]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Check for TLS library capabilities in sigma_dut test cases
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import binascii
9 import errno
10 import fcntl
11 import hashlib
12 import logging
13 logger = logging.getLogger()
14 import os
15 import socket
16 import struct
17 import subprocess
18 import threading
19 import time
20
21 import hostapd
22 from utils import HwsimSkip
23 from hwsim import HWSimRadio
24 import hwsim_utils
25 from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
26 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
27 from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match
28 from test_ap_hs20 import hs20_ap_params
29
30 def check_sigma_dut():
31 if not os.path.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
33
34 def to_hex(s):
35 return binascii.hexlify(s.encode()).decode()
36
37 def from_hex(s):
38 return binascii.unhexlify(s).decode()
39
40 def sigma_log_output(cmd):
41 try:
42 out = cmd.stdout.read()
43 if out:
44 logger.debug("sigma_dut stdout: " + str(out.decode()))
45 except IOError as e:
46 if e.errno != errno.EAGAIN:
47 raise
48 try:
49 out = cmd.stderr.read()
50 if out:
51 logger.debug("sigma_dut stderr: " + str(out.decode()))
52 except IOError as e:
53 if e.errno != errno.EAGAIN:
54 raise
55
56 sigma_prog = None
57
58 def sigma_dut_cmd(cmd, port=9000, timeout=2):
59 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
60 socket.IPPROTO_TCP)
61 sock.settimeout(timeout)
62 addr = ('127.0.0.1', port)
63 sock.connect(addr)
64 sock.send(cmd.encode() + b"\r\n")
65 try:
66 res = sock.recv(1000).decode()
67 running = False
68 done = False
69 for line in res.splitlines():
70 if line.startswith("status,RUNNING"):
71 running = True
72 elif line.startswith("status,INVALID"):
73 done = True
74 elif line.startswith("status,ERROR"):
75 done = True
76 elif line.startswith("status,COMPLETE"):
77 done = True
78 if running and not done:
79 # Read the actual response
80 res = sock.recv(1000).decode()
81 except:
82 res = ''
83 pass
84 sock.close()
85 res = res.rstrip()
86 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
87 global sigma_prog
88 if sigma_prog:
89 sigma_log_output(sigma_prog)
90 return res
91
92 def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
93 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
94 if "COMPLETE" not in res:
95 raise Exception("sigma_dut command failed: " + cmd)
96 return res
97
98 def start_sigma_dut(ifname, hostapd_logdir=None, cert_path=None,
99 bridge=None, sae_h2e=False):
100 check_sigma_dut()
101 cmd = ['./sigma_dut',
102 '-d',
103 '-M', ifname,
104 '-S', ifname,
105 '-F', '../../hostapd/hostapd',
106 '-G',
107 '-w', '/var/run/wpa_supplicant/',
108 '-j', ifname]
109 if hostapd_logdir:
110 cmd += ['-H', hostapd_logdir]
111 if cert_path:
112 cmd += ['-C', cert_path]
113 if bridge:
114 cmd += ['-b', bridge]
115 if sae_h2e:
116 cmd += ['-2']
117 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
118 stderr=subprocess.PIPE)
119 for stream in [sigma.stdout, sigma.stderr]:
120 fd = stream.fileno()
121 fl = fcntl.fcntl(fd, fcntl.F_GETFL)
122 fcntl.fcntl(fd, fcntl.F_SETFL, fl | os.O_NONBLOCK)
123
124 global sigma_prog
125 sigma_prog = sigma
126 res = None
127 for i in range(20):
128 try:
129 res = sigma_dut_cmd("HELLO")
130 break
131 except:
132 time.sleep(0.05)
133 if res is None or "errorCode,Unknown command" not in res:
134 raise Exception("Failed to start sigma_dut")
135 return {'cmd': sigma, 'ifname': ifname}
136
137 def stop_sigma_dut(sigma):
138 global sigma_prog
139 sigma_prog = None
140 cmd = sigma['cmd']
141 sigma_log_output(cmd)
142 logger.debug("Terminating sigma_dut process")
143 cmd.terminate()
144 cmd.wait()
145 out, err = cmd.communicate()
146 logger.debug("sigma_dut stdout: " + str(out.decode()))
147 logger.debug("sigma_dut stderr: " + str(err.decode()))
148 subprocess.call(["ip", "addr", "del", "dev", sigma['ifname'],
149 "127.0.0.11/24"],
150 stderr=open('/dev/null', 'w'))
151
152 def sigma_dut_wait_connected(ifname):
153 for i in range(50):
154 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
155 if "connected,1" in res:
156 break
157 time.sleep(0.2)
158 if i == 49:
159 raise Exception("Connection did not complete")
160
161 def test_sigma_dut_basic(dev, apdev):
162 """sigma_dut basic functionality"""
163 sigma = start_sigma_dut(dev[0].ifname)
164
165 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
166 ("device_get_info", "status,COMPLETE,vendor"),
167 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
168 ("device_list_interfaces,interfaceType,802.11",
169 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
170 try:
171 res = sigma_dut_cmd("UNKNOWN")
172 if "status,INVALID,errorCode,Unknown command" not in res:
173 raise Exception("Unexpected sigma_dut response to unknown command")
174
175 for cmd, response in tests:
176 res = sigma_dut_cmd(cmd)
177 if response not in res:
178 raise Exception("Unexpected %s response: %s" % (cmd, res))
179 finally:
180 stop_sigma_dut(sigma)
181
182 def test_sigma_dut_open(dev, apdev):
183 """sigma_dut controlled open network association"""
184 try:
185 run_sigma_dut_open(dev, apdev)
186 finally:
187 dev[0].set("ignore_old_scan_res", "0")
188
189 def run_sigma_dut_open(dev, apdev):
190 ifname = dev[0].ifname
191 sigma = start_sigma_dut(ifname)
192
193 try:
194 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
195
196 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
197 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
198 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"),
199 timeout=10)
200 sigma_dut_wait_connected(ifname)
201 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
202 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
203 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
204 finally:
205 stop_sigma_dut(sigma)
206
207 def test_sigma_dut_psk_pmf(dev, apdev):
208 """sigma_dut controlled PSK+PMF association"""
209 try:
210 run_sigma_dut_psk_pmf(dev, apdev)
211 finally:
212 dev[0].set("ignore_old_scan_res", "0")
213
214 def run_sigma_dut_psk_pmf(dev, apdev):
215 ifname = dev[0].ifname
216 sigma = start_sigma_dut(ifname)
217
218 try:
219 ssid = "test-pmf-required"
220 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
221 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
222 params["ieee80211w"] = "2"
223 hapd = hostapd.add_ap(apdev[0], params)
224
225 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
226 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
227 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
228 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
229 timeout=10)
230 sigma_dut_wait_connected(ifname)
231 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
232 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
233 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
234 finally:
235 stop_sigma_dut(sigma)
236
237 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
238 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
239 try:
240 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
241 finally:
242 dev[0].set("ignore_old_scan_res", "0")
243
244 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
245 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
246 try:
247 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
248 finally:
249 dev[0].set("ignore_old_scan_res", "0")
250
251 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
252 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
253 try:
254 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
255 finally:
256 dev[0].set("ignore_old_scan_res", "0")
257
258 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
259 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
260 try:
261 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
262 finally:
263 dev[0].set("ignore_old_scan_res", "0")
264
265 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
266 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
267 try:
268 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
269 failure=True)
270 finally:
271 dev[0].set("ignore_old_scan_res", "0")
272
273 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
274 failure=False):
275 ifname = dev[0].ifname
276 sigma = start_sigma_dut(ifname)
277
278 try:
279 ssid = "test-pmf-required"
280 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
281 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
282 params["ieee80211w"] = "2"
283 params["group_mgmt_cipher"] = hostapd_cipher
284 hapd = hostapd.add_ap(apdev[0], params)
285
286 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
287 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
288 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
289 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
290 timeout=2 if failure else 10)
291 if failure:
292 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
293 "CTRL-EVENT-CONNECTED"], timeout=10)
294 if ev is None:
295 raise Exception("Network selection result not indicated")
296 if "CTRL-EVENT-CONNECTED" in ev:
297 raise Exception("Unexpected connection")
298 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
299 if "connected,1" in res:
300 raise Exception("Connection reported")
301 else:
302 sigma_dut_wait_connected(ifname)
303 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
304
305 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
306 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
307 finally:
308 stop_sigma_dut(sigma)
309
310 def test_sigma_dut_sae(dev, apdev):
311 """sigma_dut controlled SAE association"""
312 if "SAE" not in dev[0].get_capability("auth_alg"):
313 raise HwsimSkip("SAE not supported")
314
315 ifname = dev[0].ifname
316 sigma = start_sigma_dut(ifname)
317
318 try:
319 ssid = "test-sae"
320 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
321 params['wpa_key_mgmt'] = 'SAE'
322 params["ieee80211w"] = "2"
323 params['sae_groups'] = '19 20 21'
324 hapd = hostapd.add_ap(apdev[0], params)
325
326 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
327 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
328 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
329 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
330 timeout=10)
331 sigma_dut_wait_connected(ifname)
332 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
333 if dev[0].get_status_field('sae_group') != '19':
334 raise Exception("Expected default SAE group not used")
335 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
336
337 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
338
339 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
340 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
341 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
342 timeout=10)
343 sigma_dut_wait_connected(ifname)
344 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
345 if dev[0].get_status_field('sae_group') != '20':
346 raise Exception("Expected SAE group not used")
347 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
348 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
349 finally:
350 stop_sigma_dut(sigma)
351
352 def test_sigma_dut_sae_groups(dev, apdev):
353 """sigma_dut controlled SAE association with group negotiation"""
354 if "SAE" not in dev[0].get_capability("auth_alg"):
355 raise HwsimSkip("SAE not supported")
356
357 ifname = dev[0].ifname
358 sigma = start_sigma_dut(ifname)
359
360 try:
361 ssid = "test-sae"
362 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
363 params['wpa_key_mgmt'] = 'SAE'
364 params["ieee80211w"] = "2"
365 params['sae_groups'] = '19'
366 hapd = hostapd.add_ap(apdev[0], params)
367
368 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
369 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
370 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname, "test-sae", "12345678"))
371 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
372 timeout=10)
373 sigma_dut_wait_connected(ifname)
374 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
375 if dev[0].get_status_field('sae_group') != '19':
376 raise Exception("Expected default SAE group not used")
377 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
378
379 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
380 finally:
381 stop_sigma_dut(sigma)
382
383 def test_sigma_dut_sae_pmkid_include(dev, apdev):
384 """sigma_dut controlled SAE association with PMKID"""
385 if "SAE" not in dev[0].get_capability("auth_alg"):
386 raise HwsimSkip("SAE not supported")
387
388 ifname = dev[0].ifname
389 sigma = start_sigma_dut(ifname)
390
391 try:
392 ssid = "test-sae"
393 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
394 params['wpa_key_mgmt'] = 'SAE'
395 params["ieee80211w"] = "2"
396 params["sae_confirm_immediate"] = "1"
397 hapd = hostapd.add_ap(apdev[0], params)
398
399 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
400 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
401 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname, "test-sae", "12345678"))
402 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
403 timeout=10)
404 sigma_dut_wait_connected(ifname)
405 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
406 finally:
407 stop_sigma_dut(sigma)
408
409 def test_sigma_dut_sae_password(dev, apdev):
410 """sigma_dut controlled SAE association and long password"""
411 if "SAE" not in dev[0].get_capability("auth_alg"):
412 raise HwsimSkip("SAE not supported")
413
414 ifname = dev[0].ifname
415 sigma = start_sigma_dut(ifname)
416
417 try:
418 ssid = "test-sae"
419 params = hostapd.wpa2_params(ssid=ssid)
420 params['sae_password'] = 100*'B'
421 params['wpa_key_mgmt'] = 'SAE'
422 params["ieee80211w"] = "2"
423 hapd = hostapd.add_ap(apdev[0], params)
424
425 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
426 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
427 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
428 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
429 timeout=10)
430 sigma_dut_wait_connected(ifname)
431 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
432 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
433 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
434 finally:
435 stop_sigma_dut(sigma)
436
437 def test_sigma_dut_sae_pw_id(dev, apdev):
438 """sigma_dut controlled SAE association with Password Identifier"""
439 if "SAE" not in dev[0].get_capability("auth_alg"):
440 raise HwsimSkip("SAE not supported")
441
442 ifname = dev[0].ifname
443 sigma = start_sigma_dut(ifname)
444
445 try:
446 ssid = "test-sae"
447 params = hostapd.wpa2_params(ssid=ssid)
448 params['wpa_key_mgmt'] = 'SAE'
449 params["ieee80211w"] = "2"
450 params['sae_password'] = 'secret|id=pw id'
451 params['sae_groups'] = '19'
452 hapd = hostapd.add_ap(apdev[0], params)
453
454 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
455 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
456 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
457 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
458 timeout=10)
459 sigma_dut_wait_connected(ifname)
460 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
461 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
462 finally:
463 stop_sigma_dut(sigma)
464
465 def test_sigma_dut_sae_pw_id_ft(dev, apdev):
466 """sigma_dut controlled SAE association with Password Identifier and FT"""
467 run_sigma_dut_sae_pw_id_ft(dev, apdev)
468
469 def test_sigma_dut_sae_pw_id_ft_over_ds(dev, apdev):
470 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
471 run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=True)
472
473 def run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=False):
474 if "SAE" not in dev[0].get_capability("auth_alg"):
475 raise HwsimSkip("SAE not supported")
476
477 ifname = dev[0].ifname
478 sigma = start_sigma_dut(ifname)
479
480 try:
481 ssid = "test-sae"
482 params = hostapd.wpa2_params(ssid=ssid)
483 params['wpa_key_mgmt'] = 'SAE FT-SAE'
484 params["ieee80211w"] = "2"
485 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
486 params['mobility_domain'] = 'aabb'
487 params['ft_over_ds'] = '1' if over_ds else '0'
488 bssid = apdev[0]['bssid'].replace(':', '')
489 params['nas_identifier'] = bssid + '.nas.example.com'
490 params['r1_key_holder'] = bssid
491 params['pmk_r1_push'] = '0'
492 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
493 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
494 hapd = hostapd.add_ap(apdev[0], params)
495
496 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
497 if over_ds:
498 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname)
499 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
500 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
501 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
502 timeout=10)
503 sigma_dut_wait_connected(ifname)
504
505 bssid = apdev[1]['bssid'].replace(':', '')
506 params['nas_identifier'] = bssid + '.nas.example.com'
507 params['r1_key_holder'] = bssid
508 hapd2 = hostapd.add_ap(apdev[1], params)
509 bssid = hapd2.own_addr()
510 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
511 dev[0].wait_connected()
512
513 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
514 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
515 finally:
516 stop_sigma_dut(sigma)
517
518 def test_sigma_dut_sta_override_rsne(dev, apdev):
519 """sigma_dut and RSNE override on STA"""
520 try:
521 run_sigma_dut_sta_override_rsne(dev, apdev)
522 finally:
523 dev[0].set("ignore_old_scan_res", "0")
524
525 def run_sigma_dut_sta_override_rsne(dev, apdev):
526 ifname = dev[0].ifname
527 sigma = start_sigma_dut(ifname)
528
529 try:
530 ssid = "test-psk"
531 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
532 hapd = hostapd.add_ap(apdev[0], params)
533
534 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
535
536 tests = ["30120100000fac040100000fac040100000fac02",
537 "30140100000fac040100000fac040100000fac02ffff"]
538 for test in tests:
539 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
540 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
541 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
542 timeout=10)
543 sigma_dut_wait_connected(ifname)
544 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
545 dev[0].dump_monitor()
546
547 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
548 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
549 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
550 timeout=10)
551
552 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
553 if ev is None:
554 raise Exception("Association rejection not reported")
555 if "status_code=40" not in ev:
556 raise Exception("Unexpected status code: " + ev)
557
558 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
559 finally:
560 stop_sigma_dut(sigma)
561
562 def test_sigma_dut_ap_psk(dev, apdev):
563 """sigma_dut controlled AP"""
564 with HWSimRadio() as (radio, iface):
565 sigma = start_sigma_dut(iface)
566 try:
567 sigma_dut_cmd_check("ap_reset_default")
568 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
569 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
570 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
571
572 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
573
574 sigma_dut_cmd_check("ap_reset_default")
575 finally:
576 stop_sigma_dut(sigma)
577
578 def test_sigma_dut_ap_pskhex(dev, apdev, params):
579 """sigma_dut controlled AP and PSKHEX"""
580 logdir = os.path.join(params['logdir'],
581 "sigma_dut_ap_pskhex.sigma-hostapd")
582 with HWSimRadio() as (radio, iface):
583 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
584 try:
585 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
586 sigma_dut_cmd_check("ap_reset_default")
587 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
588 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
589 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
590
591 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
592
593 sigma_dut_cmd_check("ap_reset_default")
594 finally:
595 stop_sigma_dut(sigma)
596
597 def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
598 """sigma_dut controlled AP PSK SHA256"""
599 logdir = os.path.join(params['logdir'],
600 "sigma_dut_ap_psk_sha256.sigma-hostapd")
601 with HWSimRadio() as (radio, iface):
602 sigma = start_sigma_dut(iface)
603 try:
604 sigma_dut_cmd_check("ap_reset_default")
605 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
606 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
607 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
608
609 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
610 psk="12345678", scan_freq="2412")
611
612 sigma_dut_cmd_check("ap_reset_default")
613 finally:
614 stop_sigma_dut(sigma)
615
616 def test_sigma_dut_ap_psk_deauth(dev, apdev, params):
617 """sigma_dut controlled AP and deauth commands"""
618 logdir = os.path.join(params['logdir'],
619 "sigma_dut_ap_psk_deauth.sigma-hostapd")
620 with HWSimRadio() as (radio, iface):
621 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
622 try:
623 sigma_dut_cmd_check("ap_reset_default")
624 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
625 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
626 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
627
628 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
629 psk="12345678", ieee80211w="2", scan_freq="2412")
630 addr = dev[0].own_addr()
631 dev[0].dump_monitor()
632
633 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr)
634 ev = dev[0].wait_disconnected()
635 dev[0].dump_monitor()
636 if "locally_generated=1" in ev:
637 raise Exception("Unexpected disconnection reason")
638 dev[0].wait_connected()
639 dev[0].dump_monitor()
640
641 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr + ",disconnect,silent")
642 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
643 if ev and "locally_generated=1" not in ev:
644 raise Exception("Unexpected disconnection")
645
646 sigma_dut_cmd_check("ap_reset_default")
647 finally:
648 stop_sigma_dut(sigma)
649
650 def test_sigma_dut_eap_ttls(dev, apdev, params):
651 """sigma_dut controlled STA and EAP-TTLS parameters"""
652 check_domain_match(dev[0])
653 logdir = params['logdir']
654
655 with open("auth_serv/ca.pem", "r") as f:
656 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
657 f2.write(f.read())
658
659 src = "auth_serv/server.pem"
660 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
661 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
662 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
663 "-outform", "DER"],
664 stderr=open('/dev/null', 'w'))
665 with open(dst, "rb") as f:
666 der = f.read()
667 hash = hashlib.sha256(der).digest()
668 with open(hashdst, "w") as f:
669 f.write(binascii.hexlify(hash).decode())
670
671 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
672 with open(dst, "w") as f:
673 f.write(32*"00")
674
675 ssid = "test-wpa2-eap"
676 params = hostapd.wpa2_eap_params(ssid=ssid)
677 hapd = hostapd.add_ap(apdev[0], params)
678
679 ifname = dev[0].ifname
680 sigma = start_sigma_dut(ifname, cert_path=logdir)
681
682 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
683
684 try:
685 tests = ["",
686 ",Domain,server.w1.fi",
687 ",DomainSuffix,w1.fi",
688 ",DomainSuffix,server.w1.fi",
689 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
690 for extra in tests:
691 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
692 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
693 sigma_dut_cmd_check(cmd + extra)
694 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
695 timeout=10)
696 sigma_dut_wait_connected(ifname)
697 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
698 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
699 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
700 dev[0].dump_monitor()
701
702 tests = [",Domain,w1.fi",
703 ",DomainSuffix,example.com",
704 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
705 for extra in tests:
706 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
707 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
708 sigma_dut_cmd_check(cmd + extra)
709 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
710 timeout=10)
711 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
712 if ev is None:
713 raise Exception("Server certificate error not reported")
714 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
715 if "connected,1" in res:
716 raise Exception("Unexpected connection reported")
717 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
718 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
719 dev[0].dump_monitor()
720 finally:
721 stop_sigma_dut(sigma)
722
723 def test_sigma_dut_suite_b(dev, apdev, params):
724 """sigma_dut controlled STA Suite B"""
725 check_suite_b_192_capa(dev)
726 logdir = params['logdir']
727
728 with open("auth_serv/ec2-ca.pem", "r") as f:
729 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
730 f2.write(f.read())
731
732 with open("auth_serv/ec2-user.pem", "r") as f:
733 with open("auth_serv/ec2-user.key", "r") as f2:
734 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
735 f3.write(f.read())
736 f3.write(f2.read())
737
738 dev[0].flush_scan_cache()
739 params = suite_b_as_params()
740 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
741 params['server_cert'] = 'auth_serv/ec2-server.pem'
742 params['private_key'] = 'auth_serv/ec2-server.key'
743 params['openssl_ciphers'] = 'SUITEB192'
744 hostapd.add_ap(apdev[1], params)
745
746 params = {"ssid": "test-suite-b",
747 "wpa": "2",
748 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
749 "rsn_pairwise": "GCMP-256",
750 "group_mgmt_cipher": "BIP-GMAC-256",
751 "ieee80211w": "2",
752 "ieee8021x": "1",
753 'auth_server_addr': "127.0.0.1",
754 'auth_server_port': "18129",
755 'auth_server_shared_secret': "radius",
756 'nas_identifier': "nas.w1.fi"}
757 hapd = hostapd.add_ap(apdev[0], params)
758
759 ifname = dev[0].ifname
760 sigma = start_sigma_dut(ifname, cert_path=logdir)
761
762 try:
763 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
764 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
765 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
766 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
767 timeout=10)
768 sigma_dut_wait_connected(ifname)
769 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
770 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
771 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
772 finally:
773 stop_sigma_dut(sigma)
774
775 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
776 """sigma_dut controlled STA Suite B (RSA)"""
777 check_suite_b_192_capa(dev)
778 logdir = params['logdir']
779
780 with open("auth_serv/rsa3072-ca.pem", "r") as f:
781 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
782 f2.write(f.read())
783
784 with open("auth_serv/rsa3072-user.pem", "r") as f:
785 with open("auth_serv/rsa3072-user.key", "r") as f2:
786 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
787 f3.write(f.read())
788 f3.write(f2.read())
789
790 dev[0].flush_scan_cache()
791 params = suite_b_192_rsa_ap_params()
792 hapd = hostapd.add_ap(apdev[0], params)
793
794 ifname = dev[0].ifname
795 sigma = start_sigma_dut(ifname, cert_path=logdir)
796
797 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
798
799 try:
800 tests = ["",
801 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
802 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
803 for extra in tests:
804 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
805 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
806 sigma_dut_cmd_check(cmd + extra)
807 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
808 timeout=10)
809 sigma_dut_wait_connected(ifname)
810 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
811 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
812 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
813 finally:
814 stop_sigma_dut(sigma)
815
816 def test_sigma_dut_ap_suite_b(dev, apdev, params):
817 """sigma_dut controlled AP Suite B"""
818 check_suite_b_192_capa(dev)
819 logdir = os.path.join(params['logdir'],
820 "sigma_dut_ap_suite_b.sigma-hostapd")
821 params = suite_b_as_params()
822 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
823 params['server_cert'] = 'auth_serv/ec2-server.pem'
824 params['private_key'] = 'auth_serv/ec2-server.key'
825 params['openssl_ciphers'] = 'SUITEB192'
826 hostapd.add_ap(apdev[1], params)
827 with HWSimRadio() as (radio, iface):
828 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
829 try:
830 sigma_dut_cmd_check("ap_reset_default")
831 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
832 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
833 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
834 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
835
836 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
837 ieee80211w="2",
838 openssl_ciphers="SUITEB192",
839 eap="TLS", identity="tls user",
840 ca_cert="auth_serv/ec2-ca.pem",
841 client_cert="auth_serv/ec2-user.pem",
842 private_key="auth_serv/ec2-user.key",
843 pairwise="GCMP-256", group="GCMP-256",
844 scan_freq="2412")
845
846 sigma_dut_cmd_check("ap_reset_default")
847 finally:
848 stop_sigma_dut(sigma)
849
850 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
851 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
852 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
853 "GCMP")
854
855 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
856 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
857 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
858 "GCMP-256")
859
860 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
861 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
862 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
863 "CCMP")
864
865 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
866 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
867 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
868 "CCMP-256")
869
870 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
871 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
872 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
873 "BIP-GMAC-256", "CCMP")
874
875 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
876 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
877 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
878 "BIP-GMAC-256", "GCMP-256", "CCMP")
879
880 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
881 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
882 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
883 "GCMP-256", "CCMP", "AES-CCMP-128")
884
885 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
886 sta_cipher, sta_cipher_group=None, ap_group=None):
887 check_suite_b_192_capa(dev)
888 logdir = os.path.join(params['logdir'],
889 "sigma_dut_ap_cipher.sigma-hostapd")
890 params = suite_b_as_params()
891 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
892 params['server_cert'] = 'auth_serv/ec2-server.pem'
893 params['private_key'] = 'auth_serv/ec2-server.key'
894 params['openssl_ciphers'] = 'SUITEB192'
895 hostapd.add_ap(apdev[1], params)
896 with HWSimRadio() as (radio, iface):
897 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
898 try:
899 sigma_dut_cmd_check("ap_reset_default")
900 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
901 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
902 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
903 if ap_group:
904 cmd += ",GroupCipher,%s" % ap_group
905 sigma_dut_cmd_check(cmd)
906 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
907
908 if sta_cipher_group is None:
909 sta_cipher_group = sta_cipher
910 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
911 ieee80211w="2",
912 openssl_ciphers="SUITEB192",
913 eap="TLS", identity="tls user",
914 ca_cert="auth_serv/ec2-ca.pem",
915 client_cert="auth_serv/ec2-user.pem",
916 private_key="auth_serv/ec2-user.key",
917 pairwise=sta_cipher, group=sta_cipher_group,
918 scan_freq="2412")
919
920 sigma_dut_cmd_check("ap_reset_default")
921 finally:
922 stop_sigma_dut(sigma)
923
924 def test_sigma_dut_ap_override_rsne(dev, apdev):
925 """sigma_dut controlled AP overriding RSNE"""
926 with HWSimRadio() as (radio, iface):
927 sigma = start_sigma_dut(iface)
928 try:
929 sigma_dut_cmd_check("ap_reset_default")
930 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
931 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
932 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
933 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
934
935 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
936
937 sigma_dut_cmd_check("ap_reset_default")
938 finally:
939 stop_sigma_dut(sigma)
940
941 def test_sigma_dut_ap_sae(dev, apdev, params):
942 """sigma_dut controlled AP with SAE"""
943 logdir = os.path.join(params['logdir'],
944 "sigma_dut_ap_sae.sigma-hostapd")
945 if "SAE" not in dev[0].get_capability("auth_alg"):
946 raise HwsimSkip("SAE not supported")
947 with HWSimRadio() as (radio, iface):
948 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
949 try:
950 sigma_dut_cmd_check("ap_reset_default")
951 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
952 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
953 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
954
955 dev[0].request("SET sae_groups ")
956 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
957 ieee80211w="2", scan_freq="2412")
958 if dev[0].get_status_field('sae_group') != '19':
959 raise Exception("Expected default SAE group not used")
960
961 sigma_dut_cmd_check("ap_reset_default")
962 finally:
963 stop_sigma_dut(sigma)
964
965 def test_sigma_dut_ap_sae_confirm_immediate(dev, apdev, params):
966 """sigma_dut controlled AP with SAE Confirm immediate"""
967 logdir = os.path.join(params['logdir'],
968 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
969 if "SAE" not in dev[0].get_capability("auth_alg"):
970 raise HwsimSkip("SAE not supported")
971 with HWSimRadio() as (radio, iface):
972 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
973 try:
974 sigma_dut_cmd_check("ap_reset_default")
975 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
976 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
977 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
978
979 dev[0].request("SET sae_groups ")
980 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
981 ieee80211w="2", scan_freq="2412")
982 if dev[0].get_status_field('sae_group') != '19':
983 raise Exception("Expected default SAE group not used")
984
985 sigma_dut_cmd_check("ap_reset_default")
986 finally:
987 stop_sigma_dut(sigma)
988
989 def test_sigma_dut_ap_sae_password(dev, apdev, params):
990 """sigma_dut controlled AP with SAE and long password"""
991 logdir = os.path.join(params['logdir'],
992 "sigma_dut_ap_sae_password.sigma-hostapd")
993 if "SAE" not in dev[0].get_capability("auth_alg"):
994 raise HwsimSkip("SAE not supported")
995 with HWSimRadio() as (radio, iface):
996 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
997 try:
998 sigma_dut_cmd_check("ap_reset_default")
999 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1000 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1001 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1002
1003 dev[0].request("SET sae_groups ")
1004 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
1005 ieee80211w="2", scan_freq="2412")
1006 if dev[0].get_status_field('sae_group') != '19':
1007 raise Exception("Expected default SAE group not used")
1008
1009 sigma_dut_cmd_check("ap_reset_default")
1010 finally:
1011 stop_sigma_dut(sigma)
1012
1013 def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
1014 """sigma_dut controlled AP with SAE Password Identifier"""
1015 logdir = os.path.join(params['logdir'],
1016 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1017 conffile = os.path.join(params['logdir'],
1018 "sigma_dut_ap_sae_pw_id.sigma-conf")
1019 if "SAE" not in dev[0].get_capability("auth_alg"):
1020 raise HwsimSkip("SAE not supported")
1021 with HWSimRadio() as (radio, iface):
1022 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1023 try:
1024 sigma_dut_cmd_check("ap_reset_default")
1025 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1026 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1027 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1028
1029 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1030 with open(conffile, "wb") as f2:
1031 f2.write(f.read())
1032
1033 dev[0].request("SET sae_groups ")
1034 tests = [("pw1", "id1"),
1035 ("pw2", "id2"),
1036 ("pw3", None),
1037 ("pw4", "id4")]
1038 for pw, pw_id in tests:
1039 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
1040 sae_password_id=pw_id,
1041 ieee80211w="2", scan_freq="2412")
1042 dev[0].request("REMOVE_NETWORK all")
1043 dev[0].wait_disconnected()
1044
1045 sigma_dut_cmd_check("ap_reset_default")
1046 finally:
1047 stop_sigma_dut(sigma)
1048
1049 def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
1050 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1051 logdir = os.path.join(params['logdir'],
1052 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1053 conffile = os.path.join(params['logdir'],
1054 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1055 if "SAE" not in dev[0].get_capability("auth_alg"):
1056 raise HwsimSkip("SAE not supported")
1057 with HWSimRadio() as (radio, iface):
1058 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1059 try:
1060 sigma_dut_cmd_check("ap_reset_default")
1061 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1062 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1063 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1064
1065 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1066 with open(conffile, "wb") as f2:
1067 f2.write(f.read())
1068
1069 dev[0].request("SET sae_groups ")
1070 tests = [("pw1", "id1", "SAE"),
1071 ("pw2", "id2", "FT-SAE"),
1072 ("pw3", None, "FT-SAE"),
1073 ("pw4", "id4", "SAE")]
1074 for pw, pw_id, key_mgmt in tests:
1075 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
1076 sae_password_id=pw_id,
1077 ieee80211w="2", scan_freq="2412")
1078 dev[0].request("REMOVE_NETWORK all")
1079 dev[0].wait_disconnected()
1080
1081 sigma_dut_cmd_check("ap_reset_default")
1082 finally:
1083 stop_sigma_dut(sigma)
1084
1085 def test_sigma_dut_ap_sae_group(dev, apdev, params):
1086 """sigma_dut controlled AP with SAE and specific group"""
1087 logdir = os.path.join(params['logdir'],
1088 "sigma_dut_ap_sae_group.sigma-hostapd")
1089 if "SAE" not in dev[0].get_capability("auth_alg"):
1090 raise HwsimSkip("SAE not supported")
1091 with HWSimRadio() as (radio, iface):
1092 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1093 try:
1094 sigma_dut_cmd_check("ap_reset_default")
1095 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1096 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1097 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1098
1099 dev[0].request("SET sae_groups ")
1100 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1101 ieee80211w="2", scan_freq="2412")
1102 if dev[0].get_status_field('sae_group') != '20':
1103 raise Exception("Expected SAE group not used")
1104
1105 sigma_dut_cmd_check("ap_reset_default")
1106 finally:
1107 stop_sigma_dut(sigma)
1108
1109 def test_sigma_dut_ap_psk_sae(dev, apdev, params):
1110 """sigma_dut controlled AP with PSK+SAE"""
1111 if "SAE" not in dev[0].get_capability("auth_alg"):
1112 raise HwsimSkip("SAE not supported")
1113 logdir = os.path.join(params['logdir'],
1114 "sigma_dut_ap_psk_sae.sigma-hostapd")
1115 with HWSimRadio() as (radio, iface):
1116 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1117 try:
1118 sigma_dut_cmd_check("ap_reset_default")
1119 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1120 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1121 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1122
1123 dev[2].request("SET sae_groups ")
1124 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
1125 scan_freq="2412", ieee80211w="0", wait_connect=False)
1126 dev[0].request("SET sae_groups ")
1127 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1128 scan_freq="2412", ieee80211w="2")
1129 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
1130
1131 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1132 dev[2].request("DISCONNECT")
1133 if ev is not None:
1134 raise Exception("Unexpected connection without PMF")
1135
1136 sigma_dut_cmd_check("ap_reset_default")
1137 finally:
1138 stop_sigma_dut(sigma)
1139
1140 def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
1141 """sigma_dut controlled AP with PSK, SAE, FT"""
1142 logdir = os.path.join(params['logdir'],
1143 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1144 conffile = os.path.join(params['logdir'],
1145 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1146 if "SAE" not in dev[0].get_capability("auth_alg"):
1147 raise HwsimSkip("SAE not supported")
1148 with HWSimRadio() as (radio, iface):
1149 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1150 try:
1151 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1152 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1153 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1154 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1155 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
1156 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1157
1158 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1159 with open(conffile, "wb") as f2:
1160 f2.write(f.read())
1161
1162 dev[0].request("SET sae_groups ")
1163 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
1164 sae_password="12345678", scan_freq="2412")
1165 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
1166 psk="12345678", scan_freq="2412")
1167 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
1168 psk="12345678", scan_freq="2412")
1169
1170 sigma_dut_cmd_check("ap_reset_default")
1171 finally:
1172 stop_sigma_dut(sigma)
1173
1174 def test_sigma_dut_owe(dev, apdev):
1175 """sigma_dut controlled OWE station"""
1176 try:
1177 run_sigma_dut_owe(dev, apdev)
1178 finally:
1179 dev[0].set("ignore_old_scan_res", "0")
1180
1181 def run_sigma_dut_owe(dev, apdev):
1182 if "OWE" not in dev[0].get_capability("key_mgmt"):
1183 raise HwsimSkip("OWE not supported")
1184
1185 ifname = dev[0].ifname
1186 sigma = start_sigma_dut(ifname)
1187
1188 try:
1189 params = {"ssid": "owe",
1190 "wpa": "2",
1191 "wpa_key_mgmt": "OWE",
1192 "ieee80211w": "2",
1193 "rsn_pairwise": "CCMP"}
1194 hapd = hostapd.add_ap(apdev[0], params)
1195 bssid = hapd.own_addr()
1196
1197 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1198 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1199 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
1200 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1201 timeout=10)
1202 sigma_dut_wait_connected(ifname)
1203 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1204
1205 dev[0].dump_monitor()
1206 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1207 dev[0].wait_connected()
1208 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1209 dev[0].wait_disconnected()
1210 dev[0].dump_monitor()
1211
1212 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1213 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1214 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1215 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1216 timeout=10)
1217 sigma_dut_wait_connected(ifname)
1218 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1219 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1220 dev[0].wait_disconnected()
1221 dev[0].dump_monitor()
1222
1223 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1224 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1225 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
1226 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1227 timeout=10)
1228 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1229 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1230 if ev is None:
1231 raise Exception("Association not rejected")
1232 if "status_code=77" not in ev:
1233 raise Exception("Unexpected rejection reason: " + ev)
1234
1235 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1236 finally:
1237 stop_sigma_dut(sigma)
1238
1239 def test_sigma_dut_ap_owe(dev, apdev, params):
1240 """sigma_dut controlled AP with OWE"""
1241 logdir = os.path.join(params['logdir'],
1242 "sigma_dut_ap_owe.sigma-hostapd")
1243 if "OWE" not in dev[0].get_capability("key_mgmt"):
1244 raise HwsimSkip("OWE not supported")
1245 with HWSimRadio() as (radio, iface):
1246 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1247 try:
1248 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1249 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1250 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1251 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1252
1253 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1254 scan_freq="2412")
1255
1256 sigma_dut_cmd_check("ap_reset_default")
1257 finally:
1258 stop_sigma_dut(sigma)
1259
1260 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1261 """sigma_dut controlled AP with OWE and ECGroupID"""
1262 if "OWE" not in dev[0].get_capability("key_mgmt"):
1263 raise HwsimSkip("OWE not supported")
1264 with HWSimRadio() as (radio, iface):
1265 sigma = start_sigma_dut(iface)
1266 try:
1267 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1268 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1269 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1270 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1271
1272 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1273 owe_group="20", scan_freq="2412")
1274 dev[0].request("REMOVE_NETWORK all")
1275 dev[0].wait_disconnected()
1276
1277 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1278 owe_group="21", scan_freq="2412")
1279 dev[0].request("REMOVE_NETWORK all")
1280 dev[0].wait_disconnected()
1281
1282 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1283 owe_group="19", scan_freq="2412", wait_connect=False)
1284 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1285 dev[0].request("DISCONNECT")
1286 if ev is None:
1287 raise Exception("Association not rejected")
1288 if "status_code=77" not in ev:
1289 raise Exception("Unexpected rejection reason: " + ev)
1290 dev[0].dump_monitor()
1291
1292 sigma_dut_cmd_check("ap_reset_default")
1293 finally:
1294 stop_sigma_dut(sigma)
1295
1296 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1297 """sigma_dut controlled AP with OWE and transition mode"""
1298 if "OWE" not in dev[0].get_capability("key_mgmt"):
1299 raise HwsimSkip("OWE not supported")
1300 logdir = os.path.join(params['logdir'],
1301 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1302 with HWSimRadio() as (radio, iface):
1303 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1304 try:
1305 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1306 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1307 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1308 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1309 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1310 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1311
1312 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1313 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1314
1315 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1316 scan_freq="2412")
1317 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1318 if dev[0].get_status_field('bssid') not in res1:
1319 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1320 if dev[1].get_status_field('bssid') not in res2:
1321 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
1322
1323 sigma_dut_cmd_check("ap_reset_default")
1324 finally:
1325 stop_sigma_dut(sigma)
1326
1327 def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1328 """sigma_dut controlled AP with OWE and transition mode (2)"""
1329 if "OWE" not in dev[0].get_capability("key_mgmt"):
1330 raise HwsimSkip("OWE not supported")
1331 logdir = os.path.join(params['logdir'],
1332 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1333 with HWSimRadio() as (radio, iface):
1334 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1335 try:
1336 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1337 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1338 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1339 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1340 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1341 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1342
1343 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1344 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1345
1346 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1347 scan_freq="2412")
1348 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1349 if dev[0].get_status_field('bssid') not in res2:
1350 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1351 if dev[1].get_status_field('bssid') not in res1:
1352 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1353
1354 sigma_dut_cmd_check("ap_reset_default")
1355 finally:
1356 stop_sigma_dut(sigma)
1357
1358 def dpp_init_enrollee(dev, id1):
1359 logger.info("Starting DPP initiator/enrollee in a thread")
1360 time.sleep(1)
1361 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1362 if "OK" not in dev.request(cmd):
1363 raise Exception("Failed to initiate DPP Authentication")
1364 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1365 if ev is None:
1366 raise Exception("DPP configuration not completed (Enrollee)")
1367 logger.info("DPP initiator/enrollee done")
1368
1369 def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1370 """sigma_dut DPP/QR responder (conf index 1)"""
1371 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1372
1373 def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1374 """sigma_dut DPP/QR responder (conf index 2)"""
1375 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1376
1377 def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1378 """sigma_dut DPP/QR responder (conf index 3)"""
1379 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1380
1381 def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1382 """sigma_dut DPP/QR responder (conf index 4)"""
1383 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1384
1385 def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1386 """sigma_dut DPP/QR responder (conf index 5)"""
1387 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1388
1389 def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1390 """sigma_dut DPP/QR responder (conf index 6)"""
1391 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1392
1393 def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1394 """sigma_dut DPP/QR responder (conf index 7)"""
1395 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1396
1397 def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1398 """sigma_dut DPP/QR responder (conf index 8)"""
1399 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1400
1401 def test_sigma_dut_dpp_qr_resp_9(dev, apdev):
1402 """sigma_dut DPP/QR responder (conf index 9)"""
1403 run_sigma_dut_dpp_qr_resp(dev, apdev, 9)
1404
1405 def test_sigma_dut_dpp_qr_resp_10(dev, apdev):
1406 """sigma_dut DPP/QR responder (conf index 10)"""
1407 run_sigma_dut_dpp_qr_resp(dev, apdev, 10)
1408
1409 def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1410 """sigma_dut DPP/QR responder (channel list override)"""
1411 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1412 listen_chan=2)
1413
1414 def test_sigma_dut_dpp_qr_resp_status_query(dev, apdev):
1415 """sigma_dut DPP/QR responder status query"""
1416 check_dpp_capab(dev[1])
1417 params = hostapd.wpa2_params(ssid="DPPNET01",
1418 passphrase="ThisIsDppPassphrase")
1419 hapd = hostapd.add_ap(apdev[0], params)
1420
1421 try:
1422 dev[1].set("dpp_config_processing", "2")
1423 run_sigma_dut_dpp_qr_resp(dev, apdev, 3, status_query=True)
1424 finally:
1425 dev[1].set("dpp_config_processing", "0", allow_fail=True)
1426
1427 def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1428 listen_chan=None, status_query=False):
1429 check_dpp_capab(dev[0])
1430 check_dpp_capab(dev[1])
1431 sigma = start_sigma_dut(dev[0].ifname)
1432 try:
1433 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1434 if chan_list:
1435 cmd += ",DPPChannelList," + chan_list
1436 res = sigma_dut_cmd(cmd)
1437 if "status,COMPLETE" not in res:
1438 raise Exception("dev_exec_action did not succeed: " + res)
1439 hex = res.split(',')[3]
1440 uri = from_hex(hex)
1441 logger.info("URI from sigma_dut: " + uri)
1442
1443 id1 = dev[1].dpp_qr_code(uri)
1444
1445 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1))
1446 t.start()
1447 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1448 if listen_chan:
1449 cmd += ",DPPListenChannel," + str(listen_chan)
1450 if status_query:
1451 cmd += ",DPPStatusQuery,Yes"
1452 res = sigma_dut_cmd(cmd, timeout=10)
1453 t.join()
1454 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1455 raise Exception("Unexpected result: " + res)
1456 if status_query and "StatusResult,0" not in res:
1457 raise Exception("Status query did not succeed: " + res)
1458 finally:
1459 stop_sigma_dut(sigma)
1460
1461 def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1462 """sigma_dut DPP/QR initiator as Enrollee"""
1463 check_dpp_capab(dev[0])
1464 check_dpp_capab(dev[1])
1465
1466 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1467 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1468 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1469 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1470
1471 params = {"ssid": "DPPNET01",
1472 "wpa": "2",
1473 "ieee80211w": "2",
1474 "wpa_key_mgmt": "DPP",
1475 "rsn_pairwise": "CCMP",
1476 "dpp_connector": ap_connector,
1477 "dpp_csign": csign_pub,
1478 "dpp_netaccesskey": ap_netaccesskey}
1479 try:
1480 hapd = hostapd.add_ap(apdev[0], params)
1481 except:
1482 raise HwsimSkip("DPP not supported")
1483
1484 sigma = start_sigma_dut(dev[0].ifname)
1485 try:
1486 dev[0].set("dpp_config_processing", "2")
1487
1488 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1489 res = dev[1].request(cmd)
1490 if "FAIL" in res:
1491 raise Exception("Failed to add configurator")
1492 conf_id = int(res)
1493
1494 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1495 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1496
1497 dev[1].set("dpp_configurator_params",
1498 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1499 cmd = "DPP_LISTEN 2437 role=configurator"
1500 if "OK" not in dev[1].request(cmd):
1501 raise Exception("Failed to start listen operation")
1502
1503 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1504 if "status,COMPLETE" not in res:
1505 raise Exception("dev_exec_action did not succeed: " + res)
1506
1507 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1508 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1509 raise Exception("Unexpected result: " + res)
1510 finally:
1511 dev[0].set("dpp_config_processing", "0")
1512 stop_sigma_dut(sigma)
1513
1514 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1515 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1516 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1517
1518 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1519 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1520 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1521 extra="DPPAuthDirection,Mutual,")
1522
1523 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
1524 check_dpp_capab(dev[0])
1525 check_dpp_capab(dev[1])
1526
1527 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1528 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1529 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1530 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1531
1532 params = {"ssid": "DPPNET01",
1533 "wpa": "2",
1534 "ieee80211w": "2",
1535 "wpa_key_mgmt": "DPP",
1536 "rsn_pairwise": "CCMP",
1537 "dpp_connector": ap_connector,
1538 "dpp_csign": csign_pub,
1539 "dpp_netaccesskey": ap_netaccesskey}
1540 try:
1541 hapd = hostapd.add_ap(apdev[0], params)
1542 except:
1543 raise HwsimSkip("DPP not supported")
1544
1545 sigma = start_sigma_dut(dev[0].ifname)
1546 try:
1547 dev[0].set("dpp_config_processing", "2")
1548
1549 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1550 res = dev[1].request(cmd)
1551 if "FAIL" in res:
1552 raise Exception("Failed to add configurator")
1553 conf_id = int(res)
1554
1555 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1556 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1557
1558 dev[1].set("dpp_configurator_params",
1559 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1560 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1561 if "OK" not in dev[1].request(cmd):
1562 raise Exception("Failed to start listen operation")
1563
1564 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1565 if "status,COMPLETE" not in res:
1566 raise Exception("dev_exec_action did not succeed: " + res)
1567 hex = res.split(',')[3]
1568 uri = from_hex(hex)
1569 logger.info("URI from sigma_dut: " + uri)
1570
1571 id1 = dev[1].dpp_qr_code(uri)
1572
1573 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1574 if "status,COMPLETE" not in res:
1575 raise Exception("dev_exec_action did not succeed: " + res)
1576
1577 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
1578 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1579 raise Exception("Unexpected result: " + res)
1580 finally:
1581 dev[0].set("dpp_config_processing", "0")
1582 stop_sigma_dut(sigma)
1583
1584 def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1585 time.sleep(1)
1586 logger.info("Starting DPP initiator/configurator in a thread")
1587 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
1588 if own_id is not None:
1589 cmd += " own=%d" % own_id
1590 if "OK" not in dev.request(cmd):
1591 raise Exception("Failed to initiate DPP Authentication")
1592 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1593 if ev is None:
1594 raise Exception("DPP configuration not completed (Configurator)")
1595 logger.info("DPP initiator/configurator done")
1596
1597 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1598 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1599 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1600
1601 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1602 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1603 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1604
1605 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
1606 check_dpp_capab(dev[0])
1607 check_dpp_capab(dev[1])
1608
1609 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1610 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1611 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1612 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1613
1614 params = {"ssid": "DPPNET01",
1615 "wpa": "2",
1616 "ieee80211w": "2",
1617 "wpa_key_mgmt": "DPP",
1618 "rsn_pairwise": "CCMP",
1619 "dpp_connector": ap_connector,
1620 "dpp_csign": csign_pub,
1621 "dpp_netaccesskey": ap_netaccesskey}
1622 try:
1623 hapd = hostapd.add_ap(apdev[0], params)
1624 except:
1625 raise HwsimSkip("DPP not supported")
1626
1627 sigma = start_sigma_dut(dev[0].ifname)
1628 try:
1629 dev[0].set("dpp_config_processing", "2")
1630
1631 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1632 res = dev[1].request(cmd)
1633 if "FAIL" in res:
1634 raise Exception("Failed to add configurator")
1635 conf_id = int(res)
1636
1637 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1638 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1639
1640 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1641 if "status,COMPLETE" not in res:
1642 raise Exception("dev_exec_action did not succeed: " + res)
1643 hex = res.split(',')[3]
1644 uri = from_hex(hex)
1645 logger.info("URI from sigma_dut: " + uri)
1646
1647 id1 = dev[1].dpp_qr_code(uri)
1648
1649 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1650 if "status,COMPLETE" not in res:
1651 raise Exception("dev_exec_action did not succeed: " + res)
1652
1653 t = threading.Thread(target=dpp_init_conf_mutual,
1654 args=(dev[1], id1, conf_id, id0))
1655 t.start()
1656
1657 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1658 if extra:
1659 cmd += extra
1660 res = sigma_dut_cmd(cmd, timeout=25)
1661 t.join()
1662 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1663 raise Exception("Unexpected result: " + res)
1664 finally:
1665 dev[0].set("dpp_config_processing", "0")
1666 stop_sigma_dut(sigma)
1667
1668 def dpp_resp_conf_mutual(dev, conf_id, uri):
1669 logger.info("Starting DPP responder/configurator in a thread")
1670 dev.set("dpp_configurator_params",
1671 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1672 conf_id))
1673 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1674 if "OK" not in dev.request(cmd):
1675 raise Exception("Failed to initiate DPP listen")
1676 if uri:
1677 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1678 if ev is None:
1679 raise Exception("QR Code scan for mutual authentication not requested")
1680 dev.dpp_qr_code(uri)
1681 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1682 if ev is None:
1683 raise Exception("DPP configuration not completed (Configurator)")
1684 logger.info("DPP responder/configurator done")
1685
1686 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1687 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1688 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1689
1690 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1691 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1692 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1693
1694 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1695 check_dpp_capab(dev[0])
1696 check_dpp_capab(dev[1])
1697
1698 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1699 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1700 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1701 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1702
1703 params = {"ssid": "DPPNET01",
1704 "wpa": "2",
1705 "ieee80211w": "2",
1706 "wpa_key_mgmt": "DPP",
1707 "rsn_pairwise": "CCMP",
1708 "dpp_connector": ap_connector,
1709 "dpp_csign": csign_pub,
1710 "dpp_netaccesskey": ap_netaccesskey}
1711 try:
1712 hapd = hostapd.add_ap(apdev[0], params)
1713 except:
1714 raise HwsimSkip("DPP not supported")
1715
1716 sigma = start_sigma_dut(dev[0].ifname)
1717 try:
1718 dev[0].set("dpp_config_processing", "2")
1719
1720 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1721 res = dev[1].request(cmd)
1722 if "FAIL" in res:
1723 raise Exception("Failed to add configurator")
1724 conf_id = int(res)
1725
1726 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1727 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1728
1729 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1730 if "status,COMPLETE" not in res:
1731 raise Exception("dev_exec_action did not succeed: " + res)
1732 hex = res.split(',')[3]
1733 uri = from_hex(hex)
1734 logger.info("URI from sigma_dut: " + uri)
1735
1736 if not resp_pending:
1737 dev[1].dpp_qr_code(uri)
1738 uri = None
1739
1740 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1741 if "status,COMPLETE" not in res:
1742 raise Exception("dev_exec_action did not succeed: " + res)
1743
1744 t = threading.Thread(target=dpp_resp_conf_mutual,
1745 args=(dev[1], conf_id, uri))
1746 t.start()
1747
1748 time.sleep(1)
1749 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1750 res = sigma_dut_cmd(cmd, timeout=15)
1751 t.join()
1752 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1753 raise Exception("Unexpected result: " + res)
1754 finally:
1755 dev[0].set("dpp_config_processing", "0")
1756 stop_sigma_dut(sigma)
1757
1758 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1759 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1760 check_dpp_capab(dev[0])
1761 check_dpp_capab(dev[1])
1762
1763 params = hostapd.wpa2_params(ssid="DPPNET01",
1764 passphrase="ThisIsDppPassphrase")
1765 hapd = hostapd.add_ap(apdev[0], params)
1766
1767 sigma = start_sigma_dut(dev[0].ifname)
1768 try:
1769 dev[0].set("dpp_config_processing", "2")
1770
1771 cmd = "DPP_CONFIGURATOR_ADD"
1772 res = dev[1].request(cmd)
1773 if "FAIL" in res:
1774 raise Exception("Failed to add configurator")
1775 conf_id = int(res)
1776
1777 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1778 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1779
1780 dev[1].set("dpp_configurator_params",
1781 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1782 cmd = "DPP_LISTEN 2437 role=configurator"
1783 if "OK" not in dev[1].request(cmd):
1784 raise Exception("Failed to start listen operation")
1785
1786 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1787 if "status,COMPLETE" not in res:
1788 raise Exception("dev_exec_action did not succeed: " + res)
1789
1790 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1791 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1792 raise Exception("Unexpected result: " + res)
1793 finally:
1794 dev[0].set("dpp_config_processing", "0")
1795 stop_sigma_dut(sigma)
1796
1797 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1798 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1799 check_dpp_capab(dev[0])
1800 check_dpp_capab(dev[1])
1801 if "SAE" not in dev[0].get_capability("auth_alg"):
1802 raise HwsimSkip("SAE not supported")
1803
1804 params = hostapd.wpa2_params(ssid="DPPNET01",
1805 passphrase="ThisIsDppPassphrase")
1806 params['wpa_key_mgmt'] = 'SAE'
1807 params["ieee80211w"] = "2"
1808 hapd = hostapd.add_ap(apdev[0], params)
1809
1810 sigma = start_sigma_dut(dev[0].ifname)
1811 try:
1812 dev[0].set("dpp_config_processing", "2")
1813 dev[0].set("sae_groups", "")
1814
1815 cmd = "DPP_CONFIGURATOR_ADD"
1816 res = dev[1].request(cmd)
1817 if "FAIL" in res:
1818 raise Exception("Failed to add configurator")
1819 conf_id = int(res)
1820
1821 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1822 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1823
1824 dev[1].set("dpp_configurator_params",
1825 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1826 cmd = "DPP_LISTEN 2437 role=configurator"
1827 if "OK" not in dev[1].request(cmd):
1828 raise Exception("Failed to start listen operation")
1829
1830 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1831 if "status,COMPLETE" not in res:
1832 raise Exception("dev_exec_action did not succeed: " + res)
1833
1834 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1835 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1836 raise Exception("Unexpected result: " + res)
1837 finally:
1838 dev[0].set("dpp_config_processing", "0")
1839 stop_sigma_dut(sigma)
1840
1841 def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
1842 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1843 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
1844
1845 def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
1846 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1847 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
1848
1849 def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
1850 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1851 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
1852
1853 def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
1854 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1855 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
1856
1857 def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
1858 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1859 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
1860
1861 def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
1862 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1863 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
1864
1865 def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
1866 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1867 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
1868
1869 def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
1870 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1871 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
1872
1873 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
1874 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1875 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
1876
1877 def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
1878 prov_role="Configurator",
1879 extra=None):
1880 check_dpp_capab(dev[0])
1881 check_dpp_capab(dev[1])
1882 sigma = start_sigma_dut(dev[0].ifname)
1883 try:
1884 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1885 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1886
1887 cmd = "DPP_LISTEN 2437 role=enrollee"
1888 if "OK" not in dev[1].request(cmd):
1889 raise Exception("Failed to start listen operation")
1890
1891 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1892 if "status,COMPLETE" not in res:
1893 raise Exception("dev_exec_action did not succeed: " + res)
1894
1895 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
1896 if extra:
1897 cmd += "," + extra
1898 res = sigma_dut_cmd(cmd)
1899 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1900 raise Exception("Unexpected result: " + res)
1901 finally:
1902 stop_sigma_dut(sigma)
1903
1904 def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
1905 """sigma_dut DPP roles incompatible (Initiator)"""
1906 check_dpp_capab(dev[0])
1907 check_dpp_capab(dev[1])
1908 sigma = start_sigma_dut(dev[0].ifname)
1909 try:
1910 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1911 if "status,COMPLETE" not in res:
1912 raise Exception("dev_exec_action did not succeed: " + res)
1913 hex = res.split(',')[3]
1914 uri = from_hex(hex)
1915 logger.info("URI from sigma_dut: " + uri)
1916
1917 id1 = dev[1].dpp_qr_code(uri)
1918
1919 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1920 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1921
1922 cmd = "DPP_LISTEN 2437 role=enrollee"
1923 if "OK" not in dev[1].request(cmd):
1924 raise Exception("Failed to start listen operation")
1925
1926 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1927 if "status,COMPLETE" not in res:
1928 raise Exception("dev_exec_action did not succeed: " + res)
1929
1930 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1931 res = sigma_dut_cmd(cmd)
1932 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1933 raise Exception("Unexpected result: " + res)
1934 finally:
1935 stop_sigma_dut(sigma)
1936
1937 def dpp_init_enrollee_mutual(dev, id1, own_id):
1938 logger.info("Starting DPP initiator/enrollee in a thread")
1939 time.sleep(1)
1940 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
1941 if "OK" not in dev.request(cmd):
1942 raise Exception("Failed to initiate DPP Authentication")
1943 ev = dev.wait_event(["DPP-CONF-RECEIVED",
1944 "DPP-NOT-COMPATIBLE"], timeout=5)
1945 if ev is None:
1946 raise Exception("DPP configuration not completed (Enrollee)")
1947 logger.info("DPP initiator/enrollee done")
1948
1949 def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
1950 """sigma_dut DPP roles incompatible (Responder)"""
1951 check_dpp_capab(dev[0])
1952 check_dpp_capab(dev[1])
1953 sigma = start_sigma_dut(dev[0].ifname)
1954 try:
1955 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1956 res = sigma_dut_cmd(cmd)
1957 if "status,COMPLETE" not in res:
1958 raise Exception("dev_exec_action did not succeed: " + res)
1959 hex = res.split(',')[3]
1960 uri = from_hex(hex)
1961 logger.info("URI from sigma_dut: " + uri)
1962
1963 id1 = dev[1].dpp_qr_code(uri)
1964
1965 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1966 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1967
1968 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1969 if "status,COMPLETE" not in res:
1970 raise Exception("dev_exec_action did not succeed: " + res)
1971
1972 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
1973 t.start()
1974 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1975 res = sigma_dut_cmd(cmd, timeout=10)
1976 t.join()
1977 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1978 raise Exception("Unexpected result: " + res)
1979 finally:
1980 stop_sigma_dut(sigma)
1981
1982 def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
1983 """sigma_dut DPP/PKEX initiator as Configurator"""
1984 check_dpp_capab(dev[0])
1985 check_dpp_capab(dev[1])
1986 sigma = start_sigma_dut(dev[0].ifname)
1987 try:
1988 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
1989 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
1990 res = dev[1].request(cmd)
1991 if "FAIL" in res:
1992 raise Exception("Failed to set PKEX data (responder)")
1993 cmd = "DPP_LISTEN 2437 role=enrollee"
1994 if "OK" not in dev[1].request(cmd):
1995 raise Exception("Failed to start listen operation")
1996
1997 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1998 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1999 raise Exception("Unexpected result: " + res)
2000 finally:
2001 stop_sigma_dut(sigma)
2002
2003 def dpp_init_conf(dev, id1, conf, conf_id, extra):
2004 logger.info("Starting DPP initiator/configurator in a thread")
2005 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
2006 if "OK" not in dev.request(cmd):
2007 raise Exception("Failed to initiate DPP Authentication")
2008 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2009 if ev is None:
2010 raise Exception("DPP configuration not completed (Configurator)")
2011 logger.info("DPP initiator/configurator done")
2012
2013 def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
2014 """sigma_dut controlled AP (DPP)"""
2015 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
2016
2017 def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
2018 """sigma_dut controlled AP (legacy)"""
2019 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
2020 extra="pass=%s" % to_hex("qwertyuiop"))
2021
2022 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
2023 """sigma_dut controlled AP (legacy)"""
2024 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
2025 extra="psk=%s" % (32*"12"))
2026
2027 def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
2028 check_dpp_capab(dev[0])
2029 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2030 with HWSimRadio() as (radio, iface):
2031 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2032 try:
2033 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2034 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2035 if "status,COMPLETE" not in res:
2036 raise Exception("dev_exec_action did not succeed: " + res)
2037 hex = res.split(',')[3]
2038 uri = from_hex(hex)
2039 logger.info("URI from sigma_dut: " + uri)
2040
2041 cmd = "DPP_CONFIGURATOR_ADD"
2042 res = dev[0].request(cmd)
2043 if "FAIL" in res:
2044 raise Exception("Failed to add configurator")
2045 conf_id = int(res)
2046
2047 id1 = dev[0].dpp_qr_code(uri)
2048
2049 t = threading.Thread(target=dpp_init_conf,
2050 args=(dev[0], id1, ap_conf, conf_id, extra))
2051 t.start()
2052 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2053 t.join()
2054 if "ConfResult,OK" not in res:
2055 raise Exception("Unexpected result: " + res)
2056
2057 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
2058 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2059
2060 id0b = dev[0].dpp_qr_code(uri1)
2061
2062 dev[1].set("dpp_config_processing", "2")
2063 cmd = "DPP_LISTEN 2412"
2064 if "OK" not in dev[1].request(cmd):
2065 raise Exception("Failed to start listen operation")
2066 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
2067 if "OK" not in dev[0].request(cmd):
2068 raise Exception("Failed to initiate DPP Authentication")
2069 dev[1].wait_connected()
2070
2071 sigma_dut_cmd_check("ap_reset_default")
2072 finally:
2073 dev[1].set("dpp_config_processing", "0")
2074 stop_sigma_dut(sigma)
2075
2076 def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
2077 """sigma_dut controlled AP as DPP PKEX responder"""
2078 check_dpp_capab(dev[0])
2079 logdir = os.path.join(params['logdir'],
2080 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2081 with HWSimRadio() as (radio, iface):
2082 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2083 try:
2084 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
2085 finally:
2086 stop_sigma_dut(sigma)
2087
2088 def dpp_init_conf_pkex(dev, conf_id, check_config=True):
2089 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2090 time.sleep(1.5)
2091 id = dev.dpp_bootstrap_gen(type="pkex")
2092 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
2093 res = dev.request(cmd)
2094 if "FAIL" in res:
2095 raise Exception("Failed to initiate DPP PKEX")
2096 if not check_config:
2097 return
2098 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2099 if ev is None:
2100 raise Exception("DPP configuration not completed (Configurator)")
2101 logger.info("DPP initiator/configurator done")
2102
2103 def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
2104 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2105
2106 cmd = "DPP_CONFIGURATOR_ADD"
2107 res = dev[0].request(cmd)
2108 if "FAIL" in res:
2109 raise Exception("Failed to add configurator")
2110 conf_id = int(res)
2111
2112 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
2113 t.start()
2114 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
2115 t.join()
2116 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2117 raise Exception("Unexpected result: " + res)
2118
2119 sigma_dut_cmd_check("ap_reset_default")
2120
2121 def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2122 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2123 check_dpp_capab(dev[0])
2124 sigma = start_sigma_dut(dev[0].ifname)
2125 try:
2126 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
2127 finally:
2128 stop_sigma_dut(sigma)
2129
2130 def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2131 cmd = "DPP_CONFIGURATOR_ADD"
2132 res = dev[1].request(cmd)
2133 if "FAIL" in res:
2134 raise Exception("Failed to add configurator")
2135 conf_id = int(res)
2136
2137 dev[1].set("dpp_test", "44")
2138
2139 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
2140 False))
2141 t.start()
2142 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
2143 t.join()
2144 if "BootstrapResult,Timeout" not in res:
2145 raise Exception("Unexpected result: " + res)
2146
2147 def dpp_proto_init(dev, id1):
2148 time.sleep(1)
2149 logger.info("Starting DPP initiator/configurator in a thread")
2150 cmd = "DPP_CONFIGURATOR_ADD"
2151 res = dev.request(cmd)
2152 if "FAIL" in res:
2153 raise Exception("Failed to add configurator")
2154 conf_id = int(res)
2155
2156 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
2157 if "OK" not in dev.request(cmd):
2158 raise Exception("Failed to initiate DPP Authentication")
2159
2160 def test_sigma_dut_dpp_proto_initiator(dev, apdev):
2161 """sigma_dut DPP protocol testing - Initiator"""
2162 check_dpp_capab(dev[0])
2163 check_dpp_capab(dev[1])
2164 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
2165 "BootstrapResult,OK,AuthResult,Errorsent",
2166 None),
2167 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2168 "BootstrapResult,OK,AuthResult,Errorsent",
2169 None),
2170 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2171 "BootstrapResult,OK,AuthResult,Errorsent",
2172 "Missing or invalid I-capabilities"),
2173 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2174 "BootstrapResult,OK,AuthResult,Errorsent",
2175 "Mismatching Initiator Authenticating Tag"),
2176 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2177 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2178 "Missing or invalid Enrollee Nonce attribute")]
2179 for step, frame, attr, result, fail in tests:
2180 dev[0].request("FLUSH")
2181 dev[1].request("FLUSH")
2182 sigma = start_sigma_dut(dev[0].ifname)
2183 try:
2184 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
2185 fail)
2186 finally:
2187 stop_sigma_dut(sigma)
2188
2189 def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
2190 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2191 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2192
2193 cmd = "DPP_LISTEN 2437 role=enrollee"
2194 if "OK" not in dev[1].request(cmd):
2195 raise Exception("Failed to start listen operation")
2196
2197 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2198 if "status,COMPLETE" not in res:
2199 raise Exception("dev_exec_action did not succeed: " + res)
2200
2201 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
2202 timeout=10)
2203 if result not in res:
2204 raise Exception("Unexpected result: " + res)
2205 if fail:
2206 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2207 if ev is None or fail not in ev:
2208 raise Exception("Failure not reported correctly: " + str(ev))
2209
2210 dev[1].request("DPP_STOP_LISTEN")
2211 dev[0].dump_monitor()
2212 dev[1].dump_monitor()
2213
2214 def test_sigma_dut_dpp_proto_responder(dev, apdev):
2215 """sigma_dut DPP protocol testing - Responder"""
2216 check_dpp_capab(dev[0])
2217 check_dpp_capab(dev[1])
2218 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2219 "BootstrapResult,OK,AuthResult,Errorsent",
2220 "Missing or invalid required DPP Status attribute"),
2221 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2222 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2223 "Missing or invalid Enrollee Nonce attribute")]
2224 for step, frame, attr, result, fail in tests:
2225 dev[0].request("FLUSH")
2226 dev[1].request("FLUSH")
2227 sigma = start_sigma_dut(dev[0].ifname)
2228 try:
2229 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2230 fail)
2231 finally:
2232 stop_sigma_dut(sigma)
2233
2234 def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2235 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2236 if "status,COMPLETE" not in res:
2237 raise Exception("dev_exec_action did not succeed: " + res)
2238 hex = res.split(',')[3]
2239 uri = from_hex(hex)
2240 logger.info("URI from sigma_dut: " + uri)
2241
2242 id1 = dev[1].dpp_qr_code(uri)
2243
2244 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2245 t.start()
2246 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2247 t.join()
2248 if result not in res:
2249 raise Exception("Unexpected result: " + res)
2250 if fail:
2251 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2252 if ev is None or fail not in ev:
2253 raise Exception("Failure not reported correctly:" + str(ev))
2254
2255 dev[1].request("DPP_STOP_LISTEN")
2256 dev[0].dump_monitor()
2257 dev[1].dump_monitor()
2258
2259 def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2260 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2261 check_dpp_capab(dev[0])
2262 check_dpp_capab(dev[1])
2263 tests = [("AuthenticationResponse",
2264 "BootstrapResult,OK,AuthResult,Errorsent",
2265 None),
2266 ("ConfigurationRequest",
2267 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2268 None)]
2269 for frame, result, fail in tests:
2270 dev[0].request("FLUSH")
2271 dev[1].request("FLUSH")
2272 sigma = start_sigma_dut(dev[0].ifname)
2273 try:
2274 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2275 finally:
2276 stop_sigma_dut(sigma)
2277
2278 def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
2279 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2280 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2281
2282 cmd = "DPP_LISTEN 2437 role=enrollee"
2283 if "OK" not in dev[1].request(cmd):
2284 raise Exception("Failed to start listen operation")
2285
2286 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2287 if "status,COMPLETE" not in res:
2288 raise Exception("dev_exec_action did not succeed: " + res)
2289
2290 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2291 if result not in res:
2292 raise Exception("Unexpected result: " + res)
2293 if fail:
2294 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2295 if ev is None or fail not in ev:
2296 raise Exception("Failure not reported correctly: " + str(ev))
2297
2298 dev[1].request("DPP_STOP_LISTEN")
2299 dev[0].dump_monitor()
2300 dev[1].dump_monitor()
2301
2302 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2303 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2304 check_dpp_capab(dev[0])
2305 check_dpp_capab(dev[1])
2306 tests = [("AuthenticationConfirm",
2307 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2308 None)]
2309 for frame, result, fail in tests:
2310 dev[0].request("FLUSH")
2311 dev[1].request("FLUSH")
2312 sigma = start_sigma_dut(dev[0].ifname)
2313 try:
2314 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2315 result, fail)
2316 finally:
2317 stop_sigma_dut(sigma)
2318
2319 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2320 fail):
2321 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2322 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2323
2324 cmd = "DPP_LISTEN 2437 role=configurator"
2325 if "OK" not in dev[1].request(cmd):
2326 raise Exception("Failed to start listen operation")
2327
2328 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2329 if "status,COMPLETE" not in res:
2330 raise Exception("dev_exec_action did not succeed: " + res)
2331
2332 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2333 if result not in res:
2334 raise Exception("Unexpected result: " + res)
2335 if fail:
2336 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2337 if ev is None or fail not in ev:
2338 raise Exception("Failure not reported correctly: " + str(ev))
2339
2340 dev[1].request("DPP_STOP_LISTEN")
2341 dev[0].dump_monitor()
2342 dev[1].dump_monitor()
2343
2344 def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2345 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2346 check_dpp_capab(dev[0])
2347 check_dpp_capab(dev[1])
2348 tests = [("AuthenticationRequest",
2349 "BootstrapResult,OK,AuthResult,Errorsent",
2350 None),
2351 ("AuthenticationConfirm",
2352 "BootstrapResult,OK,AuthResult,Errorsent",
2353 None)]
2354 for frame, result, fail in tests:
2355 dev[0].request("FLUSH")
2356 dev[1].request("FLUSH")
2357 sigma = start_sigma_dut(dev[0].ifname)
2358 try:
2359 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2360 finally:
2361 stop_sigma_dut(sigma)
2362
2363 def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2364 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2365 if "status,COMPLETE" not in res:
2366 raise Exception("dev_exec_action did not succeed: " + res)
2367 hex = res.split(',')[3]
2368 uri = from_hex(hex)
2369 logger.info("URI from sigma_dut: " + uri)
2370
2371 id1 = dev[1].dpp_qr_code(uri)
2372
2373 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2374 t.start()
2375 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2376 t.join()
2377 if result not in res:
2378 raise Exception("Unexpected result: " + res)
2379 if fail:
2380 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2381 if ev is None or fail not in ev:
2382 raise Exception("Failure not reported correctly:" + str(ev))
2383
2384 dev[1].request("DPP_STOP_LISTEN")
2385 dev[0].dump_monitor()
2386 dev[1].dump_monitor()
2387
2388 def dpp_proto_init_pkex(dev):
2389 time.sleep(1)
2390 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2391 cmd = "DPP_CONFIGURATOR_ADD"
2392 res = dev.request(cmd)
2393 if "FAIL" in res:
2394 raise Exception("Failed to add configurator")
2395 conf_id = int(res)
2396
2397 id = dev.dpp_bootstrap_gen(type="pkex")
2398
2399 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2400 if "FAIL" in dev.request(cmd):
2401 raise Exception("Failed to initiate DPP PKEX")
2402
2403 def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2404 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2405 check_dpp_capab(dev[0])
2406 check_dpp_capab(dev[1])
2407 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2408 "BootstrapResult,Errorsent",
2409 None),
2410 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2411 "BootstrapResult,Errorsent",
2412 "Missing or invalid Finite Cyclic Group attribute"),
2413 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2414 "BootstrapResult,Errorsent",
2415 "No valid peer bootstrapping key found")]
2416 for step, frame, attr, result, fail in tests:
2417 dev[0].request("FLUSH")
2418 dev[1].request("FLUSH")
2419 sigma = start_sigma_dut(dev[0].ifname)
2420 try:
2421 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2422 result, fail)
2423 finally:
2424 stop_sigma_dut(sigma)
2425
2426 def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
2427 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2428
2429 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2430 res = dev[1].request(cmd)
2431 if "FAIL" in res:
2432 raise Exception("Failed to set PKEX data (responder)")
2433
2434 cmd = "DPP_LISTEN 2437 role=enrollee"
2435 if "OK" not in dev[1].request(cmd):
2436 raise Exception("Failed to start listen operation")
2437
2438 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
2439 if result not in res:
2440 raise Exception("Unexpected result: " + res)
2441 if fail:
2442 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2443 if ev is None or fail not in ev:
2444 raise Exception("Failure not reported correctly: " + str(ev))
2445
2446 dev[1].request("DPP_STOP_LISTEN")
2447 dev[0].dump_monitor()
2448 dev[1].dump_monitor()
2449
2450 def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2451 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2452 check_dpp_capab(dev[0])
2453 check_dpp_capab(dev[1])
2454 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2455 "BootstrapResult,Errorsent",
2456 None),
2457 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2458 "BootstrapResult,Errorsent",
2459 "No DPP Status attribute"),
2460 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2461 "BootstrapResult,Errorsent",
2462 "No valid peer bootstrapping key found")]
2463 for step, frame, attr, result, fail in tests:
2464 dev[0].request("FLUSH")
2465 dev[1].request("FLUSH")
2466 sigma = start_sigma_dut(dev[0].ifname)
2467 try:
2468 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2469 result, fail)
2470 finally:
2471 stop_sigma_dut(sigma)
2472
2473 def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2474 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2475 t.start()
2476 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2477 t.join()
2478 if result not in res:
2479 raise Exception("Unexpected result: " + res)
2480 if fail:
2481 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2482 if ev is None or fail not in ev:
2483 raise Exception("Failure not reported correctly:" + str(ev))
2484
2485 dev[1].request("DPP_STOP_LISTEN")
2486 dev[0].dump_monitor()
2487 dev[1].dump_monitor()
2488
2489 def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2490 check_dpp_capab(dev[0])
2491 check_dpp_capab(dev[1])
2492
2493 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2494 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2495 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2496 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2497
2498 params = {"ssid": "DPPNET01",
2499 "wpa": "2",
2500 "ieee80211w": "2",
2501 "wpa_key_mgmt": "DPP",
2502 "rsn_pairwise": "CCMP",
2503 "dpp_connector": ap_connector,
2504 "dpp_csign": csign_pub,
2505 "dpp_netaccesskey": ap_netaccesskey}
2506 try:
2507 hapd = hostapd.add_ap(apdev[0], params)
2508 except:
2509 raise HwsimSkip("DPP not supported")
2510
2511 dev[0].set("dpp_config_processing", "2")
2512
2513 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2514 res = dev[1].request(cmd)
2515 if "FAIL" in res:
2516 raise Exception("Failed to add configurator")
2517 conf_id = int(res)
2518
2519 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2520 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2521
2522 dev[1].set("dpp_configurator_params",
2523 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2524 conf_id))
2525 cmd = "DPP_LISTEN 2437 role=configurator"
2526 if "OK" not in dev[1].request(cmd):
2527 raise Exception("Failed to start listen operation")
2528
2529 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2530 if "status,COMPLETE" not in res:
2531 raise Exception("dev_exec_action did not succeed: " + res)
2532
2533 def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2534 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2535 sigma = start_sigma_dut(dev[0].ifname)
2536 try:
2537 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2538
2539 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2540 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2541 raise Exception("Unexpected result: " + res)
2542 finally:
2543 dev[0].set("dpp_config_processing", "0", allow_fail=True)
2544 stop_sigma_dut(sigma)
2545
2546 def test_sigma_dut_dpp_self_config(dev, apdev):
2547 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2548 check_dpp_capab(dev[0])
2549
2550 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2551 check_dpp_capab(hapd)
2552
2553 sigma = start_sigma_dut(dev[0].ifname)
2554 try:
2555 dev[0].set("dpp_config_processing", "2")
2556 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2557 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2558
2559 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2560 if "status,COMPLETE" not in res:
2561 raise Exception("dev_exec_action did not succeed: " + res)
2562
2563 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2564 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2565 raise Exception("Unexpected result: " + res)
2566 update_hapd_config(hapd)
2567
2568 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2569 res = sigma_dut_cmd(cmd, timeout=10)
2570 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2571 raise Exception("Unexpected result: " + res)
2572 finally:
2573 stop_sigma_dut(sigma)
2574 dev[0].set("dpp_config_processing", "0")
2575
2576 def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2577 """sigma_dut DPP AP Configurator using self-configuration"""
2578 logdir = os.path.join(params['logdir'],
2579 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2580 with HWSimRadio() as (radio, iface):
2581 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2582 try:
2583 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2584 finally:
2585 stop_sigma_dut(sigma)
2586 dev[0].set("dpp_config_processing", "0", allow_fail=True)
2587
2588 def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2589 check_dpp_capab(dev[0])
2590
2591 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2592
2593 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2594 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2595 raise Exception("Unexpected result: " + res)
2596
2597 dev[0].set("dpp_config_processing", "2")
2598
2599 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
2600 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2601 cmd = "DPP_LISTEN 2462 role=enrollee"
2602 if "OK" not in dev[0].request(cmd):
2603 raise Exception("Failed to start listen operation")
2604
2605 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2606 if "status,COMPLETE" not in res:
2607 raise Exception("dev_exec_action did not succeed: " + res)
2608 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2609 res = sigma_dut_cmd(cmd)
2610 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2611 raise Exception("Unexpected result: " + res)
2612 dev[0].wait_connected()
2613 dev[0].request("DISCONNECT")
2614 dev[0].wait_disconnected()
2615 sigma_dut_cmd_check("ap_reset_default")
2616
2617
2618 def test_sigma_dut_ap_dpp_relay(dev, apdev, params):
2619 """sigma_dut DPP AP as Relay to Controller"""
2620 logdir = os.path.join(params['logdir'],
2621 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2622 with HWSimRadio() as (radio, iface):
2623 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2624 try:
2625 run_sigma_dut_ap_dpp_relay(dev, apdev)
2626 finally:
2627 stop_sigma_dut(sigma)
2628 dev[1].request("DPP_CONTROLLER_STOP")
2629
2630 def run_sigma_dut_ap_dpp_relay(dev, apdev):
2631 check_dpp_capab(dev[0])
2632 check_dpp_capab(dev[1])
2633
2634 # Controller
2635 conf_id = dev[1].dpp_configurator_add()
2636 dev[1].set("dpp_configurator_params",
2637 " conf=sta-dpp configurator=%d" % conf_id)
2638 id_c = dev[1].dpp_bootstrap_gen()
2639 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2640 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
2641 pkhash = None
2642 for line in res.splitlines():
2643 name, value = line.split('=')
2644 if name == "pkhash":
2645 pkhash = value
2646 break
2647 if not pkhash:
2648 raise Exception("Could not fetch public key hash from Controller")
2649 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2650 raise Exception("Failed to start Controller")
2651
2652 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2653 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash)
2654 res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2655
2656 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
2657 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0])
2658
2659 sigma_dut_cmd_check("ap_reset_default")
2660
2661 def dpp_init_tcp_enrollee(dev, id1):
2662 logger.info("Starting DPP initiator/enrollee (TCP) in a thread")
2663 time.sleep(1)
2664 cmd = "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2665 if "OK" not in dev.request(cmd):
2666 raise Exception("Failed to initiate DPP Authentication")
2667 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2668 if ev is None:
2669 raise Exception("DPP configuration not completed (Enrollee)")
2670 logger.info("DPP initiator/enrollee done")
2671
2672 def test_sigma_dut_dpp_tcp_conf_resp(dev, apdev):
2673 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2674 run_sigma_dut_dpp_tcp_conf_resp(dev)
2675
2676 def run_sigma_dut_dpp_tcp_conf_resp(dev, status_query=False):
2677 check_dpp_capab(dev[0])
2678 check_dpp_capab(dev[1])
2679 sigma = start_sigma_dut(dev[0].ifname)
2680 try:
2681 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2682 res = sigma_dut_cmd(cmd)
2683 if "status,COMPLETE" not in res:
2684 raise Exception("dev_exec_action did not succeed: " + res)
2685 hex = res.split(',')[3]
2686 uri = from_hex(hex)
2687 logger.info("URI from sigma_dut: " + uri)
2688
2689 id1 = dev[1].dpp_qr_code(uri)
2690
2691 t = threading.Thread(target=dpp_init_tcp_enrollee, args=(dev[1], id1))
2692 t.start()
2693 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2694 if status_query:
2695 cmd += ",DPPStatusQuery,Yes"
2696 res = sigma_dut_cmd(cmd, timeout=10)
2697 t.join()
2698 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2699 raise Exception("Unexpected result: " + res)
2700 if status_query and "StatusResult,0" not in res:
2701 raise Exception("Status query did not succeed: " + res)
2702 finally:
2703 stop_sigma_dut(sigma)
2704
2705 def test_sigma_dut_dpp_tcp_enrollee_init(dev, apdev):
2706 """sigma_dut DPP TCP Enrollee as initiator"""
2707 check_dpp_capab(dev[0])
2708 check_dpp_capab(dev[1])
2709 sigma = start_sigma_dut(dev[0].ifname)
2710 try:
2711 # Controller
2712 conf_id = dev[1].dpp_configurator_add()
2713 dev[1].set("dpp_configurator_params",
2714 " conf=sta-dpp configurator=%d" % conf_id)
2715 id_c = dev[1].dpp_bootstrap_gen()
2716 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2717 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2718 raise Exception("Failed to start Controller")
2719
2720 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
2721 if "status,COMPLETE" not in res:
2722 raise Exception("dev_exec_action did not succeed: " + res)
2723
2724 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2725 res = sigma_dut_cmd(cmd, timeout=10)
2726 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2727 raise Exception("Unexpected result: " + res)
2728 finally:
2729 stop_sigma_dut(sigma)
2730 dev[1].request("DPP_CONTROLLER_STOP")
2731
2732 def test_sigma_dut_preconfigured_profile(dev, apdev):
2733 """sigma_dut controlled connection using preconfigured profile"""
2734 try:
2735 run_sigma_dut_preconfigured_profile(dev, apdev)
2736 finally:
2737 dev[0].set("ignore_old_scan_res", "0")
2738
2739 def run_sigma_dut_preconfigured_profile(dev, apdev):
2740 ifname = dev[0].ifname
2741 sigma = start_sigma_dut(ifname)
2742
2743 try:
2744 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2745 hapd = hostapd.add_ap(apdev[0], params)
2746 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2747 only_add_network=True)
2748
2749 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2750 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"),
2751 timeout=10)
2752 sigma_dut_wait_connected(ifname)
2753 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2754 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2755 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2756 finally:
2757 stop_sigma_dut(sigma)
2758
2759 def test_sigma_dut_wps_pbc(dev, apdev):
2760 """sigma_dut and WPS PBC Enrollee"""
2761 try:
2762 run_sigma_dut_wps_pbc(dev, apdev)
2763 finally:
2764 dev[0].set("ignore_old_scan_res", "0")
2765
2766 def run_sigma_dut_wps_pbc(dev, apdev):
2767 ssid = "test-wps-conf"
2768 hapd = hostapd.add_ap(apdev[0],
2769 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2770 "wpa_passphrase": "12345678", "wpa": "2",
2771 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2772 hapd.request("WPS_PBC")
2773
2774 ifname = dev[0].ifname
2775 sigma = start_sigma_dut(ifname)
2776
2777 try:
2778 cmd = "start_wps_registration,interface,%s" % ifname
2779 cmd += ",WpsRole,Enrollee"
2780 cmd += ",WpsConfigMethod,PBC"
2781 sigma_dut_cmd_check(cmd, timeout=15)
2782
2783 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2784 hapd.disable()
2785 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2786 finally:
2787 stop_sigma_dut(sigma)
2788 dev[0].flush_scan_cache()
2789
2790 def test_sigma_dut_sta_scan_bss(dev, apdev):
2791 """sigma_dut sta_scan_bss"""
2792 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
2793 sigma = start_sigma_dut(dev[0].ifname)
2794 try:
2795 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2796 hapd.own_addr())
2797 res = sigma_dut_cmd(cmd, timeout=10)
2798 if "ssid,test,bsschannel,1" not in res:
2799 raise Exception("Unexpected result: " + res)
2800 finally:
2801 stop_sigma_dut(sigma)
2802
2803 def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2804 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2805 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2806 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2807 sigma = start_sigma_dut(dev[0].ifname)
2808 try:
2809 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
2810 res = sigma_dut_cmd(cmd, timeout=10)
2811 if "abcdef" not in res or "qwerty" not in res:
2812 raise Exception("Unexpected result: " + res)
2813 finally:
2814 stop_sigma_dut(sigma)
2815
2816 def test_sigma_dut_ap_osen(dev, apdev, params):
2817 """sigma_dut controlled AP with OSEN"""
2818 logdir = os.path.join(params['logdir'],
2819 "sigma_dut_ap_osen.sigma-hostapd")
2820 with HWSimRadio() as (radio, iface):
2821 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2822 try:
2823 sigma_dut_cmd_check("ap_reset_default")
2824 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2825 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2826 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2827 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2828
2829 # RSN-OSEN (for OSU)
2830 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2831 pairwise="CCMP", group="GTK_NOT_USED",
2832 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2833 ca_cert="auth_serv/ca.pem", scan_freq="2412")
2834
2835 sigma_dut_cmd_check("ap_reset_default")
2836 finally:
2837 stop_sigma_dut(sigma)
2838
2839 def test_sigma_dut_ap_eap_osen(dev, apdev, params):
2840 """sigma_dut controlled AP with EAP+OSEN"""
2841 logdir = os.path.join(params['logdir'],
2842 "sigma_dut_ap_eap_osen.sigma-hostapd")
2843 with HWSimRadio() as (radio, iface):
2844 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
2845 try:
2846 sigma_dut_cmd_check("ap_reset_default")
2847 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2848 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2849 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2850 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2851
2852 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2853 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2854
2855 # RSN-OSEN (for OSU)
2856 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2857 pairwise="CCMP",
2858 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2859 ca_cert="auth_serv/ca.pem", ieee80211w='2',
2860 scan_freq="2412")
2861 # RSN-EAP (for data connection)
2862 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2863 identity="hs20-test", password="password",
2864 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2865 ieee80211w='2', scan_freq="2412")
2866
2867 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
2868 success_expected=False, timeout=1)
2869
2870 sigma_dut_cmd_check("ap_reset_default")
2871 finally:
2872 stop_sigma_dut(sigma)
2873 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2874 stderr=open('/dev/null', 'w'))
2875 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2876 stderr=open('/dev/null', 'w'))
2877
2878 def test_sigma_dut_ap_eap(dev, apdev, params):
2879 """sigma_dut controlled AP WPA2-Enterprise"""
2880 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2881 with HWSimRadio() as (radio, iface):
2882 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2883 try:
2884 sigma_dut_cmd_check("ap_reset_default")
2885 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2886 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2887 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2888 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2889
2890 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
2891 identity="gpsk user",
2892 password="abcdefghijklmnop0123456789abcdef",
2893 scan_freq="2412")
2894
2895 sigma_dut_cmd_check("ap_reset_default")
2896 finally:
2897 stop_sigma_dut(sigma)
2898
2899 def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
2900 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2901 logdir = os.path.join(params['logdir'],
2902 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2903 with HWSimRadio() as (radio, iface):
2904 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2905 try:
2906 sigma_dut_cmd_check("ap_reset_default")
2907 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2908 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2909 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2910 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2911
2912 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
2913 identity="gpsk user",
2914 password="abcdefghijklmnop0123456789abcdef",
2915 scan_freq="2412")
2916
2917 sigma_dut_cmd_check("ap_reset_default")
2918 finally:
2919 stop_sigma_dut(sigma)
2920
2921 def test_sigma_dut_ap_ft_eap(dev, apdev, params):
2922 """sigma_dut controlled AP FT-EAP"""
2923 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2924 with HWSimRadio() as (radio, iface):
2925 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2926 try:
2927 sigma_dut_cmd_check("ap_reset_default")
2928 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2929 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2930 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2931 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2932
2933 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2934 identity="gpsk user",
2935 password="abcdefghijklmnop0123456789abcdef",
2936 scan_freq="2412")
2937
2938 sigma_dut_cmd_check("ap_reset_default")
2939 finally:
2940 stop_sigma_dut(sigma)
2941
2942 def test_sigma_dut_ap_ft_psk(dev, apdev, params):
2943 """sigma_dut controlled AP FT-PSK"""
2944 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2945 with HWSimRadio() as (radio, iface):
2946 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2947 try:
2948 sigma_dut_cmd_check("ap_reset_default")
2949 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2950 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2951 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2952
2953 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2954 scan_freq="2412")
2955
2956 sigma_dut_cmd_check("ap_reset_default")
2957 finally:
2958 stop_sigma_dut(sigma)
2959
2960 def test_sigma_dut_ap_ft_over_ds_psk(dev, apdev, params):
2961 """sigma_dut controlled AP FT-PSK (over-DS)"""
2962 logdir = os.path.join(params['logdir'],
2963 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
2964 conffile = os.path.join(params['logdir'],
2965 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
2966 with HWSimRadio() as (radio, iface):
2967 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2968 try:
2969 sigma_dut_cmd_check("ap_reset_default")
2970 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
2971 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2972 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2973
2974 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
2975 with open(conffile, "wb") as f2:
2976 f2.write(f.read())
2977
2978 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2979 scan_freq="2412")
2980
2981 sigma_dut_cmd_check("ap_reset_default")
2982 finally:
2983 stop_sigma_dut(sigma)
2984
2985 def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
2986 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2987 logdir = os.path.join(params['logdir'],
2988 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2989 with HWSimRadio() as (radio, iface):
2990 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2991 try:
2992 sigma_dut_cmd_check("ap_reset_default")
2993 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2994 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2995 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2996 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2997
2998 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2999 identity="gpsk user",
3000 password="abcdefghijklmnop0123456789abcdef",
3001 scan_freq="2412")
3002 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
3003 identity="gpsk user",
3004 password="abcdefghijklmnop0123456789abcdef",
3005 scan_freq="2412")
3006
3007 sigma_dut_cmd_check("ap_reset_default")
3008 finally:
3009 stop_sigma_dut(sigma)
3010
3011 def test_sigma_dut_venue_url(dev, apdev):
3012 """sigma_dut controlled Venue URL fetch"""
3013 try:
3014 run_sigma_dut_venue_url(dev, apdev)
3015 finally:
3016 dev[0].set("ignore_old_scan_res", "0")
3017
3018 def run_sigma_dut_venue_url(dev, apdev):
3019 ifname = dev[0].ifname
3020 sigma = start_sigma_dut(ifname)
3021
3022 try:
3023 ssid = "venue"
3024 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3025 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3026 params["ieee80211w"] = "2"
3027
3028 venue_group = 1
3029 venue_type = 13
3030 venue_info = struct.pack('BB', venue_group, venue_type)
3031 lang1 = "eng"
3032 name1 = "Example venue"
3033 lang2 = "fin"
3034 name2 = "Esimerkkipaikka"
3035 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
3036 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
3037 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
3038
3039 url1 = "http://example.com/venue"
3040 url2 = "https://example.org/venue-info/"
3041 params["venue_group"] = str(venue_group)
3042 params["venue_type"] = str(venue_type)
3043 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
3044 params["venue_url"] = ["1:" + url1, "2:" + url2]
3045
3046 hapd = hostapd.add_ap(apdev[0], params)
3047
3048 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
3049 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3050 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
3051 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"),
3052 timeout=10)
3053 sigma_dut_wait_connected(ifname)
3054 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3055 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
3056 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3057 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3058 finally:
3059 stop_sigma_dut(sigma)
3060
3061 def test_sigma_dut_hs20_assoc_24(dev, apdev):
3062 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3063 run_sigma_dut_hs20_assoc(dev, apdev, True)
3064
3065 def test_sigma_dut_hs20_assoc_5(dev, apdev):
3066 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3067 run_sigma_dut_hs20_assoc(dev, apdev, False)
3068
3069 def run_sigma_dut_hs20_assoc(dev, apdev, band24):
3070 hapd0 = None
3071 hapd1 = None
3072 try:
3073 bssid0 = apdev[0]['bssid']
3074 params = hs20_ap_params()
3075 params['hessid'] = bssid0
3076 hapd0 = hostapd.add_ap(apdev[0], params)
3077
3078 bssid1 = apdev[1]['bssid']
3079 params = hs20_ap_params()
3080 params['hessid'] = bssid0
3081 params["hw_mode"] = "a"
3082 params["channel"] = "36"
3083 params["country_code"] = "US"
3084 hapd1 = hostapd.add_ap(apdev[1], params)
3085
3086 band = "2.4" if band24 else "5"
3087 exp_bssid = bssid0 if band24 else bssid1
3088 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
3089 finally:
3090 dev[0].request("DISCONNECT")
3091 if hapd0:
3092 hapd0.request("DISABLE")
3093 if hapd1:
3094 hapd1.request("DISABLE")
3095 subprocess.call(['iw', 'reg', 'set', '00'])
3096 dev[0].flush_scan_cache()
3097
3098 def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
3099 check_eap_capa(dev[0], "MSCHAPV2")
3100 dev[0].flush_scan_cache()
3101
3102 ifname = dev[0].ifname
3103 sigma = start_sigma_dut(ifname)
3104
3105 try:
3106 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
3107 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3108 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
3109 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
3110 timeout=15)
3111 sigma_dut_wait_connected(ifname)
3112 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3113 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3114 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3115 finally:
3116 stop_sigma_dut(sigma)
3117
3118 if "BSSID," + expect_bssid not in res:
3119 raise Exception("Unexpected BSSID: " + res)
3120
3121 def test_sigma_dut_ap_hs20(dev, apdev, params):
3122 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3123 logdir = os.path.join(params['logdir'],
3124 "sigma_dut_ap_hs20.sigma-hostapd")
3125 conffile = os.path.join(params['logdir'],
3126 "sigma_dut_ap_hs20.sigma-conf")
3127 with HWSimRadio() as (radio, iface):
3128 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3129 try:
3130 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3131 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3132 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3133 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3134 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3135 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3136 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3137 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3138 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3139 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3140 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3141 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3142 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3143 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3144
3145 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3146 with open(conffile, "wb") as f2:
3147 f2.write(f.read())
3148
3149 sigma_dut_cmd_check("ap_reset_default")
3150 finally:
3151 stop_sigma_dut(sigma)
3152
3153 def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
3154 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3155 logdir = params['logdir']
3156
3157 with open("auth_serv/ca.pem", "r") as f:
3158 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
3159 "w") as f2:
3160 f2.write(f.read())
3161
3162 src = "auth_serv/server.pem"
3163 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
3164 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3165 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3166 "-outform", "DER"],
3167 stderr=open('/dev/null', 'w'))
3168 with open(dst, "rb") as f:
3169 der = f.read()
3170 hash = hashlib.sha256(der).digest()
3171 with open(hashdst, "w") as f:
3172 f.write(binascii.hexlify(hash).decode())
3173
3174 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3175 with open(dst, "w") as f:
3176 f.write(32*"00")
3177
3178 ssid = "test-wpa2-eap"
3179 params = hostapd.wpa2_eap_params(ssid=ssid)
3180 hapd = hostapd.add_ap(apdev[0], params)
3181
3182 ifname = dev[0].ifname
3183 sigma = start_sigma_dut(ifname, cert_path=logdir)
3184
3185 try:
3186 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
3187
3188 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3189 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3190 sigma_dut_cmd_check(cmd)
3191 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3192 timeout=10)
3193 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3194 if ev is None:
3195 raise Exception("Server certificate error not reported")
3196
3197 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3198 if "ServerCertTrustResult,Accepted" not in res:
3199 raise Exception("Server certificate trust was not accepted")
3200 sigma_dut_wait_connected(ifname)
3201 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3202 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3203 dev[0].dump_monitor()
3204 finally:
3205 stop_sigma_dut(sigma)
3206
3207 def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
3208 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3209 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
3210
3211 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
3212 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3213 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
3214
3215 def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
3216 logdir = params['logdir']
3217
3218 name = "sigma_dut_eap_ttls_uosc_tod"
3219 if tofu:
3220 name += "_tofu"
3221 with open("auth_serv/ca.pem", "r") as f:
3222 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3223 f2.write(f.read())
3224
3225 if tofu:
3226 src = "auth_serv/server-certpol2.pem"
3227 else:
3228 src = "auth_serv/server-certpol.pem"
3229 dst = os.path.join(logdir, name + ".server.der")
3230 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3231 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3232 "-outform", "DER"],
3233 stderr=open('/dev/null', 'w'))
3234 with open(dst, "rb") as f:
3235 der = f.read()
3236 hash = hashlib.sha256(der).digest()
3237 with open(hashdst, "w") as f:
3238 f.write(binascii.hexlify(hash).decode())
3239
3240 ssid = "test-wpa2-eap"
3241 params = int_eap_server_params()
3242 params["ssid"] = ssid
3243 if tofu:
3244 params["server_cert"] = "auth_serv/server-certpol2.pem"
3245 params["private_key"] = "auth_serv/server-certpol2.key"
3246 else:
3247 params["server_cert"] = "auth_serv/server-certpol.pem"
3248 params["private_key"] = "auth_serv/server-certpol.key"
3249 hapd = hostapd.add_ap(apdev[0], params)
3250
3251 ifname = dev[0].ifname
3252 sigma = start_sigma_dut(ifname, cert_path=logdir)
3253
3254 try:
3255 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
3256 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3257 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3258 sigma_dut_cmd_check(cmd)
3259 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3260 timeout=10)
3261 sigma_dut_wait_connected(ifname)
3262 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3263 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
3264 dev[0].wait_disconnected()
3265 dev[0].dump_monitor()
3266
3267 hapd.disable()
3268 params = hostapd.wpa2_eap_params(ssid=ssid)
3269 hapd = hostapd.add_ap(apdev[0], params)
3270
3271 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3272 timeout=10)
3273 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3274 if ev is None:
3275 raise Exception("Server certificate error not reported")
3276
3277 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3278 if "ServerCertTrustResult,Accepted" in res:
3279 raise Exception("Server certificate trust override was accepted unexpectedly")
3280 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3281 dev[0].dump_monitor()
3282 finally:
3283 stop_sigma_dut(sigma)
3284
3285 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
3286 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3287 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
3288
3289 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
3290 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3291 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
3292
3293 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
3294 logdir = params['logdir']
3295
3296 name = "sigma_dut_eap_ttls_uosc_initial_tod"
3297 if tofu:
3298 name += "_tofu"
3299 with open("auth_serv/rsa3072-ca.pem", "r") as f:
3300 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3301 f2.write(f.read())
3302
3303 if tofu:
3304 src = "auth_serv/server-certpol2.pem"
3305 else:
3306 src = "auth_serv/server-certpol.pem"
3307 dst = os.path.join(logdir, name + ".server.der")
3308 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3309 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3310 "-outform", "DER"],
3311 stderr=open('/dev/null', 'w'))
3312 with open(dst, "rb") as f:
3313 der = f.read()
3314 hash = hashlib.sha256(der).digest()
3315 with open(hashdst, "w") as f:
3316 f.write(binascii.hexlify(hash).decode())
3317
3318 ssid = "test-wpa2-eap"
3319 params = int_eap_server_params()
3320 params["ssid"] = ssid
3321 if tofu:
3322 params["server_cert"] = "auth_serv/server-certpol2.pem"
3323 params["private_key"] = "auth_serv/server-certpol2.key"
3324 else:
3325 params["server_cert"] = "auth_serv/server-certpol.pem"
3326 params["private_key"] = "auth_serv/server-certpol.key"
3327 hapd = hostapd.add_ap(apdev[0], params)
3328
3329 ifname = dev[0].ifname
3330 sigma = start_sigma_dut(ifname, cert_path=logdir)
3331
3332 try:
3333 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
3334 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3335 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3336 sigma_dut_cmd_check(cmd)
3337 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3338 timeout=10)
3339 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
3340 if ev is None:
3341 raise Exception("Server certificate validation failure not reported")
3342
3343 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3344 if not tofu and "ServerCertTrustResult,Accepted" in res:
3345 raise Exception("Server certificate trust override was accepted unexpectedly")
3346 if tofu and "ServerCertTrustResult,Accepted" not in res:
3347 raise Exception("Server certificate trust override was not accepted")
3348 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3349 dev[0].dump_monitor()
3350 finally:
3351 stop_sigma_dut(sigma)
3352
3353 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
3354 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3355 check_domain_suffix_match(dev[0])
3356 logdir = params['logdir']
3357
3358 with open("auth_serv/ca.pem", "r") as f:
3359 with open(os.path.join(logdir,
3360 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3361 "w") as f2:
3362 f2.write(f.read())
3363
3364 ssid = "test-wpa2-eap"
3365 params = int_eap_server_params()
3366 params["ssid"] = ssid
3367 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3368 params["server_cert"] = "auth_serv/rsa3072-server.pem"
3369 params["private_key"] = "auth_serv/rsa3072-server.key"
3370 hapd = hostapd.add_ap(apdev[0], params)
3371
3372 ifname = dev[0].ifname
3373 sigma = start_sigma_dut(ifname, cert_path=logdir)
3374
3375 try:
3376 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
3377 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3378 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3379 sigma_dut_cmd_check(cmd)
3380 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3381 timeout=10)
3382 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3383 if ev is None:
3384 raise Exception("Server certificate error not reported")
3385
3386 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3387 if "ServerCertTrustResult,Accepted" not in res:
3388 raise Exception("Server certificate trust was not accepted")
3389 sigma_dut_wait_connected(ifname)
3390 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3391 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3392 dev[0].dump_monitor()
3393 finally:
3394 stop_sigma_dut(sigma)
3395
3396 def start_sae_pwe_ap(apdev, sae_pwe):
3397 ssid = "test-sae"
3398 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3399 params['wpa_key_mgmt'] = 'SAE'
3400 params["ieee80211w"] = "2"
3401 params['sae_groups'] = '19'
3402 params['sae_pwe'] = str(sae_pwe)
3403 return hostapd.add_ap(apdev, params)
3404
3405 def connect_sae_pwe_sta(dev, ifname, extra=None):
3406 dev.dump_monitor()
3407 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3408 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3409 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3410 if extra:
3411 cmd += "," + extra
3412 sigma_dut_cmd_check(cmd)
3413 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3414 timeout=10)
3415 sigma_dut_wait_connected(ifname)
3416 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3417 dev.wait_disconnected()
3418 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3419 dev.dump_monitor()
3420
3421 def no_connect_sae_pwe_sta(dev, ifname, extra=None):
3422 dev.dump_monitor()
3423 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3424 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3425 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3426 if extra:
3427 cmd += "," + extra
3428 sigma_dut_cmd_check(cmd)
3429 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3430 timeout=10)
3431 ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
3432 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3433 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3434 raise Exception("Unexpected connection result")
3435 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3436 dev.dump_monitor()
3437
3438 def test_sigma_dut_sae_h2e(dev, apdev):
3439 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3440 if "SAE" not in dev[0].get_capability("auth_alg"):
3441 raise HwsimSkip("SAE not supported")
3442
3443 start_sae_pwe_ap(apdev[0], 2)
3444
3445 ifname = dev[0].ifname
3446 sigma = start_sigma_dut(ifname, sae_h2e=True)
3447 try:
3448 connect_sae_pwe_sta(dev[0], ifname)
3449 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3450 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3451 res = sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname, "test-sae", "12345678"))
3452 if res != "status,ERROR,errorCode,Unsupported sae_pwe value":
3453 raise Exception("Unexpected error result: " + res)
3454 finally:
3455 stop_sigma_dut(sigma)
3456 dev[0].set("sae_pwe", "0")
3457
3458 def test_sigma_dut_sae_h2e_ap_loop(dev, apdev):
3459 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3460 if "SAE" not in dev[0].get_capability("auth_alg"):
3461 raise HwsimSkip("SAE not supported")
3462
3463 start_sae_pwe_ap(apdev[0], 0)
3464
3465 ifname = dev[0].ifname
3466 sigma = start_sigma_dut(ifname, sae_h2e=True)
3467 try:
3468 connect_sae_pwe_sta(dev[0], ifname)
3469 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3470 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3471 finally:
3472 stop_sigma_dut(sigma)
3473 dev[0].set("sae_pwe", "0")
3474
3475 def test_sigma_dut_sae_h2e_ap_h2e(dev, apdev):
3476 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3477 if "SAE" not in dev[0].get_capability("auth_alg"):
3478 raise HwsimSkip("SAE not supported")
3479
3480 start_sae_pwe_ap(apdev[0], 1)
3481
3482 ifname = dev[0].ifname
3483 sigma = start_sigma_dut(ifname, sae_h2e=True)
3484 try:
3485 connect_sae_pwe_sta(dev[0], ifname)
3486 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3487 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3488 finally:
3489 stop_sigma_dut(sigma)
3490 dev[0].set("sae_pwe", "0")
3491
3492 def test_sigma_dut_ap_sae_h2e(dev, apdev, params):
3493 """sigma_dut controlled AP with SAE H2E"""
3494 logdir = os.path.join(params['logdir'],
3495 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3496 if "SAE" not in dev[0].get_capability("auth_alg"):
3497 raise HwsimSkip("SAE not supported")
3498 with HWSimRadio() as (radio, iface):
3499 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3500 try:
3501 sigma_dut_cmd_check("ap_reset_default")
3502 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3503 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3504 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3505
3506 for sae_pwe in [0, 1, 2]:
3507 dev[0].request("SET sae_groups ")
3508 dev[0].set("sae_pwe", str(sae_pwe))
3509 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3510 ieee80211w="2", scan_freq="2412")
3511 dev[0].request("REMOVE_NETWORK all")
3512 dev[0].wait_disconnected()
3513 dev[0].dump_monitor()
3514
3515 sigma_dut_cmd_check("ap_reset_default")
3516 finally:
3517 stop_sigma_dut(sigma)
3518 dev[0].set("sae_pwe", "0")
3519
3520 def test_sigma_dut_ap_sae_h2e_only(dev, apdev, params):
3521 """sigma_dut controlled AP with SAE H2E-only"""
3522 logdir = os.path.join(params['logdir'],
3523 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3524 if "SAE" not in dev[0].get_capability("auth_alg"):
3525 raise HwsimSkip("SAE not supported")
3526 with HWSimRadio() as (radio, iface):
3527 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3528 try:
3529 sigma_dut_cmd_check("ap_reset_default")
3530 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3531 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3532 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3533
3534 dev[0].request("SET sae_groups ")
3535 dev[0].set("sae_pwe", "1")
3536 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3537 ieee80211w="2", scan_freq="2412")
3538 dev[0].request("REMOVE_NETWORK all")
3539 dev[0].wait_disconnected()
3540 dev[0].dump_monitor()
3541
3542 dev[0].set("sae_pwe", "0")
3543 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3544 ieee80211w="2", scan_freq="2412", wait_connect=False)
3545 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3546 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3547 dev[0].request("DISCONNECT")
3548 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3549 raise Exception("Unexpected connection result")
3550
3551 sigma_dut_cmd_check("ap_reset_default")
3552 finally:
3553 stop_sigma_dut(sigma)
3554 dev[0].set("sae_pwe", "0")
3555
3556 def test_sigma_dut_ap_sae_loop_only(dev, apdev, params):
3557 """sigma_dut controlled AP with SAE looping-only"""
3558 logdir = os.path.join(params['logdir'],
3559 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3560 if "SAE" not in dev[0].get_capability("auth_alg"):
3561 raise HwsimSkip("SAE not supported")
3562 with HWSimRadio() as (radio, iface):
3563 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3564 try:
3565 sigma_dut_cmd_check("ap_reset_default")
3566 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3567 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3568 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3569
3570 dev[0].request("SET sae_groups ")
3571 dev[0].set("sae_pwe", "0")
3572 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3573 ieee80211w="2", scan_freq="2412")
3574 dev[0].request("REMOVE_NETWORK all")
3575 dev[0].wait_disconnected()
3576 dev[0].dump_monitor()
3577
3578 dev[0].set("sae_pwe", "1")
3579 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3580 ieee80211w="2", scan_freq="2412", wait_connect=False)
3581 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3582 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3583 dev[0].request("DISCONNECT")
3584 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3585 raise Exception("Unexpected connection result")
3586
3587 sigma_dut_cmd_check("ap_reset_default")
3588 finally:
3589 stop_sigma_dut(sigma)
3590 dev[0].set("sae_pwe", "0")
3591
3592 def test_sigma_dut_sae_h2e_loop_forcing(dev, apdev):
3593 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3594 if "SAE" not in dev[0].get_capability("auth_alg"):
3595 raise HwsimSkip("SAE not supported")
3596
3597 ssid = "test-sae"
3598 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3599 params['wpa_key_mgmt'] = 'SAE'
3600 params["ieee80211w"] = "2"
3601 params['sae_pwe'] = '1'
3602 hapd = hostapd.add_ap(apdev[0], params)
3603
3604 ifname = dev[0].ifname
3605 sigma = start_sigma_dut(ifname)
3606 try:
3607 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3608 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3609 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname, "test-sae", "12345678"))
3610 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3611 timeout=10)
3612 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3613 if ev is None:
3614 raise Exception("No authentication attempt reported")
3615 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3616 if ev is not None:
3617 raise Exception("Unexpected connection reported")
3618 finally:
3619 stop_sigma_dut(sigma)
3620
3621 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev, apdev):
3622 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3623 if "SAE" not in dev[0].get_capability("auth_alg"):
3624 raise HwsimSkip("SAE not supported")
3625
3626 ssid = "test-sae"
3627 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3628 params['wpa_key_mgmt'] = 'SAE'
3629 params["ieee80211w"] = "2"
3630 params['sae_groups'] = "19 20"
3631 params['sae_pwe'] = '1'
3632 hapd = hostapd.add_ap(apdev[0], params)
3633
3634 ifname = dev[0].ifname
3635 sigma = start_sigma_dut(ifname, sae_h2e=True)
3636 try:
3637 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3638 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3639 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname, "test-sae", "12345678"))
3640 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3641 timeout=10)
3642 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3643 if ev is None:
3644 raise Exception("No authentication attempt reported")
3645 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3646 if ev is not None:
3647 raise Exception("Unexpected connection reported")
3648 finally:
3649 stop_sigma_dut(sigma)
3650
3651 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev, apdev):
3652 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3653 if "SAE" not in dev[0].get_capability("auth_alg"):
3654 raise HwsimSkip("SAE not supported")
3655
3656 ssid = "test-sae"
3657 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3658 params['wpa_key_mgmt'] = 'SAE'
3659 params["ieee80211w"] = "2"
3660 params['sae_groups'] = "19"
3661 params['sae_pwe'] = '1'
3662 hapd = hostapd.add_ap(apdev[0], params)
3663
3664 ifname = dev[0].ifname
3665 sigma = start_sigma_dut(ifname, sae_h2e=True)
3666 try:
3667 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3668 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3669 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname, "test-sae", "12345678"))
3670 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3671 timeout=10)
3672 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3673 if ev is None:
3674 raise Exception("No authentication attempt reported")
3675 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3676 if ev is not None:
3677 raise Exception("Unexpected connection reported")
3678 finally:
3679 stop_sigma_dut(sigma)
3680 dev[0].set("sae_pwe", "0")
3681
3682 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev, apdev, params):
3683 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3684 logdir = os.path.join(params['logdir'],
3685 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3686 if "SAE" not in dev[0].get_capability("auth_alg"):
3687 raise HwsimSkip("SAE not supported")
3688 with HWSimRadio() as (radio, iface):
3689 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3690 try:
3691 sigma_dut_cmd_check("ap_reset_default")
3692 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3693 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3694 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3695
3696 dev[0].request("SET sae_groups ")
3697 dev[0].set("sae_pwe", "1")
3698 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3699 ieee80211w="2", scan_freq="2412", wait_connect=False)
3700 ev = dev[0].wait_event(["Associated with"], timeout=10)
3701 if ev is None:
3702 raise Exception("No indication of association seen")
3703 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3704 "CTRL-EVENT-DISCONNECTED"], timeout=10)
3705 dev[0].request("DISCONNECT")
3706 if ev is None:
3707 raise Exception("No disconnection seen")
3708 if "CTRL-EVENT-DISCONNECTED" not in ev:
3709 raise Exception("Unexpected connection")
3710
3711 sigma_dut_cmd_check("ap_reset_default")
3712 finally:
3713 stop_sigma_dut(sigma)
3714 dev[0].set("sae_pwe", "0")
3715
3716 def test_sigma_dut_ap_sae_h2e_group_rejection(dev, apdev, params):
3717 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3718 logdir = os.path.join(params['logdir'],
3719 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3720 if "SAE" not in dev[0].get_capability("auth_alg"):
3721 raise HwsimSkip("SAE not supported")
3722 with HWSimRadio() as (radio, iface):
3723 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3724 try:
3725 sigma_dut_cmd_check("ap_reset_default")
3726 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3727 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3728 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3729
3730 dev[0].request("SET sae_groups 21 20 19")
3731 dev[0].set("sae_pwe", "1")
3732 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3733 ieee80211w="2", scan_freq="2412")
3734 addr = dev[0].own_addr()
3735 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr)
3736 if "DHGroupVerResult,21 20" not in res:
3737 raise Exception("Unexpected dev_exec_action response: " + res)
3738
3739 sigma_dut_cmd_check("ap_reset_default")
3740 finally:
3741 stop_sigma_dut(sigma)
3742 dev[0].set("sae_pwe", "0")
Unnamed repository; edit this file 'description' to name the repository.