1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
13 logger
= logging
.getLogger()
22 from utils
import HwsimSkip
23 from hwsim
import HWSimRadio
25 from test_dpp
import check_dpp_capab
, update_hapd_config
, wait_auth_success
26 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
27 from test_ap_eap
import check_eap_capa
, int_eap_server_params
, check_domain_match
, check_domain_suffix_match
28 from test_ap_hs20
import hs20_ap_params
30 def check_sigma_dut():
31 if not os
.path
.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
35 return binascii
.hexlify(s
.encode()).decode()
38 return binascii
.unhexlify(s
).decode()
40 def sigma_log_output(cmd
):
42 out
= cmd
.stdout
.read()
44 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
46 if e
.errno
!= errno
.EAGAIN
:
49 out
= cmd
.stderr
.read()
51 logger
.debug("sigma_dut stderr: " + str(out
.decode()))
53 if e
.errno
!= errno
.EAGAIN
:
58 def sigma_dut_cmd(cmd
, port
=9000, timeout
=2):
59 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
61 sock
.settimeout(timeout
)
62 addr
= ('127.0.0.1', port
)
64 sock
.send(cmd
.encode() + b
"\r\n")
66 res
= sock
.recv(1000).decode()
69 for line
in res
.splitlines():
70 if line
.startswith("status,RUNNING"):
72 elif line
.startswith("status,INVALID"):
74 elif line
.startswith("status,ERROR"):
76 elif line
.startswith("status,COMPLETE"):
78 if running
and not done
:
79 # Read the actual response
80 res
= sock
.recv(1000).decode()
86 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
89 sigma_log_output(sigma_prog
)
92 def sigma_dut_cmd_check(cmd
, port
=9000, timeout
=2):
93 res
= sigma_dut_cmd(cmd
, port
=port
, timeout
=timeout
)
94 if "COMPLETE" not in res
:
95 raise Exception("sigma_dut command failed: " + cmd
)
98 def start_sigma_dut(ifname
, hostapd_logdir
=None, cert_path
=None,
99 bridge
=None, sae_h2e
=False):
101 cmd
= ['./sigma_dut',
105 '-F', '../../hostapd/hostapd',
107 '-w', '/var/run/wpa_supplicant/',
110 cmd
+= ['-H', hostapd_logdir
]
112 cmd
+= ['-C', cert_path
]
114 cmd
+= ['-b', bridge
]
117 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
118 stderr
=subprocess
.PIPE
)
119 for stream
in [sigma
.stdout
, sigma
.stderr
]:
121 fl
= fcntl
.fcntl(fd
, fcntl
.F_GETFL
)
122 fcntl
.fcntl(fd
, fcntl
.F_SETFL
, fl | os
.O_NONBLOCK
)
129 res
= sigma_dut_cmd("HELLO")
133 if res
is None or "errorCode,Unknown command" not in res
:
134 raise Exception("Failed to start sigma_dut")
135 return {'cmd': sigma
, 'ifname': ifname
}
137 def stop_sigma_dut(sigma
):
141 sigma_log_output(cmd
)
142 logger
.debug("Terminating sigma_dut process")
145 out
, err
= cmd
.communicate()
146 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
147 logger
.debug("sigma_dut stderr: " + str(err
.decode()))
148 subprocess
.call(["ip", "addr", "del", "dev", sigma
['ifname'],
150 stderr
=open('/dev/null', 'w'))
152 def sigma_dut_wait_connected(ifname
):
154 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
155 if "connected,1" in res
:
159 raise Exception("Connection did not complete")
161 def test_sigma_dut_basic(dev
, apdev
):
162 """sigma_dut basic functionality"""
163 sigma
= start_sigma_dut(dev
[0].ifname
)
165 tests
= [("ca_get_version", "status,COMPLETE,version,1.0"),
166 ("device_get_info", "status,COMPLETE,vendor"),
167 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
168 ("device_list_interfaces,interfaceType,802.11",
169 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
)]
171 res
= sigma_dut_cmd("UNKNOWN")
172 if "status,INVALID,errorCode,Unknown command" not in res
:
173 raise Exception("Unexpected sigma_dut response to unknown command")
175 for cmd
, response
in tests
:
176 res
= sigma_dut_cmd(cmd
)
177 if response
not in res
:
178 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
180 stop_sigma_dut(sigma
)
182 def test_sigma_dut_open(dev
, apdev
):
183 """sigma_dut controlled open network association"""
185 run_sigma_dut_open(dev
, apdev
)
187 dev
[0].set("ignore_old_scan_res", "0")
189 def run_sigma_dut_open(dev
, apdev
):
190 ifname
= dev
[0].ifname
191 sigma
= start_sigma_dut(ifname
)
194 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "open"})
196 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
197 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
198 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"),
200 sigma_dut_wait_connected(ifname
)
201 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
202 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
203 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
205 stop_sigma_dut(sigma
)
207 def test_sigma_dut_psk_pmf(dev
, apdev
):
208 """sigma_dut controlled PSK+PMF association"""
210 run_sigma_dut_psk_pmf(dev
, apdev
)
212 dev
[0].set("ignore_old_scan_res", "0")
214 def run_sigma_dut_psk_pmf(dev
, apdev
):
215 ifname
= dev
[0].ifname
216 sigma
= start_sigma_dut(ifname
)
219 ssid
= "test-pmf-required"
220 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
221 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
222 params
["ieee80211w"] = "2"
223 hapd
= hostapd
.add_ap(apdev
[0], params
)
225 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
226 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
227 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
228 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
230 sigma_dut_wait_connected(ifname
)
231 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
232 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
233 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
235 stop_sigma_dut(sigma
)
237 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
238 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
240 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
242 dev
[0].set("ignore_old_scan_res", "0")
244 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
245 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
247 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
249 dev
[0].set("ignore_old_scan_res", "0")
251 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
252 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
254 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
256 dev
[0].set("ignore_old_scan_res", "0")
258 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
259 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
261 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
263 dev
[0].set("ignore_old_scan_res", "0")
265 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
266 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
268 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
271 dev
[0].set("ignore_old_scan_res", "0")
273 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
275 ifname
= dev
[0].ifname
276 sigma
= start_sigma_dut(ifname
)
279 ssid
= "test-pmf-required"
280 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
281 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
282 params
["ieee80211w"] = "2"
283 params
["group_mgmt_cipher"] = hostapd_cipher
284 hapd
= hostapd
.add_ap(apdev
[0], params
)
286 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
287 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
288 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
289 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
290 timeout
=2 if failure
else 10)
292 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
293 "CTRL-EVENT-CONNECTED"], timeout
=10)
295 raise Exception("Network selection result not indicated")
296 if "CTRL-EVENT-CONNECTED" in ev
:
297 raise Exception("Unexpected connection")
298 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
299 if "connected,1" in res
:
300 raise Exception("Connection reported")
302 sigma_dut_wait_connected(ifname
)
303 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
305 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
306 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
308 stop_sigma_dut(sigma
)
310 def test_sigma_dut_sae(dev
, apdev
):
311 """sigma_dut controlled SAE association"""
312 if "SAE" not in dev
[0].get_capability("auth_alg"):
313 raise HwsimSkip("SAE not supported")
315 ifname
= dev
[0].ifname
316 sigma
= start_sigma_dut(ifname
)
320 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
321 params
['wpa_key_mgmt'] = 'SAE'
322 params
["ieee80211w"] = "2"
323 params
['sae_groups'] = '19 20 21'
324 hapd
= hostapd
.add_ap(apdev
[0], params
)
326 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
327 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
328 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
329 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
331 sigma_dut_wait_connected(ifname
)
332 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
333 if dev
[0].get_status_field('sae_group') != '19':
334 raise Exception("Expected default SAE group not used")
335 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
337 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
339 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
340 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
341 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
343 sigma_dut_wait_connected(ifname
)
344 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
345 if dev
[0].get_status_field('sae_group') != '20':
346 raise Exception("Expected SAE group not used")
347 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
348 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
350 stop_sigma_dut(sigma
)
352 def test_sigma_dut_sae_groups(dev
, apdev
):
353 """sigma_dut controlled SAE association with group negotiation"""
354 if "SAE" not in dev
[0].get_capability("auth_alg"):
355 raise HwsimSkip("SAE not supported")
357 ifname
= dev
[0].ifname
358 sigma
= start_sigma_dut(ifname
)
362 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
363 params
['wpa_key_mgmt'] = 'SAE'
364 params
["ieee80211w"] = "2"
365 params
['sae_groups'] = '19'
366 hapd
= hostapd
.add_ap(apdev
[0], params
)
368 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
369 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
370 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname
, "test-sae", "12345678"))
371 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
373 sigma_dut_wait_connected(ifname
)
374 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
375 if dev
[0].get_status_field('sae_group') != '19':
376 raise Exception("Expected default SAE group not used")
377 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
379 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
381 stop_sigma_dut(sigma
)
383 def test_sigma_dut_sae_pmkid_include(dev
, apdev
):
384 """sigma_dut controlled SAE association with PMKID"""
385 if "SAE" not in dev
[0].get_capability("auth_alg"):
386 raise HwsimSkip("SAE not supported")
388 ifname
= dev
[0].ifname
389 sigma
= start_sigma_dut(ifname
)
393 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
394 params
['wpa_key_mgmt'] = 'SAE'
395 params
["ieee80211w"] = "2"
396 params
["sae_confirm_immediate"] = "1"
397 hapd
= hostapd
.add_ap(apdev
[0], params
)
399 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
400 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
401 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname
, "test-sae", "12345678"))
402 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
404 sigma_dut_wait_connected(ifname
)
405 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
407 stop_sigma_dut(sigma
)
409 def test_sigma_dut_sae_password(dev
, apdev
):
410 """sigma_dut controlled SAE association and long password"""
411 if "SAE" not in dev
[0].get_capability("auth_alg"):
412 raise HwsimSkip("SAE not supported")
414 ifname
= dev
[0].ifname
415 sigma
= start_sigma_dut(ifname
)
419 params
= hostapd
.wpa2_params(ssid
=ssid
)
420 params
['sae_password'] = 100*'B'
421 params
['wpa_key_mgmt'] = 'SAE'
422 params
["ieee80211w"] = "2"
423 hapd
= hostapd
.add_ap(apdev
[0], params
)
425 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
426 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
427 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
428 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
430 sigma_dut_wait_connected(ifname
)
431 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
432 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
433 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
435 stop_sigma_dut(sigma
)
437 def test_sigma_dut_sae_pw_id(dev
, apdev
):
438 """sigma_dut controlled SAE association with Password Identifier"""
439 if "SAE" not in dev
[0].get_capability("auth_alg"):
440 raise HwsimSkip("SAE not supported")
442 ifname
= dev
[0].ifname
443 sigma
= start_sigma_dut(ifname
)
447 params
= hostapd
.wpa2_params(ssid
=ssid
)
448 params
['wpa_key_mgmt'] = 'SAE'
449 params
["ieee80211w"] = "2"
450 params
['sae_password'] = 'secret|id=pw id'
451 params
['sae_groups'] = '19'
452 hapd
= hostapd
.add_ap(apdev
[0], params
)
454 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
455 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
456 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname
, "test-sae", "secret"))
457 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
459 sigma_dut_wait_connected(ifname
)
460 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
461 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
463 stop_sigma_dut(sigma
)
465 def test_sigma_dut_sae_pw_id_ft(dev
, apdev
):
466 """sigma_dut controlled SAE association with Password Identifier and FT"""
467 run_sigma_dut_sae_pw_id_ft(dev
, apdev
)
469 def test_sigma_dut_sae_pw_id_ft_over_ds(dev
, apdev
):
470 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
471 run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=True)
473 def run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=False):
474 if "SAE" not in dev
[0].get_capability("auth_alg"):
475 raise HwsimSkip("SAE not supported")
477 ifname
= dev
[0].ifname
478 sigma
= start_sigma_dut(ifname
)
482 params
= hostapd
.wpa2_params(ssid
=ssid
)
483 params
['wpa_key_mgmt'] = 'SAE FT-SAE'
484 params
["ieee80211w"] = "2"
485 params
['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
486 params
['mobility_domain'] = 'aabb'
487 params
['ft_over_ds'] = '1' if over_ds
else '0'
488 bssid
= apdev
[0]['bssid'].replace(':', '')
489 params
['nas_identifier'] = bssid
+ '.nas.example.com'
490 params
['r1_key_holder'] = bssid
491 params
['pmk_r1_push'] = '0'
492 params
['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
493 params
['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
494 hapd
= hostapd
.add_ap(apdev
[0], params
)
496 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
498 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname
)
499 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
500 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname
, "test-sae", "pw2"))
501 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
503 sigma_dut_wait_connected(ifname
)
505 bssid
= apdev
[1]['bssid'].replace(':', '')
506 params
['nas_identifier'] = bssid
+ '.nas.example.com'
507 params
['r1_key_holder'] = bssid
508 hapd2
= hostapd
.add_ap(apdev
[1], params
)
509 bssid
= hapd2
.own_addr()
510 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
511 dev
[0].wait_connected()
513 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
514 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
516 stop_sigma_dut(sigma
)
518 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
519 """sigma_dut and RSNE override on STA"""
521 run_sigma_dut_sta_override_rsne(dev
, apdev
)
523 dev
[0].set("ignore_old_scan_res", "0")
525 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
526 ifname
= dev
[0].ifname
527 sigma
= start_sigma_dut(ifname
)
531 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
532 hapd
= hostapd
.add_ap(apdev
[0], params
)
534 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
536 tests
= ["30120100000fac040100000fac040100000fac02",
537 "30140100000fac040100000fac040100000fac02ffff"]
539 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
540 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
541 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
543 sigma_dut_wait_connected(ifname
)
544 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
545 dev
[0].dump_monitor()
547 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
548 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
549 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
552 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
554 raise Exception("Association rejection not reported")
555 if "status_code=40" not in ev
:
556 raise Exception("Unexpected status code: " + ev
)
558 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
560 stop_sigma_dut(sigma
)
562 def test_sigma_dut_ap_psk(dev
, apdev
):
563 """sigma_dut controlled AP"""
564 with
HWSimRadio() as (radio
, iface
):
565 sigma
= start_sigma_dut(iface
)
567 sigma_dut_cmd_check("ap_reset_default")
568 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
569 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
570 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
572 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
574 sigma_dut_cmd_check("ap_reset_default")
576 stop_sigma_dut(sigma
)
578 def test_sigma_dut_ap_pskhex(dev
, apdev
, params
):
579 """sigma_dut controlled AP and PSKHEX"""
580 logdir
= os
.path
.join(params
['logdir'],
581 "sigma_dut_ap_pskhex.sigma-hostapd")
582 with
HWSimRadio() as (radio
, iface
):
583 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
585 psk
= "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
586 sigma_dut_cmd_check("ap_reset_default")
587 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
588 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk
)
589 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
591 dev
[0].connect("test-psk", raw_psk
=psk
, scan_freq
="2412")
593 sigma_dut_cmd_check("ap_reset_default")
595 stop_sigma_dut(sigma
)
597 def test_sigma_dut_ap_psk_sha256(dev
, apdev
, params
):
598 """sigma_dut controlled AP PSK SHA256"""
599 logdir
= os
.path
.join(params
['logdir'],
600 "sigma_dut_ap_psk_sha256.sigma-hostapd")
601 with
HWSimRadio() as (radio
, iface
):
602 sigma
= start_sigma_dut(iface
)
604 sigma_dut_cmd_check("ap_reset_default")
605 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
606 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
607 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
609 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
610 psk
="12345678", scan_freq
="2412")
612 sigma_dut_cmd_check("ap_reset_default")
614 stop_sigma_dut(sigma
)
616 def test_sigma_dut_ap_psk_deauth(dev
, apdev
, params
):
617 """sigma_dut controlled AP and deauth commands"""
618 logdir
= os
.path
.join(params
['logdir'],
619 "sigma_dut_ap_psk_deauth.sigma-hostapd")
620 with
HWSimRadio() as (radio
, iface
):
621 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
623 sigma_dut_cmd_check("ap_reset_default")
624 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
625 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
626 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
628 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
629 psk
="12345678", ieee80211w
="2", scan_freq
="2412")
630 addr
= dev
[0].own_addr()
631 dev
[0].dump_monitor()
633 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
)
634 ev
= dev
[0].wait_disconnected()
635 dev
[0].dump_monitor()
636 if "locally_generated=1" in ev
:
637 raise Exception("Unexpected disconnection reason")
638 dev
[0].wait_connected()
639 dev
[0].dump_monitor()
641 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
+ ",disconnect,silent")
642 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
643 if ev
and "locally_generated=1" not in ev
:
644 raise Exception("Unexpected disconnection")
646 sigma_dut_cmd_check("ap_reset_default")
648 stop_sigma_dut(sigma
)
650 def test_sigma_dut_eap_ttls(dev
, apdev
, params
):
651 """sigma_dut controlled STA and EAP-TTLS parameters"""
652 check_domain_match(dev
[0])
653 logdir
= params
['logdir']
655 with
open("auth_serv/ca.pem", "r") as f
:
656 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls.ca.pem"), "w") as f2
:
659 src
= "auth_serv/server.pem"
660 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.der")
661 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.pem.sha256")
662 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
664 stderr
=open('/dev/null', 'w'))
665 with
open(dst
, "rb") as f
:
667 hash = hashlib
.sha256(der
).digest()
668 with
open(hashdst
, "w") as f
:
669 f
.write(binascii
.hexlify(hash).decode())
671 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.incorrect.pem.sha256")
672 with
open(dst
, "w") as f
:
675 ssid
= "test-wpa2-eap"
676 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
677 hapd
= hostapd
.add_ap(apdev
[0], params
)
679 ifname
= dev
[0].ifname
680 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
682 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname
, ssid
)
686 ",Domain,server.w1.fi",
687 ",DomainSuffix,w1.fi",
688 ",DomainSuffix,server.w1.fi",
689 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
691 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
692 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
693 sigma_dut_cmd_check(cmd
+ extra
)
694 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
696 sigma_dut_wait_connected(ifname
)
697 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
698 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
699 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
700 dev
[0].dump_monitor()
702 tests
= [",Domain,w1.fi",
703 ",DomainSuffix,example.com",
704 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
706 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
707 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
708 sigma_dut_cmd_check(cmd
+ extra
)
709 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
711 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
713 raise Exception("Server certificate error not reported")
714 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
715 if "connected,1" in res
:
716 raise Exception("Unexpected connection reported")
717 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
718 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
719 dev
[0].dump_monitor()
721 stop_sigma_dut(sigma
)
723 def test_sigma_dut_suite_b(dev
, apdev
, params
):
724 """sigma_dut controlled STA Suite B"""
725 check_suite_b_192_capa(dev
)
726 logdir
= params
['logdir']
728 with
open("auth_serv/ec2-ca.pem", "r") as f
:
729 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
732 with
open("auth_serv/ec2-user.pem", "r") as f
:
733 with
open("auth_serv/ec2-user.key", "r") as f2
:
734 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
738 dev
[0].flush_scan_cache()
739 params
= suite_b_as_params()
740 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
741 params
['server_cert'] = 'auth_serv/ec2-server.pem'
742 params
['private_key'] = 'auth_serv/ec2-server.key'
743 params
['openssl_ciphers'] = 'SUITEB192'
744 hostapd
.add_ap(apdev
[1], params
)
746 params
= {"ssid": "test-suite-b",
748 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
749 "rsn_pairwise": "GCMP-256",
750 "group_mgmt_cipher": "BIP-GMAC-256",
753 'auth_server_addr': "127.0.0.1",
754 'auth_server_port': "18129",
755 'auth_server_shared_secret': "radius",
756 'nas_identifier': "nas.w1.fi"}
757 hapd
= hostapd
.add_ap(apdev
[0], params
)
759 ifname
= dev
[0].ifname
760 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
763 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
764 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
765 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
766 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
768 sigma_dut_wait_connected(ifname
)
769 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
770 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
771 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
773 stop_sigma_dut(sigma
)
775 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
776 """sigma_dut controlled STA Suite B (RSA)"""
777 check_suite_b_192_capa(dev
)
778 logdir
= params
['logdir']
780 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
781 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
784 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
785 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
786 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
790 dev
[0].flush_scan_cache()
791 params
= suite_b_192_rsa_ap_params()
792 hapd
= hostapd
.add_ap(apdev
[0], params
)
794 ifname
= dev
[0].ifname
795 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
797 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
801 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
802 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
804 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
805 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
806 sigma_dut_cmd_check(cmd
+ extra
)
807 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
809 sigma_dut_wait_connected(ifname
)
810 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
811 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
812 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
814 stop_sigma_dut(sigma
)
816 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
817 """sigma_dut controlled AP Suite B"""
818 check_suite_b_192_capa(dev
)
819 logdir
= os
.path
.join(params
['logdir'],
820 "sigma_dut_ap_suite_b.sigma-hostapd")
821 params
= suite_b_as_params()
822 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
823 params
['server_cert'] = 'auth_serv/ec2-server.pem'
824 params
['private_key'] = 'auth_serv/ec2-server.key'
825 params
['openssl_ciphers'] = 'SUITEB192'
826 hostapd
.add_ap(apdev
[1], params
)
827 with
HWSimRadio() as (radio
, iface
):
828 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
830 sigma_dut_cmd_check("ap_reset_default")
831 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
832 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
833 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
834 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
836 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
838 openssl_ciphers
="SUITEB192",
839 eap
="TLS", identity
="tls user",
840 ca_cert
="auth_serv/ec2-ca.pem",
841 client_cert
="auth_serv/ec2-user.pem",
842 private_key
="auth_serv/ec2-user.key",
843 pairwise
="GCMP-256", group
="GCMP-256",
846 sigma_dut_cmd_check("ap_reset_default")
848 stop_sigma_dut(sigma
)
850 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
851 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
852 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
855 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
856 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
857 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
860 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
861 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
862 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
865 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
866 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
867 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
870 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev
, apdev
, params
):
871 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
872 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
873 "BIP-GMAC-256", "CCMP")
875 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev
, apdev
, params
):
876 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
877 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
878 "BIP-GMAC-256", "GCMP-256", "CCMP")
880 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev
, apdev
, params
):
881 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
882 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
883 "GCMP-256", "CCMP", "AES-CCMP-128")
885 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
886 sta_cipher
, sta_cipher_group
=None, ap_group
=None):
887 check_suite_b_192_capa(dev
)
888 logdir
= os
.path
.join(params
['logdir'],
889 "sigma_dut_ap_cipher.sigma-hostapd")
890 params
= suite_b_as_params()
891 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
892 params
['server_cert'] = 'auth_serv/ec2-server.pem'
893 params
['private_key'] = 'auth_serv/ec2-server.key'
894 params
['openssl_ciphers'] = 'SUITEB192'
895 hostapd
.add_ap(apdev
[1], params
)
896 with
HWSimRadio() as (radio
, iface
):
897 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
899 sigma_dut_cmd_check("ap_reset_default")
900 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
901 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
902 cmd
= "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
)
904 cmd
+= ",GroupCipher,%s" % ap_group
905 sigma_dut_cmd_check(cmd
)
906 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
908 if sta_cipher_group
is None:
909 sta_cipher_group
= sta_cipher
910 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
912 openssl_ciphers
="SUITEB192",
913 eap
="TLS", identity
="tls user",
914 ca_cert
="auth_serv/ec2-ca.pem",
915 client_cert
="auth_serv/ec2-user.pem",
916 private_key
="auth_serv/ec2-user.key",
917 pairwise
=sta_cipher
, group
=sta_cipher_group
,
920 sigma_dut_cmd_check("ap_reset_default")
922 stop_sigma_dut(sigma
)
924 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
925 """sigma_dut controlled AP overriding RSNE"""
926 with
HWSimRadio() as (radio
, iface
):
927 sigma
= start_sigma_dut(iface
)
929 sigma_dut_cmd_check("ap_reset_default")
930 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
931 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
932 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
933 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
935 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
937 sigma_dut_cmd_check("ap_reset_default")
939 stop_sigma_dut(sigma
)
941 def test_sigma_dut_ap_sae(dev
, apdev
, params
):
942 """sigma_dut controlled AP with SAE"""
943 logdir
= os
.path
.join(params
['logdir'],
944 "sigma_dut_ap_sae.sigma-hostapd")
945 if "SAE" not in dev
[0].get_capability("auth_alg"):
946 raise HwsimSkip("SAE not supported")
947 with
HWSimRadio() as (radio
, iface
):
948 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
950 sigma_dut_cmd_check("ap_reset_default")
951 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
952 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
953 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
955 dev
[0].request("SET sae_groups ")
956 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
957 ieee80211w
="2", scan_freq
="2412")
958 if dev
[0].get_status_field('sae_group') != '19':
959 raise Exception("Expected default SAE group not used")
961 sigma_dut_cmd_check("ap_reset_default")
963 stop_sigma_dut(sigma
)
965 def test_sigma_dut_ap_sae_confirm_immediate(dev
, apdev
, params
):
966 """sigma_dut controlled AP with SAE Confirm immediate"""
967 logdir
= os
.path
.join(params
['logdir'],
968 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
969 if "SAE" not in dev
[0].get_capability("auth_alg"):
970 raise HwsimSkip("SAE not supported")
971 with
HWSimRadio() as (radio
, iface
):
972 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
974 sigma_dut_cmd_check("ap_reset_default")
975 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
976 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
977 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
979 dev
[0].request("SET sae_groups ")
980 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
981 ieee80211w
="2", scan_freq
="2412")
982 if dev
[0].get_status_field('sae_group') != '19':
983 raise Exception("Expected default SAE group not used")
985 sigma_dut_cmd_check("ap_reset_default")
987 stop_sigma_dut(sigma
)
989 def test_sigma_dut_ap_sae_password(dev
, apdev
, params
):
990 """sigma_dut controlled AP with SAE and long password"""
991 logdir
= os
.path
.join(params
['logdir'],
992 "sigma_dut_ap_sae_password.sigma-hostapd")
993 if "SAE" not in dev
[0].get_capability("auth_alg"):
994 raise HwsimSkip("SAE not supported")
995 with
HWSimRadio() as (radio
, iface
):
996 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
998 sigma_dut_cmd_check("ap_reset_default")
999 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1000 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1001 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1003 dev
[0].request("SET sae_groups ")
1004 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
1005 ieee80211w
="2", scan_freq
="2412")
1006 if dev
[0].get_status_field('sae_group') != '19':
1007 raise Exception("Expected default SAE group not used")
1009 sigma_dut_cmd_check("ap_reset_default")
1011 stop_sigma_dut(sigma
)
1013 def test_sigma_dut_ap_sae_pw_id(dev
, apdev
, params
):
1014 """sigma_dut controlled AP with SAE Password Identifier"""
1015 logdir
= os
.path
.join(params
['logdir'],
1016 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1017 conffile
= os
.path
.join(params
['logdir'],
1018 "sigma_dut_ap_sae_pw_id.sigma-conf")
1019 if "SAE" not in dev
[0].get_capability("auth_alg"):
1020 raise HwsimSkip("SAE not supported")
1021 with
HWSimRadio() as (radio
, iface
):
1022 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1024 sigma_dut_cmd_check("ap_reset_default")
1025 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1026 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1027 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1029 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1030 with
open(conffile
, "wb") as f2
:
1033 dev
[0].request("SET sae_groups ")
1034 tests
= [("pw1", "id1"),
1038 for pw
, pw_id
in tests
:
1039 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=pw
,
1040 sae_password_id
=pw_id
,
1041 ieee80211w
="2", scan_freq
="2412")
1042 dev
[0].request("REMOVE_NETWORK all")
1043 dev
[0].wait_disconnected()
1045 sigma_dut_cmd_check("ap_reset_default")
1047 stop_sigma_dut(sigma
)
1049 def test_sigma_dut_ap_sae_pw_id_ft(dev
, apdev
, params
):
1050 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1051 logdir
= os
.path
.join(params
['logdir'],
1052 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1053 conffile
= os
.path
.join(params
['logdir'],
1054 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1055 if "SAE" not in dev
[0].get_capability("auth_alg"):
1056 raise HwsimSkip("SAE not supported")
1057 with
HWSimRadio() as (radio
, iface
):
1058 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1060 sigma_dut_cmd_check("ap_reset_default")
1061 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1062 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1063 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1065 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1066 with
open(conffile
, "wb") as f2
:
1069 dev
[0].request("SET sae_groups ")
1070 tests
= [("pw1", "id1", "SAE"),
1071 ("pw2", "id2", "FT-SAE"),
1072 ("pw3", None, "FT-SAE"),
1073 ("pw4", "id4", "SAE")]
1074 for pw
, pw_id
, key_mgmt
in tests
:
1075 dev
[0].connect("test-sae", key_mgmt
=key_mgmt
, sae_password
=pw
,
1076 sae_password_id
=pw_id
,
1077 ieee80211w
="2", scan_freq
="2412")
1078 dev
[0].request("REMOVE_NETWORK all")
1079 dev
[0].wait_disconnected()
1081 sigma_dut_cmd_check("ap_reset_default")
1083 stop_sigma_dut(sigma
)
1085 def test_sigma_dut_ap_sae_group(dev
, apdev
, params
):
1086 """sigma_dut controlled AP with SAE and specific group"""
1087 logdir
= os
.path
.join(params
['logdir'],
1088 "sigma_dut_ap_sae_group.sigma-hostapd")
1089 if "SAE" not in dev
[0].get_capability("auth_alg"):
1090 raise HwsimSkip("SAE not supported")
1091 with
HWSimRadio() as (radio
, iface
):
1092 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1094 sigma_dut_cmd_check("ap_reset_default")
1095 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1096 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1097 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1099 dev
[0].request("SET sae_groups ")
1100 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1101 ieee80211w
="2", scan_freq
="2412")
1102 if dev
[0].get_status_field('sae_group') != '20':
1103 raise Exception("Expected SAE group not used")
1105 sigma_dut_cmd_check("ap_reset_default")
1107 stop_sigma_dut(sigma
)
1109 def test_sigma_dut_ap_psk_sae(dev
, apdev
, params
):
1110 """sigma_dut controlled AP with PSK+SAE"""
1111 if "SAE" not in dev
[0].get_capability("auth_alg"):
1112 raise HwsimSkip("SAE not supported")
1113 logdir
= os
.path
.join(params
['logdir'],
1114 "sigma_dut_ap_psk_sae.sigma-hostapd")
1115 with
HWSimRadio() as (radio
, iface
):
1116 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1118 sigma_dut_cmd_check("ap_reset_default")
1119 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1120 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1121 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1123 dev
[2].request("SET sae_groups ")
1124 dev
[2].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1125 scan_freq
="2412", ieee80211w
="0", wait_connect
=False)
1126 dev
[0].request("SET sae_groups ")
1127 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1128 scan_freq
="2412", ieee80211w
="2")
1129 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
1131 ev
= dev
[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1132 dev
[2].request("DISCONNECT")
1134 raise Exception("Unexpected connection without PMF")
1136 sigma_dut_cmd_check("ap_reset_default")
1138 stop_sigma_dut(sigma
)
1140 def test_sigma_dut_ap_psk_sae_ft(dev
, apdev
, params
):
1141 """sigma_dut controlled AP with PSK, SAE, FT"""
1142 logdir
= os
.path
.join(params
['logdir'],
1143 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1144 conffile
= os
.path
.join(params
['logdir'],
1145 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1146 if "SAE" not in dev
[0].get_capability("auth_alg"):
1147 raise HwsimSkip("SAE not supported")
1148 with
HWSimRadio() as (radio
, iface
):
1149 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1151 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1152 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1153 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1154 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1155 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev
[1]['bssid'])
1156 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1158 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1159 with
open(conffile
, "wb") as f2
:
1162 dev
[0].request("SET sae_groups ")
1163 dev
[0].connect("test-sae-psk", key_mgmt
="SAE FT-SAE",
1164 sae_password
="12345678", scan_freq
="2412")
1165 dev
[1].connect("test-sae-psk", key_mgmt
="WPA-PSK FT-PSK",
1166 psk
="12345678", scan_freq
="2412")
1167 dev
[2].connect("test-sae-psk", key_mgmt
="WPA-PSK",
1168 psk
="12345678", scan_freq
="2412")
1170 sigma_dut_cmd_check("ap_reset_default")
1172 stop_sigma_dut(sigma
)
1174 def test_sigma_dut_owe(dev
, apdev
):
1175 """sigma_dut controlled OWE station"""
1177 run_sigma_dut_owe(dev
, apdev
)
1179 dev
[0].set("ignore_old_scan_res", "0")
1181 def run_sigma_dut_owe(dev
, apdev
):
1182 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1183 raise HwsimSkip("OWE not supported")
1185 ifname
= dev
[0].ifname
1186 sigma
= start_sigma_dut(ifname
)
1189 params
= {"ssid": "owe",
1191 "wpa_key_mgmt": "OWE",
1193 "rsn_pairwise": "CCMP"}
1194 hapd
= hostapd
.add_ap(apdev
[0], params
)
1195 bssid
= hapd
.own_addr()
1197 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1198 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1199 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
1200 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1202 sigma_dut_wait_connected(ifname
)
1203 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1205 dev
[0].dump_monitor()
1206 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
1207 dev
[0].wait_connected()
1208 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1209 dev
[0].wait_disconnected()
1210 dev
[0].dump_monitor()
1212 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1213 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1214 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1215 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1217 sigma_dut_wait_connected(ifname
)
1218 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1219 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1220 dev
[0].wait_disconnected()
1221 dev
[0].dump_monitor()
1223 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1224 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1225 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
1226 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1228 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1229 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1231 raise Exception("Association not rejected")
1232 if "status_code=77" not in ev
:
1233 raise Exception("Unexpected rejection reason: " + ev
)
1235 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1237 stop_sigma_dut(sigma
)
1239 def test_sigma_dut_ap_owe(dev
, apdev
, params
):
1240 """sigma_dut controlled AP with OWE"""
1241 logdir
= os
.path
.join(params
['logdir'],
1242 "sigma_dut_ap_owe.sigma-hostapd")
1243 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1244 raise HwsimSkip("OWE not supported")
1245 with
HWSimRadio() as (radio
, iface
):
1246 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1248 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1249 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1250 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1251 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1253 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1256 sigma_dut_cmd_check("ap_reset_default")
1258 stop_sigma_dut(sigma
)
1260 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
1261 """sigma_dut controlled AP with OWE and ECGroupID"""
1262 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1263 raise HwsimSkip("OWE not supported")
1264 with
HWSimRadio() as (radio
, iface
):
1265 sigma
= start_sigma_dut(iface
)
1267 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1268 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1269 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1270 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1272 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1273 owe_group
="20", scan_freq
="2412")
1274 dev
[0].request("REMOVE_NETWORK all")
1275 dev
[0].wait_disconnected()
1277 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1278 owe_group
="21", scan_freq
="2412")
1279 dev
[0].request("REMOVE_NETWORK all")
1280 dev
[0].wait_disconnected()
1282 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1283 owe_group
="19", scan_freq
="2412", wait_connect
=False)
1284 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1285 dev
[0].request("DISCONNECT")
1287 raise Exception("Association not rejected")
1288 if "status_code=77" not in ev
:
1289 raise Exception("Unexpected rejection reason: " + ev
)
1290 dev
[0].dump_monitor()
1292 sigma_dut_cmd_check("ap_reset_default")
1294 stop_sigma_dut(sigma
)
1296 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
1297 """sigma_dut controlled AP with OWE and transition mode"""
1298 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1299 raise HwsimSkip("OWE not supported")
1300 logdir
= os
.path
.join(params
['logdir'],
1301 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1302 with
HWSimRadio() as (radio
, iface
):
1303 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1305 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1306 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1307 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1308 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1309 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1310 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1312 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1313 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1315 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1317 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1318 if dev
[0].get_status_field('bssid') not in res1
:
1319 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
1320 if dev
[1].get_status_field('bssid') not in res2
:
1321 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
1323 sigma_dut_cmd_check("ap_reset_default")
1325 stop_sigma_dut(sigma
)
1327 def test_sigma_dut_ap_owe_transition_mode_2(dev
, apdev
, params
):
1328 """sigma_dut controlled AP with OWE and transition mode (2)"""
1329 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1330 raise HwsimSkip("OWE not supported")
1331 logdir
= os
.path
.join(params
['logdir'],
1332 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1333 with
HWSimRadio() as (radio
, iface
):
1334 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1336 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1337 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1338 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1339 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1340 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1341 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1343 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1344 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1346 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1348 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1349 if dev
[0].get_status_field('bssid') not in res2
:
1350 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1
)
1351 if dev
[1].get_status_field('bssid') not in res1
:
1352 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2
)
1354 sigma_dut_cmd_check("ap_reset_default")
1356 stop_sigma_dut(sigma
)
1358 def dpp_init_enrollee(dev
, id1
):
1359 logger
.info("Starting DPP initiator/enrollee in a thread")
1361 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1362 if "OK" not in dev
.request(cmd
):
1363 raise Exception("Failed to initiate DPP Authentication")
1364 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
1366 raise Exception("DPP configuration not completed (Enrollee)")
1367 logger
.info("DPP initiator/enrollee done")
1369 def test_sigma_dut_dpp_qr_resp_1(dev
, apdev
):
1370 """sigma_dut DPP/QR responder (conf index 1)"""
1371 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1)
1373 def test_sigma_dut_dpp_qr_resp_2(dev
, apdev
):
1374 """sigma_dut DPP/QR responder (conf index 2)"""
1375 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 2)
1377 def test_sigma_dut_dpp_qr_resp_3(dev
, apdev
):
1378 """sigma_dut DPP/QR responder (conf index 3)"""
1379 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3)
1381 def test_sigma_dut_dpp_qr_resp_4(dev
, apdev
):
1382 """sigma_dut DPP/QR responder (conf index 4)"""
1383 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 4)
1385 def test_sigma_dut_dpp_qr_resp_5(dev
, apdev
):
1386 """sigma_dut DPP/QR responder (conf index 5)"""
1387 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 5)
1389 def test_sigma_dut_dpp_qr_resp_6(dev
, apdev
):
1390 """sigma_dut DPP/QR responder (conf index 6)"""
1391 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 6)
1393 def test_sigma_dut_dpp_qr_resp_7(dev
, apdev
):
1394 """sigma_dut DPP/QR responder (conf index 7)"""
1395 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 7)
1397 def test_sigma_dut_dpp_qr_resp_8(dev
, apdev
):
1398 """sigma_dut DPP/QR responder (conf index 8)"""
1399 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 8)
1401 def test_sigma_dut_dpp_qr_resp_9(dev
, apdev
):
1402 """sigma_dut DPP/QR responder (conf index 9)"""
1403 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 9)
1405 def test_sigma_dut_dpp_qr_resp_10(dev
, apdev
):
1406 """sigma_dut DPP/QR responder (conf index 10)"""
1407 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 10)
1409 def test_sigma_dut_dpp_qr_resp_chan_list(dev
, apdev
):
1410 """sigma_dut DPP/QR responder (channel list override)"""
1411 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1, chan_list
='81/2 81/6 81/1',
1414 def test_sigma_dut_dpp_qr_resp_status_query(dev
, apdev
):
1415 """sigma_dut DPP/QR responder status query"""
1416 check_dpp_capab(dev
[1])
1417 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1418 passphrase
="ThisIsDppPassphrase")
1419 hapd
= hostapd
.add_ap(apdev
[0], params
)
1422 dev
[1].set("dpp_config_processing", "2")
1423 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3, status_query
=True)
1425 dev
[1].set("dpp_config_processing", "0", allow_fail
=True)
1427 def run_sigma_dut_dpp_qr_resp(dev
, apdev
, conf_idx
, chan_list
=None,
1428 listen_chan
=None, status_query
=False):
1429 check_dpp_capab(dev
[0])
1430 check_dpp_capab(dev
[1])
1431 sigma
= start_sigma_dut(dev
[0].ifname
)
1433 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1435 cmd
+= ",DPPChannelList," + chan_list
1436 res
= sigma_dut_cmd(cmd
)
1437 if "status,COMPLETE" not in res
:
1438 raise Exception("dev_exec_action did not succeed: " + res
)
1439 hex = res
.split(',')[3]
1441 logger
.info("URI from sigma_dut: " + uri
)
1443 id1
= dev
[1].dpp_qr_code(uri
)
1445 t
= threading
.Thread(target
=dpp_init_enrollee
, args
=(dev
[1], id1
))
1447 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1449 cmd
+= ",DPPListenChannel," + str(listen_chan
)
1451 cmd
+= ",DPPStatusQuery,Yes"
1452 res
= sigma_dut_cmd(cmd
, timeout
=10)
1454 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1455 raise Exception("Unexpected result: " + res
)
1456 if status_query
and "StatusResult,0" not in res
:
1457 raise Exception("Status query did not succeed: " + res
)
1459 stop_sigma_dut(sigma
)
1461 def test_sigma_dut_dpp_qr_init_enrollee(dev
, apdev
):
1462 """sigma_dut DPP/QR initiator as Enrollee"""
1463 check_dpp_capab(dev
[0])
1464 check_dpp_capab(dev
[1])
1466 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1467 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1468 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1469 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1471 params
= {"ssid": "DPPNET01",
1474 "wpa_key_mgmt": "DPP",
1475 "rsn_pairwise": "CCMP",
1476 "dpp_connector": ap_connector
,
1477 "dpp_csign": csign_pub
,
1478 "dpp_netaccesskey": ap_netaccesskey
}
1480 hapd
= hostapd
.add_ap(apdev
[0], params
)
1482 raise HwsimSkip("DPP not supported")
1484 sigma
= start_sigma_dut(dev
[0].ifname
)
1486 dev
[0].set("dpp_config_processing", "2")
1488 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1489 res
= dev
[1].request(cmd
)
1491 raise Exception("Failed to add configurator")
1494 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1495 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1497 dev
[1].set("dpp_configurator_params",
1498 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1499 cmd
= "DPP_LISTEN 2437 role=configurator"
1500 if "OK" not in dev
[1].request(cmd
):
1501 raise Exception("Failed to start listen operation")
1503 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1504 if "status,COMPLETE" not in res
:
1505 raise Exception("dev_exec_action did not succeed: " + res
)
1507 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1508 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1509 raise Exception("Unexpected result: " + res
)
1511 dev
[0].set("dpp_config_processing", "0")
1512 stop_sigma_dut(sigma
)
1514 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1515 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1516 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
)
1518 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
):
1519 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1520 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
,
1521 extra
="DPPAuthDirection,Mutual,")
1523 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
, extra
=''):
1524 check_dpp_capab(dev
[0])
1525 check_dpp_capab(dev
[1])
1527 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1528 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1529 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1530 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1532 params
= {"ssid": "DPPNET01",
1535 "wpa_key_mgmt": "DPP",
1536 "rsn_pairwise": "CCMP",
1537 "dpp_connector": ap_connector
,
1538 "dpp_csign": csign_pub
,
1539 "dpp_netaccesskey": ap_netaccesskey
}
1541 hapd
= hostapd
.add_ap(apdev
[0], params
)
1543 raise HwsimSkip("DPP not supported")
1545 sigma
= start_sigma_dut(dev
[0].ifname
)
1547 dev
[0].set("dpp_config_processing", "2")
1549 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1550 res
= dev
[1].request(cmd
)
1552 raise Exception("Failed to add configurator")
1555 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1556 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1558 dev
[1].set("dpp_configurator_params",
1559 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1560 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1561 if "OK" not in dev
[1].request(cmd
):
1562 raise Exception("Failed to start listen operation")
1564 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1565 if "status,COMPLETE" not in res
:
1566 raise Exception("dev_exec_action did not succeed: " + res
)
1567 hex = res
.split(',')[3]
1569 logger
.info("URI from sigma_dut: " + uri
)
1571 id1
= dev
[1].dpp_qr_code(uri
)
1573 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1574 if "status,COMPLETE" not in res
:
1575 raise Exception("dev_exec_action did not succeed: " + res
)
1577 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
, timeout
=10)
1578 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1579 raise Exception("Unexpected result: " + res
)
1581 dev
[0].set("dpp_config_processing", "0")
1582 stop_sigma_dut(sigma
)
1584 def dpp_init_conf_mutual(dev
, id1
, conf_id
, own_id
=None):
1586 logger
.info("Starting DPP initiator/configurator in a thread")
1587 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1
, to_hex("DPPNET01"), conf_id
)
1588 if own_id
is not None:
1589 cmd
+= " own=%d" % own_id
1590 if "OK" not in dev
.request(cmd
):
1591 raise Exception("Failed to initiate DPP Authentication")
1592 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1594 raise Exception("DPP configuration not completed (Configurator)")
1595 logger
.info("DPP initiator/configurator done")
1597 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
):
1598 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1599 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
)
1601 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev
, apdev
):
1602 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1603 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, ',DPPDelayQRResponse,1')
1605 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, extra
=None):
1606 check_dpp_capab(dev
[0])
1607 check_dpp_capab(dev
[1])
1609 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1610 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1611 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1612 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1614 params
= {"ssid": "DPPNET01",
1617 "wpa_key_mgmt": "DPP",
1618 "rsn_pairwise": "CCMP",
1619 "dpp_connector": ap_connector
,
1620 "dpp_csign": csign_pub
,
1621 "dpp_netaccesskey": ap_netaccesskey
}
1623 hapd
= hostapd
.add_ap(apdev
[0], params
)
1625 raise HwsimSkip("DPP not supported")
1627 sigma
= start_sigma_dut(dev
[0].ifname
)
1629 dev
[0].set("dpp_config_processing", "2")
1631 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1632 res
= dev
[1].request(cmd
)
1634 raise Exception("Failed to add configurator")
1637 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1638 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1640 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1641 if "status,COMPLETE" not in res
:
1642 raise Exception("dev_exec_action did not succeed: " + res
)
1643 hex = res
.split(',')[3]
1645 logger
.info("URI from sigma_dut: " + uri
)
1647 id1
= dev
[1].dpp_qr_code(uri
)
1649 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1650 if "status,COMPLETE" not in res
:
1651 raise Exception("dev_exec_action did not succeed: " + res
)
1653 t
= threading
.Thread(target
=dpp_init_conf_mutual
,
1654 args
=(dev
[1], id1
, conf_id
, id0
))
1657 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1660 res
= sigma_dut_cmd(cmd
, timeout
=25)
1662 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1663 raise Exception("Unexpected result: " + res
)
1665 dev
[0].set("dpp_config_processing", "0")
1666 stop_sigma_dut(sigma
)
1668 def dpp_resp_conf_mutual(dev
, conf_id
, uri
):
1669 logger
.info("Starting DPP responder/configurator in a thread")
1670 dev
.set("dpp_configurator_params",
1671 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1673 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1674 if "OK" not in dev
.request(cmd
):
1675 raise Exception("Failed to initiate DPP listen")
1677 ev
= dev
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=10)
1679 raise Exception("QR Code scan for mutual authentication not requested")
1680 dev
.dpp_qr_code(uri
)
1681 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1683 raise Exception("DPP configuration not completed (Configurator)")
1684 logger
.info("DPP responder/configurator done")
1686 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1687 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1688 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, False)
1690 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev
, apdev
):
1691 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1692 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, True)
1694 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, resp_pending
):
1695 check_dpp_capab(dev
[0])
1696 check_dpp_capab(dev
[1])
1698 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1699 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1700 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1701 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1703 params
= {"ssid": "DPPNET01",
1706 "wpa_key_mgmt": "DPP",
1707 "rsn_pairwise": "CCMP",
1708 "dpp_connector": ap_connector
,
1709 "dpp_csign": csign_pub
,
1710 "dpp_netaccesskey": ap_netaccesskey
}
1712 hapd
= hostapd
.add_ap(apdev
[0], params
)
1714 raise HwsimSkip("DPP not supported")
1716 sigma
= start_sigma_dut(dev
[0].ifname
)
1718 dev
[0].set("dpp_config_processing", "2")
1720 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1721 res
= dev
[1].request(cmd
)
1723 raise Exception("Failed to add configurator")
1726 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1727 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1729 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1730 if "status,COMPLETE" not in res
:
1731 raise Exception("dev_exec_action did not succeed: " + res
)
1732 hex = res
.split(',')[3]
1734 logger
.info("URI from sigma_dut: " + uri
)
1736 if not resp_pending
:
1737 dev
[1].dpp_qr_code(uri
)
1740 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1741 if "status,COMPLETE" not in res
:
1742 raise Exception("dev_exec_action did not succeed: " + res
)
1744 t
= threading
.Thread(target
=dpp_resp_conf_mutual
,
1745 args
=(dev
[1], conf_id
, uri
))
1749 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1750 res
= sigma_dut_cmd(cmd
, timeout
=15)
1752 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1753 raise Exception("Unexpected result: " + res
)
1755 dev
[0].set("dpp_config_processing", "0")
1756 stop_sigma_dut(sigma
)
1758 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev
, apdev
):
1759 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1760 check_dpp_capab(dev
[0])
1761 check_dpp_capab(dev
[1])
1763 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1764 passphrase
="ThisIsDppPassphrase")
1765 hapd
= hostapd
.add_ap(apdev
[0], params
)
1767 sigma
= start_sigma_dut(dev
[0].ifname
)
1769 dev
[0].set("dpp_config_processing", "2")
1771 cmd
= "DPP_CONFIGURATOR_ADD"
1772 res
= dev
[1].request(cmd
)
1774 raise Exception("Failed to add configurator")
1777 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1778 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1780 dev
[1].set("dpp_configurator_params",
1781 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1782 cmd
= "DPP_LISTEN 2437 role=configurator"
1783 if "OK" not in dev
[1].request(cmd
):
1784 raise Exception("Failed to start listen operation")
1786 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1787 if "status,COMPLETE" not in res
:
1788 raise Exception("dev_exec_action did not succeed: " + res
)
1790 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1791 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1792 raise Exception("Unexpected result: " + res
)
1794 dev
[0].set("dpp_config_processing", "0")
1795 stop_sigma_dut(sigma
)
1797 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev
, apdev
):
1798 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1799 check_dpp_capab(dev
[0])
1800 check_dpp_capab(dev
[1])
1801 if "SAE" not in dev
[0].get_capability("auth_alg"):
1802 raise HwsimSkip("SAE not supported")
1804 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1805 passphrase
="ThisIsDppPassphrase")
1806 params
['wpa_key_mgmt'] = 'SAE'
1807 params
["ieee80211w"] = "2"
1808 hapd
= hostapd
.add_ap(apdev
[0], params
)
1810 sigma
= start_sigma_dut(dev
[0].ifname
)
1812 dev
[0].set("dpp_config_processing", "2")
1813 dev
[0].set("sae_groups", "")
1815 cmd
= "DPP_CONFIGURATOR_ADD"
1816 res
= dev
[1].request(cmd
)
1818 raise Exception("Failed to add configurator")
1821 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1822 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1824 dev
[1].set("dpp_configurator_params",
1825 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1826 cmd
= "DPP_LISTEN 2437 role=configurator"
1827 if "OK" not in dev
[1].request(cmd
):
1828 raise Exception("Failed to start listen operation")
1830 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1831 if "status,COMPLETE" not in res
:
1832 raise Exception("dev_exec_action did not succeed: " + res
)
1834 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1835 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1836 raise Exception("Unexpected result: " + res
)
1838 dev
[0].set("dpp_config_processing", "0")
1839 stop_sigma_dut(sigma
)
1841 def test_sigma_dut_dpp_qr_init_configurator_1(dev
, apdev
):
1842 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1843 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1)
1845 def test_sigma_dut_dpp_qr_init_configurator_2(dev
, apdev
):
1846 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1847 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 2)
1849 def test_sigma_dut_dpp_qr_init_configurator_3(dev
, apdev
):
1850 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1851 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 3)
1853 def test_sigma_dut_dpp_qr_init_configurator_4(dev
, apdev
):
1854 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1855 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 4)
1857 def test_sigma_dut_dpp_qr_init_configurator_5(dev
, apdev
):
1858 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1859 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 5)
1861 def test_sigma_dut_dpp_qr_init_configurator_6(dev
, apdev
):
1862 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1863 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 6)
1865 def test_sigma_dut_dpp_qr_init_configurator_7(dev
, apdev
):
1866 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1867 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 7)
1869 def test_sigma_dut_dpp_qr_init_configurator_both(dev
, apdev
):
1870 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1871 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, "Both")
1873 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev
, apdev
):
1874 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1875 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, extra
='DPPSubsequentChannel,81/11')
1877 def run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, conf_idx
,
1878 prov_role
="Configurator",
1880 check_dpp_capab(dev
[0])
1881 check_dpp_capab(dev
[1])
1882 sigma
= start_sigma_dut(dev
[0].ifname
)
1884 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1885 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1887 cmd
= "DPP_LISTEN 2437 role=enrollee"
1888 if "OK" not in dev
[1].request(cmd
):
1889 raise Exception("Failed to start listen operation")
1891 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1892 if "status,COMPLETE" not in res
:
1893 raise Exception("dev_exec_action did not succeed: " + res
)
1895 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role
, conf_idx
)
1898 res
= sigma_dut_cmd(cmd
)
1899 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1900 raise Exception("Unexpected result: " + res
)
1902 stop_sigma_dut(sigma
)
1904 def test_sigma_dut_dpp_incompatible_roles_init(dev
, apdev
):
1905 """sigma_dut DPP roles incompatible (Initiator)"""
1906 check_dpp_capab(dev
[0])
1907 check_dpp_capab(dev
[1])
1908 sigma
= start_sigma_dut(dev
[0].ifname
)
1910 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1911 if "status,COMPLETE" not in res
:
1912 raise Exception("dev_exec_action did not succeed: " + res
)
1913 hex = res
.split(',')[3]
1915 logger
.info("URI from sigma_dut: " + uri
)
1917 id1
= dev
[1].dpp_qr_code(uri
)
1919 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1920 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1922 cmd
= "DPP_LISTEN 2437 role=enrollee"
1923 if "OK" not in dev
[1].request(cmd
):
1924 raise Exception("Failed to start listen operation")
1926 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1927 if "status,COMPLETE" not in res
:
1928 raise Exception("dev_exec_action did not succeed: " + res
)
1930 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1931 res
= sigma_dut_cmd(cmd
)
1932 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
1933 raise Exception("Unexpected result: " + res
)
1935 stop_sigma_dut(sigma
)
1937 def dpp_init_enrollee_mutual(dev
, id1
, own_id
):
1938 logger
.info("Starting DPP initiator/enrollee in a thread")
1940 cmd
= "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1
, own_id
)
1941 if "OK" not in dev
.request(cmd
):
1942 raise Exception("Failed to initiate DPP Authentication")
1943 ev
= dev
.wait_event(["DPP-CONF-RECEIVED",
1944 "DPP-NOT-COMPATIBLE"], timeout
=5)
1946 raise Exception("DPP configuration not completed (Enrollee)")
1947 logger
.info("DPP initiator/enrollee done")
1949 def test_sigma_dut_dpp_incompatible_roles_resp(dev
, apdev
):
1950 """sigma_dut DPP roles incompatible (Responder)"""
1951 check_dpp_capab(dev
[0])
1952 check_dpp_capab(dev
[1])
1953 sigma
= start_sigma_dut(dev
[0].ifname
)
1955 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1956 res
= sigma_dut_cmd(cmd
)
1957 if "status,COMPLETE" not in res
:
1958 raise Exception("dev_exec_action did not succeed: " + res
)
1959 hex = res
.split(',')[3]
1961 logger
.info("URI from sigma_dut: " + uri
)
1963 id1
= dev
[1].dpp_qr_code(uri
)
1965 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1966 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1968 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1969 if "status,COMPLETE" not in res
:
1970 raise Exception("dev_exec_action did not succeed: " + res
)
1972 t
= threading
.Thread(target
=dpp_init_enrollee_mutual
, args
=(dev
[1], id1
, id0
))
1974 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1975 res
= sigma_dut_cmd(cmd
, timeout
=10)
1977 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
1978 raise Exception("Unexpected result: " + res
)
1980 stop_sigma_dut(sigma
)
1982 def test_sigma_dut_dpp_pkex_init_configurator(dev
, apdev
):
1983 """sigma_dut DPP/PKEX initiator as Configurator"""
1984 check_dpp_capab(dev
[0])
1985 check_dpp_capab(dev
[1])
1986 sigma
= start_sigma_dut(dev
[0].ifname
)
1988 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
1989 cmd
= "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1
)
1990 res
= dev
[1].request(cmd
)
1992 raise Exception("Failed to set PKEX data (responder)")
1993 cmd
= "DPP_LISTEN 2437 role=enrollee"
1994 if "OK" not in dev
[1].request(cmd
):
1995 raise Exception("Failed to start listen operation")
1997 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1998 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1999 raise Exception("Unexpected result: " + res
)
2001 stop_sigma_dut(sigma
)
2003 def dpp_init_conf(dev
, id1
, conf
, conf_id
, extra
):
2004 logger
.info("Starting DPP initiator/configurator in a thread")
2005 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1
, conf
, extra
, conf_id
)
2006 if "OK" not in dev
.request(cmd
):
2007 raise Exception("Failed to initiate DPP Authentication")
2008 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2010 raise Exception("DPP configuration not completed (Configurator)")
2011 logger
.info("DPP initiator/configurator done")
2013 def test_sigma_dut_ap_dpp_qr(dev
, apdev
, params
):
2014 """sigma_dut controlled AP (DPP)"""
2015 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-dpp", "sta-dpp")
2017 def test_sigma_dut_ap_dpp_qr_legacy(dev
, apdev
, params
):
2018 """sigma_dut controlled AP (legacy)"""
2019 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2020 extra
="pass=%s" % to_hex("qwertyuiop"))
2022 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev
, apdev
, params
):
2023 """sigma_dut controlled AP (legacy)"""
2024 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2025 extra
="psk=%s" % (32*"12"))
2027 def run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, ap_conf
, sta_conf
, extra
=""):
2028 check_dpp_capab(dev
[0])
2029 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2030 with
HWSimRadio() as (radio
, iface
):
2031 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2033 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2034 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2035 if "status,COMPLETE" not in res
:
2036 raise Exception("dev_exec_action did not succeed: " + res
)
2037 hex = res
.split(',')[3]
2039 logger
.info("URI from sigma_dut: " + uri
)
2041 cmd
= "DPP_CONFIGURATOR_ADD"
2042 res
= dev
[0].request(cmd
)
2044 raise Exception("Failed to add configurator")
2047 id1
= dev
[0].dpp_qr_code(uri
)
2049 t
= threading
.Thread(target
=dpp_init_conf
,
2050 args
=(dev
[0], id1
, ap_conf
, conf_id
, extra
))
2052 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2054 if "ConfResult,OK" not in res
:
2055 raise Exception("Unexpected result: " + res
)
2057 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2058 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
2060 id0b
= dev
[0].dpp_qr_code(uri1
)
2062 dev
[1].set("dpp_config_processing", "2")
2063 cmd
= "DPP_LISTEN 2412"
2064 if "OK" not in dev
[1].request(cmd
):
2065 raise Exception("Failed to start listen operation")
2066 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b
, sta_conf
, extra
, conf_id
)
2067 if "OK" not in dev
[0].request(cmd
):
2068 raise Exception("Failed to initiate DPP Authentication")
2069 dev
[1].wait_connected()
2071 sigma_dut_cmd_check("ap_reset_default")
2073 dev
[1].set("dpp_config_processing", "0")
2074 stop_sigma_dut(sigma
)
2076 def test_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
, params
):
2077 """sigma_dut controlled AP as DPP PKEX responder"""
2078 check_dpp_capab(dev
[0])
2079 logdir
= os
.path
.join(params
['logdir'],
2080 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2081 with
HWSimRadio() as (radio
, iface
):
2082 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2084 run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
)
2086 stop_sigma_dut(sigma
)
2088 def dpp_init_conf_pkex(dev
, conf_id
, check_config
=True):
2089 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2091 id = dev
.dpp_bootstrap_gen(type="pkex")
2092 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id
)
2093 res
= dev
.request(cmd
)
2095 raise Exception("Failed to initiate DPP PKEX")
2096 if not check_config
:
2098 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2100 raise Exception("DPP configuration not completed (Configurator)")
2101 logger
.info("DPP initiator/configurator done")
2103 def run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
):
2104 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2106 cmd
= "DPP_CONFIGURATOR_ADD"
2107 res
= dev
[0].request(cmd
)
2109 raise Exception("Failed to add configurator")
2112 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[0], conf_id
))
2114 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout
=10)
2116 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2117 raise Exception("Unexpected result: " + res
)
2119 sigma_dut_cmd_check("ap_reset_default")
2121 def test_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2122 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2123 check_dpp_capab(dev
[0])
2124 sigma
= start_sigma_dut(dev
[0].ifname
)
2126 run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
)
2128 stop_sigma_dut(sigma
)
2130 def run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2131 cmd
= "DPP_CONFIGURATOR_ADD"
2132 res
= dev
[1].request(cmd
)
2134 raise Exception("Failed to add configurator")
2137 dev
[1].set("dpp_test", "44")
2139 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[1], conf_id
,
2142 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout
=10)
2144 if "BootstrapResult,Timeout" not in res
:
2145 raise Exception("Unexpected result: " + res
)
2147 def dpp_proto_init(dev
, id1
):
2149 logger
.info("Starting DPP initiator/configurator in a thread")
2150 cmd
= "DPP_CONFIGURATOR_ADD"
2151 res
= dev
.request(cmd
)
2153 raise Exception("Failed to add configurator")
2156 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1
, conf_id
)
2157 if "OK" not in dev
.request(cmd
):
2158 raise Exception("Failed to initiate DPP Authentication")
2160 def test_sigma_dut_dpp_proto_initiator(dev
, apdev
):
2161 """sigma_dut DPP protocol testing - Initiator"""
2162 check_dpp_capab(dev
[0])
2163 check_dpp_capab(dev
[1])
2164 tests
= [("InvalidValue", "AuthenticationRequest", "WrappedData",
2165 "BootstrapResult,OK,AuthResult,Errorsent",
2167 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2168 "BootstrapResult,OK,AuthResult,Errorsent",
2170 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2171 "BootstrapResult,OK,AuthResult,Errorsent",
2172 "Missing or invalid I-capabilities"),
2173 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2174 "BootstrapResult,OK,AuthResult,Errorsent",
2175 "Mismatching Initiator Authenticating Tag"),
2176 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2177 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2178 "Missing or invalid Enrollee Nonce attribute")]
2179 for step
, frame
, attr
, result
, fail
in tests
:
2180 dev
[0].request("FLUSH")
2181 dev
[1].request("FLUSH")
2182 sigma
= start_sigma_dut(dev
[0].ifname
)
2184 run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
,
2187 stop_sigma_dut(sigma
)
2189 def run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
, fail
):
2190 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2191 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2193 cmd
= "DPP_LISTEN 2437 role=enrollee"
2194 if "OK" not in dev
[1].request(cmd
):
2195 raise Exception("Failed to start listen operation")
2197 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2198 if "status,COMPLETE" not in res
:
2199 raise Exception("dev_exec_action did not succeed: " + res
)
2201 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
),
2203 if result
not in res
:
2204 raise Exception("Unexpected result: " + res
)
2206 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2207 if ev
is None or fail
not in ev
:
2208 raise Exception("Failure not reported correctly: " + str(ev
))
2210 dev
[1].request("DPP_STOP_LISTEN")
2211 dev
[0].dump_monitor()
2212 dev
[1].dump_monitor()
2214 def test_sigma_dut_dpp_proto_responder(dev
, apdev
):
2215 """sigma_dut DPP protocol testing - Responder"""
2216 check_dpp_capab(dev
[0])
2217 check_dpp_capab(dev
[1])
2218 tests
= [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2219 "BootstrapResult,OK,AuthResult,Errorsent",
2220 "Missing or invalid required DPP Status attribute"),
2221 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2222 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2223 "Missing or invalid Enrollee Nonce attribute")]
2224 for step
, frame
, attr
, result
, fail
in tests
:
2225 dev
[0].request("FLUSH")
2226 dev
[1].request("FLUSH")
2227 sigma
= start_sigma_dut(dev
[0].ifname
)
2229 run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
,
2232 stop_sigma_dut(sigma
)
2234 def run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
, fail
):
2235 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2236 if "status,COMPLETE" not in res
:
2237 raise Exception("dev_exec_action did not succeed: " + res
)
2238 hex = res
.split(',')[3]
2240 logger
.info("URI from sigma_dut: " + uri
)
2242 id1
= dev
[1].dpp_qr_code(uri
)
2244 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2246 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2248 if result
not in res
:
2249 raise Exception("Unexpected result: " + res
)
2251 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2252 if ev
is None or fail
not in ev
:
2253 raise Exception("Failure not reported correctly:" + str(ev
))
2255 dev
[1].request("DPP_STOP_LISTEN")
2256 dev
[0].dump_monitor()
2257 dev
[1].dump_monitor()
2259 def test_sigma_dut_dpp_proto_stop_at_initiator(dev
, apdev
):
2260 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2261 check_dpp_capab(dev
[0])
2262 check_dpp_capab(dev
[1])
2263 tests
= [("AuthenticationResponse",
2264 "BootstrapResult,OK,AuthResult,Errorsent",
2266 ("ConfigurationRequest",
2267 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2269 for frame
, result
, fail
in tests
:
2270 dev
[0].request("FLUSH")
2271 dev
[1].request("FLUSH")
2272 sigma
= start_sigma_dut(dev
[0].ifname
)
2274 run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
)
2276 stop_sigma_dut(sigma
)
2278 def run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
):
2279 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2280 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2282 cmd
= "DPP_LISTEN 2437 role=enrollee"
2283 if "OK" not in dev
[1].request(cmd
):
2284 raise Exception("Failed to start listen operation")
2286 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2287 if "status,COMPLETE" not in res
:
2288 raise Exception("dev_exec_action did not succeed: " + res
)
2290 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
))
2291 if result
not in res
:
2292 raise Exception("Unexpected result: " + res
)
2294 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2295 if ev
is None or fail
not in ev
:
2296 raise Exception("Failure not reported correctly: " + str(ev
))
2298 dev
[1].request("DPP_STOP_LISTEN")
2299 dev
[0].dump_monitor()
2300 dev
[1].dump_monitor()
2302 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, apdev
):
2303 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2304 check_dpp_capab(dev
[0])
2305 check_dpp_capab(dev
[1])
2306 tests
= [("AuthenticationConfirm",
2307 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2309 for frame
, result
, fail
in tests
:
2310 dev
[0].request("FLUSH")
2311 dev
[1].request("FLUSH")
2312 sigma
= start_sigma_dut(dev
[0].ifname
)
2314 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
,
2317 stop_sigma_dut(sigma
)
2319 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
, result
,
2321 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2322 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2324 cmd
= "DPP_LISTEN 2437 role=configurator"
2325 if "OK" not in dev
[1].request(cmd
):
2326 raise Exception("Failed to start listen operation")
2328 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2329 if "status,COMPLETE" not in res
:
2330 raise Exception("dev_exec_action did not succeed: " + res
)
2332 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2333 if result
not in res
:
2334 raise Exception("Unexpected result: " + res
)
2336 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2337 if ev
is None or fail
not in ev
:
2338 raise Exception("Failure not reported correctly: " + str(ev
))
2340 dev
[1].request("DPP_STOP_LISTEN")
2341 dev
[0].dump_monitor()
2342 dev
[1].dump_monitor()
2344 def test_sigma_dut_dpp_proto_stop_at_responder(dev
, apdev
):
2345 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2346 check_dpp_capab(dev
[0])
2347 check_dpp_capab(dev
[1])
2348 tests
= [("AuthenticationRequest",
2349 "BootstrapResult,OK,AuthResult,Errorsent",
2351 ("AuthenticationConfirm",
2352 "BootstrapResult,OK,AuthResult,Errorsent",
2354 for frame
, result
, fail
in tests
:
2355 dev
[0].request("FLUSH")
2356 dev
[1].request("FLUSH")
2357 sigma
= start_sigma_dut(dev
[0].ifname
)
2359 run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
)
2361 stop_sigma_dut(sigma
)
2363 def run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
):
2364 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2365 if "status,COMPLETE" not in res
:
2366 raise Exception("dev_exec_action did not succeed: " + res
)
2367 hex = res
.split(',')[3]
2369 logger
.info("URI from sigma_dut: " + uri
)
2371 id1
= dev
[1].dpp_qr_code(uri
)
2373 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2375 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2377 if result
not in res
:
2378 raise Exception("Unexpected result: " + res
)
2380 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2381 if ev
is None or fail
not in ev
:
2382 raise Exception("Failure not reported correctly:" + str(ev
))
2384 dev
[1].request("DPP_STOP_LISTEN")
2385 dev
[0].dump_monitor()
2386 dev
[1].dump_monitor()
2388 def dpp_proto_init_pkex(dev
):
2390 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2391 cmd
= "DPP_CONFIGURATOR_ADD"
2392 res
= dev
.request(cmd
)
2394 raise Exception("Failed to add configurator")
2397 id = dev
.dpp_bootstrap_gen(type="pkex")
2399 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id
)
2400 if "FAIL" in dev
.request(cmd
):
2401 raise Exception("Failed to initiate DPP PKEX")
2403 def test_sigma_dut_dpp_proto_initiator_pkex(dev
, apdev
):
2404 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2405 check_dpp_capab(dev
[0])
2406 check_dpp_capab(dev
[1])
2407 tests
= [("InvalidValue", "PKEXCRRequest", "WrappedData",
2408 "BootstrapResult,Errorsent",
2410 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2411 "BootstrapResult,Errorsent",
2412 "Missing or invalid Finite Cyclic Group attribute"),
2413 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2414 "BootstrapResult,Errorsent",
2415 "No valid peer bootstrapping key found")]
2416 for step
, frame
, attr
, result
, fail
in tests
:
2417 dev
[0].request("FLUSH")
2418 dev
[1].request("FLUSH")
2419 sigma
= start_sigma_dut(dev
[0].ifname
)
2421 run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
,
2424 stop_sigma_dut(sigma
)
2426 def run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
, result
, fail
):
2427 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2429 cmd
= "DPP_PKEX_ADD own=%d code=secret" % (id1
)
2430 res
= dev
[1].request(cmd
)
2432 raise Exception("Failed to set PKEX data (responder)")
2434 cmd
= "DPP_LISTEN 2437 role=enrollee"
2435 if "OK" not in dev
[1].request(cmd
):
2436 raise Exception("Failed to start listen operation")
2438 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
))
2439 if result
not in res
:
2440 raise Exception("Unexpected result: " + res
)
2442 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2443 if ev
is None or fail
not in ev
:
2444 raise Exception("Failure not reported correctly: " + str(ev
))
2446 dev
[1].request("DPP_STOP_LISTEN")
2447 dev
[0].dump_monitor()
2448 dev
[1].dump_monitor()
2450 def test_sigma_dut_dpp_proto_responder_pkex(dev
, apdev
):
2451 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2452 check_dpp_capab(dev
[0])
2453 check_dpp_capab(dev
[1])
2454 tests
= [("InvalidValue", "PKEXCRResponse", "WrappedData",
2455 "BootstrapResult,Errorsent",
2457 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2458 "BootstrapResult,Errorsent",
2459 "No DPP Status attribute"),
2460 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2461 "BootstrapResult,Errorsent",
2462 "No valid peer bootstrapping key found")]
2463 for step
, frame
, attr
, result
, fail
in tests
:
2464 dev
[0].request("FLUSH")
2465 dev
[1].request("FLUSH")
2466 sigma
= start_sigma_dut(dev
[0].ifname
)
2468 run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
,
2471 stop_sigma_dut(sigma
)
2473 def run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
, result
, fail
):
2474 t
= threading
.Thread(target
=dpp_proto_init_pkex
, args
=(dev
[1],))
2476 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2478 if result
not in res
:
2479 raise Exception("Unexpected result: " + res
)
2481 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2482 if ev
is None or fail
not in ev
:
2483 raise Exception("Failure not reported correctly:" + str(ev
))
2485 dev
[1].request("DPP_STOP_LISTEN")
2486 dev
[0].dump_monitor()
2487 dev
[1].dump_monitor()
2489 def init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2490 check_dpp_capab(dev
[0])
2491 check_dpp_capab(dev
[1])
2493 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2494 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2495 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2496 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2498 params
= {"ssid": "DPPNET01",
2501 "wpa_key_mgmt": "DPP",
2502 "rsn_pairwise": "CCMP",
2503 "dpp_connector": ap_connector
,
2504 "dpp_csign": csign_pub
,
2505 "dpp_netaccesskey": ap_netaccesskey
}
2507 hapd
= hostapd
.add_ap(apdev
[0], params
)
2509 raise HwsimSkip("DPP not supported")
2511 dev
[0].set("dpp_config_processing", "2")
2513 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
2514 res
= dev
[1].request(cmd
)
2516 raise Exception("Failed to add configurator")
2519 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2520 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2522 dev
[1].set("dpp_configurator_params",
2523 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2525 cmd
= "DPP_LISTEN 2437 role=configurator"
2526 if "OK" not in dev
[1].request(cmd
):
2527 raise Exception("Failed to start listen operation")
2529 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2530 if "status,COMPLETE" not in res
:
2531 raise Exception("dev_exec_action did not succeed: " + res
)
2533 def test_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2534 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2535 sigma
= start_sigma_dut(dev
[0].ifname
)
2537 init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
)
2539 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout
=10)
2540 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res
:
2541 raise Exception("Unexpected result: " + res
)
2543 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2544 stop_sigma_dut(sigma
)
2546 def test_sigma_dut_dpp_self_config(dev
, apdev
):
2547 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2548 check_dpp_capab(dev
[0])
2550 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2551 check_dpp_capab(hapd
)
2553 sigma
= start_sigma_dut(dev
[0].ifname
)
2555 dev
[0].set("dpp_config_processing", "2")
2556 id = hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2557 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2559 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2560 if "status,COMPLETE" not in res
:
2561 raise Exception("dev_exec_action did not succeed: " + res
)
2563 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2564 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2565 raise Exception("Unexpected result: " + res
)
2566 update_hapd_config(hapd
)
2568 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2569 res
= sigma_dut_cmd(cmd
, timeout
=10)
2570 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
2571 raise Exception("Unexpected result: " + res
)
2573 stop_sigma_dut(sigma
)
2574 dev
[0].set("dpp_config_processing", "0")
2576 def test_sigma_dut_ap_dpp_self_config(dev
, apdev
, params
):
2577 """sigma_dut DPP AP Configurator using self-configuration"""
2578 logdir
= os
.path
.join(params
['logdir'],
2579 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2580 with
HWSimRadio() as (radio
, iface
):
2581 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2583 run_sigma_dut_ap_dpp_self_config(dev
, apdev
)
2585 stop_sigma_dut(sigma
)
2586 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2588 def run_sigma_dut_ap_dpp_self_config(dev
, apdev
):
2589 check_dpp_capab(dev
[0])
2591 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2593 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout
=10)
2594 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2595 raise Exception("Unexpected result: " + res
)
2597 dev
[0].set("dpp_config_processing", "2")
2599 id = dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True)
2600 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2601 cmd
= "DPP_LISTEN 2462 role=enrollee"
2602 if "OK" not in dev
[0].request(cmd
):
2603 raise Exception("Failed to start listen operation")
2605 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2606 if "status,COMPLETE" not in res
:
2607 raise Exception("dev_exec_action did not succeed: " + res
)
2608 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2609 res
= sigma_dut_cmd(cmd
)
2610 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2611 raise Exception("Unexpected result: " + res
)
2612 dev
[0].wait_connected()
2613 dev
[0].request("DISCONNECT")
2614 dev
[0].wait_disconnected()
2615 sigma_dut_cmd_check("ap_reset_default")
2618 def test_sigma_dut_ap_dpp_relay(dev
, apdev
, params
):
2619 """sigma_dut DPP AP as Relay to Controller"""
2620 logdir
= os
.path
.join(params
['logdir'],
2621 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2622 with
HWSimRadio() as (radio
, iface
):
2623 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2625 run_sigma_dut_ap_dpp_relay(dev
, apdev
)
2627 stop_sigma_dut(sigma
)
2628 dev
[1].request("DPP_CONTROLLER_STOP")
2630 def run_sigma_dut_ap_dpp_relay(dev
, apdev
):
2631 check_dpp_capab(dev
[0])
2632 check_dpp_capab(dev
[1])
2635 conf_id
= dev
[1].dpp_configurator_add()
2636 dev
[1].set("dpp_configurator_params",
2637 " conf=sta-dpp configurator=%d" % conf_id
)
2638 id_c
= dev
[1].dpp_bootstrap_gen()
2639 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2640 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
2642 for line
in res
.splitlines():
2643 name
, value
= line
.split('=')
2644 if name
== "pkhash":
2648 raise Exception("Could not fetch public key hash from Controller")
2649 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2650 raise Exception("Failed to start Controller")
2652 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2653 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash
)
2654 res
= sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2656 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
2657 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0])
2659 sigma_dut_cmd_check("ap_reset_default")
2661 def dpp_init_tcp_enrollee(dev
, id1
):
2662 logger
.info("Starting DPP initiator/enrollee (TCP) in a thread")
2664 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2665 if "OK" not in dev
.request(cmd
):
2666 raise Exception("Failed to initiate DPP Authentication")
2667 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
2669 raise Exception("DPP configuration not completed (Enrollee)")
2670 logger
.info("DPP initiator/enrollee done")
2672 def test_sigma_dut_dpp_tcp_conf_resp(dev
, apdev
):
2673 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2674 run_sigma_dut_dpp_tcp_conf_resp(dev
)
2676 def run_sigma_dut_dpp_tcp_conf_resp(dev
, status_query
=False):
2677 check_dpp_capab(dev
[0])
2678 check_dpp_capab(dev
[1])
2679 sigma
= start_sigma_dut(dev
[0].ifname
)
2681 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2682 res
= sigma_dut_cmd(cmd
)
2683 if "status,COMPLETE" not in res
:
2684 raise Exception("dev_exec_action did not succeed: " + res
)
2685 hex = res
.split(',')[3]
2687 logger
.info("URI from sigma_dut: " + uri
)
2689 id1
= dev
[1].dpp_qr_code(uri
)
2691 t
= threading
.Thread(target
=dpp_init_tcp_enrollee
, args
=(dev
[1], id1
))
2693 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2695 cmd
+= ",DPPStatusQuery,Yes"
2696 res
= sigma_dut_cmd(cmd
, timeout
=10)
2698 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2699 raise Exception("Unexpected result: " + res
)
2700 if status_query
and "StatusResult,0" not in res
:
2701 raise Exception("Status query did not succeed: " + res
)
2703 stop_sigma_dut(sigma
)
2705 def test_sigma_dut_dpp_tcp_enrollee_init(dev
, apdev
):
2706 """sigma_dut DPP TCP Enrollee as initiator"""
2707 check_dpp_capab(dev
[0])
2708 check_dpp_capab(dev
[1])
2709 sigma
= start_sigma_dut(dev
[0].ifname
)
2712 conf_id
= dev
[1].dpp_configurator_add()
2713 dev
[1].set("dpp_configurator_params",
2714 " conf=sta-dpp configurator=%d" % conf_id
)
2715 id_c
= dev
[1].dpp_bootstrap_gen()
2716 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2717 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2718 raise Exception("Failed to start Controller")
2720 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c
))
2721 if "status,COMPLETE" not in res
:
2722 raise Exception("dev_exec_action did not succeed: " + res
)
2724 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2725 res
= sigma_dut_cmd(cmd
, timeout
=10)
2726 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2727 raise Exception("Unexpected result: " + res
)
2729 stop_sigma_dut(sigma
)
2730 dev
[1].request("DPP_CONTROLLER_STOP")
2732 def test_sigma_dut_preconfigured_profile(dev
, apdev
):
2733 """sigma_dut controlled connection using preconfigured profile"""
2735 run_sigma_dut_preconfigured_profile(dev
, apdev
)
2737 dev
[0].set("ignore_old_scan_res", "0")
2739 def run_sigma_dut_preconfigured_profile(dev
, apdev
):
2740 ifname
= dev
[0].ifname
2741 sigma
= start_sigma_dut(ifname
)
2744 params
= hostapd
.wpa2_params(ssid
="test-psk", passphrase
="12345678")
2745 hapd
= hostapd
.add_ap(apdev
[0], params
)
2746 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412",
2747 only_add_network
=True)
2749 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2750 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "test-psk"),
2752 sigma_dut_wait_connected(ifname
)
2753 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2754 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2755 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2757 stop_sigma_dut(sigma
)
2759 def test_sigma_dut_wps_pbc(dev
, apdev
):
2760 """sigma_dut and WPS PBC Enrollee"""
2762 run_sigma_dut_wps_pbc(dev
, apdev
)
2764 dev
[0].set("ignore_old_scan_res", "0")
2766 def run_sigma_dut_wps_pbc(dev
, apdev
):
2767 ssid
= "test-wps-conf"
2768 hapd
= hostapd
.add_ap(apdev
[0],
2769 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2770 "wpa_passphrase": "12345678", "wpa": "2",
2771 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2772 hapd
.request("WPS_PBC")
2774 ifname
= dev
[0].ifname
2775 sigma
= start_sigma_dut(ifname
)
2778 cmd
= "start_wps_registration,interface,%s" % ifname
2779 cmd
+= ",WpsRole,Enrollee"
2780 cmd
+= ",WpsConfigMethod,PBC"
2781 sigma_dut_cmd_check(cmd
, timeout
=15)
2783 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2785 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2787 stop_sigma_dut(sigma
)
2788 dev
[0].flush_scan_cache()
2790 def test_sigma_dut_sta_scan_bss(dev
, apdev
):
2791 """sigma_dut sta_scan_bss"""
2792 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "test"})
2793 sigma
= start_sigma_dut(dev
[0].ifname
)
2795 cmd
= "sta_scan_bss,Interface,%s,BSSID,%s" % (dev
[0].ifname
, \
2797 res
= sigma_dut_cmd(cmd
, timeout
=10)
2798 if "ssid,test,bsschannel,1" not in res
:
2799 raise Exception("Unexpected result: " + res
)
2801 stop_sigma_dut(sigma
)
2803 def test_sigma_dut_sta_scan_ssid_bssid(dev
, apdev
):
2804 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2805 hostapd
.add_ap(apdev
[0], {"ssid": "abcdef"})
2806 hostapd
.add_ap(apdev
[1], {"ssid": "qwerty"})
2807 sigma
= start_sigma_dut(dev
[0].ifname
)
2809 cmd
= "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev
[0].ifname
2810 res
= sigma_dut_cmd(cmd
, timeout
=10)
2811 if "abcdef" not in res
or "qwerty" not in res
:
2812 raise Exception("Unexpected result: " + res
)
2814 stop_sigma_dut(sigma
)
2816 def test_sigma_dut_ap_osen(dev
, apdev
, params
):
2817 """sigma_dut controlled AP with OSEN"""
2818 logdir
= os
.path
.join(params
['logdir'],
2819 "sigma_dut_ap_osen.sigma-hostapd")
2820 with
HWSimRadio() as (radio
, iface
):
2821 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2823 sigma_dut_cmd_check("ap_reset_default")
2824 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2825 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2826 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2827 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2829 # RSN-OSEN (for OSU)
2830 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2831 pairwise
="CCMP", group
="GTK_NOT_USED",
2832 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2833 ca_cert
="auth_serv/ca.pem", scan_freq
="2412")
2835 sigma_dut_cmd_check("ap_reset_default")
2837 stop_sigma_dut(sigma
)
2839 def test_sigma_dut_ap_eap_osen(dev
, apdev
, params
):
2840 """sigma_dut controlled AP with EAP+OSEN"""
2841 logdir
= os
.path
.join(params
['logdir'],
2842 "sigma_dut_ap_eap_osen.sigma-hostapd")
2843 with
HWSimRadio() as (radio
, iface
):
2844 sigma
= start_sigma_dut(iface
, bridge
="ap-br0", hostapd_logdir
=logdir
)
2846 sigma_dut_cmd_check("ap_reset_default")
2847 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2848 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2849 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2850 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2852 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
2853 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2855 # RSN-OSEN (for OSU)
2856 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2858 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2859 ca_cert
="auth_serv/ca.pem", ieee80211w
='2',
2861 # RSN-EAP (for data connection)
2862 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
2863 identity
="hs20-test", password
="password",
2864 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
2865 ieee80211w
='2', scan_freq
="2412")
2867 hwsim_utils
.test_connectivity(dev
[0], dev
[1], broadcast
=False,
2868 success_expected
=False, timeout
=1)
2870 sigma_dut_cmd_check("ap_reset_default")
2872 stop_sigma_dut(sigma
)
2873 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2874 stderr
=open('/dev/null', 'w'))
2875 subprocess
.call(['brctl', 'delbr', 'ap-br0'],
2876 stderr
=open('/dev/null', 'w'))
2878 def test_sigma_dut_ap_eap(dev
, apdev
, params
):
2879 """sigma_dut controlled AP WPA2-Enterprise"""
2880 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2881 with
HWSimRadio() as (radio
, iface
):
2882 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2884 sigma_dut_cmd_check("ap_reset_default")
2885 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2886 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2887 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2888 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2890 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
2891 identity
="gpsk user",
2892 password
="abcdefghijklmnop0123456789abcdef",
2895 sigma_dut_cmd_check("ap_reset_default")
2897 stop_sigma_dut(sigma
)
2899 def test_sigma_dut_ap_eap_sha256(dev
, apdev
, params
):
2900 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2901 logdir
= os
.path
.join(params
['logdir'],
2902 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2903 with
HWSimRadio() as (radio
, iface
):
2904 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2906 sigma_dut_cmd_check("ap_reset_default")
2907 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2908 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2909 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2910 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2912 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP-SHA256", eap
="GPSK",
2913 identity
="gpsk user",
2914 password
="abcdefghijklmnop0123456789abcdef",
2917 sigma_dut_cmd_check("ap_reset_default")
2919 stop_sigma_dut(sigma
)
2921 def test_sigma_dut_ap_ft_eap(dev
, apdev
, params
):
2922 """sigma_dut controlled AP FT-EAP"""
2923 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2924 with
HWSimRadio() as (radio
, iface
):
2925 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2927 sigma_dut_cmd_check("ap_reset_default")
2928 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2929 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2930 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2931 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2933 dev
[0].connect("test-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
2934 identity
="gpsk user",
2935 password
="abcdefghijklmnop0123456789abcdef",
2938 sigma_dut_cmd_check("ap_reset_default")
2940 stop_sigma_dut(sigma
)
2942 def test_sigma_dut_ap_ft_psk(dev
, apdev
, params
):
2943 """sigma_dut controlled AP FT-PSK"""
2944 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2945 with
HWSimRadio() as (radio
, iface
):
2946 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2948 sigma_dut_cmd_check("ap_reset_default")
2949 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2950 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2951 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2953 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
2956 sigma_dut_cmd_check("ap_reset_default")
2958 stop_sigma_dut(sigma
)
2960 def test_sigma_dut_ap_ft_over_ds_psk(dev
, apdev
, params
):
2961 """sigma_dut controlled AP FT-PSK (over-DS)"""
2962 logdir
= os
.path
.join(params
['logdir'],
2963 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
2964 conffile
= os
.path
.join(params
['logdir'],
2965 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
2966 with
HWSimRadio() as (radio
, iface
):
2967 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2969 sigma_dut_cmd_check("ap_reset_default")
2970 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
2971 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2972 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2974 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
2975 with
open(conffile
, "wb") as f2
:
2978 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
2981 sigma_dut_cmd_check("ap_reset_default")
2983 stop_sigma_dut(sigma
)
2985 def test_sigma_dut_ap_ent_ft_eap(dev
, apdev
, params
):
2986 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2987 logdir
= os
.path
.join(params
['logdir'],
2988 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2989 with
HWSimRadio() as (radio
, iface
):
2990 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2992 sigma_dut_cmd_check("ap_reset_default")
2993 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2994 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2995 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2996 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2998 dev
[0].connect("test-ent-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
2999 identity
="gpsk user",
3000 password
="abcdefghijklmnop0123456789abcdef",
3002 dev
[1].connect("test-ent-ft-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
3003 identity
="gpsk user",
3004 password
="abcdefghijklmnop0123456789abcdef",
3007 sigma_dut_cmd_check("ap_reset_default")
3009 stop_sigma_dut(sigma
)
3011 def test_sigma_dut_venue_url(dev
, apdev
):
3012 """sigma_dut controlled Venue URL fetch"""
3014 run_sigma_dut_venue_url(dev
, apdev
)
3016 dev
[0].set("ignore_old_scan_res", "0")
3018 def run_sigma_dut_venue_url(dev
, apdev
):
3019 ifname
= dev
[0].ifname
3020 sigma
= start_sigma_dut(ifname
)
3024 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3025 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3026 params
["ieee80211w"] = "2"
3030 venue_info
= struct
.pack('BB', venue_group
, venue_type
)
3032 name1
= "Example venue"
3034 name2
= "Esimerkkipaikka"
3035 venue1
= struct
.pack('B', len(lang1
+ name1
)) + lang1
.encode() + name1
.encode()
3036 venue2
= struct
.pack('B', len(lang2
+ name2
)) + lang2
.encode() + name2
.encode()
3037 venue_name
= binascii
.hexlify(venue_info
+ venue1
+ venue2
)
3039 url1
= "http://example.com/venue"
3040 url2
= "https://example.org/venue-info/"
3041 params
["venue_group"] = str(venue_group
)
3042 params
["venue_type"] = str(venue_type
)
3043 params
["venue_name"] = [lang1
+ ":" + name1
, lang2
+ ":" + name2
]
3044 params
["venue_url"] = ["1:" + url1
, "2:" + url2
]
3046 hapd
= hostapd
.add_ap(apdev
[0], params
)
3048 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
3049 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3050 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "venue", "12345678"))
3051 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "venue"),
3053 sigma_dut_wait_connected(ifname
)
3054 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3055 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname
+ ",Display,Yes")
3056 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3057 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3059 stop_sigma_dut(sigma
)
3061 def test_sigma_dut_hs20_assoc_24(dev
, apdev
):
3062 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3063 run_sigma_dut_hs20_assoc(dev
, apdev
, True)
3065 def test_sigma_dut_hs20_assoc_5(dev
, apdev
):
3066 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3067 run_sigma_dut_hs20_assoc(dev
, apdev
, False)
3069 def run_sigma_dut_hs20_assoc(dev
, apdev
, band24
):
3073 bssid0
= apdev
[0]['bssid']
3074 params
= hs20_ap_params()
3075 params
['hessid'] = bssid0
3076 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3078 bssid1
= apdev
[1]['bssid']
3079 params
= hs20_ap_params()
3080 params
['hessid'] = bssid0
3081 params
["hw_mode"] = "a"
3082 params
["channel"] = "36"
3083 params
["country_code"] = "US"
3084 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3086 band
= "2.4" if band24
else "5"
3087 exp_bssid
= bssid0
if band24
else bssid1
3088 run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, exp_bssid
)
3090 dev
[0].request("DISCONNECT")
3092 hapd0
.request("DISABLE")
3094 hapd1
.request("DISABLE")
3095 subprocess
.call(['iw', 'reg', 'set', '00'])
3096 dev
[0].flush_scan_cache()
3098 def run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, expect_bssid
):
3099 check_eap_capa(dev
[0], "MSCHAPV2")
3100 dev
[0].flush_scan_cache()
3102 ifname
= dev
[0].ifname
3103 sigma
= start_sigma_dut(ifname
)
3106 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname
)
3107 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3108 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname
)
3109 res
= sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname
, band
),
3111 sigma_dut_wait_connected(ifname
)
3112 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3113 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3114 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3116 stop_sigma_dut(sigma
)
3118 if "BSSID," + expect_bssid
not in res
:
3119 raise Exception("Unexpected BSSID: " + res
)
3121 def test_sigma_dut_ap_hs20(dev
, apdev
, params
):
3122 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3123 logdir
= os
.path
.join(params
['logdir'],
3124 "sigma_dut_ap_hs20.sigma-hostapd")
3125 conffile
= os
.path
.join(params
['logdir'],
3126 "sigma_dut_ap_hs20.sigma-conf")
3127 with
HWSimRadio() as (radio
, iface
):
3128 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3130 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3131 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3132 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3133 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3134 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3135 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3136 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3137 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3138 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3139 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3140 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3141 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3142 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3143 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3145 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3146 with
open(conffile
, "wb") as f2
:
3149 sigma_dut_cmd_check("ap_reset_default")
3151 stop_sigma_dut(sigma
)
3153 def test_sigma_dut_eap_ttls_uosc(dev
, apdev
, params
):
3154 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3155 logdir
= params
['logdir']
3157 with
open("auth_serv/ca.pem", "r") as f
:
3158 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.ca.pem"),
3162 src
= "auth_serv/server.pem"
3163 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.der")
3164 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3165 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3167 stderr
=open('/dev/null', 'w'))
3168 with
open(dst
, "rb") as f
:
3170 hash = hashlib
.sha256(der
).digest()
3171 with
open(hashdst
, "w") as f
:
3172 f
.write(binascii
.hexlify(hash).decode())
3174 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3175 with
open(dst
, "w") as f
:
3178 ssid
= "test-wpa2-eap"
3179 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3180 hapd
= hostapd
.add_ap(apdev
[0], params
)
3182 ifname
= dev
[0].ifname
3183 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3186 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname
, ssid
)
3188 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3189 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3190 sigma_dut_cmd_check(cmd
)
3191 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3193 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3195 raise Exception("Server certificate error not reported")
3197 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3198 if "ServerCertTrustResult,Accepted" not in res
:
3199 raise Exception("Server certificate trust was not accepted")
3200 sigma_dut_wait_connected(ifname
)
3201 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3202 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3203 dev
[0].dump_monitor()
3205 stop_sigma_dut(sigma
)
3207 def test_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
):
3208 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3209 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, False)
3211 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev
, apdev
, params
):
3212 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3213 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, True)
3215 def run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, tofu
):
3216 logdir
= params
['logdir']
3218 name
= "sigma_dut_eap_ttls_uosc_tod"
3221 with
open("auth_serv/ca.pem", "r") as f
:
3222 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3226 src
= "auth_serv/server-certpol2.pem"
3228 src
= "auth_serv/server-certpol.pem"
3229 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3230 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3231 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3233 stderr
=open('/dev/null', 'w'))
3234 with
open(dst
, "rb") as f
:
3236 hash = hashlib
.sha256(der
).digest()
3237 with
open(hashdst
, "w") as f
:
3238 f
.write(binascii
.hexlify(hash).decode())
3240 ssid
= "test-wpa2-eap"
3241 params
= int_eap_server_params()
3242 params
["ssid"] = ssid
3244 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3245 params
["private_key"] = "auth_serv/server-certpol2.key"
3247 params
["server_cert"] = "auth_serv/server-certpol.pem"
3248 params
["private_key"] = "auth_serv/server-certpol.key"
3249 hapd
= hostapd
.add_ap(apdev
[0], params
)
3251 ifname
= dev
[0].ifname
3252 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3255 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name
+ ".server.pem") % (ifname
, ssid
)
3256 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3257 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3258 sigma_dut_cmd_check(cmd
)
3259 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3261 sigma_dut_wait_connected(ifname
)
3262 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3263 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
+ ",maintain_profile,1")
3264 dev
[0].wait_disconnected()
3265 dev
[0].dump_monitor()
3268 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3269 hapd
= hostapd
.add_ap(apdev
[0], params
)
3271 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3273 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3275 raise Exception("Server certificate error not reported")
3277 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3278 if "ServerCertTrustResult,Accepted" in res
:
3279 raise Exception("Server certificate trust override was accepted unexpectedly")
3280 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3281 dev
[0].dump_monitor()
3283 stop_sigma_dut(sigma
)
3285 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev
, apdev
, params
):
3286 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3287 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, False)
3289 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev
, apdev
, params
):
3290 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3291 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, True)
3293 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, tofu
):
3294 logdir
= params
['logdir']
3296 name
= "sigma_dut_eap_ttls_uosc_initial_tod"
3299 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
3300 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3304 src
= "auth_serv/server-certpol2.pem"
3306 src
= "auth_serv/server-certpol.pem"
3307 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3308 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3309 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3311 stderr
=open('/dev/null', 'w'))
3312 with
open(dst
, "rb") as f
:
3314 hash = hashlib
.sha256(der
).digest()
3315 with
open(hashdst
, "w") as f
:
3316 f
.write(binascii
.hexlify(hash).decode())
3318 ssid
= "test-wpa2-eap"
3319 params
= int_eap_server_params()
3320 params
["ssid"] = ssid
3322 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3323 params
["private_key"] = "auth_serv/server-certpol2.key"
3325 params
["server_cert"] = "auth_serv/server-certpol.pem"
3326 params
["private_key"] = "auth_serv/server-certpol.key"
3327 hapd
= hostapd
.add_ap(apdev
[0], params
)
3329 ifname
= dev
[0].ifname
3330 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3333 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname
, ssid
)
3334 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3335 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3336 sigma_dut_cmd_check(cmd
)
3337 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3339 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=15)
3341 raise Exception("Server certificate validation failure not reported")
3343 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3344 if not tofu
and "ServerCertTrustResult,Accepted" in res
:
3345 raise Exception("Server certificate trust override was accepted unexpectedly")
3346 if tofu
and "ServerCertTrustResult,Accepted" not in res
:
3347 raise Exception("Server certificate trust override was not accepted")
3348 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3349 dev
[0].dump_monitor()
3351 stop_sigma_dut(sigma
)
3353 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev
, apdev
, params
):
3354 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3355 check_domain_suffix_match(dev
[0])
3356 logdir
= params
['logdir']
3358 with
open("auth_serv/ca.pem", "r") as f
:
3359 with
open(os
.path
.join(logdir
,
3360 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3364 ssid
= "test-wpa2-eap"
3365 params
= int_eap_server_params()
3366 params
["ssid"] = ssid
3367 params
["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3368 params
["server_cert"] = "auth_serv/rsa3072-server.pem"
3369 params
["private_key"] = "auth_serv/rsa3072-server.key"
3370 hapd
= hostapd
.add_ap(apdev
[0], params
)
3372 ifname
= dev
[0].ifname
3373 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3376 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname
, ssid
)
3377 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3378 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3379 sigma_dut_cmd_check(cmd
)
3380 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3382 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3384 raise Exception("Server certificate error not reported")
3386 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3387 if "ServerCertTrustResult,Accepted" not in res
:
3388 raise Exception("Server certificate trust was not accepted")
3389 sigma_dut_wait_connected(ifname
)
3390 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3391 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3392 dev
[0].dump_monitor()
3394 stop_sigma_dut(sigma
)
3396 def start_sae_pwe_ap(apdev
, sae_pwe
):
3398 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3399 params
['wpa_key_mgmt'] = 'SAE'
3400 params
["ieee80211w"] = "2"
3401 params
['sae_groups'] = '19'
3402 params
['sae_pwe'] = str(sae_pwe
)
3403 return hostapd
.add_ap(apdev
, params
)
3405 def connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3407 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3408 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3409 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3412 sigma_dut_cmd_check(cmd
)
3413 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3415 sigma_dut_wait_connected(ifname
)
3416 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3417 dev
.wait_disconnected()
3418 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3421 def no_connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3423 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3424 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3425 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3428 sigma_dut_cmd_check(cmd
)
3429 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3431 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
3432 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3433 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3434 raise Exception("Unexpected connection result")
3435 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3438 def test_sigma_dut_sae_h2e(dev
, apdev
):
3439 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3440 if "SAE" not in dev
[0].get_capability("auth_alg"):
3441 raise HwsimSkip("SAE not supported")
3443 start_sae_pwe_ap(apdev
[0], 2)
3445 ifname
= dev
[0].ifname
3446 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3448 connect_sae_pwe_sta(dev
[0], ifname
)
3449 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3450 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3451 res
= sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname
, "test-sae", "12345678"))
3452 if res
!= "status,ERROR,errorCode,Unsupported sae_pwe value":
3453 raise Exception("Unexpected error result: " + res
)
3455 stop_sigma_dut(sigma
)
3456 dev
[0].set("sae_pwe", "0")
3458 def test_sigma_dut_sae_h2e_ap_loop(dev
, apdev
):
3459 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3460 if "SAE" not in dev
[0].get_capability("auth_alg"):
3461 raise HwsimSkip("SAE not supported")
3463 start_sae_pwe_ap(apdev
[0], 0)
3465 ifname
= dev
[0].ifname
3466 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3468 connect_sae_pwe_sta(dev
[0], ifname
)
3469 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3470 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3472 stop_sigma_dut(sigma
)
3473 dev
[0].set("sae_pwe", "0")
3475 def test_sigma_dut_sae_h2e_ap_h2e(dev
, apdev
):
3476 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3477 if "SAE" not in dev
[0].get_capability("auth_alg"):
3478 raise HwsimSkip("SAE not supported")
3480 start_sae_pwe_ap(apdev
[0], 1)
3482 ifname
= dev
[0].ifname
3483 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3485 connect_sae_pwe_sta(dev
[0], ifname
)
3486 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3487 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3489 stop_sigma_dut(sigma
)
3490 dev
[0].set("sae_pwe", "0")
3492 def test_sigma_dut_ap_sae_h2e(dev
, apdev
, params
):
3493 """sigma_dut controlled AP with SAE H2E"""
3494 logdir
= os
.path
.join(params
['logdir'],
3495 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3496 if "SAE" not in dev
[0].get_capability("auth_alg"):
3497 raise HwsimSkip("SAE not supported")
3498 with
HWSimRadio() as (radio
, iface
):
3499 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3501 sigma_dut_cmd_check("ap_reset_default")
3502 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3503 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3504 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3506 for sae_pwe
in [0, 1, 2]:
3507 dev
[0].request("SET sae_groups ")
3508 dev
[0].set("sae_pwe", str(sae_pwe
))
3509 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3510 ieee80211w
="2", scan_freq
="2412")
3511 dev
[0].request("REMOVE_NETWORK all")
3512 dev
[0].wait_disconnected()
3513 dev
[0].dump_monitor()
3515 sigma_dut_cmd_check("ap_reset_default")
3517 stop_sigma_dut(sigma
)
3518 dev
[0].set("sae_pwe", "0")
3520 def test_sigma_dut_ap_sae_h2e_only(dev
, apdev
, params
):
3521 """sigma_dut controlled AP with SAE H2E-only"""
3522 logdir
= os
.path
.join(params
['logdir'],
3523 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3524 if "SAE" not in dev
[0].get_capability("auth_alg"):
3525 raise HwsimSkip("SAE not supported")
3526 with
HWSimRadio() as (radio
, iface
):
3527 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3529 sigma_dut_cmd_check("ap_reset_default")
3530 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3531 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3532 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3534 dev
[0].request("SET sae_groups ")
3535 dev
[0].set("sae_pwe", "1")
3536 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3537 ieee80211w
="2", scan_freq
="2412")
3538 dev
[0].request("REMOVE_NETWORK all")
3539 dev
[0].wait_disconnected()
3540 dev
[0].dump_monitor()
3542 dev
[0].set("sae_pwe", "0")
3543 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3544 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3545 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3546 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3547 dev
[0].request("DISCONNECT")
3548 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3549 raise Exception("Unexpected connection result")
3551 sigma_dut_cmd_check("ap_reset_default")
3553 stop_sigma_dut(sigma
)
3554 dev
[0].set("sae_pwe", "0")
3556 def test_sigma_dut_ap_sae_loop_only(dev
, apdev
, params
):
3557 """sigma_dut controlled AP with SAE looping-only"""
3558 logdir
= os
.path
.join(params
['logdir'],
3559 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3560 if "SAE" not in dev
[0].get_capability("auth_alg"):
3561 raise HwsimSkip("SAE not supported")
3562 with
HWSimRadio() as (radio
, iface
):
3563 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3565 sigma_dut_cmd_check("ap_reset_default")
3566 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3567 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3568 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3570 dev
[0].request("SET sae_groups ")
3571 dev
[0].set("sae_pwe", "0")
3572 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3573 ieee80211w
="2", scan_freq
="2412")
3574 dev
[0].request("REMOVE_NETWORK all")
3575 dev
[0].wait_disconnected()
3576 dev
[0].dump_monitor()
3578 dev
[0].set("sae_pwe", "1")
3579 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3580 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3581 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3582 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3583 dev
[0].request("DISCONNECT")
3584 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3585 raise Exception("Unexpected connection result")
3587 sigma_dut_cmd_check("ap_reset_default")
3589 stop_sigma_dut(sigma
)
3590 dev
[0].set("sae_pwe", "0")
3592 def test_sigma_dut_sae_h2e_loop_forcing(dev
, apdev
):
3593 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3594 if "SAE" not in dev
[0].get_capability("auth_alg"):
3595 raise HwsimSkip("SAE not supported")
3598 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3599 params
['wpa_key_mgmt'] = 'SAE'
3600 params
["ieee80211w"] = "2"
3601 params
['sae_pwe'] = '1'
3602 hapd
= hostapd
.add_ap(apdev
[0], params
)
3604 ifname
= dev
[0].ifname
3605 sigma
= start_sigma_dut(ifname
)
3607 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3608 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3609 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname
, "test-sae", "12345678"))
3610 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3612 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3614 raise Exception("No authentication attempt reported")
3615 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3617 raise Exception("Unexpected connection reported")
3619 stop_sigma_dut(sigma
)
3621 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev
, apdev
):
3622 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3623 if "SAE" not in dev
[0].get_capability("auth_alg"):
3624 raise HwsimSkip("SAE not supported")
3627 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3628 params
['wpa_key_mgmt'] = 'SAE'
3629 params
["ieee80211w"] = "2"
3630 params
['sae_groups'] = "19 20"
3631 params
['sae_pwe'] = '1'
3632 hapd
= hostapd
.add_ap(apdev
[0], params
)
3634 ifname
= dev
[0].ifname
3635 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3637 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3638 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3639 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname
, "test-sae", "12345678"))
3640 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3642 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3644 raise Exception("No authentication attempt reported")
3645 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3647 raise Exception("Unexpected connection reported")
3649 stop_sigma_dut(sigma
)
3651 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev
, apdev
):
3652 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3653 if "SAE" not in dev
[0].get_capability("auth_alg"):
3654 raise HwsimSkip("SAE not supported")
3657 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3658 params
['wpa_key_mgmt'] = 'SAE'
3659 params
["ieee80211w"] = "2"
3660 params
['sae_groups'] = "19"
3661 params
['sae_pwe'] = '1'
3662 hapd
= hostapd
.add_ap(apdev
[0], params
)
3664 ifname
= dev
[0].ifname
3665 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3667 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3668 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3669 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname
, "test-sae", "12345678"))
3670 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3672 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3674 raise Exception("No authentication attempt reported")
3675 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3677 raise Exception("Unexpected connection reported")
3679 stop_sigma_dut(sigma
)
3680 dev
[0].set("sae_pwe", "0")
3682 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev
, apdev
, params
):
3683 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3684 logdir
= os
.path
.join(params
['logdir'],
3685 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3686 if "SAE" not in dev
[0].get_capability("auth_alg"):
3687 raise HwsimSkip("SAE not supported")
3688 with
HWSimRadio() as (radio
, iface
):
3689 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3691 sigma_dut_cmd_check("ap_reset_default")
3692 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3693 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3694 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3696 dev
[0].request("SET sae_groups ")
3697 dev
[0].set("sae_pwe", "1")
3698 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3699 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3700 ev
= dev
[0].wait_event(["Associated with"], timeout
=10)
3702 raise Exception("No indication of association seen")
3703 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3704 "CTRL-EVENT-DISCONNECTED"], timeout
=10)
3705 dev
[0].request("DISCONNECT")
3707 raise Exception("No disconnection seen")
3708 if "CTRL-EVENT-DISCONNECTED" not in ev
:
3709 raise Exception("Unexpected connection")
3711 sigma_dut_cmd_check("ap_reset_default")
3713 stop_sigma_dut(sigma
)
3714 dev
[0].set("sae_pwe", "0")
3716 def test_sigma_dut_ap_sae_h2e_group_rejection(dev
, apdev
, params
):
3717 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3718 logdir
= os
.path
.join(params
['logdir'],
3719 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3720 if "SAE" not in dev
[0].get_capability("auth_alg"):
3721 raise HwsimSkip("SAE not supported")
3722 with
HWSimRadio() as (radio
, iface
):
3723 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3725 sigma_dut_cmd_check("ap_reset_default")
3726 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3727 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3728 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3730 dev
[0].request("SET sae_groups 21 20 19")
3731 dev
[0].set("sae_pwe", "1")
3732 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3733 ieee80211w
="2", scan_freq
="2412")
3734 addr
= dev
[0].own_addr()
3735 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr
)
3736 if "DHGroupVerResult,21 20" not in res
:
3737 raise Exception("Unexpected dev_exec_action response: " + res
)
3739 sigma_dut_cmd_check("ap_reset_default")
3741 stop_sigma_dut(sigma
)
3742 dev
[0].set("sae_pwe", "0")