].request("REMOVE_NETWORK all")
3732 dev[0].wait_disconnected()
3733 dev[0].dump_monitor()
3734
3735 sigma_dut_cmd_check("ap_reset_default")
3736 finally:
3737 stop_sigma_dut(sigma)
3738 dev[0].set("sae_pwe", "0")
3739
3740 def test_sigma_dut_ap_sae_h2e_only(dev, apdev, params):
3741 """sigma_dut controlled AP with SAE H2E-only"""
3742 logdir = os.path.join(params['logdir'],
3743 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3744 if "SAE" not in dev[0].get_capability("auth_alg"):
3745 raise HwsimSkip("SAE not supported")
3746 with HWSimRadio() as (radio, iface):
3747 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3748 try:
3749 sigma_dut_cmd_check("ap_reset_default")
3750 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3751 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3752 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3753
3754 dev[0].request("SET sae_groups ")
3755 dev[0].set("sae_pwe", "1")
3756 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3757 ieee80211w="2", scan_freq="2412")
3758 dev[0].request("REMOVE_NETWORK all")
3759 dev[0].wait_disconnected()
3760 dev[0].dump_monitor()
3761
3762 dev[0].set("sae_pwe", "0")
3763 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3764 ieee80211w="2", scan_freq="2412", wait_connect=False)
3765 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3766 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3767 dev[0].request("DISCONNECT")
3768 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3769 raise Exception("Unexpected connection result")
3770
3771 sigma_dut_cmd_check("ap_reset_default")
3772 finally:
3773 stop_sigma_dut(sigma)
3774 dev[0].set("sae_pwe", "0")
3775
3776 def test_sigma_dut_ap_sae_loop_only(dev, apdev, params):
3777 """sigma_dut controlled AP with SAE looping-only"""
3778 logdir = os.path.join(params['logdir'],
3779 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3780 if "SAE" not in dev[0].get_capability("auth_alg"):
3781 raise HwsimSkip("SAE not supported")
3782 with HWSimRadio() as (radio, iface):
3783 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3784 try:
3785 sigma_dut_cmd_check("ap_reset_default")
3786 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3787 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3788 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3789
3790 dev[0].request("SET sae_groups ")
3791 dev[0].set("sae_pwe", "0")
3792 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3793 ieee80211w="2", scan_freq="2412")
3794 dev[0].request("REMOVE_NETWORK all")
3795 dev[0].wait_disconnected()
3796 dev[0].dump_monitor()
3797
3798 dev[0].set("sae_pwe", "1")
3799 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3800 ieee80211w="2", scan_freq="2412", wait_connect=False)
3801 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3802 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3803 dev[0].request("DISCONNECT")
3804 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3805 raise Exception("Unexpected connection result")
3806
3807 sigma_dut_cmd_check("ap_reset_default")
3808 finally:
3809 stop_sigma_dut(sigma)
3810 dev[0].set("sae_pwe", "0")
3811
3812 def test_sigma_dut_sae_h2e_loop_forcing(dev, apdev):
3813 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3814 if "SAE" not in dev[0].get_capability("auth_alg"):
3815 raise HwsimSkip("SAE not supported")
3816
3817 ssid = "test-sae"
3818 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3819 params['wpa_key_mgmt'] = 'SAE'
3820 params["ieee80211w"] = "2"
3821 params['sae_pwe'] = '1'
3822 hapd = hostapd.add_ap(apdev[0], params)
3823
3824 ifname = dev[0].ifname
3825 sigma = start_sigma_dut(ifname)
3826 try:
3827 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3828 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3829 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname, "test-sae", "12345678"))
3830 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3831 timeout=10)
3832 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3833 if ev is None:
3834 raise Exception("No authentication attempt reported")
3835 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3836 if ev is not None:
3837 raise Exception("Unexpected connection reported")
3838 finally:
3839 stop_sigma_dut(sigma)
3840
3841 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev, apdev):
3842 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3843 if "SAE" not in dev[0].get_capability("auth_alg"):
3844 raise HwsimSkip("SAE not supported")
3845
3846 ssid = "test-sae"
3847 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3848 params['wpa_key_mgmt'] = 'SAE'
3849 params["ieee80211w"] = "2"
3850 params['sae_groups'] = "19 20"
3851 params['sae_pwe'] = '1'
3852 hapd = hostapd.add_ap(apdev[0], params)
3853
3854 ifname = dev[0].ifname
3855 sigma = start_sigma_dut(ifname, sae_h2e=True)
3856 try:
3857 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3858 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3859 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname, "test-sae", "12345678"))
3860 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3861 timeout=10)
3862 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3863 if ev is None:
3864 raise Exception("No authentication attempt reported")
3865 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3866 if ev is not None:
3867 raise Exception("Unexpected connection reported")
3868 finally:
3869 stop_sigma_dut(sigma)
3870
3871 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev, apdev):
3872 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3873 if "SAE" not in dev[0].get_capability("auth_alg"):
3874 raise HwsimSkip("SAE not supported")
3875
3876 ssid = "test-sae"
3877 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3878 params['wpa_key_mgmt'] = 'SAE'
3879 params["ieee80211w"] = "2"
3880 params['sae_groups'] = "19"
3881 params['sae_pwe'] = '1'
3882 hapd = hostapd.add_ap(apdev[0], params)
3883
3884 ifname = dev[0].ifname
3885 sigma = start_sigma_dut(ifname, sae_h2e=True)
3886 try:
3887 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3888 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3889 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname, "test-sae", "12345678"))
3890 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3891 timeout=10)
3892 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3893 if ev is None:
3894 raise Exception("No authentication attempt reported")
3895 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3896 if ev is not None:
3897 raise Exception("Unexpected connection reported")
3898 finally:
3899 stop_sigma_dut(sigma)
3900 dev[0].set("sae_pwe", "0")
3901
3902 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev, apdev, params):
3903 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3904 logdir = os.path.join(params['logdir'],
3905 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3906 if "SAE" not in dev[0].get_capability("auth_alg"):
3907 raise HwsimSkip("SAE not supported")
3908 with HWSimRadio() as (radio, iface):
3909 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3910 try:
3911 sigma_dut_cmd_check("ap_reset_default")
3912 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3913 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3914 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3915
3916 dev[0].request("SET sae_groups ")
3917 dev[0].set("sae_pwe", "1")
3918 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3919 ieee80211w="2", scan_freq="2412", wait_connect=False)
3920 ev = dev[0].wait_event(["Associated with"], timeout=10)
3921 if ev is None:
3922 raise Exception("No indication of association seen")
3923 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3924 "CTRL-EVENT-DISCONNECTED"], timeout=10)
3925 dev[0].request("DISCONNECT")
3926 if ev is None:
3927 raise Exception("No disconnection seen")
3928 if "CTRL-EVENT-DISCONNECTED" not in ev:
3929 raise Exception("Unexpected connection")
3930
3931 sigma_dut_cmd_check("ap_reset_default")
3932 finally:
3933 stop_sigma_dut(sigma)
3934 dev[0].set("sae_pwe", "0")
3935
3936 def test_sigma_dut_ap_sae_h2e_group_rejection(dev, apdev, params):
3937 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3938 logdir = os.path.join(params['logdir'],
3939 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3940 if "SAE" not in dev[0].get_capability("auth_alg"):
3941 raise HwsimSkip("SAE not supported")
3942 with HWSimRadio() as (radio, iface):
3943 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3944 try:
3945 sigma_dut_cmd_check("ap_reset_default")
3946 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3947 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3948 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3949
3950 dev[0].request("SET sae_groups 21 20 19")
3951 dev[0].set("sae_pwe", "1")
3952 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3953 ieee80211w="2", scan_freq="2412")
3954 addr = dev[0].own_addr()
3955 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr)
3956 if "DHGroupVerResult,21 20" not in res:
3957 raise Exception("Unexpected dev_exec_action response: " + res)
3958
3959 sigma_dut_cmd_check("ap_reset_default")
3960 finally:
3961 stop_sigma_dut(sigma)
3962 dev[0].set("sae_pwe", "0")
3963
3964 def test_sigma_dut_ap_sae_h2e_anti_clogging(dev, apdev, params):
3965 """sigma_dut controlled AP with SAE H2E and anti-clogging token"""
3966 logdir = os.path.join(params['logdir'],
3967 "sigma_dut_ap_sae_h2e_anti_clogging.sigma-hostapd")
3968 if "SAE" not in dev[0].get_capability("auth_alg"):
3969 raise HwsimSkip("SAE not supported")
3970 with HWSimRadio() as (radio, iface):
3971 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3972 try:
3973 sigma_dut_cmd_check("ap_reset_default")
3974 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3975 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SAE,PSK,12345678,AntiCloggingThreshold,0")
3976 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3977
3978 dev[0].set("sae_groups", "")
3979 dev[0].set("sae_pwe", "2")
3980 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3981 ieee80211w="2", scan_freq="2412")
3982
3983 sigma_dut_cmd_check("ap_reset_default")
3984 finally:
3985 stop_sigma_dut(sigma)
3986 dev[0].set("sae_pwe", "0")
3987
3988 def test_sigma_dut_ap_5ghz(dev, apdev, params):
3989 """sigma_dut controlled AP on 5 GHz"""
3990 run_sigma_dut_ap_channel(dev, apdev, params, 36, '11na', 5180,
3991 check_signal="WIDTH=20 MHz")
3992
3993 def test_sigma_dut_ap_ht40plus(dev, apdev, params):
3994 """sigma_dut controlled AP and HT40+"""
3995 run_sigma_dut_ap_channel(dev, apdev, params, 36, '11na', 5180,
3996 extra="width,40", check_signal="WIDTH=40 MHz")
3997
3998 def test_sigma_dut_ap_ht40minus(dev, apdev, params):
3999 """sigma_dut controlled AP and HT40-"""
4000 run_sigma_dut_ap_channel(dev, apdev, params, 40, '11na', 5200,
4001 extra="width,40", check_signal="WIDTH=40 MHz")
4002
4003 def test_sigma_dut_ap_vht40(dev, apdev, params):
4004 """sigma_dut controlled AP and VHT40"""
4005 run_sigma_dut_ap_channel(dev, apdev, params, 36, '11ac', 5180,
4006 extra="width,40", check_signal="WIDTH=40 MHz",
4007 program="VHT")
4008
4009 def test_sigma_dut_ap_vht80(dev, apdev, params):
4010 """sigma_dut controlled AP and VHT80"""
4011 run_sigma_dut_ap_channel(dev, apdev, params, 36, '11ac', 5180,
4012 extra="width,80", check_signal="WIDTH=80 MHz",
4013 program="VHT")
4014
4015 def run_sigma_dut_ap_channel(dev, apdev, params, channel, mode, scan_freq,
4016 extra=None, check_signal=None, program=None):
4017 logdir = params['prefix'] + ".sigma-hostapd"
4018 with HWSimRadio() as (radio, iface):
4019 subprocess.call(['iw', 'reg', 'set', 'US'])
4020 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
4021 try:
4022 cmd = "ap_reset_default"
4023 if program:
4024 cmd += ",program," + program
4025 sigma_dut_cmd_check(cmd)
4026 cmd = "ap_set_wireless,NAME,AP,CHANNEL,%d,SSID,test-psk,MODE,%s" % (channel, mode)
4027 if extra:
4028 cmd += "," + extra
4029 sigma_dut_cmd_check(cmd)
4030 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
4031 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
4032
4033 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
4034 with open(params['prefix'] + ".sigma-conf", "wb") as f2:
4035 f2.write(f.read())
4036
4037 dev[0].connect("test-psk", psk="12345678", scan_freq=str(scan_freq))
4038 sig = dev[0].request("SIGNAL_POLL")
4039 logger.info("SIGNAL_POLL:\n" + sig.strip())
4040 dev[0].request("DISCONNECT")
4041 dev[0].wait_disconnected()
4042
4043 sigma_dut_cmd_check("ap_reset_default")
4044
4045 if check_signal and check_signal not in sig:
4046 raise Exception("Unexpected SIGNAL_POLL data")
4047 finally:
4048 stop_sigma_dut(sigma)
4049 subprocess.call(['iw', 'reg', 'set', '00'])
4050 dev[0].flush_scan_cache()
Unnamed repository; edit this file 'description' to name the repository.