]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: sigma_dut DPP/QR responder status query
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import binascii
9 import hashlib
10 import logging
11 logger = logging.getLogger()
12 import os
13 import socket
14 import struct
15 import subprocess
16 import threading
17 import time
18
19 import hostapd
20 from utils import HwsimSkip
21 from hwsim import HWSimRadio
22 import hwsim_utils
23 from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
24 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
25 from test_ap_eap import check_eap_capa, int_eap_server_params
26 from test_ap_hs20 import hs20_ap_params
27
28 def check_sigma_dut():
29 if not os.path.exists("./sigma_dut"):
30 raise HwsimSkip("sigma_dut not available")
31
32 def to_hex(s):
33 return binascii.hexlify(s.encode()).decode()
34
35 def from_hex(s):
36 return binascii.unhexlify(s).decode()
37
38 def sigma_dut_cmd(cmd, port=9000, timeout=2):
39 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
40 socket.IPPROTO_TCP)
41 sock.settimeout(timeout)
42 addr = ('127.0.0.1', port)
43 sock.connect(addr)
44 sock.send(cmd.encode() + b"\r\n")
45 try:
46 res = sock.recv(1000).decode()
47 running = False
48 done = False
49 for line in res.splitlines():
50 if line.startswith("status,RUNNING"):
51 running = True
52 elif line.startswith("status,INVALID"):
53 done = True
54 elif line.startswith("status,ERROR"):
55 done = True
56 elif line.startswith("status,COMPLETE"):
57 done = True
58 if running and not done:
59 # Read the actual response
60 res = sock.recv(1000).decode()
61 except:
62 res = ''
63 pass
64 sock.close()
65 res = res.rstrip()
66 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
67 return res
68
69 def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
70 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
71 if "COMPLETE" not in res:
72 raise Exception("sigma_dut command failed: " + cmd)
73 return res
74
75 def start_sigma_dut(ifname, debug=False, hostapd_logdir=None, cert_path=None,
76 bridge=None):
77 check_sigma_dut()
78 cmd = ['./sigma_dut',
79 '-M', ifname,
80 '-S', ifname,
81 '-F', '../../hostapd/hostapd',
82 '-G',
83 '-w', '/var/run/wpa_supplicant/',
84 '-j', ifname]
85 if debug:
86 cmd += ['-d']
87 if hostapd_logdir:
88 cmd += ['-H', hostapd_logdir]
89 if cert_path:
90 cmd += ['-C', cert_path]
91 if bridge:
92 cmd += ['-b', bridge]
93 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
94 stderr=subprocess.PIPE)
95 for i in range(20):
96 try:
97 res = sigma_dut_cmd("HELLO")
98 break
99 except:
100 time.sleep(0.05)
101 return sigma
102
103 def stop_sigma_dut(sigma):
104 sigma.terminate()
105 sigma.wait()
106 out, err = sigma.communicate()
107 logger.debug("sigma_dut stdout: " + str(out.decode()))
108 logger.debug("sigma_dut stderr: " + str(err.decode()))
109
110 def sigma_dut_wait_connected(ifname):
111 for i in range(50):
112 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
113 if "connected,1" in res:
114 break
115 time.sleep(0.2)
116 if i == 49:
117 raise Exception("Connection did not complete")
118
119 def test_sigma_dut_basic(dev, apdev):
120 """sigma_dut basic functionality"""
121 sigma = start_sigma_dut(dev[0].ifname)
122
123 res = sigma_dut_cmd("UNKNOWN")
124 if "status,INVALID,errorCode,Unknown command" not in res:
125 raise Exception("Unexpected sigma_dut response to unknown command")
126
127 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
128 ("device_get_info", "status,COMPLETE,vendor"),
129 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
130 ("device_list_interfaces,interfaceType,802.11",
131 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
132 for cmd, response in tests:
133 res = sigma_dut_cmd(cmd)
134 if response not in res:
135 raise Exception("Unexpected %s response: %s" % (cmd, res))
136
137 stop_sigma_dut(sigma)
138
139 def test_sigma_dut_open(dev, apdev):
140 """sigma_dut controlled open network association"""
141 try:
142 run_sigma_dut_open(dev, apdev)
143 finally:
144 dev[0].set("ignore_old_scan_res", "0")
145
146 def run_sigma_dut_open(dev, apdev):
147 ifname = dev[0].ifname
148 sigma = start_sigma_dut(ifname)
149
150 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
151
152 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
153 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
154 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"))
155 sigma_dut_wait_connected(ifname)
156 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
157 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
158 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
159
160 stop_sigma_dut(sigma)
161
162 def test_sigma_dut_psk_pmf(dev, apdev):
163 """sigma_dut controlled PSK+PMF association"""
164 try:
165 run_sigma_dut_psk_pmf(dev, apdev)
166 finally:
167 dev[0].set("ignore_old_scan_res", "0")
168
169 def run_sigma_dut_psk_pmf(dev, apdev):
170 ifname = dev[0].ifname
171 sigma = start_sigma_dut(ifname)
172
173 ssid = "test-pmf-required"
174 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
175 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
176 params["ieee80211w"] = "2"
177 hapd = hostapd.add_ap(apdev[0], params)
178
179 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
180 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
181 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
182 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
183 sigma_dut_wait_connected(ifname)
184 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
185 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
186 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
187
188 stop_sigma_dut(sigma)
189
190 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
191 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
192 try:
193 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
194 finally:
195 dev[0].set("ignore_old_scan_res", "0")
196
197 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
198 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
199 try:
200 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
201 finally:
202 dev[0].set("ignore_old_scan_res", "0")
203
204 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
205 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
206 try:
207 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
208 finally:
209 dev[0].set("ignore_old_scan_res", "0")
210
211 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
212 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
213 try:
214 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
215 finally:
216 dev[0].set("ignore_old_scan_res", "0")
217
218 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
219 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
220 try:
221 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
222 failure=True)
223 finally:
224 dev[0].set("ignore_old_scan_res", "0")
225
226 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
227 failure=False):
228 ifname = dev[0].ifname
229 sigma = start_sigma_dut(ifname)
230
231 ssid = "test-pmf-required"
232 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
233 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
234 params["ieee80211w"] = "2"
235 params["group_mgmt_cipher"] = hostapd_cipher
236 hapd = hostapd.add_ap(apdev[0], params)
237
238 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
239 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
240 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
241 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
242 if failure:
243 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
244 "CTRL-EVENT-CONNECTED"], timeout=10)
245 if ev is None:
246 raise Exception("Network selection result not indicated")
247 if "CTRL-EVENT-CONNECTED" in ev:
248 raise Exception("Unexpected connection")
249 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
250 if "connected,1" in res:
251 raise Exception("Connection reported")
252 else:
253 sigma_dut_wait_connected(ifname)
254 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
255
256 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
257 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
258
259 stop_sigma_dut(sigma)
260
261 def test_sigma_dut_sae(dev, apdev):
262 """sigma_dut controlled SAE association"""
263 if "SAE" not in dev[0].get_capability("auth_alg"):
264 raise HwsimSkip("SAE not supported")
265
266 ifname = dev[0].ifname
267 sigma = start_sigma_dut(ifname)
268
269 ssid = "test-sae"
270 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
271 params['wpa_key_mgmt'] = 'SAE'
272 params["ieee80211w"] = "2"
273 params['sae_groups'] = '19 20 21'
274 hapd = hostapd.add_ap(apdev[0], params)
275
276 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
277 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
278 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
279 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
280 sigma_dut_wait_connected(ifname)
281 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
282 if dev[0].get_status_field('sae_group') != '19':
283 raise Exception("Expected default SAE group not used")
284 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
285
286 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
287
288 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
289 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
290 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
291 sigma_dut_wait_connected(ifname)
292 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
293 if dev[0].get_status_field('sae_group') != '20':
294 raise Exception("Expected SAE group not used")
295 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
296 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
297
298 stop_sigma_dut(sigma)
299
300 def test_sigma_dut_sae_password(dev, apdev):
301 """sigma_dut controlled SAE association and long password"""
302 if "SAE" not in dev[0].get_capability("auth_alg"):
303 raise HwsimSkip("SAE not supported")
304
305 ifname = dev[0].ifname
306 sigma = start_sigma_dut(ifname)
307
308 try:
309 ssid = "test-sae"
310 params = hostapd.wpa2_params(ssid=ssid)
311 params['sae_password'] = 100*'B'
312 params['wpa_key_mgmt'] = 'SAE'
313 params["ieee80211w"] = "2"
314 hapd = hostapd.add_ap(apdev[0], params)
315
316 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
317 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
318 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
319 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
320 sigma_dut_wait_connected(ifname)
321 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
322 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
323 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
324 finally:
325 stop_sigma_dut(sigma)
326
327 def test_sigma_dut_sae_pw_id(dev, apdev):
328 """sigma_dut controlled SAE association with Password Identifier"""
329 if "SAE" not in dev[0].get_capability("auth_alg"):
330 raise HwsimSkip("SAE not supported")
331
332 ifname = dev[0].ifname
333 sigma = start_sigma_dut(ifname, debug=True)
334
335 ssid = "test-sae"
336 params = hostapd.wpa2_params(ssid=ssid)
337 params['wpa_key_mgmt'] = 'SAE'
338 params["ieee80211w"] = "2"
339 params['sae_password'] = 'secret|id=pw id'
340 params['sae_groups'] = '19'
341 hapd = hostapd.add_ap(apdev[0], params)
342
343 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
344 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
345 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
346 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
347 sigma_dut_wait_connected(ifname)
348 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
349 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
350
351 stop_sigma_dut(sigma)
352
353 def test_sigma_dut_sae_pw_id_ft(dev, apdev):
354 """sigma_dut controlled SAE association with Password Identifier and FT"""
355 run_sigma_dut_sae_pw_id_ft(dev, apdev)
356
357 def test_sigma_dut_sae_pw_id_ft_over_ds(dev, apdev):
358 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
359 run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=True)
360
361 def run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=False):
362 if "SAE" not in dev[0].get_capability("auth_alg"):
363 raise HwsimSkip("SAE not supported")
364
365 ifname = dev[0].ifname
366 sigma = start_sigma_dut(ifname, debug=True)
367
368 ssid = "test-sae"
369 params = hostapd.wpa2_params(ssid=ssid)
370 params['wpa_key_mgmt'] = 'SAE FT-SAE'
371 params["ieee80211w"] = "2"
372 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
373 params['mobility_domain'] = 'aabb'
374 params['ft_over_ds'] = '1' if over_ds else '0'
375 bssid = apdev[0]['bssid'].replace(':', '')
376 params['nas_identifier'] = bssid + '.nas.example.com'
377 params['r1_key_holder'] = bssid
378 params['pmk_r1_push'] = '0'
379 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
380 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
381 hapd = hostapd.add_ap(apdev[0], params)
382
383 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
384 if over_ds:
385 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname)
386 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
387 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
388 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
389 sigma_dut_wait_connected(ifname)
390
391 bssid = apdev[1]['bssid'].replace(':', '')
392 params['nas_identifier'] = bssid + '.nas.example.com'
393 params['r1_key_holder'] = bssid
394 hapd2 = hostapd.add_ap(apdev[1], params)
395 bssid = hapd2.own_addr()
396 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
397 dev[0].wait_connected()
398
399 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
400 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
401
402 stop_sigma_dut(sigma)
403
404 def test_sigma_dut_sta_override_rsne(dev, apdev):
405 """sigma_dut and RSNE override on STA"""
406 try:
407 run_sigma_dut_sta_override_rsne(dev, apdev)
408 finally:
409 dev[0].set("ignore_old_scan_res", "0")
410
411 def run_sigma_dut_sta_override_rsne(dev, apdev):
412 ifname = dev[0].ifname
413 sigma = start_sigma_dut(ifname)
414
415 ssid = "test-psk"
416 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
417 hapd = hostapd.add_ap(apdev[0], params)
418
419 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
420
421 tests = ["30120100000fac040100000fac040100000fac02",
422 "30140100000fac040100000fac040100000fac02ffff"]
423 for test in tests:
424 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
425 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
426 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
427 sigma_dut_wait_connected(ifname)
428 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
429 dev[0].dump_monitor()
430
431 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
432 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
433 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
434
435 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
436 if ev is None:
437 raise Exception("Association rejection not reported")
438 if "status_code=40" not in ev:
439 raise Exception("Unexpected status code: " + ev)
440
441 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
442
443 stop_sigma_dut(sigma)
444
445 def test_sigma_dut_ap_psk(dev, apdev):
446 """sigma_dut controlled AP"""
447 with HWSimRadio() as (radio, iface):
448 sigma = start_sigma_dut(iface)
449 try:
450 sigma_dut_cmd_check("ap_reset_default")
451 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
452 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
453 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
454
455 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
456
457 sigma_dut_cmd_check("ap_reset_default")
458 finally:
459 stop_sigma_dut(sigma)
460
461 def test_sigma_dut_ap_pskhex(dev, apdev, params):
462 """sigma_dut controlled AP and PSKHEX"""
463 logdir = os.path.join(params['logdir'],
464 "sigma_dut_ap_pskhex.sigma-hostapd")
465 with HWSimRadio() as (radio, iface):
466 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
467 try:
468 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
469 sigma_dut_cmd_check("ap_reset_default")
470 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
471 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
472 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
473
474 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
475
476 sigma_dut_cmd_check("ap_reset_default")
477 finally:
478 stop_sigma_dut(sigma)
479
480 def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
481 """sigma_dut controlled AP PSK SHA256"""
482 logdir = os.path.join(params['logdir'],
483 "sigma_dut_ap_psk_sha256.sigma-hostapd")
484 with HWSimRadio() as (radio, iface):
485 sigma = start_sigma_dut(iface)
486 try:
487 sigma_dut_cmd_check("ap_reset_default")
488 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
489 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
490 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
491
492 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
493 psk="12345678", scan_freq="2412")
494
495 sigma_dut_cmd_check("ap_reset_default")
496 finally:
497 stop_sigma_dut(sigma)
498
499 def test_sigma_dut_eap_ttls(dev, apdev, params):
500 """sigma_dut controlled STA and EAP-TTLS parameters"""
501 logdir = params['logdir']
502
503 with open("auth_serv/ca.pem", "r") as f:
504 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
505 f2.write(f.read())
506
507 src = "auth_serv/server.pem"
508 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
509 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
510 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
511 "-outform", "DER"],
512 stderr=open('/dev/null', 'w'))
513 with open(dst, "rb") as f:
514 der = f.read()
515 hash = hashlib.sha256(der).digest()
516 with open(hashdst, "w") as f:
517 f.write(binascii.hexlify(hash).decode())
518
519 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
520 with open(dst, "w") as f:
521 f.write(32*"00")
522
523 ssid = "test-wpa2-eap"
524 params = hostapd.wpa2_eap_params(ssid=ssid)
525 hapd = hostapd.add_ap(apdev[0], params)
526
527 ifname = dev[0].ifname
528 sigma = start_sigma_dut(ifname, cert_path=logdir)
529
530 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
531
532 tests = ["",
533 ",Domain,server.w1.fi",
534 ",DomainSuffix,w1.fi",
535 ",DomainSuffix,server.w1.fi",
536 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
537 for extra in tests:
538 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
539 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
540 sigma_dut_cmd_check(cmd + extra)
541 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
542 sigma_dut_wait_connected(ifname)
543 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
544 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
545 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
546 dev[0].dump_monitor()
547
548 tests = [",Domain,w1.fi",
549 ",DomainSuffix,example.com",
550 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
551 for extra in tests:
552 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
553 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
554 sigma_dut_cmd_check(cmd + extra)
555 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
556 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
557 if ev is None:
558 raise Exception("Server certificate error not reported")
559 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
560 if "connected,1" in res:
561 raise Exception("Unexpected connection reported")
562 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
563 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
564 dev[0].dump_monitor()
565
566 stop_sigma_dut(sigma)
567
568 def test_sigma_dut_suite_b(dev, apdev, params):
569 """sigma_dut controlled STA Suite B"""
570 check_suite_b_192_capa(dev)
571 logdir = params['logdir']
572
573 with open("auth_serv/ec2-ca.pem", "r") as f:
574 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
575 f2.write(f.read())
576
577 with open("auth_serv/ec2-user.pem", "r") as f:
578 with open("auth_serv/ec2-user.key", "r") as f2:
579 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
580 f3.write(f.read())
581 f3.write(f2.read())
582
583 dev[0].flush_scan_cache()
584 params = suite_b_as_params()
585 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
586 params['server_cert'] = 'auth_serv/ec2-server.pem'
587 params['private_key'] = 'auth_serv/ec2-server.key'
588 params['openssl_ciphers'] = 'SUITEB192'
589 hostapd.add_ap(apdev[1], params)
590
591 params = {"ssid": "test-suite-b",
592 "wpa": "2",
593 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
594 "rsn_pairwise": "GCMP-256",
595 "group_mgmt_cipher": "BIP-GMAC-256",
596 "ieee80211w": "2",
597 "ieee8021x": "1",
598 'auth_server_addr': "127.0.0.1",
599 'auth_server_port': "18129",
600 'auth_server_shared_secret': "radius",
601 'nas_identifier': "nas.w1.fi"}
602 hapd = hostapd.add_ap(apdev[0], params)
603
604 ifname = dev[0].ifname
605 sigma = start_sigma_dut(ifname, cert_path=logdir)
606
607 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
608 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
609 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
610 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
611 sigma_dut_wait_connected(ifname)
612 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
613 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
614 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
615
616 stop_sigma_dut(sigma)
617
618 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
619 """sigma_dut controlled STA Suite B (RSA)"""
620 check_suite_b_192_capa(dev)
621 logdir = params['logdir']
622
623 with open("auth_serv/rsa3072-ca.pem", "r") as f:
624 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
625 f2.write(f.read())
626
627 with open("auth_serv/rsa3072-user.pem", "r") as f:
628 with open("auth_serv/rsa3072-user.key", "r") as f2:
629 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
630 f3.write(f.read())
631 f3.write(f2.read())
632
633 dev[0].flush_scan_cache()
634 params = suite_b_192_rsa_ap_params()
635 hapd = hostapd.add_ap(apdev[0], params)
636
637 ifname = dev[0].ifname
638 sigma = start_sigma_dut(ifname, cert_path=logdir)
639
640 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
641
642 tests = ["",
643 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
644 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
645 for extra in tests:
646 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
647 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
648 sigma_dut_cmd_check(cmd + extra)
649 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
650 sigma_dut_wait_connected(ifname)
651 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
652 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
653 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
654
655 stop_sigma_dut(sigma)
656
657 def test_sigma_dut_ap_suite_b(dev, apdev, params):
658 """sigma_dut controlled AP Suite B"""
659 check_suite_b_192_capa(dev)
660 logdir = os.path.join(params['logdir'],
661 "sigma_dut_ap_suite_b.sigma-hostapd")
662 params = suite_b_as_params()
663 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
664 params['server_cert'] = 'auth_serv/ec2-server.pem'
665 params['private_key'] = 'auth_serv/ec2-server.key'
666 params['openssl_ciphers'] = 'SUITEB192'
667 hostapd.add_ap(apdev[1], params)
668 with HWSimRadio() as (radio, iface):
669 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
670 try:
671 sigma_dut_cmd_check("ap_reset_default")
672 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
673 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
674 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
675 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
676
677 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
678 ieee80211w="2",
679 openssl_ciphers="SUITEB192",
680 eap="TLS", identity="tls user",
681 ca_cert="auth_serv/ec2-ca.pem",
682 client_cert="auth_serv/ec2-user.pem",
683 private_key="auth_serv/ec2-user.key",
684 pairwise="GCMP-256", group="GCMP-256",
685 scan_freq="2412")
686
687 sigma_dut_cmd_check("ap_reset_default")
688 finally:
689 stop_sigma_dut(sigma)
690
691 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
692 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
693 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
694 "GCMP")
695
696 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
697 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
698 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
699 "GCMP-256")
700
701 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
702 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
703 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
704 "CCMP")
705
706 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
707 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
708 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
709 "CCMP-256")
710
711 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
712 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
713 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
714 "BIP-GMAC-256", "CCMP")
715
716 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
717 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
718 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
719 "BIP-GMAC-256", "GCMP-256", "CCMP")
720
721 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
722 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
723 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
724 "GCMP-256", "CCMP", "AES-CCMP-128")
725
726 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
727 sta_cipher, sta_cipher_group=None, ap_group=None):
728 check_suite_b_192_capa(dev)
729 logdir = os.path.join(params['logdir'],
730 "sigma_dut_ap_cipher.sigma-hostapd")
731 params = suite_b_as_params()
732 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
733 params['server_cert'] = 'auth_serv/ec2-server.pem'
734 params['private_key'] = 'auth_serv/ec2-server.key'
735 params['openssl_ciphers'] = 'SUITEB192'
736 hostapd.add_ap(apdev[1], params)
737 with HWSimRadio() as (radio, iface):
738 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
739 try:
740 sigma_dut_cmd_check("ap_reset_default")
741 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
742 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
743 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
744 if ap_group:
745 cmd += ",GroupCipher,%s" % ap_group
746 sigma_dut_cmd_check(cmd)
747 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
748
749 if sta_cipher_group is None:
750 sta_cipher_group = sta_cipher
751 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
752 ieee80211w="2",
753 openssl_ciphers="SUITEB192",
754 eap="TLS", identity="tls user",
755 ca_cert="auth_serv/ec2-ca.pem",
756 client_cert="auth_serv/ec2-user.pem",
757 private_key="auth_serv/ec2-user.key",
758 pairwise=sta_cipher, group=sta_cipher_group,
759 scan_freq="2412")
760
761 sigma_dut_cmd_check("ap_reset_default")
762 finally:
763 stop_sigma_dut(sigma)
764
765 def test_sigma_dut_ap_override_rsne(dev, apdev):
766 """sigma_dut controlled AP overriding RSNE"""
767 with HWSimRadio() as (radio, iface):
768 sigma = start_sigma_dut(iface)
769 try:
770 sigma_dut_cmd_check("ap_reset_default")
771 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
772 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
773 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
774 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
775
776 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
777
778 sigma_dut_cmd_check("ap_reset_default")
779 finally:
780 stop_sigma_dut(sigma)
781
782 def test_sigma_dut_ap_sae(dev, apdev, params):
783 """sigma_dut controlled AP with SAE"""
784 logdir = os.path.join(params['logdir'],
785 "sigma_dut_ap_sae.sigma-hostapd")
786 if "SAE" not in dev[0].get_capability("auth_alg"):
787 raise HwsimSkip("SAE not supported")
788 with HWSimRadio() as (radio, iface):
789 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
790 try:
791 sigma_dut_cmd_check("ap_reset_default")
792 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
793 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
794 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
795
796 dev[0].request("SET sae_groups ")
797 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
798 ieee80211w="2", scan_freq="2412")
799 if dev[0].get_status_field('sae_group') != '19':
800 raise Exception("Expected default SAE group not used")
801
802 sigma_dut_cmd_check("ap_reset_default")
803 finally:
804 stop_sigma_dut(sigma)
805
806 def test_sigma_dut_ap_sae_password(dev, apdev, params):
807 """sigma_dut controlled AP with SAE and long password"""
808 logdir = os.path.join(params['logdir'],
809 "sigma_dut_ap_sae_password.sigma-hostapd")
810 if "SAE" not in dev[0].get_capability("auth_alg"):
811 raise HwsimSkip("SAE not supported")
812 with HWSimRadio() as (radio, iface):
813 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
814 try:
815 sigma_dut_cmd_check("ap_reset_default")
816 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
817 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
818 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
819
820 dev[0].request("SET sae_groups ")
821 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
822 ieee80211w="2", scan_freq="2412")
823 if dev[0].get_status_field('sae_group') != '19':
824 raise Exception("Expected default SAE group not used")
825
826 sigma_dut_cmd_check("ap_reset_default")
827 finally:
828 stop_sigma_dut(sigma)
829
830 def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
831 """sigma_dut controlled AP with SAE Password Identifier"""
832 logdir = os.path.join(params['logdir'],
833 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
834 conffile = os.path.join(params['logdir'],
835 "sigma_dut_ap_sae_pw_id.sigma-conf")
836 if "SAE" not in dev[0].get_capability("auth_alg"):
837 raise HwsimSkip("SAE not supported")
838 with HWSimRadio() as (radio, iface):
839 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
840 try:
841 sigma_dut_cmd_check("ap_reset_default")
842 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
843 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
844 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
845
846 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
847 with open(conffile, "wb") as f2:
848 f2.write(f.read())
849
850 dev[0].request("SET sae_groups ")
851 tests = [("pw1", "id1"),
852 ("pw2", "id2"),
853 ("pw3", None),
854 ("pw4", "id4")]
855 for pw, pw_id in tests:
856 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
857 sae_password_id=pw_id,
858 ieee80211w="2", scan_freq="2412")
859 dev[0].request("REMOVE_NETWORK all")
860 dev[0].wait_disconnected()
861
862 sigma_dut_cmd_check("ap_reset_default")
863 finally:
864 stop_sigma_dut(sigma)
865
866 def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
867 """sigma_dut controlled AP with SAE Password Identifier and FT"""
868 logdir = os.path.join(params['logdir'],
869 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
870 conffile = os.path.join(params['logdir'],
871 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
872 if "SAE" not in dev[0].get_capability("auth_alg"):
873 raise HwsimSkip("SAE not supported")
874 with HWSimRadio() as (radio, iface):
875 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
876 try:
877 sigma_dut_cmd_check("ap_reset_default")
878 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
879 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
880 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
881
882 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
883 with open(conffile, "wb") as f2:
884 f2.write(f.read())
885
886 dev[0].request("SET sae_groups ")
887 tests = [("pw1", "id1", "SAE"),
888 ("pw2", "id2", "FT-SAE"),
889 ("pw3", None, "FT-SAE"),
890 ("pw4", "id4", "SAE")]
891 for pw, pw_id, key_mgmt in tests:
892 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
893 sae_password_id=pw_id,
894 ieee80211w="2", scan_freq="2412")
895 dev[0].request("REMOVE_NETWORK all")
896 dev[0].wait_disconnected()
897
898 sigma_dut_cmd_check("ap_reset_default")
899 finally:
900 stop_sigma_dut(sigma)
901
902 def test_sigma_dut_ap_sae_group(dev, apdev, params):
903 """sigma_dut controlled AP with SAE and specific group"""
904 logdir = os.path.join(params['logdir'],
905 "sigma_dut_ap_sae_group.sigma-hostapd")
906 if "SAE" not in dev[0].get_capability("auth_alg"):
907 raise HwsimSkip("SAE not supported")
908 with HWSimRadio() as (radio, iface):
909 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
910 try:
911 sigma_dut_cmd_check("ap_reset_default")
912 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
913 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
914 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
915
916 dev[0].request("SET sae_groups ")
917 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
918 ieee80211w="2", scan_freq="2412")
919 if dev[0].get_status_field('sae_group') != '20':
920 raise Exception("Expected SAE group not used")
921
922 sigma_dut_cmd_check("ap_reset_default")
923 finally:
924 stop_sigma_dut(sigma)
925
926 def test_sigma_dut_ap_psk_sae(dev, apdev, params):
927 """sigma_dut controlled AP with PSK+SAE"""
928 if "SAE" not in dev[0].get_capability("auth_alg"):
929 raise HwsimSkip("SAE not supported")
930 logdir = os.path.join(params['logdir'],
931 "sigma_dut_ap_psk_sae.sigma-hostapd")
932 with HWSimRadio() as (radio, iface):
933 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
934 try:
935 sigma_dut_cmd_check("ap_reset_default")
936 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
937 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
938 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
939
940 dev[2].request("SET sae_groups ")
941 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
942 scan_freq="2412", ieee80211w="0", wait_connect=False)
943 dev[0].request("SET sae_groups ")
944 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
945 scan_freq="2412", ieee80211w="2")
946 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
947
948 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
949 dev[2].request("DISCONNECT")
950 if ev is not None:
951 raise Exception("Unexpected connection without PMF")
952
953 sigma_dut_cmd_check("ap_reset_default")
954 finally:
955 stop_sigma_dut(sigma)
956
957 def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
958 """sigma_dut controlled AP with PSK, SAE, FT"""
959 logdir = os.path.join(params['logdir'],
960 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
961 conffile = os.path.join(params['logdir'],
962 "sigma_dut_ap_psk_sae_ft.sigma-conf")
963 if "SAE" not in dev[0].get_capability("auth_alg"):
964 raise HwsimSkip("SAE not supported")
965 with HWSimRadio() as (radio, iface):
966 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
967 try:
968 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
969 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
970 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
971 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
972 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
973 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
974
975 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
976 with open(conffile, "wb") as f2:
977 f2.write(f.read())
978
979 dev[0].request("SET sae_groups ")
980 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
981 sae_password="12345678", scan_freq="2412")
982 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
983 psk="12345678", scan_freq="2412")
984 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
985 psk="12345678", scan_freq="2412")
986
987 sigma_dut_cmd_check("ap_reset_default")
988 finally:
989 stop_sigma_dut(sigma)
990
991 def test_sigma_dut_owe(dev, apdev):
992 """sigma_dut controlled OWE station"""
993 try:
994 run_sigma_dut_owe(dev, apdev)
995 finally:
996 dev[0].set("ignore_old_scan_res", "0")
997
998 def run_sigma_dut_owe(dev, apdev):
999 if "OWE" not in dev[0].get_capability("key_mgmt"):
1000 raise HwsimSkip("OWE not supported")
1001
1002 ifname = dev[0].ifname
1003 sigma = start_sigma_dut(ifname)
1004
1005 try:
1006 params = {"ssid": "owe",
1007 "wpa": "2",
1008 "wpa_key_mgmt": "OWE",
1009 "ieee80211w": "2",
1010 "rsn_pairwise": "CCMP"}
1011 hapd = hostapd.add_ap(apdev[0], params)
1012 bssid = hapd.own_addr()
1013
1014 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1015 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1016 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
1017 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1018 sigma_dut_wait_connected(ifname)
1019 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1020
1021 dev[0].dump_monitor()
1022 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1023 dev[0].wait_connected()
1024 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1025 dev[0].wait_disconnected()
1026 dev[0].dump_monitor()
1027
1028 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1029 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1030 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1031 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1032 sigma_dut_wait_connected(ifname)
1033 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1034 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1035 dev[0].wait_disconnected()
1036 dev[0].dump_monitor()
1037
1038 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1039 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1040 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
1041 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1042 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1043 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1044 if ev is None:
1045 raise Exception("Association not rejected")
1046 if "status_code=77" not in ev:
1047 raise Exception("Unexpected rejection reason: " + ev)
1048
1049 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1050 finally:
1051 stop_sigma_dut(sigma)
1052
1053 def test_sigma_dut_ap_owe(dev, apdev, params):
1054 """sigma_dut controlled AP with OWE"""
1055 logdir = os.path.join(params['logdir'],
1056 "sigma_dut_ap_owe.sigma-hostapd")
1057 if "OWE" not in dev[0].get_capability("key_mgmt"):
1058 raise HwsimSkip("OWE not supported")
1059 with HWSimRadio() as (radio, iface):
1060 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1061 try:
1062 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1063 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1064 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1065 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1066
1067 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1068 scan_freq="2412")
1069
1070 sigma_dut_cmd_check("ap_reset_default")
1071 finally:
1072 stop_sigma_dut(sigma)
1073
1074 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1075 """sigma_dut controlled AP with OWE and ECGroupID"""
1076 if "OWE" not in dev[0].get_capability("key_mgmt"):
1077 raise HwsimSkip("OWE not supported")
1078 with HWSimRadio() as (radio, iface):
1079 sigma = start_sigma_dut(iface)
1080 try:
1081 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1082 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1083 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1084 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1085
1086 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1087 owe_group="20", scan_freq="2412")
1088 dev[0].request("REMOVE_NETWORK all")
1089 dev[0].wait_disconnected()
1090
1091 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1092 owe_group="21", scan_freq="2412")
1093 dev[0].request("REMOVE_NETWORK all")
1094 dev[0].wait_disconnected()
1095
1096 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1097 owe_group="19", scan_freq="2412", wait_connect=False)
1098 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1099 dev[0].request("DISCONNECT")
1100 if ev is None:
1101 raise Exception("Association not rejected")
1102 if "status_code=77" not in ev:
1103 raise Exception("Unexpected rejection reason: " + ev)
1104 dev[0].dump_monitor()
1105
1106 sigma_dut_cmd_check("ap_reset_default")
1107 finally:
1108 stop_sigma_dut(sigma)
1109
1110 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1111 """sigma_dut controlled AP with OWE and transition mode"""
1112 if "OWE" not in dev[0].get_capability("key_mgmt"):
1113 raise HwsimSkip("OWE not supported")
1114 logdir = os.path.join(params['logdir'],
1115 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1116 with HWSimRadio() as (radio, iface):
1117 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1118 try:
1119 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1120 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1121 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1122 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1123 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1124 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1125
1126 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1127 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1128
1129 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1130 scan_freq="2412")
1131 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1132 if dev[0].get_status_field('bssid') not in res1:
1133 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1134 if dev[1].get_status_field('bssid') not in res2:
1135 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
1136
1137 sigma_dut_cmd_check("ap_reset_default")
1138 finally:
1139 stop_sigma_dut(sigma)
1140
1141 def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1142 """sigma_dut controlled AP with OWE and transition mode (2)"""
1143 if "OWE" not in dev[0].get_capability("key_mgmt"):
1144 raise HwsimSkip("OWE not supported")
1145 logdir = os.path.join(params['logdir'],
1146 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1147 with HWSimRadio() as (radio, iface):
1148 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1149 try:
1150 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1151 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1152 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1153 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1154 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1155 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1156
1157 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1158 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1159
1160 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1161 scan_freq="2412")
1162 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1163 if dev[0].get_status_field('bssid') not in res2:
1164 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1165 if dev[1].get_status_field('bssid') not in res1:
1166 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1167
1168 sigma_dut_cmd_check("ap_reset_default")
1169 finally:
1170 stop_sigma_dut(sigma)
1171
1172 def dpp_init_enrollee(dev, id1):
1173 logger.info("Starting DPP initiator/enrollee in a thread")
1174 time.sleep(1)
1175 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1176 if "OK" not in dev.request(cmd):
1177 raise Exception("Failed to initiate DPP Authentication")
1178 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1179 if ev is None:
1180 raise Exception("DPP configuration not completed (Enrollee)")
1181 logger.info("DPP initiator/enrollee done")
1182
1183 def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1184 """sigma_dut DPP/QR responder (conf index 1)"""
1185 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1186
1187 def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1188 """sigma_dut DPP/QR responder (conf index 2)"""
1189 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1190
1191 def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1192 """sigma_dut DPP/QR responder (conf index 3)"""
1193 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1194
1195 def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1196 """sigma_dut DPP/QR responder (conf index 4)"""
1197 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1198
1199 def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1200 """sigma_dut DPP/QR responder (conf index 5)"""
1201 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1202
1203 def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1204 """sigma_dut DPP/QR responder (conf index 6)"""
1205 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1206
1207 def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1208 """sigma_dut DPP/QR responder (conf index 7)"""
1209 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1210
1211 def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1212 """sigma_dut DPP/QR responder (conf index 8)"""
1213 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1214
1215 def test_sigma_dut_dpp_qr_resp_9(dev, apdev):
1216 """sigma_dut DPP/QR responder (conf index 9)"""
1217 run_sigma_dut_dpp_qr_resp(dev, apdev, 9)
1218
1219 def test_sigma_dut_dpp_qr_resp_10(dev, apdev):
1220 """sigma_dut DPP/QR responder (conf index 10)"""
1221 run_sigma_dut_dpp_qr_resp(dev, apdev, 10)
1222
1223 def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1224 """sigma_dut DPP/QR responder (channel list override)"""
1225 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1226 listen_chan=2)
1227
1228 def test_sigma_dut_dpp_qr_resp_status_query(dev, apdev):
1229 """sigma_dut DPP/QR responder status query"""
1230 params = hostapd.wpa2_params(ssid="DPPNET01",
1231 passphrase="ThisIsDppPassphrase")
1232 hapd = hostapd.add_ap(apdev[0], params)
1233
1234 try:
1235 dev[1].set("dpp_config_processing", "2")
1236 run_sigma_dut_dpp_qr_resp(dev, apdev, 3, status_query=True)
1237 finally:
1238 dev[1].set("dpp_config_processing", "0")
1239
1240 def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1241 listen_chan=None, status_query=False):
1242 check_dpp_capab(dev[0])
1243 check_dpp_capab(dev[1])
1244 sigma = start_sigma_dut(dev[0].ifname)
1245 try:
1246 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1247 if chan_list:
1248 cmd += ",DPPChannelList," + chan_list
1249 res = sigma_dut_cmd(cmd)
1250 if "status,COMPLETE" not in res:
1251 raise Exception("dev_exec_action did not succeed: " + res)
1252 hex = res.split(',')[3]
1253 uri = from_hex(hex)
1254 logger.info("URI from sigma_dut: " + uri)
1255
1256 id1 = dev[1].dpp_qr_code(uri)
1257
1258 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1))
1259 t.start()
1260 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1261 if listen_chan:
1262 cmd += ",DPPListenChannel," + str(listen_chan)
1263 if status_query:
1264 cmd += ",DPPStatusQuery,Yes"
1265 res = sigma_dut_cmd(cmd, timeout=10)
1266 t.join()
1267 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1268 raise Exception("Unexpected result: " + res)
1269 if status_query and "StatusResult,0" not in res:
1270 raise Exception("Status query did not succeed: " + res)
1271 finally:
1272 stop_sigma_dut(sigma)
1273
1274 def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1275 """sigma_dut DPP/QR initiator as Enrollee"""
1276 check_dpp_capab(dev[0])
1277 check_dpp_capab(dev[1])
1278
1279 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1280 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1281 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1282 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1283
1284 params = {"ssid": "DPPNET01",
1285 "wpa": "2",
1286 "ieee80211w": "2",
1287 "wpa_key_mgmt": "DPP",
1288 "rsn_pairwise": "CCMP",
1289 "dpp_connector": ap_connector,
1290 "dpp_csign": csign_pub,
1291 "dpp_netaccesskey": ap_netaccesskey}
1292 try:
1293 hapd = hostapd.add_ap(apdev[0], params)
1294 except:
1295 raise HwsimSkip("DPP not supported")
1296
1297 sigma = start_sigma_dut(dev[0].ifname)
1298 try:
1299 dev[0].set("dpp_config_processing", "2")
1300
1301 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1302 res = dev[1].request(cmd)
1303 if "FAIL" in res:
1304 raise Exception("Failed to add configurator")
1305 conf_id = int(res)
1306
1307 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1308 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1309
1310 dev[1].set("dpp_configurator_params",
1311 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1312 cmd = "DPP_LISTEN 2437 role=configurator"
1313 if "OK" not in dev[1].request(cmd):
1314 raise Exception("Failed to start listen operation")
1315
1316 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1317 if "status,COMPLETE" not in res:
1318 raise Exception("dev_exec_action did not succeed: " + res)
1319
1320 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1321 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1322 raise Exception("Unexpected result: " + res)
1323 finally:
1324 dev[0].set("dpp_config_processing", "0")
1325 stop_sigma_dut(sigma)
1326
1327 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1328 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1329 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1330
1331 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1332 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1333 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1334 extra="DPPAuthDirection,Mutual,")
1335
1336 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
1337 check_dpp_capab(dev[0])
1338 check_dpp_capab(dev[1])
1339
1340 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1341 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1342 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1343 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1344
1345 params = {"ssid": "DPPNET01",
1346 "wpa": "2",
1347 "ieee80211w": "2",
1348 "wpa_key_mgmt": "DPP",
1349 "rsn_pairwise": "CCMP",
1350 "dpp_connector": ap_connector,
1351 "dpp_csign": csign_pub,
1352 "dpp_netaccesskey": ap_netaccesskey}
1353 try:
1354 hapd = hostapd.add_ap(apdev[0], params)
1355 except:
1356 raise HwsimSkip("DPP not supported")
1357
1358 sigma = start_sigma_dut(dev[0].ifname)
1359 try:
1360 dev[0].set("dpp_config_processing", "2")
1361
1362 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1363 res = dev[1].request(cmd)
1364 if "FAIL" in res:
1365 raise Exception("Failed to add configurator")
1366 conf_id = int(res)
1367
1368 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1369 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1370
1371 dev[1].set("dpp_configurator_params",
1372 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1373 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1374 if "OK" not in dev[1].request(cmd):
1375 raise Exception("Failed to start listen operation")
1376
1377 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1378 if "status,COMPLETE" not in res:
1379 raise Exception("dev_exec_action did not succeed: " + res)
1380 hex = res.split(',')[3]
1381 uri = from_hex(hex)
1382 logger.info("URI from sigma_dut: " + uri)
1383
1384 id1 = dev[1].dpp_qr_code(uri)
1385
1386 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1387 if "status,COMPLETE" not in res:
1388 raise Exception("dev_exec_action did not succeed: " + res)
1389
1390 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
1391 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1392 raise Exception("Unexpected result: " + res)
1393 finally:
1394 dev[0].set("dpp_config_processing", "0")
1395 stop_sigma_dut(sigma)
1396
1397 def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1398 time.sleep(1)
1399 logger.info("Starting DPP initiator/configurator in a thread")
1400 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
1401 if own_id is not None:
1402 cmd += " own=%d" % own_id
1403 if "OK" not in dev.request(cmd):
1404 raise Exception("Failed to initiate DPP Authentication")
1405 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1406 if ev is None:
1407 raise Exception("DPP configuration not completed (Configurator)")
1408 logger.info("DPP initiator/configurator done")
1409
1410 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1411 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1412 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1413
1414 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1415 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1416 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1417
1418 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
1419 check_dpp_capab(dev[0])
1420 check_dpp_capab(dev[1])
1421
1422 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1423 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1424 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1425 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1426
1427 params = {"ssid": "DPPNET01",
1428 "wpa": "2",
1429 "ieee80211w": "2",
1430 "wpa_key_mgmt": "DPP",
1431 "rsn_pairwise": "CCMP",
1432 "dpp_connector": ap_connector,
1433 "dpp_csign": csign_pub,
1434 "dpp_netaccesskey": ap_netaccesskey}
1435 try:
1436 hapd = hostapd.add_ap(apdev[0], params)
1437 except:
1438 raise HwsimSkip("DPP not supported")
1439
1440 sigma = start_sigma_dut(dev[0].ifname)
1441 try:
1442 dev[0].set("dpp_config_processing", "2")
1443
1444 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1445 res = dev[1].request(cmd)
1446 if "FAIL" in res:
1447 raise Exception("Failed to add configurator")
1448 conf_id = int(res)
1449
1450 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1451 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1452
1453 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1454 if "status,COMPLETE" not in res:
1455 raise Exception("dev_exec_action did not succeed: " + res)
1456 hex = res.split(',')[3]
1457 uri = from_hex(hex)
1458 logger.info("URI from sigma_dut: " + uri)
1459
1460 id1 = dev[1].dpp_qr_code(uri)
1461
1462 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1463 if "status,COMPLETE" not in res:
1464 raise Exception("dev_exec_action did not succeed: " + res)
1465
1466 t = threading.Thread(target=dpp_init_conf_mutual,
1467 args=(dev[1], id1, conf_id, id0))
1468 t.start()
1469
1470 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1471 if extra:
1472 cmd += extra
1473 res = sigma_dut_cmd(cmd, timeout=25)
1474 t.join()
1475 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1476 raise Exception("Unexpected result: " + res)
1477 finally:
1478 dev[0].set("dpp_config_processing", "0")
1479 stop_sigma_dut(sigma)
1480
1481 def dpp_resp_conf_mutual(dev, conf_id, uri):
1482 logger.info("Starting DPP responder/configurator in a thread")
1483 dev.set("dpp_configurator_params",
1484 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1485 conf_id))
1486 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1487 if "OK" not in dev.request(cmd):
1488 raise Exception("Failed to initiate DPP listen")
1489 if uri:
1490 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1491 if ev is None:
1492 raise Exception("QR Code scan for mutual authentication not requested")
1493 dev.dpp_qr_code(uri)
1494 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1495 if ev is None:
1496 raise Exception("DPP configuration not completed (Configurator)")
1497 logger.info("DPP responder/configurator done")
1498
1499 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1500 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1501 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1502
1503 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1504 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1505 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1506
1507 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1508 check_dpp_capab(dev[0])
1509 check_dpp_capab(dev[1])
1510
1511 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1512 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1513 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1514 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1515
1516 params = {"ssid": "DPPNET01",
1517 "wpa": "2",
1518 "ieee80211w": "2",
1519 "wpa_key_mgmt": "DPP",
1520 "rsn_pairwise": "CCMP",
1521 "dpp_connector": ap_connector,
1522 "dpp_csign": csign_pub,
1523 "dpp_netaccesskey": ap_netaccesskey}
1524 try:
1525 hapd = hostapd.add_ap(apdev[0], params)
1526 except:
1527 raise HwsimSkip("DPP not supported")
1528
1529 sigma = start_sigma_dut(dev[0].ifname)
1530 try:
1531 dev[0].set("dpp_config_processing", "2")
1532
1533 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1534 res = dev[1].request(cmd)
1535 if "FAIL" in res:
1536 raise Exception("Failed to add configurator")
1537 conf_id = int(res)
1538
1539 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1540 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1541
1542 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1543 if "status,COMPLETE" not in res:
1544 raise Exception("dev_exec_action did not succeed: " + res)
1545 hex = res.split(',')[3]
1546 uri = from_hex(hex)
1547 logger.info("URI from sigma_dut: " + uri)
1548
1549 if not resp_pending:
1550 dev[1].dpp_qr_code(uri)
1551 uri = None
1552
1553 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1554 if "status,COMPLETE" not in res:
1555 raise Exception("dev_exec_action did not succeed: " + res)
1556
1557 t = threading.Thread(target=dpp_resp_conf_mutual,
1558 args=(dev[1], conf_id, uri))
1559 t.start()
1560
1561 time.sleep(1)
1562 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1563 res = sigma_dut_cmd(cmd, timeout=15)
1564 t.join()
1565 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1566 raise Exception("Unexpected result: " + res)
1567 finally:
1568 dev[0].set("dpp_config_processing", "0")
1569 stop_sigma_dut(sigma)
1570
1571 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1572 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1573 check_dpp_capab(dev[0])
1574 check_dpp_capab(dev[1])
1575
1576 params = hostapd.wpa2_params(ssid="DPPNET01",
1577 passphrase="ThisIsDppPassphrase")
1578 hapd = hostapd.add_ap(apdev[0], params)
1579
1580 sigma = start_sigma_dut(dev[0].ifname)
1581 try:
1582 dev[0].set("dpp_config_processing", "2")
1583
1584 cmd = "DPP_CONFIGURATOR_ADD"
1585 res = dev[1].request(cmd)
1586 if "FAIL" in res:
1587 raise Exception("Failed to add configurator")
1588 conf_id = int(res)
1589
1590 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1591 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1592
1593 dev[1].set("dpp_configurator_params",
1594 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1595 cmd = "DPP_LISTEN 2437 role=configurator"
1596 if "OK" not in dev[1].request(cmd):
1597 raise Exception("Failed to start listen operation")
1598
1599 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1600 if "status,COMPLETE" not in res:
1601 raise Exception("dev_exec_action did not succeed: " + res)
1602
1603 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1604 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1605 raise Exception("Unexpected result: " + res)
1606 finally:
1607 dev[0].set("dpp_config_processing", "0")
1608 stop_sigma_dut(sigma)
1609
1610 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1611 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1612 check_dpp_capab(dev[0])
1613 check_dpp_capab(dev[1])
1614 if "SAE" not in dev[0].get_capability("auth_alg"):
1615 raise HwsimSkip("SAE not supported")
1616
1617 params = hostapd.wpa2_params(ssid="DPPNET01",
1618 passphrase="ThisIsDppPassphrase")
1619 params['wpa_key_mgmt'] = 'SAE'
1620 params["ieee80211w"] = "2"
1621 hapd = hostapd.add_ap(apdev[0], params)
1622
1623 sigma = start_sigma_dut(dev[0].ifname)
1624 try:
1625 dev[0].set("dpp_config_processing", "2")
1626 dev[0].set("sae_groups", "")
1627
1628 cmd = "DPP_CONFIGURATOR_ADD"
1629 res = dev[1].request(cmd)
1630 if "FAIL" in res:
1631 raise Exception("Failed to add configurator")
1632 conf_id = int(res)
1633
1634 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1635 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1636
1637 dev[1].set("dpp_configurator_params",
1638 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1639 cmd = "DPP_LISTEN 2437 role=configurator"
1640 if "OK" not in dev[1].request(cmd):
1641 raise Exception("Failed to start listen operation")
1642
1643 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1644 if "status,COMPLETE" not in res:
1645 raise Exception("dev_exec_action did not succeed: " + res)
1646
1647 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1648 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1649 raise Exception("Unexpected result: " + res)
1650 finally:
1651 dev[0].set("dpp_config_processing", "0")
1652 stop_sigma_dut(sigma)
1653
1654 def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
1655 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1656 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
1657
1658 def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
1659 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1660 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
1661
1662 def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
1663 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1664 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
1665
1666 def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
1667 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1668 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
1669
1670 def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
1671 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1672 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
1673
1674 def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
1675 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1676 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
1677
1678 def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
1679 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1680 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
1681
1682 def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
1683 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1684 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
1685
1686 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
1687 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1688 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
1689
1690 def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
1691 prov_role="Configurator",
1692 extra=None):
1693 check_dpp_capab(dev[0])
1694 check_dpp_capab(dev[1])
1695 sigma = start_sigma_dut(dev[0].ifname)
1696 try:
1697 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1698 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1699
1700 cmd = "DPP_LISTEN 2437 role=enrollee"
1701 if "OK" not in dev[1].request(cmd):
1702 raise Exception("Failed to start listen operation")
1703
1704 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1705 if "status,COMPLETE" not in res:
1706 raise Exception("dev_exec_action did not succeed: " + res)
1707
1708 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
1709 if extra:
1710 cmd += "," + extra
1711 res = sigma_dut_cmd(cmd)
1712 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1713 raise Exception("Unexpected result: " + res)
1714 finally:
1715 stop_sigma_dut(sigma)
1716
1717 def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
1718 """sigma_dut DPP roles incompatible (Initiator)"""
1719 check_dpp_capab(dev[0])
1720 check_dpp_capab(dev[1])
1721 sigma = start_sigma_dut(dev[0].ifname)
1722 try:
1723 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1724 if "status,COMPLETE" not in res:
1725 raise Exception("dev_exec_action did not succeed: " + res)
1726 hex = res.split(',')[3]
1727 uri = from_hex(hex)
1728 logger.info("URI from sigma_dut: " + uri)
1729
1730 id1 = dev[1].dpp_qr_code(uri)
1731
1732 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1733 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1734
1735 cmd = "DPP_LISTEN 2437 role=enrollee"
1736 if "OK" not in dev[1].request(cmd):
1737 raise Exception("Failed to start listen operation")
1738
1739 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1740 if "status,COMPLETE" not in res:
1741 raise Exception("dev_exec_action did not succeed: " + res)
1742
1743 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1744 res = sigma_dut_cmd(cmd)
1745 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1746 raise Exception("Unexpected result: " + res)
1747 finally:
1748 stop_sigma_dut(sigma)
1749
1750 def dpp_init_enrollee_mutual(dev, id1, own_id):
1751 logger.info("Starting DPP initiator/enrollee in a thread")
1752 time.sleep(1)
1753 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
1754 if "OK" not in dev.request(cmd):
1755 raise Exception("Failed to initiate DPP Authentication")
1756 ev = dev.wait_event(["DPP-CONF-RECEIVED",
1757 "DPP-NOT-COMPATIBLE"], timeout=5)
1758 if ev is None:
1759 raise Exception("DPP configuration not completed (Enrollee)")
1760 logger.info("DPP initiator/enrollee done")
1761
1762 def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
1763 """sigma_dut DPP roles incompatible (Responder)"""
1764 check_dpp_capab(dev[0])
1765 check_dpp_capab(dev[1])
1766 sigma = start_sigma_dut(dev[0].ifname)
1767 try:
1768 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1769 res = sigma_dut_cmd(cmd)
1770 if "status,COMPLETE" not in res:
1771 raise Exception("dev_exec_action did not succeed: " + res)
1772 hex = res.split(',')[3]
1773 uri = from_hex(hex)
1774 logger.info("URI from sigma_dut: " + uri)
1775
1776 id1 = dev[1].dpp_qr_code(uri)
1777
1778 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1779 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1780
1781 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1782 if "status,COMPLETE" not in res:
1783 raise Exception("dev_exec_action did not succeed: " + res)
1784
1785 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
1786 t.start()
1787 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1788 res = sigma_dut_cmd(cmd, timeout=10)
1789 t.join()
1790 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1791 raise Exception("Unexpected result: " + res)
1792 finally:
1793 stop_sigma_dut(sigma)
1794
1795 def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
1796 """sigma_dut DPP/PKEX initiator as Configurator"""
1797 check_dpp_capab(dev[0])
1798 check_dpp_capab(dev[1])
1799 sigma = start_sigma_dut(dev[0].ifname)
1800 try:
1801 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
1802 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
1803 res = dev[1].request(cmd)
1804 if "FAIL" in res:
1805 raise Exception("Failed to set PKEX data (responder)")
1806 cmd = "DPP_LISTEN 2437 role=enrollee"
1807 if "OK" not in dev[1].request(cmd):
1808 raise Exception("Failed to start listen operation")
1809
1810 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1811 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1812 raise Exception("Unexpected result: " + res)
1813 finally:
1814 stop_sigma_dut(sigma)
1815
1816 def dpp_init_conf(dev, id1, conf, conf_id, extra):
1817 logger.info("Starting DPP initiator/configurator in a thread")
1818 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
1819 if "OK" not in dev.request(cmd):
1820 raise Exception("Failed to initiate DPP Authentication")
1821 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1822 if ev is None:
1823 raise Exception("DPP configuration not completed (Configurator)")
1824 logger.info("DPP initiator/configurator done")
1825
1826 def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
1827 """sigma_dut controlled AP (DPP)"""
1828 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
1829
1830 def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
1831 """sigma_dut controlled AP (legacy)"""
1832 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1833 extra="pass=%s" % to_hex("qwertyuiop"))
1834
1835 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
1836 """sigma_dut controlled AP (legacy)"""
1837 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1838 extra="psk=%s" % (32*"12"))
1839
1840 def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
1841 check_dpp_capab(dev[0])
1842 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
1843 with HWSimRadio() as (radio, iface):
1844 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1845 try:
1846 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1847 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1848 if "status,COMPLETE" not in res:
1849 raise Exception("dev_exec_action did not succeed: " + res)
1850 hex = res.split(',')[3]
1851 uri = from_hex(hex)
1852 logger.info("URI from sigma_dut: " + uri)
1853
1854 cmd = "DPP_CONFIGURATOR_ADD"
1855 res = dev[0].request(cmd)
1856 if "FAIL" in res:
1857 raise Exception("Failed to add configurator")
1858 conf_id = int(res)
1859
1860 id1 = dev[0].dpp_qr_code(uri)
1861
1862 t = threading.Thread(target=dpp_init_conf,
1863 args=(dev[0], id1, ap_conf, conf_id, extra))
1864 t.start()
1865 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
1866 t.join()
1867 if "ConfResult,OK" not in res:
1868 raise Exception("Unexpected result: " + res)
1869
1870 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
1871 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1872
1873 id0b = dev[0].dpp_qr_code(uri1)
1874
1875 dev[1].set("dpp_config_processing", "2")
1876 cmd = "DPP_LISTEN 2412"
1877 if "OK" not in dev[1].request(cmd):
1878 raise Exception("Failed to start listen operation")
1879 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
1880 if "OK" not in dev[0].request(cmd):
1881 raise Exception("Failed to initiate DPP Authentication")
1882 dev[1].wait_connected()
1883
1884 sigma_dut_cmd_check("ap_reset_default")
1885 finally:
1886 dev[1].set("dpp_config_processing", "0")
1887 stop_sigma_dut(sigma)
1888
1889 def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
1890 """sigma_dut controlled AP as DPP PKEX responder"""
1891 check_dpp_capab(dev[0])
1892 logdir = os.path.join(params['logdir'],
1893 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
1894 with HWSimRadio() as (radio, iface):
1895 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1896 try:
1897 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
1898 finally:
1899 stop_sigma_dut(sigma)
1900
1901 def dpp_init_conf_pkex(dev, conf_id, check_config=True):
1902 logger.info("Starting DPP PKEX initiator/configurator in a thread")
1903 time.sleep(1.5)
1904 id = dev.dpp_bootstrap_gen(type="pkex")
1905 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
1906 res = dev.request(cmd)
1907 if "FAIL" in res:
1908 raise Exception("Failed to initiate DPP PKEX")
1909 if not check_config:
1910 return
1911 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1912 if ev is None:
1913 raise Exception("DPP configuration not completed (Configurator)")
1914 logger.info("DPP initiator/configurator done")
1915
1916 def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
1917 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1918
1919 cmd = "DPP_CONFIGURATOR_ADD"
1920 res = dev[0].request(cmd)
1921 if "FAIL" in res:
1922 raise Exception("Failed to add configurator")
1923 conf_id = int(res)
1924
1925 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
1926 t.start()
1927 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
1928 t.join()
1929 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1930 raise Exception("Unexpected result: " + res)
1931
1932 sigma_dut_cmd_check("ap_reset_default")
1933
1934 def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
1935 """sigma_dut controlled STA as DPP PKEX responder and error case"""
1936 check_dpp_capab(dev[0])
1937 sigma = start_sigma_dut(dev[0].ifname)
1938 try:
1939 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
1940 finally:
1941 stop_sigma_dut(sigma)
1942
1943 def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
1944 cmd = "DPP_CONFIGURATOR_ADD"
1945 res = dev[1].request(cmd)
1946 if "FAIL" in res:
1947 raise Exception("Failed to add configurator")
1948 conf_id = int(res)
1949
1950 dev[1].set("dpp_test", "44")
1951
1952 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
1953 False))
1954 t.start()
1955 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
1956 t.join()
1957 if "BootstrapResult,Timeout" not in res:
1958 raise Exception("Unexpected result: " + res)
1959
1960 def dpp_proto_init(dev, id1):
1961 time.sleep(1)
1962 logger.info("Starting DPP initiator/configurator in a thread")
1963 cmd = "DPP_CONFIGURATOR_ADD"
1964 res = dev.request(cmd)
1965 if "FAIL" in res:
1966 raise Exception("Failed to add configurator")
1967 conf_id = int(res)
1968
1969 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
1970 if "OK" not in dev.request(cmd):
1971 raise Exception("Failed to initiate DPP Authentication")
1972
1973 def test_sigma_dut_dpp_proto_initiator(dev, apdev):
1974 """sigma_dut DPP protocol testing - Initiator"""
1975 check_dpp_capab(dev[0])
1976 check_dpp_capab(dev[1])
1977 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
1978 "BootstrapResult,OK,AuthResult,Errorsent",
1979 None),
1980 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
1981 "BootstrapResult,OK,AuthResult,Errorsent",
1982 None),
1983 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
1984 "BootstrapResult,OK,AuthResult,Errorsent",
1985 "Missing or invalid I-capabilities"),
1986 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
1987 "BootstrapResult,OK,AuthResult,Errorsent",
1988 "Mismatching Initiator Authenticating Tag"),
1989 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
1990 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
1991 "Missing or invalid Enrollee Nonce attribute")]
1992 for step, frame, attr, result, fail in tests:
1993 dev[0].request("FLUSH")
1994 dev[1].request("FLUSH")
1995 sigma = start_sigma_dut(dev[0].ifname)
1996 try:
1997 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
1998 fail)
1999 finally:
2000 stop_sigma_dut(sigma)
2001
2002 def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
2003 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2004 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2005
2006 cmd = "DPP_LISTEN 2437 role=enrollee"
2007 if "OK" not in dev[1].request(cmd):
2008 raise Exception("Failed to start listen operation")
2009
2010 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2011 if "status,COMPLETE" not in res:
2012 raise Exception("dev_exec_action did not succeed: " + res)
2013
2014 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
2015 timeout=10)
2016 if result not in res:
2017 raise Exception("Unexpected result: " + res)
2018 if fail:
2019 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2020 if ev is None or fail not in ev:
2021 raise Exception("Failure not reported correctly: " + str(ev))
2022
2023 dev[1].request("DPP_STOP_LISTEN")
2024 dev[0].dump_monitor()
2025 dev[1].dump_monitor()
2026
2027 def test_sigma_dut_dpp_proto_responder(dev, apdev):
2028 """sigma_dut DPP protocol testing - Responder"""
2029 check_dpp_capab(dev[0])
2030 check_dpp_capab(dev[1])
2031 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2032 "BootstrapResult,OK,AuthResult,Errorsent",
2033 "Missing or invalid required DPP Status attribute"),
2034 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2035 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2036 "Missing or invalid Enrollee Nonce attribute")]
2037 for step, frame, attr, result, fail in tests:
2038 dev[0].request("FLUSH")
2039 dev[1].request("FLUSH")
2040 sigma = start_sigma_dut(dev[0].ifname)
2041 try:
2042 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2043 fail)
2044 finally:
2045 stop_sigma_dut(sigma)
2046
2047 def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2048 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2049 if "status,COMPLETE" not in res:
2050 raise Exception("dev_exec_action did not succeed: " + res)
2051 hex = res.split(',')[3]
2052 uri = from_hex(hex)
2053 logger.info("URI from sigma_dut: " + uri)
2054
2055 id1 = dev[1].dpp_qr_code(uri)
2056
2057 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2058 t.start()
2059 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2060 t.join()
2061 if result not in res:
2062 raise Exception("Unexpected result: " + res)
2063 if fail:
2064 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2065 if ev is None or fail not in ev:
2066 raise Exception("Failure not reported correctly:" + str(ev))
2067
2068 dev[1].request("DPP_STOP_LISTEN")
2069 dev[0].dump_monitor()
2070 dev[1].dump_monitor()
2071
2072 def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2073 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2074 check_dpp_capab(dev[0])
2075 check_dpp_capab(dev[1])
2076 tests = [("AuthenticationResponse",
2077 "BootstrapResult,OK,AuthResult,Errorsent",
2078 None),
2079 ("ConfigurationRequest",
2080 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2081 None)]
2082 for frame, result, fail in tests:
2083 dev[0].request("FLUSH")
2084 dev[1].request("FLUSH")
2085 sigma = start_sigma_dut(dev[0].ifname)
2086 try:
2087 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2088 finally:
2089 stop_sigma_dut(sigma)
2090
2091 def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
2092 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2093 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2094
2095 cmd = "DPP_LISTEN 2437 role=enrollee"
2096 if "OK" not in dev[1].request(cmd):
2097 raise Exception("Failed to start listen operation")
2098
2099 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2100 if "status,COMPLETE" not in res:
2101 raise Exception("dev_exec_action did not succeed: " + res)
2102
2103 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2104 if result not in res:
2105 raise Exception("Unexpected result: " + res)
2106 if fail:
2107 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2108 if ev is None or fail not in ev:
2109 raise Exception("Failure not reported correctly: " + str(ev))
2110
2111 dev[1].request("DPP_STOP_LISTEN")
2112 dev[0].dump_monitor()
2113 dev[1].dump_monitor()
2114
2115 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2116 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2117 check_dpp_capab(dev[0])
2118 check_dpp_capab(dev[1])
2119 tests = [("AuthenticationConfirm",
2120 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2121 None)]
2122 for frame, result, fail in tests:
2123 dev[0].request("FLUSH")
2124 dev[1].request("FLUSH")
2125 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2126 try:
2127 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2128 result, fail)
2129 finally:
2130 stop_sigma_dut(sigma)
2131
2132 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2133 fail):
2134 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2135 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2136
2137 cmd = "DPP_LISTEN 2437 role=configurator"
2138 if "OK" not in dev[1].request(cmd):
2139 raise Exception("Failed to start listen operation")
2140
2141 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2142 if "status,COMPLETE" not in res:
2143 raise Exception("dev_exec_action did not succeed: " + res)
2144
2145 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2146 if result not in res:
2147 raise Exception("Unexpected result: " + res)
2148 if fail:
2149 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2150 if ev is None or fail not in ev:
2151 raise Exception("Failure not reported correctly: " + str(ev))
2152
2153 dev[1].request("DPP_STOP_LISTEN")
2154 dev[0].dump_monitor()
2155 dev[1].dump_monitor()
2156
2157 def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2158 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2159 check_dpp_capab(dev[0])
2160 check_dpp_capab(dev[1])
2161 tests = [("AuthenticationRequest",
2162 "BootstrapResult,OK,AuthResult,Errorsent",
2163 None),
2164 ("AuthenticationConfirm",
2165 "BootstrapResult,OK,AuthResult,Errorsent",
2166 None)]
2167 for frame, result, fail in tests:
2168 dev[0].request("FLUSH")
2169 dev[1].request("FLUSH")
2170 sigma = start_sigma_dut(dev[0].ifname)
2171 try:
2172 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2173 finally:
2174 stop_sigma_dut(sigma)
2175
2176 def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2177 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2178 if "status,COMPLETE" not in res:
2179 raise Exception("dev_exec_action did not succeed: " + res)
2180 hex = res.split(',')[3]
2181 uri = from_hex(hex)
2182 logger.info("URI from sigma_dut: " + uri)
2183
2184 id1 = dev[1].dpp_qr_code(uri)
2185
2186 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2187 t.start()
2188 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2189 t.join()
2190 if result not in res:
2191 raise Exception("Unexpected result: " + res)
2192 if fail:
2193 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2194 if ev is None or fail not in ev:
2195 raise Exception("Failure not reported correctly:" + str(ev))
2196
2197 dev[1].request("DPP_STOP_LISTEN")
2198 dev[0].dump_monitor()
2199 dev[1].dump_monitor()
2200
2201 def dpp_proto_init_pkex(dev):
2202 time.sleep(1)
2203 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2204 cmd = "DPP_CONFIGURATOR_ADD"
2205 res = dev.request(cmd)
2206 if "FAIL" in res:
2207 raise Exception("Failed to add configurator")
2208 conf_id = int(res)
2209
2210 id = dev.dpp_bootstrap_gen(type="pkex")
2211
2212 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2213 if "FAIL" in dev.request(cmd):
2214 raise Exception("Failed to initiate DPP PKEX")
2215
2216 def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2217 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2218 check_dpp_capab(dev[0])
2219 check_dpp_capab(dev[1])
2220 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2221 "BootstrapResult,Errorsent",
2222 None),
2223 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2224 "BootstrapResult,Errorsent",
2225 "Missing or invalid Finite Cyclic Group attribute"),
2226 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2227 "BootstrapResult,Errorsent",
2228 "No valid peer bootstrapping key found")]
2229 for step, frame, attr, result, fail in tests:
2230 dev[0].request("FLUSH")
2231 dev[1].request("FLUSH")
2232 sigma = start_sigma_dut(dev[0].ifname)
2233 try:
2234 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2235 result, fail)
2236 finally:
2237 stop_sigma_dut(sigma)
2238
2239 def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
2240 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2241
2242 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2243 res = dev[1].request(cmd)
2244 if "FAIL" in res:
2245 raise Exception("Failed to set PKEX data (responder)")
2246
2247 cmd = "DPP_LISTEN 2437 role=enrollee"
2248 if "OK" not in dev[1].request(cmd):
2249 raise Exception("Failed to start listen operation")
2250
2251 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
2252 if result not in res:
2253 raise Exception("Unexpected result: " + res)
2254 if fail:
2255 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2256 if ev is None or fail not in ev:
2257 raise Exception("Failure not reported correctly: " + str(ev))
2258
2259 dev[1].request("DPP_STOP_LISTEN")
2260 dev[0].dump_monitor()
2261 dev[1].dump_monitor()
2262
2263 def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2264 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2265 check_dpp_capab(dev[0])
2266 check_dpp_capab(dev[1])
2267 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2268 "BootstrapResult,Errorsent",
2269 None),
2270 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2271 "BootstrapResult,Errorsent",
2272 "No DPP Status attribute"),
2273 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2274 "BootstrapResult,Errorsent",
2275 "No valid peer bootstrapping key found")]
2276 for step, frame, attr, result, fail in tests:
2277 dev[0].request("FLUSH")
2278 dev[1].request("FLUSH")
2279 sigma = start_sigma_dut(dev[0].ifname)
2280 try:
2281 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2282 result, fail)
2283 finally:
2284 stop_sigma_dut(sigma)
2285
2286 def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2287 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2288 t.start()
2289 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2290 t.join()
2291 if result not in res:
2292 raise Exception("Unexpected result: " + res)
2293 if fail:
2294 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2295 if ev is None or fail not in ev:
2296 raise Exception("Failure not reported correctly:" + str(ev))
2297
2298 dev[1].request("DPP_STOP_LISTEN")
2299 dev[0].dump_monitor()
2300 dev[1].dump_monitor()
2301
2302 def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2303 check_dpp_capab(dev[0])
2304 check_dpp_capab(dev[1])
2305
2306 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2307 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2308 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2309 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2310
2311 params = {"ssid": "DPPNET01",
2312 "wpa": "2",
2313 "ieee80211w": "2",
2314 "wpa_key_mgmt": "DPP",
2315 "rsn_pairwise": "CCMP",
2316 "dpp_connector": ap_connector,
2317 "dpp_csign": csign_pub,
2318 "dpp_netaccesskey": ap_netaccesskey}
2319 try:
2320 hapd = hostapd.add_ap(apdev[0], params)
2321 except:
2322 raise HwsimSkip("DPP not supported")
2323
2324 dev[0].set("dpp_config_processing", "2")
2325
2326 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2327 res = dev[1].request(cmd)
2328 if "FAIL" in res:
2329 raise Exception("Failed to add configurator")
2330 conf_id = int(res)
2331
2332 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2333 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2334
2335 dev[1].set("dpp_configurator_params",
2336 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2337 conf_id))
2338 cmd = "DPP_LISTEN 2437 role=configurator"
2339 if "OK" not in dev[1].request(cmd):
2340 raise Exception("Failed to start listen operation")
2341
2342 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2343 if "status,COMPLETE" not in res:
2344 raise Exception("dev_exec_action did not succeed: " + res)
2345
2346 def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2347 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2348 sigma = start_sigma_dut(dev[0].ifname)
2349 try:
2350 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2351
2352 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2353 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2354 raise Exception("Unexpected result: " + res)
2355 finally:
2356 dev[0].set("dpp_config_processing", "0")
2357 stop_sigma_dut(sigma)
2358
2359 def test_sigma_dut_dpp_self_config(dev, apdev):
2360 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2361 check_dpp_capab(dev[0])
2362
2363 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2364 check_dpp_capab(hapd)
2365
2366 sigma = start_sigma_dut(dev[0].ifname)
2367 try:
2368 dev[0].set("dpp_config_processing", "2")
2369 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2370 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2371
2372 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2373 if "status,COMPLETE" not in res:
2374 raise Exception("dev_exec_action did not succeed: " + res)
2375
2376 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2377 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2378 raise Exception("Unexpected result: " + res)
2379 update_hapd_config(hapd)
2380
2381 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2382 res = sigma_dut_cmd(cmd, timeout=10)
2383 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2384 raise Exception("Unexpected result: " + res)
2385 finally:
2386 stop_sigma_dut(sigma)
2387 dev[0].set("dpp_config_processing", "0")
2388
2389 def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2390 """sigma_dut DPP AP Configurator using self-configuration"""
2391 logdir = os.path.join(params['logdir'],
2392 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2393 with HWSimRadio() as (radio, iface):
2394 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2395 try:
2396 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2397 finally:
2398 stop_sigma_dut(sigma)
2399 dev[0].set("dpp_config_processing", "0")
2400
2401 def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2402 check_dpp_capab(dev[0])
2403
2404 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2405
2406 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2407 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2408 raise Exception("Unexpected result: " + res)
2409
2410 dev[0].set("dpp_config_processing", "2")
2411
2412 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
2413 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2414 cmd = "DPP_LISTEN 2462 role=enrollee"
2415 if "OK" not in dev[0].request(cmd):
2416 raise Exception("Failed to start listen operation")
2417
2418 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2419 if "status,COMPLETE" not in res:
2420 raise Exception("dev_exec_action did not succeed: " + res)
2421 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2422 res = sigma_dut_cmd(cmd)
2423 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2424 raise Exception("Unexpected result: " + res)
2425 dev[0].wait_connected()
2426 dev[0].request("DISCONNECT")
2427 dev[0].wait_disconnected()
2428 sigma_dut_cmd_check("ap_reset_default")
2429
2430
2431 def test_sigma_dut_ap_dpp_relay(dev, apdev, params):
2432 """sigma_dut DPP AP as Relay to Controller"""
2433 logdir = os.path.join(params['logdir'],
2434 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2435 with HWSimRadio() as (radio, iface):
2436 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2437 try:
2438 run_sigma_dut_ap_dpp_relay(dev, apdev)
2439 finally:
2440 stop_sigma_dut(sigma)
2441 dev[1].request("DPP_CONTROLLER_STOP")
2442
2443 def run_sigma_dut_ap_dpp_relay(dev, apdev):
2444 check_dpp_capab(dev[0])
2445 check_dpp_capab(dev[1])
2446
2447 # Controller
2448 conf_id = dev[1].dpp_configurator_add()
2449 dev[1].set("dpp_configurator_params",
2450 " conf=sta-dpp configurator=%d" % conf_id)
2451 id_c = dev[1].dpp_bootstrap_gen()
2452 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2453 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
2454 pkhash = None
2455 for line in res.splitlines():
2456 name, value = line.split('=')
2457 if name == "pkhash":
2458 pkhash = value
2459 break
2460 if not pkhash:
2461 raise Exception("Could not fetch public key hash from Controller")
2462 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2463 raise Exception("Failed to start Controller")
2464
2465 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2466 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash)
2467 res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2468
2469 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
2470 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0])
2471
2472 sigma_dut_cmd_check("ap_reset_default")
2473
2474 def test_sigma_dut_preconfigured_profile(dev, apdev):
2475 """sigma_dut controlled connection using preconfigured profile"""
2476 try:
2477 run_sigma_dut_preconfigured_profile(dev, apdev)
2478 finally:
2479 dev[0].set("ignore_old_scan_res", "0")
2480
2481 def run_sigma_dut_preconfigured_profile(dev, apdev):
2482 ifname = dev[0].ifname
2483 sigma = start_sigma_dut(ifname)
2484
2485 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2486 hapd = hostapd.add_ap(apdev[0], params)
2487 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2488 only_add_network=True)
2489
2490 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2491 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"))
2492 sigma_dut_wait_connected(ifname)
2493 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2494 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2495 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2496
2497 stop_sigma_dut(sigma)
2498
2499 def test_sigma_dut_wps_pbc(dev, apdev):
2500 """sigma_dut and WPS PBC Enrollee"""
2501 try:
2502 run_sigma_dut_wps_pbc(dev, apdev)
2503 finally:
2504 dev[0].set("ignore_old_scan_res", "0")
2505
2506 def run_sigma_dut_wps_pbc(dev, apdev):
2507 ssid = "test-wps-conf"
2508 hapd = hostapd.add_ap(apdev[0],
2509 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2510 "wpa_passphrase": "12345678", "wpa": "2",
2511 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2512 hapd.request("WPS_PBC")
2513
2514 ifname = dev[0].ifname
2515 sigma = start_sigma_dut(ifname)
2516
2517 cmd = "start_wps_registration,interface,%s" % ifname
2518 cmd += ",WpsRole,Enrollee"
2519 cmd += ",WpsConfigMethod,PBC"
2520 sigma_dut_cmd_check(cmd, timeout=15)
2521
2522 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2523 hapd.disable()
2524 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2525 stop_sigma_dut(sigma)
2526 dev[0].flush_scan_cache()
2527
2528 def test_sigma_dut_sta_scan_bss(dev, apdev):
2529 """sigma_dut sta_scan_bss"""
2530 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
2531 sigma = start_sigma_dut(dev[0].ifname)
2532 try:
2533 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2534 hapd.own_addr())
2535 res = sigma_dut_cmd(cmd, timeout=10)
2536 if "ssid,test,bsschannel,1" not in res:
2537 raise Exception("Unexpected result: " + res)
2538 finally:
2539 stop_sigma_dut(sigma)
2540
2541 def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2542 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2543 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2544 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2545 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2546 try:
2547 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
2548 res = sigma_dut_cmd(cmd, timeout=10)
2549 if "abcdef" not in res or "qwerty" not in res:
2550 raise Exception("Unexpected result: " + res)
2551 finally:
2552 stop_sigma_dut(sigma)
2553
2554 def test_sigma_dut_ap_osen(dev, apdev, params):
2555 """sigma_dut controlled AP with OSEN"""
2556 logdir = os.path.join(params['logdir'],
2557 "sigma_dut_ap_osen.sigma-hostapd")
2558 with HWSimRadio() as (radio, iface):
2559 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2560 try:
2561 sigma_dut_cmd_check("ap_reset_default")
2562 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2563 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2564 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2565 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2566
2567 # RSN-OSEN (for OSU)
2568 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2569 pairwise="CCMP", group="GTK_NOT_USED",
2570 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2571 ca_cert="auth_serv/ca.pem", scan_freq="2412")
2572
2573 sigma_dut_cmd_check("ap_reset_default")
2574 finally:
2575 stop_sigma_dut(sigma)
2576
2577 def test_sigma_dut_ap_eap_osen(dev, apdev, params):
2578 """sigma_dut controlled AP with EAP+OSEN"""
2579 logdir = os.path.join(params['logdir'],
2580 "sigma_dut_ap_eap_osen.sigma-hostapd")
2581 with HWSimRadio() as (radio, iface):
2582 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
2583 try:
2584 sigma_dut_cmd_check("ap_reset_default")
2585 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2586 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2587 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2588 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2589
2590 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2591 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2592
2593 # RSN-OSEN (for OSU)
2594 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2595 pairwise="CCMP",
2596 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2597 ca_cert="auth_serv/ca.pem", ieee80211w='2',
2598 scan_freq="2412")
2599 # RSN-EAP (for data connection)
2600 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2601 identity="hs20-test", password="password",
2602 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2603 ieee80211w='2', scan_freq="2412")
2604
2605 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
2606 success_expected=False, timeout=1)
2607
2608 sigma_dut_cmd_check("ap_reset_default")
2609 finally:
2610 stop_sigma_dut(sigma)
2611 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2612 stderr=open('/dev/null', 'w'))
2613 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2614 stderr=open('/dev/null', 'w'))
2615
2616 def test_sigma_dut_ap_eap(dev, apdev, params):
2617 """sigma_dut controlled AP WPA2-Enterprise"""
2618 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2619 with HWSimRadio() as (radio, iface):
2620 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2621 try:
2622 sigma_dut_cmd_check("ap_reset_default")
2623 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2624 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2625 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2626 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2627
2628 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
2629 identity="gpsk user",
2630 password="abcdefghijklmnop0123456789abcdef",
2631 scan_freq="2412")
2632
2633 sigma_dut_cmd_check("ap_reset_default")
2634 finally:
2635 stop_sigma_dut(sigma)
2636
2637 def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
2638 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2639 logdir = os.path.join(params['logdir'],
2640 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2641 with HWSimRadio() as (radio, iface):
2642 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2643 try:
2644 sigma_dut_cmd_check("ap_reset_default")
2645 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2646 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2647 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2648 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2649
2650 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
2651 identity="gpsk user",
2652 password="abcdefghijklmnop0123456789abcdef",
2653 scan_freq="2412")
2654
2655 sigma_dut_cmd_check("ap_reset_default")
2656 finally:
2657 stop_sigma_dut(sigma)
2658
2659 def test_sigma_dut_ap_ft_eap(dev, apdev, params):
2660 """sigma_dut controlled AP FT-EAP"""
2661 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2662 with HWSimRadio() as (radio, iface):
2663 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2664 try:
2665 sigma_dut_cmd_check("ap_reset_default")
2666 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2667 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2668 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2669 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2670
2671 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2672 identity="gpsk user",
2673 password="abcdefghijklmnop0123456789abcdef",
2674 scan_freq="2412")
2675
2676 sigma_dut_cmd_check("ap_reset_default")
2677 finally:
2678 stop_sigma_dut(sigma)
2679
2680 def test_sigma_dut_ap_ft_psk(dev, apdev, params):
2681 """sigma_dut controlled AP FT-PSK"""
2682 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2683 with HWSimRadio() as (radio, iface):
2684 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2685 try:
2686 sigma_dut_cmd_check("ap_reset_default")
2687 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2688 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2689 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2690
2691 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2692 scan_freq="2412")
2693
2694 sigma_dut_cmd_check("ap_reset_default")
2695 finally:
2696 stop_sigma_dut(sigma)
2697
2698 def test_sigma_dut_ap_ft_over_ds_psk(dev, apdev, params):
2699 """sigma_dut controlled AP FT-PSK (over-DS)"""
2700 logdir = os.path.join(params['logdir'],
2701 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
2702 conffile = os.path.join(params['logdir'],
2703 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
2704 with HWSimRadio() as (radio, iface):
2705 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2706 try:
2707 sigma_dut_cmd_check("ap_reset_default")
2708 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
2709 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2710 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2711
2712 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
2713 with open(conffile, "wb") as f2:
2714 f2.write(f.read())
2715
2716 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2717 scan_freq="2412")
2718
2719 sigma_dut_cmd_check("ap_reset_default")
2720 finally:
2721 stop_sigma_dut(sigma)
2722
2723 def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
2724 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2725 logdir = os.path.join(params['logdir'],
2726 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2727 with HWSimRadio() as (radio, iface):
2728 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2729 try:
2730 sigma_dut_cmd_check("ap_reset_default")
2731 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2732 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2733 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2734 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2735
2736 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2737 identity="gpsk user",
2738 password="abcdefghijklmnop0123456789abcdef",
2739 scan_freq="2412")
2740 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
2741 identity="gpsk user",
2742 password="abcdefghijklmnop0123456789abcdef",
2743 scan_freq="2412")
2744
2745 sigma_dut_cmd_check("ap_reset_default")
2746 finally:
2747 stop_sigma_dut(sigma)
2748
2749 def test_sigma_dut_venue_url(dev, apdev):
2750 """sigma_dut controlled Venue URL fetch"""
2751 try:
2752 run_sigma_dut_venue_url(dev, apdev)
2753 finally:
2754 dev[0].set("ignore_old_scan_res", "0")
2755
2756 def run_sigma_dut_venue_url(dev, apdev):
2757 ifname = dev[0].ifname
2758 sigma = start_sigma_dut(ifname, debug=True)
2759
2760 ssid = "venue"
2761 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
2762 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
2763 params["ieee80211w"] = "2"
2764
2765 venue_group = 1
2766 venue_type = 13
2767 venue_info = struct.pack('BB', venue_group, venue_type)
2768 lang1 = "eng"
2769 name1 = "Example venue"
2770 lang2 = "fin"
2771 name2 = "Esimerkkipaikka"
2772 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
2773 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
2774 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
2775
2776 url1 = "http://example.com/venue"
2777 url2 = "https://example.org/venue-info/"
2778 params["venue_group"] = str(venue_group)
2779 params["venue_type"] = str(venue_type)
2780 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
2781 params["venue_url"] = ["1:" + url1, "2:" + url2]
2782
2783 hapd = hostapd.add_ap(apdev[0], params)
2784
2785 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
2786 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2787 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
2788 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"))
2789 sigma_dut_wait_connected(ifname)
2790 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2791 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
2792 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2793 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2794
2795 stop_sigma_dut(sigma)
2796
2797 def test_sigma_dut_hs20_assoc_24(dev, apdev):
2798 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
2799 run_sigma_dut_hs20_assoc(dev, apdev, True)
2800
2801 def test_sigma_dut_hs20_assoc_5(dev, apdev):
2802 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
2803 run_sigma_dut_hs20_assoc(dev, apdev, False)
2804
2805 def run_sigma_dut_hs20_assoc(dev, apdev, band24):
2806 hapd0 = None
2807 hapd1 = None
2808 try:
2809 bssid0 = apdev[0]['bssid']
2810 params = hs20_ap_params()
2811 params['hessid'] = bssid0
2812 hapd0 = hostapd.add_ap(apdev[0], params)
2813
2814 bssid1 = apdev[1]['bssid']
2815 params = hs20_ap_params()
2816 params['hessid'] = bssid0
2817 params["hw_mode"] = "a"
2818 params["channel"] = "36"
2819 params["country_code"] = "US"
2820 hapd1 = hostapd.add_ap(apdev[1], params)
2821
2822 band = "2.4" if band24 else "5"
2823 exp_bssid = bssid0 if band24 else bssid1
2824 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
2825 finally:
2826 dev[0].request("DISCONNECT")
2827 if hapd0:
2828 hapd0.request("DISABLE")
2829 if hapd1:
2830 hapd1.request("DISABLE")
2831 subprocess.call(['iw', 'reg', 'set', '00'])
2832 dev[0].flush_scan_cache()
2833
2834 def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
2835 check_eap_capa(dev[0], "MSCHAPV2")
2836 dev[0].flush_scan_cache()
2837
2838 ifname = dev[0].ifname
2839 sigma = start_sigma_dut(ifname, debug=True)
2840
2841 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
2842 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2843 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
2844 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
2845 timeout=15)
2846 sigma_dut_wait_connected(ifname)
2847 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2848 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2849 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2850
2851 stop_sigma_dut(sigma)
2852
2853 if "BSSID," + expect_bssid not in res:
2854 raise Exception("Unexpected BSSID: " + res)
2855
2856 def test_sigma_dut_ap_hs20(dev, apdev, params):
2857 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
2858 logdir = os.path.join(params['logdir'],
2859 "sigma_dut_ap_hs20.sigma-hostapd")
2860 conffile = os.path.join(params['logdir'],
2861 "sigma_dut_ap_hs20.sigma-conf")
2862 with HWSimRadio() as (radio, iface):
2863 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2864 try:
2865 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
2866 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2867 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2868 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
2869 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
2870 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
2871 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
2872 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
2873 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
2874 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
2875 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
2876 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
2877 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
2878 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2879
2880 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
2881 with open(conffile, "wb") as f2:
2882 f2.write(f.read())
2883
2884 sigma_dut_cmd_check("ap_reset_default")
2885 finally:
2886 stop_sigma_dut(sigma)
2887
2888 def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
2889 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
2890 logdir = params['logdir']
2891
2892 with open("auth_serv/ca.pem", "r") as f:
2893 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
2894 "w") as f2:
2895 f2.write(f.read())
2896
2897 src = "auth_serv/server.pem"
2898 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
2899 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
2900 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
2901 "-outform", "DER"],
2902 stderr=open('/dev/null', 'w'))
2903 with open(dst, "rb") as f:
2904 der = f.read()
2905 hash = hashlib.sha256(der).digest()
2906 with open(hashdst, "w") as f:
2907 f.write(binascii.hexlify(hash).decode())
2908
2909 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
2910 with open(dst, "w") as f:
2911 f.write(32*"00")
2912
2913 ssid = "test-wpa2-eap"
2914 params = hostapd.wpa2_eap_params(ssid=ssid)
2915 hapd = hostapd.add_ap(apdev[0], params)
2916
2917 ifname = dev[0].ifname
2918 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
2919
2920 try:
2921 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
2922
2923 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
2924 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2925 sigma_dut_cmd_check(cmd)
2926 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2927 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
2928 if ev is None:
2929 raise Exception("Server certificate error not reported")
2930
2931 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
2932 if "ServerCertTrustResult,Accepted" not in res:
2933 raise Exception("Server certificate trust was not accepted")
2934 sigma_dut_wait_connected(ifname)
2935 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2936 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2937 dev[0].dump_monitor()
2938 finally:
2939 stop_sigma_dut(sigma)
2940
2941 def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
2942 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
2943 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
2944
2945 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
2946 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
2947 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
2948
2949 def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
2950 logdir = params['logdir']
2951
2952 name = "sigma_dut_eap_ttls_uosc_tod"
2953 if tofu:
2954 name += "_tofu"
2955 with open("auth_serv/ca.pem", "r") as f:
2956 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
2957 f2.write(f.read())
2958
2959 if tofu:
2960 src = "auth_serv/server-certpol2.pem"
2961 else:
2962 src = "auth_serv/server-certpol.pem"
2963 dst = os.path.join(logdir, name + ".server.der")
2964 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
2965 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
2966 "-outform", "DER"],
2967 stderr=open('/dev/null', 'w'))
2968 with open(dst, "rb") as f:
2969 der = f.read()
2970 hash = hashlib.sha256(der).digest()
2971 with open(hashdst, "w") as f:
2972 f.write(binascii.hexlify(hash).decode())
2973
2974 ssid = "test-wpa2-eap"
2975 params = int_eap_server_params()
2976 params["ssid"] = ssid
2977 if tofu:
2978 params["server_cert"] = "auth_serv/server-certpol2.pem"
2979 params["private_key"] = "auth_serv/server-certpol2.key"
2980 else:
2981 params["server_cert"] = "auth_serv/server-certpol.pem"
2982 params["private_key"] = "auth_serv/server-certpol.key"
2983 hapd = hostapd.add_ap(apdev[0], params)
2984
2985 ifname = dev[0].ifname
2986 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
2987
2988 try:
2989 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
2990 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
2991 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2992 sigma_dut_cmd_check(cmd)
2993 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
2994 sigma_dut_wait_connected(ifname)
2995 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2996 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
2997 dev[0].wait_disconnected()
2998 dev[0].dump_monitor()
2999
3000 hapd.disable()
3001 params = hostapd.wpa2_eap_params(ssid=ssid)
3002 hapd = hostapd.add_ap(apdev[0], params)
3003
3004 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3005 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3006 if ev is None:
3007 raise Exception("Server certificate error not reported")
3008
3009 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3010 if "ServerCertTrustResult,Accepted" in res:
3011 raise Exception("Server certificate trust override was accepted unexpectedly")
3012 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3013 dev[0].dump_monitor()
3014 finally:
3015 stop_sigma_dut(sigma)
3016
3017 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
3018 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3019 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
3020
3021 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
3022 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3023 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
3024
3025 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
3026 logdir = params['logdir']
3027
3028 name = "sigma_dut_eap_ttls_uosc_initial_tod"
3029 if tofu:
3030 name += "_tofu"
3031 with open("auth_serv/rsa3072-ca.pem", "r") as f:
3032 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3033 f2.write(f.read())
3034
3035 if tofu:
3036 src = "auth_serv/server-certpol2.pem"
3037 else:
3038 src = "auth_serv/server-certpol.pem"
3039 dst = os.path.join(logdir, name + ".server.der")
3040 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3041 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3042 "-outform", "DER"],
3043 stderr=open('/dev/null', 'w'))
3044 with open(dst, "rb") as f:
3045 der = f.read()
3046 hash = hashlib.sha256(der).digest()
3047 with open(hashdst, "w") as f:
3048 f.write(binascii.hexlify(hash).decode())
3049
3050 ssid = "test-wpa2-eap"
3051 params = int_eap_server_params()
3052 params["ssid"] = ssid
3053 if tofu:
3054 params["server_cert"] = "auth_serv/server-certpol2.pem"
3055 params["private_key"] = "auth_serv/server-certpol2.key"
3056 else:
3057 params["server_cert"] = "auth_serv/server-certpol.pem"
3058 params["private_key"] = "auth_serv/server-certpol.key"
3059 hapd = hostapd.add_ap(apdev[0], params)
3060
3061 ifname = dev[0].ifname
3062 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3063
3064 try:
3065 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
3066 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3067 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3068 sigma_dut_cmd_check(cmd)
3069 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3070 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
3071 if ev is None:
3072 raise Exception("Server certificate validation failure not reported")
3073
3074 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3075 if not tofu and "ServerCertTrustResult,Accepted" in res:
3076 raise Exception("Server certificate trust override was accepted unexpectedly")
3077 if tofu and "ServerCertTrustResult,Accepted" not in res:
3078 raise Exception("Server certificate trust override was not accepted")
3079 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3080 dev[0].dump_monitor()
3081 finally:
3082 stop_sigma_dut(sigma)
3083
3084 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
3085 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3086 logdir = params['logdir']
3087
3088 with open("auth_serv/ca.pem", "r") as f:
3089 with open(os.path.join(logdir,
3090 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3091 "w") as f2:
3092 f2.write(f.read())
3093
3094 ssid = "test-wpa2-eap"
3095 params = int_eap_server_params()
3096 params["ssid"] = ssid
3097 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3098 params["server_cert"] = "auth_serv/rsa3072-server.pem"
3099 params["private_key"] = "auth_serv/rsa3072-server.key"
3100 hapd = hostapd.add_ap(apdev[0], params)
3101
3102 ifname = dev[0].ifname
3103 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3104
3105 try:
3106 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
3107 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3108 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3109 sigma_dut_cmd_check(cmd)
3110 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3111 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3112 if ev is None:
3113 raise Exception("Server certificate error not reported")
3114
3115 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3116 if "ServerCertTrustResult,Accepted" not in res:
3117 raise Exception("Server certificate trust was not accepted")
3118 sigma_dut_wait_connected(ifname)
3119 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3120 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3121 dev[0].dump_monitor()
3122 finally:
3123 stop_sigma_dut(sigma)
Unnamed repository; edit this file 'description' to name the repository.