1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
11 logger
= logging
.getLogger()
20 from utils
import HwsimSkip
21 from hwsim
import HWSimRadio
23 from test_dpp
import check_dpp_capab
, update_hapd_config
, wait_auth_success
24 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
25 from test_ap_eap
import check_eap_capa
, int_eap_server_params
26 from test_ap_hs20
import hs20_ap_params
28 def check_sigma_dut():
29 if not os
.path
.exists("./sigma_dut"):
30 raise HwsimSkip("sigma_dut not available")
33 return binascii
.hexlify(s
.encode()).decode()
36 return binascii
.unhexlify(s
).decode()
38 def sigma_dut_cmd(cmd
, port
=9000, timeout
=2):
39 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
41 sock
.settimeout(timeout
)
42 addr
= ('127.0.0.1', port
)
44 sock
.send(cmd
.encode() + b
"\r\n")
46 res
= sock
.recv(1000).decode()
49 for line
in res
.splitlines():
50 if line
.startswith("status,RUNNING"):
52 elif line
.startswith("status,INVALID"):
54 elif line
.startswith("status,ERROR"):
56 elif line
.startswith("status,COMPLETE"):
58 if running
and not done
:
59 # Read the actual response
60 res
= sock
.recv(1000).decode()
66 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
69 def sigma_dut_cmd_check(cmd
, port
=9000, timeout
=2):
70 res
= sigma_dut_cmd(cmd
, port
=port
, timeout
=timeout
)
71 if "COMPLETE" not in res
:
72 raise Exception("sigma_dut command failed: " + cmd
)
75 def start_sigma_dut(ifname
, debug
=False, hostapd_logdir
=None, cert_path
=None,
81 '-F', '../../hostapd/hostapd',
83 '-w', '/var/run/wpa_supplicant/',
88 cmd
+= ['-H', hostapd_logdir
]
90 cmd
+= ['-C', cert_path
]
93 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
94 stderr
=subprocess
.PIPE
)
97 res
= sigma_dut_cmd("HELLO")
103 def stop_sigma_dut(sigma
):
106 out
, err
= sigma
.communicate()
107 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
108 logger
.debug("sigma_dut stderr: " + str(err
.decode()))
110 def sigma_dut_wait_connected(ifname
):
112 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
113 if "connected,1" in res
:
117 raise Exception("Connection did not complete")
119 def test_sigma_dut_basic(dev
, apdev
):
120 """sigma_dut basic functionality"""
121 sigma
= start_sigma_dut(dev
[0].ifname
)
123 res
= sigma_dut_cmd("UNKNOWN")
124 if "status,INVALID,errorCode,Unknown command" not in res
:
125 raise Exception("Unexpected sigma_dut response to unknown command")
127 tests
= [("ca_get_version", "status,COMPLETE,version,1.0"),
128 ("device_get_info", "status,COMPLETE,vendor"),
129 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
130 ("device_list_interfaces,interfaceType,802.11",
131 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
)]
132 for cmd
, response
in tests
:
133 res
= sigma_dut_cmd(cmd
)
134 if response
not in res
:
135 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
137 stop_sigma_dut(sigma
)
139 def test_sigma_dut_open(dev
, apdev
):
140 """sigma_dut controlled open network association"""
142 run_sigma_dut_open(dev
, apdev
)
144 dev
[0].set("ignore_old_scan_res", "0")
146 def run_sigma_dut_open(dev
, apdev
):
147 ifname
= dev
[0].ifname
148 sigma
= start_sigma_dut(ifname
)
150 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "open"})
152 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
153 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
154 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"))
155 sigma_dut_wait_connected(ifname
)
156 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
157 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
158 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
160 stop_sigma_dut(sigma
)
162 def test_sigma_dut_psk_pmf(dev
, apdev
):
163 """sigma_dut controlled PSK+PMF association"""
165 run_sigma_dut_psk_pmf(dev
, apdev
)
167 dev
[0].set("ignore_old_scan_res", "0")
169 def run_sigma_dut_psk_pmf(dev
, apdev
):
170 ifname
= dev
[0].ifname
171 sigma
= start_sigma_dut(ifname
)
173 ssid
= "test-pmf-required"
174 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
175 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
176 params
["ieee80211w"] = "2"
177 hapd
= hostapd
.add_ap(apdev
[0], params
)
179 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
180 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
181 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
182 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"))
183 sigma_dut_wait_connected(ifname
)
184 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
185 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
186 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
188 stop_sigma_dut(sigma
)
190 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
191 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
193 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
195 dev
[0].set("ignore_old_scan_res", "0")
197 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
198 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
200 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
202 dev
[0].set("ignore_old_scan_res", "0")
204 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
205 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
207 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
209 dev
[0].set("ignore_old_scan_res", "0")
211 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
212 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
214 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
216 dev
[0].set("ignore_old_scan_res", "0")
218 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
219 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
221 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
224 dev
[0].set("ignore_old_scan_res", "0")
226 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
228 ifname
= dev
[0].ifname
229 sigma
= start_sigma_dut(ifname
)
231 ssid
= "test-pmf-required"
232 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
233 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
234 params
["ieee80211w"] = "2"
235 params
["group_mgmt_cipher"] = hostapd_cipher
236 hapd
= hostapd
.add_ap(apdev
[0], params
)
238 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
239 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
240 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
241 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"))
243 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
244 "CTRL-EVENT-CONNECTED"], timeout
=10)
246 raise Exception("Network selection result not indicated")
247 if "CTRL-EVENT-CONNECTED" in ev
:
248 raise Exception("Unexpected connection")
249 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
250 if "connected,1" in res
:
251 raise Exception("Connection reported")
253 sigma_dut_wait_connected(ifname
)
254 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
256 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
257 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
259 stop_sigma_dut(sigma
)
261 def test_sigma_dut_sae(dev
, apdev
):
262 """sigma_dut controlled SAE association"""
263 if "SAE" not in dev
[0].get_capability("auth_alg"):
264 raise HwsimSkip("SAE not supported")
266 ifname
= dev
[0].ifname
267 sigma
= start_sigma_dut(ifname
)
270 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
271 params
['wpa_key_mgmt'] = 'SAE'
272 params
["ieee80211w"] = "2"
273 params
['sae_groups'] = '19 20 21'
274 hapd
= hostapd
.add_ap(apdev
[0], params
)
276 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
277 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
278 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
279 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
280 sigma_dut_wait_connected(ifname
)
281 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
282 if dev
[0].get_status_field('sae_group') != '19':
283 raise Exception("Expected default SAE group not used")
284 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
286 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
288 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
289 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
290 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
291 sigma_dut_wait_connected(ifname
)
292 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
293 if dev
[0].get_status_field('sae_group') != '20':
294 raise Exception("Expected SAE group not used")
295 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
296 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
298 stop_sigma_dut(sigma
)
300 def test_sigma_dut_sae_password(dev
, apdev
):
301 """sigma_dut controlled SAE association and long password"""
302 if "SAE" not in dev
[0].get_capability("auth_alg"):
303 raise HwsimSkip("SAE not supported")
305 ifname
= dev
[0].ifname
306 sigma
= start_sigma_dut(ifname
)
310 params
= hostapd
.wpa2_params(ssid
=ssid
)
311 params
['sae_password'] = 100*'B'
312 params
['wpa_key_mgmt'] = 'SAE'
313 params
["ieee80211w"] = "2"
314 hapd
= hostapd
.add_ap(apdev
[0], params
)
316 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
317 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
318 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
319 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
320 sigma_dut_wait_connected(ifname
)
321 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
322 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
323 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
325 stop_sigma_dut(sigma
)
327 def test_sigma_dut_sae_pw_id(dev
, apdev
):
328 """sigma_dut controlled SAE association with Password Identifier"""
329 if "SAE" not in dev
[0].get_capability("auth_alg"):
330 raise HwsimSkip("SAE not supported")
332 ifname
= dev
[0].ifname
333 sigma
= start_sigma_dut(ifname
, debug
=True)
336 params
= hostapd
.wpa2_params(ssid
=ssid
)
337 params
['wpa_key_mgmt'] = 'SAE'
338 params
["ieee80211w"] = "2"
339 params
['sae_password'] = 'secret|id=pw id'
340 params
['sae_groups'] = '19'
341 hapd
= hostapd
.add_ap(apdev
[0], params
)
343 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
344 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
345 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname
, "test-sae", "secret"))
346 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
347 sigma_dut_wait_connected(ifname
)
348 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
349 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
351 stop_sigma_dut(sigma
)
353 def test_sigma_dut_sae_pw_id_ft(dev
, apdev
):
354 """sigma_dut controlled SAE association with Password Identifier and FT"""
355 run_sigma_dut_sae_pw_id_ft(dev
, apdev
)
357 def test_sigma_dut_sae_pw_id_ft_over_ds(dev
, apdev
):
358 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
359 run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=True)
361 def run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=False):
362 if "SAE" not in dev
[0].get_capability("auth_alg"):
363 raise HwsimSkip("SAE not supported")
365 ifname
= dev
[0].ifname
366 sigma
= start_sigma_dut(ifname
, debug
=True)
369 params
= hostapd
.wpa2_params(ssid
=ssid
)
370 params
['wpa_key_mgmt'] = 'SAE FT-SAE'
371 params
["ieee80211w"] = "2"
372 params
['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
373 params
['mobility_domain'] = 'aabb'
374 params
['ft_over_ds'] = '1' if over_ds
else '0'
375 bssid
= apdev
[0]['bssid'].replace(':', '')
376 params
['nas_identifier'] = bssid
+ '.nas.example.com'
377 params
['r1_key_holder'] = bssid
378 params
['pmk_r1_push'] = '0'
379 params
['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
380 params
['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
381 hapd
= hostapd
.add_ap(apdev
[0], params
)
383 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
385 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname
)
386 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
387 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname
, "test-sae", "pw2"))
388 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
389 sigma_dut_wait_connected(ifname
)
391 bssid
= apdev
[1]['bssid'].replace(':', '')
392 params
['nas_identifier'] = bssid
+ '.nas.example.com'
393 params
['r1_key_holder'] = bssid
394 hapd2
= hostapd
.add_ap(apdev
[1], params
)
395 bssid
= hapd2
.own_addr()
396 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
397 dev
[0].wait_connected()
399 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
400 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
402 stop_sigma_dut(sigma
)
404 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
405 """sigma_dut and RSNE override on STA"""
407 run_sigma_dut_sta_override_rsne(dev
, apdev
)
409 dev
[0].set("ignore_old_scan_res", "0")
411 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
412 ifname
= dev
[0].ifname
413 sigma
= start_sigma_dut(ifname
)
416 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
417 hapd
= hostapd
.add_ap(apdev
[0], params
)
419 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
421 tests
= ["30120100000fac040100000fac040100000fac02",
422 "30140100000fac040100000fac040100000fac02ffff"]
424 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
425 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
426 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"))
427 sigma_dut_wait_connected(ifname
)
428 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
429 dev
[0].dump_monitor()
431 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
432 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
433 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"))
435 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
437 raise Exception("Association rejection not reported")
438 if "status_code=40" not in ev
:
439 raise Exception("Unexpected status code: " + ev
)
441 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
443 stop_sigma_dut(sigma
)
445 def test_sigma_dut_ap_psk(dev
, apdev
):
446 """sigma_dut controlled AP"""
447 with
HWSimRadio() as (radio
, iface
):
448 sigma
= start_sigma_dut(iface
)
450 sigma_dut_cmd_check("ap_reset_default")
451 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
452 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
453 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
455 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
457 sigma_dut_cmd_check("ap_reset_default")
459 stop_sigma_dut(sigma
)
461 def test_sigma_dut_ap_pskhex(dev
, apdev
, params
):
462 """sigma_dut controlled AP and PSKHEX"""
463 logdir
= os
.path
.join(params
['logdir'],
464 "sigma_dut_ap_pskhex.sigma-hostapd")
465 with
HWSimRadio() as (radio
, iface
):
466 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
468 psk
= "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
469 sigma_dut_cmd_check("ap_reset_default")
470 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
471 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk
)
472 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
474 dev
[0].connect("test-psk", raw_psk
=psk
, scan_freq
="2412")
476 sigma_dut_cmd_check("ap_reset_default")
478 stop_sigma_dut(sigma
)
480 def test_sigma_dut_ap_psk_sha256(dev
, apdev
, params
):
481 """sigma_dut controlled AP PSK SHA256"""
482 logdir
= os
.path
.join(params
['logdir'],
483 "sigma_dut_ap_psk_sha256.sigma-hostapd")
484 with
HWSimRadio() as (radio
, iface
):
485 sigma
= start_sigma_dut(iface
)
487 sigma_dut_cmd_check("ap_reset_default")
488 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
489 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
490 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
492 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
493 psk
="12345678", scan_freq
="2412")
495 sigma_dut_cmd_check("ap_reset_default")
497 stop_sigma_dut(sigma
)
499 def test_sigma_dut_eap_ttls(dev
, apdev
, params
):
500 """sigma_dut controlled STA and EAP-TTLS parameters"""
501 logdir
= params
['logdir']
503 with
open("auth_serv/ca.pem", "r") as f
:
504 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls.ca.pem"), "w") as f2
:
507 src
= "auth_serv/server.pem"
508 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.der")
509 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.pem.sha256")
510 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
512 stderr
=open('/dev/null', 'w'))
513 with
open(dst
, "rb") as f
:
515 hash = hashlib
.sha256(der
).digest()
516 with
open(hashdst
, "w") as f
:
517 f
.write(binascii
.hexlify(hash).decode())
519 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.incorrect.pem.sha256")
520 with
open(dst
, "w") as f
:
523 ssid
= "test-wpa2-eap"
524 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
525 hapd
= hostapd
.add_ap(apdev
[0], params
)
527 ifname
= dev
[0].ifname
528 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
530 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname
, ssid
)
533 ",Domain,server.w1.fi",
534 ",DomainSuffix,w1.fi",
535 ",DomainSuffix,server.w1.fi",
536 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
538 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
539 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
540 sigma_dut_cmd_check(cmd
+ extra
)
541 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
542 sigma_dut_wait_connected(ifname
)
543 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
544 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
545 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
546 dev
[0].dump_monitor()
548 tests
= [",Domain,w1.fi",
549 ",DomainSuffix,example.com",
550 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
552 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
553 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
554 sigma_dut_cmd_check(cmd
+ extra
)
555 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
556 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
558 raise Exception("Server certificate error not reported")
559 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
560 if "connected,1" in res
:
561 raise Exception("Unexpected connection reported")
562 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
563 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
564 dev
[0].dump_monitor()
566 stop_sigma_dut(sigma
)
568 def test_sigma_dut_suite_b(dev
, apdev
, params
):
569 """sigma_dut controlled STA Suite B"""
570 check_suite_b_192_capa(dev
)
571 logdir
= params
['logdir']
573 with
open("auth_serv/ec2-ca.pem", "r") as f
:
574 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
577 with
open("auth_serv/ec2-user.pem", "r") as f
:
578 with
open("auth_serv/ec2-user.key", "r") as f2
:
579 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
583 dev
[0].flush_scan_cache()
584 params
= suite_b_as_params()
585 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
586 params
['server_cert'] = 'auth_serv/ec2-server.pem'
587 params
['private_key'] = 'auth_serv/ec2-server.key'
588 params
['openssl_ciphers'] = 'SUITEB192'
589 hostapd
.add_ap(apdev
[1], params
)
591 params
= {"ssid": "test-suite-b",
593 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
594 "rsn_pairwise": "GCMP-256",
595 "group_mgmt_cipher": "BIP-GMAC-256",
598 'auth_server_addr': "127.0.0.1",
599 'auth_server_port': "18129",
600 'auth_server_shared_secret': "radius",
601 'nas_identifier': "nas.w1.fi"}
602 hapd
= hostapd
.add_ap(apdev
[0], params
)
604 ifname
= dev
[0].ifname
605 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
607 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
608 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
609 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
610 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"))
611 sigma_dut_wait_connected(ifname
)
612 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
613 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
614 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
616 stop_sigma_dut(sigma
)
618 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
619 """sigma_dut controlled STA Suite B (RSA)"""
620 check_suite_b_192_capa(dev
)
621 logdir
= params
['logdir']
623 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
624 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
627 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
628 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
629 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
633 dev
[0].flush_scan_cache()
634 params
= suite_b_192_rsa_ap_params()
635 hapd
= hostapd
.add_ap(apdev
[0], params
)
637 ifname
= dev
[0].ifname
638 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
640 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
643 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
644 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
646 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
647 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
648 sigma_dut_cmd_check(cmd
+ extra
)
649 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"))
650 sigma_dut_wait_connected(ifname
)
651 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
652 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
653 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
655 stop_sigma_dut(sigma
)
657 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
658 """sigma_dut controlled AP Suite B"""
659 check_suite_b_192_capa(dev
)
660 logdir
= os
.path
.join(params
['logdir'],
661 "sigma_dut_ap_suite_b.sigma-hostapd")
662 params
= suite_b_as_params()
663 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
664 params
['server_cert'] = 'auth_serv/ec2-server.pem'
665 params
['private_key'] = 'auth_serv/ec2-server.key'
666 params
['openssl_ciphers'] = 'SUITEB192'
667 hostapd
.add_ap(apdev
[1], params
)
668 with
HWSimRadio() as (radio
, iface
):
669 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
671 sigma_dut_cmd_check("ap_reset_default")
672 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
673 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
674 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
675 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
677 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
679 openssl_ciphers
="SUITEB192",
680 eap
="TLS", identity
="tls user",
681 ca_cert
="auth_serv/ec2-ca.pem",
682 client_cert
="auth_serv/ec2-user.pem",
683 private_key
="auth_serv/ec2-user.key",
684 pairwise
="GCMP-256", group
="GCMP-256",
687 sigma_dut_cmd_check("ap_reset_default")
689 stop_sigma_dut(sigma
)
691 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
692 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
693 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
696 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
697 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
698 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
701 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
702 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
703 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
706 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
707 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
708 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
711 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev
, apdev
, params
):
712 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
713 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
714 "BIP-GMAC-256", "CCMP")
716 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev
, apdev
, params
):
717 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
718 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
719 "BIP-GMAC-256", "GCMP-256", "CCMP")
721 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev
, apdev
, params
):
722 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
723 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
724 "GCMP-256", "CCMP", "AES-CCMP-128")
726 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
727 sta_cipher
, sta_cipher_group
=None, ap_group
=None):
728 check_suite_b_192_capa(dev
)
729 logdir
= os
.path
.join(params
['logdir'],
730 "sigma_dut_ap_cipher.sigma-hostapd")
731 params
= suite_b_as_params()
732 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
733 params
['server_cert'] = 'auth_serv/ec2-server.pem'
734 params
['private_key'] = 'auth_serv/ec2-server.key'
735 params
['openssl_ciphers'] = 'SUITEB192'
736 hostapd
.add_ap(apdev
[1], params
)
737 with
HWSimRadio() as (radio
, iface
):
738 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
740 sigma_dut_cmd_check("ap_reset_default")
741 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
742 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
743 cmd
= "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
)
745 cmd
+= ",GroupCipher,%s" % ap_group
746 sigma_dut_cmd_check(cmd
)
747 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
749 if sta_cipher_group
is None:
750 sta_cipher_group
= sta_cipher
751 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
753 openssl_ciphers
="SUITEB192",
754 eap
="TLS", identity
="tls user",
755 ca_cert
="auth_serv/ec2-ca.pem",
756 client_cert
="auth_serv/ec2-user.pem",
757 private_key
="auth_serv/ec2-user.key",
758 pairwise
=sta_cipher
, group
=sta_cipher_group
,
761 sigma_dut_cmd_check("ap_reset_default")
763 stop_sigma_dut(sigma
)
765 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
766 """sigma_dut controlled AP overriding RSNE"""
767 with
HWSimRadio() as (radio
, iface
):
768 sigma
= start_sigma_dut(iface
)
770 sigma_dut_cmd_check("ap_reset_default")
771 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
772 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
773 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
774 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
776 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
778 sigma_dut_cmd_check("ap_reset_default")
780 stop_sigma_dut(sigma
)
782 def test_sigma_dut_ap_sae(dev
, apdev
, params
):
783 """sigma_dut controlled AP with SAE"""
784 logdir
= os
.path
.join(params
['logdir'],
785 "sigma_dut_ap_sae.sigma-hostapd")
786 if "SAE" not in dev
[0].get_capability("auth_alg"):
787 raise HwsimSkip("SAE not supported")
788 with
HWSimRadio() as (radio
, iface
):
789 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
791 sigma_dut_cmd_check("ap_reset_default")
792 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
793 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
794 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
796 dev
[0].request("SET sae_groups ")
797 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
798 ieee80211w
="2", scan_freq
="2412")
799 if dev
[0].get_status_field('sae_group') != '19':
800 raise Exception("Expected default SAE group not used")
802 sigma_dut_cmd_check("ap_reset_default")
804 stop_sigma_dut(sigma
)
806 def test_sigma_dut_ap_sae_password(dev
, apdev
, params
):
807 """sigma_dut controlled AP with SAE and long password"""
808 logdir
= os
.path
.join(params
['logdir'],
809 "sigma_dut_ap_sae_password.sigma-hostapd")
810 if "SAE" not in dev
[0].get_capability("auth_alg"):
811 raise HwsimSkip("SAE not supported")
812 with
HWSimRadio() as (radio
, iface
):
813 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
815 sigma_dut_cmd_check("ap_reset_default")
816 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
817 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
818 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
820 dev
[0].request("SET sae_groups ")
821 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
822 ieee80211w
="2", scan_freq
="2412")
823 if dev
[0].get_status_field('sae_group') != '19':
824 raise Exception("Expected default SAE group not used")
826 sigma_dut_cmd_check("ap_reset_default")
828 stop_sigma_dut(sigma
)
830 def test_sigma_dut_ap_sae_pw_id(dev
, apdev
, params
):
831 """sigma_dut controlled AP with SAE Password Identifier"""
832 logdir
= os
.path
.join(params
['logdir'],
833 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
834 conffile
= os
.path
.join(params
['logdir'],
835 "sigma_dut_ap_sae_pw_id.sigma-conf")
836 if "SAE" not in dev
[0].get_capability("auth_alg"):
837 raise HwsimSkip("SAE not supported")
838 with
HWSimRadio() as (radio
, iface
):
839 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
841 sigma_dut_cmd_check("ap_reset_default")
842 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
843 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
844 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
846 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
847 with
open(conffile
, "wb") as f2
:
850 dev
[0].request("SET sae_groups ")
851 tests
= [("pw1", "id1"),
855 for pw
, pw_id
in tests
:
856 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=pw
,
857 sae_password_id
=pw_id
,
858 ieee80211w
="2", scan_freq
="2412")
859 dev
[0].request("REMOVE_NETWORK all")
860 dev
[0].wait_disconnected()
862 sigma_dut_cmd_check("ap_reset_default")
864 stop_sigma_dut(sigma
)
866 def test_sigma_dut_ap_sae_pw_id_ft(dev
, apdev
, params
):
867 """sigma_dut controlled AP with SAE Password Identifier and FT"""
868 logdir
= os
.path
.join(params
['logdir'],
869 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
870 conffile
= os
.path
.join(params
['logdir'],
871 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
872 if "SAE" not in dev
[0].get_capability("auth_alg"):
873 raise HwsimSkip("SAE not supported")
874 with
HWSimRadio() as (radio
, iface
):
875 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
877 sigma_dut_cmd_check("ap_reset_default")
878 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
879 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
880 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
882 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
883 with
open(conffile
, "wb") as f2
:
886 dev
[0].request("SET sae_groups ")
887 tests
= [("pw1", "id1", "SAE"),
888 ("pw2", "id2", "FT-SAE"),
889 ("pw3", None, "FT-SAE"),
890 ("pw4", "id4", "SAE")]
891 for pw
, pw_id
, key_mgmt
in tests
:
892 dev
[0].connect("test-sae", key_mgmt
=key_mgmt
, sae_password
=pw
,
893 sae_password_id
=pw_id
,
894 ieee80211w
="2", scan_freq
="2412")
895 dev
[0].request("REMOVE_NETWORK all")
896 dev
[0].wait_disconnected()
898 sigma_dut_cmd_check("ap_reset_default")
900 stop_sigma_dut(sigma
)
902 def test_sigma_dut_ap_sae_group(dev
, apdev
, params
):
903 """sigma_dut controlled AP with SAE and specific group"""
904 logdir
= os
.path
.join(params
['logdir'],
905 "sigma_dut_ap_sae_group.sigma-hostapd")
906 if "SAE" not in dev
[0].get_capability("auth_alg"):
907 raise HwsimSkip("SAE not supported")
908 with
HWSimRadio() as (radio
, iface
):
909 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
911 sigma_dut_cmd_check("ap_reset_default")
912 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
913 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
914 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
916 dev
[0].request("SET sae_groups ")
917 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
918 ieee80211w
="2", scan_freq
="2412")
919 if dev
[0].get_status_field('sae_group') != '20':
920 raise Exception("Expected SAE group not used")
922 sigma_dut_cmd_check("ap_reset_default")
924 stop_sigma_dut(sigma
)
926 def test_sigma_dut_ap_psk_sae(dev
, apdev
, params
):
927 """sigma_dut controlled AP with PSK+SAE"""
928 if "SAE" not in dev
[0].get_capability("auth_alg"):
929 raise HwsimSkip("SAE not supported")
930 logdir
= os
.path
.join(params
['logdir'],
931 "sigma_dut_ap_psk_sae.sigma-hostapd")
932 with
HWSimRadio() as (radio
, iface
):
933 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
935 sigma_dut_cmd_check("ap_reset_default")
936 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
937 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
938 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
940 dev
[2].request("SET sae_groups ")
941 dev
[2].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
942 scan_freq
="2412", ieee80211w
="0", wait_connect
=False)
943 dev
[0].request("SET sae_groups ")
944 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
945 scan_freq
="2412", ieee80211w
="2")
946 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
948 ev
= dev
[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
949 dev
[2].request("DISCONNECT")
951 raise Exception("Unexpected connection without PMF")
953 sigma_dut_cmd_check("ap_reset_default")
955 stop_sigma_dut(sigma
)
957 def test_sigma_dut_ap_psk_sae_ft(dev
, apdev
, params
):
958 """sigma_dut controlled AP with PSK, SAE, FT"""
959 logdir
= os
.path
.join(params
['logdir'],
960 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
961 conffile
= os
.path
.join(params
['logdir'],
962 "sigma_dut_ap_psk_sae_ft.sigma-conf")
963 if "SAE" not in dev
[0].get_capability("auth_alg"):
964 raise HwsimSkip("SAE not supported")
965 with
HWSimRadio() as (radio
, iface
):
966 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
968 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
969 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
970 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
971 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
972 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev
[1]['bssid'])
973 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
975 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
976 with
open(conffile
, "wb") as f2
:
979 dev
[0].request("SET sae_groups ")
980 dev
[0].connect("test-sae-psk", key_mgmt
="SAE FT-SAE",
981 sae_password
="12345678", scan_freq
="2412")
982 dev
[1].connect("test-sae-psk", key_mgmt
="WPA-PSK FT-PSK",
983 psk
="12345678", scan_freq
="2412")
984 dev
[2].connect("test-sae-psk", key_mgmt
="WPA-PSK",
985 psk
="12345678", scan_freq
="2412")
987 sigma_dut_cmd_check("ap_reset_default")
989 stop_sigma_dut(sigma
)
991 def test_sigma_dut_owe(dev
, apdev
):
992 """sigma_dut controlled OWE station"""
994 run_sigma_dut_owe(dev
, apdev
)
996 dev
[0].set("ignore_old_scan_res", "0")
998 def run_sigma_dut_owe(dev
, apdev
):
999 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1000 raise HwsimSkip("OWE not supported")
1002 ifname
= dev
[0].ifname
1003 sigma
= start_sigma_dut(ifname
)
1006 params
= {"ssid": "owe",
1008 "wpa_key_mgmt": "OWE",
1010 "rsn_pairwise": "CCMP"}
1011 hapd
= hostapd
.add_ap(apdev
[0], params
)
1012 bssid
= hapd
.own_addr()
1014 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1015 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1016 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
1017 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
1018 sigma_dut_wait_connected(ifname
)
1019 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1021 dev
[0].dump_monitor()
1022 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
1023 dev
[0].wait_connected()
1024 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1025 dev
[0].wait_disconnected()
1026 dev
[0].dump_monitor()
1028 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1029 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1030 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1031 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
1032 sigma_dut_wait_connected(ifname
)
1033 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1034 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1035 dev
[0].wait_disconnected()
1036 dev
[0].dump_monitor()
1038 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1039 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1040 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
1041 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
1042 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1043 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1045 raise Exception("Association not rejected")
1046 if "status_code=77" not in ev
:
1047 raise Exception("Unexpected rejection reason: " + ev
)
1049 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1051 stop_sigma_dut(sigma
)
1053 def test_sigma_dut_ap_owe(dev
, apdev
, params
):
1054 """sigma_dut controlled AP with OWE"""
1055 logdir
= os
.path
.join(params
['logdir'],
1056 "sigma_dut_ap_owe.sigma-hostapd")
1057 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1058 raise HwsimSkip("OWE not supported")
1059 with
HWSimRadio() as (radio
, iface
):
1060 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1062 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1063 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1064 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1065 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1067 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1070 sigma_dut_cmd_check("ap_reset_default")
1072 stop_sigma_dut(sigma
)
1074 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
1075 """sigma_dut controlled AP with OWE and ECGroupID"""
1076 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1077 raise HwsimSkip("OWE not supported")
1078 with
HWSimRadio() as (radio
, iface
):
1079 sigma
= start_sigma_dut(iface
)
1081 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1082 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1083 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1084 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1086 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1087 owe_group
="20", scan_freq
="2412")
1088 dev
[0].request("REMOVE_NETWORK all")
1089 dev
[0].wait_disconnected()
1091 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1092 owe_group
="21", scan_freq
="2412")
1093 dev
[0].request("REMOVE_NETWORK all")
1094 dev
[0].wait_disconnected()
1096 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1097 owe_group
="19", scan_freq
="2412", wait_connect
=False)
1098 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1099 dev
[0].request("DISCONNECT")
1101 raise Exception("Association not rejected")
1102 if "status_code=77" not in ev
:
1103 raise Exception("Unexpected rejection reason: " + ev
)
1104 dev
[0].dump_monitor()
1106 sigma_dut_cmd_check("ap_reset_default")
1108 stop_sigma_dut(sigma
)
1110 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
1111 """sigma_dut controlled AP with OWE and transition mode"""
1112 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1113 raise HwsimSkip("OWE not supported")
1114 logdir
= os
.path
.join(params
['logdir'],
1115 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1116 with
HWSimRadio() as (radio
, iface
):
1117 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1119 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1120 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1121 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1122 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1123 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1124 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1126 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1127 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1129 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1131 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1132 if dev
[0].get_status_field('bssid') not in res1
:
1133 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
1134 if dev
[1].get_status_field('bssid') not in res2
:
1135 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
1137 sigma_dut_cmd_check("ap_reset_default")
1139 stop_sigma_dut(sigma
)
1141 def test_sigma_dut_ap_owe_transition_mode_2(dev
, apdev
, params
):
1142 """sigma_dut controlled AP with OWE and transition mode (2)"""
1143 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1144 raise HwsimSkip("OWE not supported")
1145 logdir
= os
.path
.join(params
['logdir'],
1146 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1147 with
HWSimRadio() as (radio
, iface
):
1148 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1150 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1151 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1152 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1153 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1154 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1155 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1157 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1158 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1160 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1162 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1163 if dev
[0].get_status_field('bssid') not in res2
:
1164 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1
)
1165 if dev
[1].get_status_field('bssid') not in res1
:
1166 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2
)
1168 sigma_dut_cmd_check("ap_reset_default")
1170 stop_sigma_dut(sigma
)
1172 def dpp_init_enrollee(dev
, id1
):
1173 logger
.info("Starting DPP initiator/enrollee in a thread")
1175 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1176 if "OK" not in dev
.request(cmd
):
1177 raise Exception("Failed to initiate DPP Authentication")
1178 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
1180 raise Exception("DPP configuration not completed (Enrollee)")
1181 logger
.info("DPP initiator/enrollee done")
1183 def test_sigma_dut_dpp_qr_resp_1(dev
, apdev
):
1184 """sigma_dut DPP/QR responder (conf index 1)"""
1185 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1)
1187 def test_sigma_dut_dpp_qr_resp_2(dev
, apdev
):
1188 """sigma_dut DPP/QR responder (conf index 2)"""
1189 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 2)
1191 def test_sigma_dut_dpp_qr_resp_3(dev
, apdev
):
1192 """sigma_dut DPP/QR responder (conf index 3)"""
1193 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3)
1195 def test_sigma_dut_dpp_qr_resp_4(dev
, apdev
):
1196 """sigma_dut DPP/QR responder (conf index 4)"""
1197 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 4)
1199 def test_sigma_dut_dpp_qr_resp_5(dev
, apdev
):
1200 """sigma_dut DPP/QR responder (conf index 5)"""
1201 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 5)
1203 def test_sigma_dut_dpp_qr_resp_6(dev
, apdev
):
1204 """sigma_dut DPP/QR responder (conf index 6)"""
1205 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 6)
1207 def test_sigma_dut_dpp_qr_resp_7(dev
, apdev
):
1208 """sigma_dut DPP/QR responder (conf index 7)"""
1209 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 7)
1211 def test_sigma_dut_dpp_qr_resp_8(dev
, apdev
):
1212 """sigma_dut DPP/QR responder (conf index 8)"""
1213 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 8)
1215 def test_sigma_dut_dpp_qr_resp_9(dev
, apdev
):
1216 """sigma_dut DPP/QR responder (conf index 9)"""
1217 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 9)
1219 def test_sigma_dut_dpp_qr_resp_10(dev
, apdev
):
1220 """sigma_dut DPP/QR responder (conf index 10)"""
1221 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 10)
1223 def test_sigma_dut_dpp_qr_resp_chan_list(dev
, apdev
):
1224 """sigma_dut DPP/QR responder (channel list override)"""
1225 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1, chan_list
='81/2 81/6 81/1',
1228 def test_sigma_dut_dpp_qr_resp_status_query(dev
, apdev
):
1229 """sigma_dut DPP/QR responder status query"""
1230 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1231 passphrase
="ThisIsDppPassphrase")
1232 hapd
= hostapd
.add_ap(apdev
[0], params
)
1235 dev
[1].set("dpp_config_processing", "2")
1236 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3, status_query
=True)
1238 dev
[1].set("dpp_config_processing", "0")
1240 def run_sigma_dut_dpp_qr_resp(dev
, apdev
, conf_idx
, chan_list
=None,
1241 listen_chan
=None, status_query
=False):
1242 check_dpp_capab(dev
[0])
1243 check_dpp_capab(dev
[1])
1244 sigma
= start_sigma_dut(dev
[0].ifname
)
1246 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1248 cmd
+= ",DPPChannelList," + chan_list
1249 res
= sigma_dut_cmd(cmd
)
1250 if "status,COMPLETE" not in res
:
1251 raise Exception("dev_exec_action did not succeed: " + res
)
1252 hex = res
.split(',')[3]
1254 logger
.info("URI from sigma_dut: " + uri
)
1256 id1
= dev
[1].dpp_qr_code(uri
)
1258 t
= threading
.Thread(target
=dpp_init_enrollee
, args
=(dev
[1], id1
))
1260 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1262 cmd
+= ",DPPListenChannel," + str(listen_chan
)
1264 cmd
+= ",DPPStatusQuery,Yes"
1265 res
= sigma_dut_cmd(cmd
, timeout
=10)
1267 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1268 raise Exception("Unexpected result: " + res
)
1269 if status_query
and "StatusResult,0" not in res
:
1270 raise Exception("Status query did not succeed: " + res
)
1272 stop_sigma_dut(sigma
)
1274 def test_sigma_dut_dpp_qr_init_enrollee(dev
, apdev
):
1275 """sigma_dut DPP/QR initiator as Enrollee"""
1276 check_dpp_capab(dev
[0])
1277 check_dpp_capab(dev
[1])
1279 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1280 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1281 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1282 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1284 params
= {"ssid": "DPPNET01",
1287 "wpa_key_mgmt": "DPP",
1288 "rsn_pairwise": "CCMP",
1289 "dpp_connector": ap_connector
,
1290 "dpp_csign": csign_pub
,
1291 "dpp_netaccesskey": ap_netaccesskey
}
1293 hapd
= hostapd
.add_ap(apdev
[0], params
)
1295 raise HwsimSkip("DPP not supported")
1297 sigma
= start_sigma_dut(dev
[0].ifname
)
1299 dev
[0].set("dpp_config_processing", "2")
1301 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1302 res
= dev
[1].request(cmd
)
1304 raise Exception("Failed to add configurator")
1307 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1308 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1310 dev
[1].set("dpp_configurator_params",
1311 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1312 cmd
= "DPP_LISTEN 2437 role=configurator"
1313 if "OK" not in dev
[1].request(cmd
):
1314 raise Exception("Failed to start listen operation")
1316 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1317 if "status,COMPLETE" not in res
:
1318 raise Exception("dev_exec_action did not succeed: " + res
)
1320 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1321 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1322 raise Exception("Unexpected result: " + res
)
1324 dev
[0].set("dpp_config_processing", "0")
1325 stop_sigma_dut(sigma
)
1327 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1328 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1329 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
)
1331 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
):
1332 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1333 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
,
1334 extra
="DPPAuthDirection,Mutual,")
1336 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
, extra
=''):
1337 check_dpp_capab(dev
[0])
1338 check_dpp_capab(dev
[1])
1340 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1341 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1342 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1343 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1345 params
= {"ssid": "DPPNET01",
1348 "wpa_key_mgmt": "DPP",
1349 "rsn_pairwise": "CCMP",
1350 "dpp_connector": ap_connector
,
1351 "dpp_csign": csign_pub
,
1352 "dpp_netaccesskey": ap_netaccesskey
}
1354 hapd
= hostapd
.add_ap(apdev
[0], params
)
1356 raise HwsimSkip("DPP not supported")
1358 sigma
= start_sigma_dut(dev
[0].ifname
)
1360 dev
[0].set("dpp_config_processing", "2")
1362 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1363 res
= dev
[1].request(cmd
)
1365 raise Exception("Failed to add configurator")
1368 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1369 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1371 dev
[1].set("dpp_configurator_params",
1372 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1373 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1374 if "OK" not in dev
[1].request(cmd
):
1375 raise Exception("Failed to start listen operation")
1377 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1378 if "status,COMPLETE" not in res
:
1379 raise Exception("dev_exec_action did not succeed: " + res
)
1380 hex = res
.split(',')[3]
1382 logger
.info("URI from sigma_dut: " + uri
)
1384 id1
= dev
[1].dpp_qr_code(uri
)
1386 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1387 if "status,COMPLETE" not in res
:
1388 raise Exception("dev_exec_action did not succeed: " + res
)
1390 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
, timeout
=10)
1391 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1392 raise Exception("Unexpected result: " + res
)
1394 dev
[0].set("dpp_config_processing", "0")
1395 stop_sigma_dut(sigma
)
1397 def dpp_init_conf_mutual(dev
, id1
, conf_id
, own_id
=None):
1399 logger
.info("Starting DPP initiator/configurator in a thread")
1400 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1
, to_hex("DPPNET01"), conf_id
)
1401 if own_id
is not None:
1402 cmd
+= " own=%d" % own_id
1403 if "OK" not in dev
.request(cmd
):
1404 raise Exception("Failed to initiate DPP Authentication")
1405 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1407 raise Exception("DPP configuration not completed (Configurator)")
1408 logger
.info("DPP initiator/configurator done")
1410 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
):
1411 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1412 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
)
1414 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev
, apdev
):
1415 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1416 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, ',DPPDelayQRResponse,1')
1418 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, extra
=None):
1419 check_dpp_capab(dev
[0])
1420 check_dpp_capab(dev
[1])
1422 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1423 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1424 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1425 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1427 params
= {"ssid": "DPPNET01",
1430 "wpa_key_mgmt": "DPP",
1431 "rsn_pairwise": "CCMP",
1432 "dpp_connector": ap_connector
,
1433 "dpp_csign": csign_pub
,
1434 "dpp_netaccesskey": ap_netaccesskey
}
1436 hapd
= hostapd
.add_ap(apdev
[0], params
)
1438 raise HwsimSkip("DPP not supported")
1440 sigma
= start_sigma_dut(dev
[0].ifname
)
1442 dev
[0].set("dpp_config_processing", "2")
1444 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1445 res
= dev
[1].request(cmd
)
1447 raise Exception("Failed to add configurator")
1450 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1451 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1453 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1454 if "status,COMPLETE" not in res
:
1455 raise Exception("dev_exec_action did not succeed: " + res
)
1456 hex = res
.split(',')[3]
1458 logger
.info("URI from sigma_dut: " + uri
)
1460 id1
= dev
[1].dpp_qr_code(uri
)
1462 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1463 if "status,COMPLETE" not in res
:
1464 raise Exception("dev_exec_action did not succeed: " + res
)
1466 t
= threading
.Thread(target
=dpp_init_conf_mutual
,
1467 args
=(dev
[1], id1
, conf_id
, id0
))
1470 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1473 res
= sigma_dut_cmd(cmd
, timeout
=25)
1475 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1476 raise Exception("Unexpected result: " + res
)
1478 dev
[0].set("dpp_config_processing", "0")
1479 stop_sigma_dut(sigma
)
1481 def dpp_resp_conf_mutual(dev
, conf_id
, uri
):
1482 logger
.info("Starting DPP responder/configurator in a thread")
1483 dev
.set("dpp_configurator_params",
1484 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1486 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1487 if "OK" not in dev
.request(cmd
):
1488 raise Exception("Failed to initiate DPP listen")
1490 ev
= dev
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=10)
1492 raise Exception("QR Code scan for mutual authentication not requested")
1493 dev
.dpp_qr_code(uri
)
1494 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1496 raise Exception("DPP configuration not completed (Configurator)")
1497 logger
.info("DPP responder/configurator done")
1499 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1500 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1501 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, False)
1503 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev
, apdev
):
1504 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1505 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, True)
1507 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, resp_pending
):
1508 check_dpp_capab(dev
[0])
1509 check_dpp_capab(dev
[1])
1511 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1512 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1513 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1514 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1516 params
= {"ssid": "DPPNET01",
1519 "wpa_key_mgmt": "DPP",
1520 "rsn_pairwise": "CCMP",
1521 "dpp_connector": ap_connector
,
1522 "dpp_csign": csign_pub
,
1523 "dpp_netaccesskey": ap_netaccesskey
}
1525 hapd
= hostapd
.add_ap(apdev
[0], params
)
1527 raise HwsimSkip("DPP not supported")
1529 sigma
= start_sigma_dut(dev
[0].ifname
)
1531 dev
[0].set("dpp_config_processing", "2")
1533 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1534 res
= dev
[1].request(cmd
)
1536 raise Exception("Failed to add configurator")
1539 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1540 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1542 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1543 if "status,COMPLETE" not in res
:
1544 raise Exception("dev_exec_action did not succeed: " + res
)
1545 hex = res
.split(',')[3]
1547 logger
.info("URI from sigma_dut: " + uri
)
1549 if not resp_pending
:
1550 dev
[1].dpp_qr_code(uri
)
1553 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1554 if "status,COMPLETE" not in res
:
1555 raise Exception("dev_exec_action did not succeed: " + res
)
1557 t
= threading
.Thread(target
=dpp_resp_conf_mutual
,
1558 args
=(dev
[1], conf_id
, uri
))
1562 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1563 res
= sigma_dut_cmd(cmd
, timeout
=15)
1565 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1566 raise Exception("Unexpected result: " + res
)
1568 dev
[0].set("dpp_config_processing", "0")
1569 stop_sigma_dut(sigma
)
1571 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev
, apdev
):
1572 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1573 check_dpp_capab(dev
[0])
1574 check_dpp_capab(dev
[1])
1576 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1577 passphrase
="ThisIsDppPassphrase")
1578 hapd
= hostapd
.add_ap(apdev
[0], params
)
1580 sigma
= start_sigma_dut(dev
[0].ifname
)
1582 dev
[0].set("dpp_config_processing", "2")
1584 cmd
= "DPP_CONFIGURATOR_ADD"
1585 res
= dev
[1].request(cmd
)
1587 raise Exception("Failed to add configurator")
1590 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1591 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1593 dev
[1].set("dpp_configurator_params",
1594 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1595 cmd
= "DPP_LISTEN 2437 role=configurator"
1596 if "OK" not in dev
[1].request(cmd
):
1597 raise Exception("Failed to start listen operation")
1599 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1600 if "status,COMPLETE" not in res
:
1601 raise Exception("dev_exec_action did not succeed: " + res
)
1603 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1604 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1605 raise Exception("Unexpected result: " + res
)
1607 dev
[0].set("dpp_config_processing", "0")
1608 stop_sigma_dut(sigma
)
1610 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev
, apdev
):
1611 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1612 check_dpp_capab(dev
[0])
1613 check_dpp_capab(dev
[1])
1614 if "SAE" not in dev
[0].get_capability("auth_alg"):
1615 raise HwsimSkip("SAE not supported")
1617 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1618 passphrase
="ThisIsDppPassphrase")
1619 params
['wpa_key_mgmt'] = 'SAE'
1620 params
["ieee80211w"] = "2"
1621 hapd
= hostapd
.add_ap(apdev
[0], params
)
1623 sigma
= start_sigma_dut(dev
[0].ifname
)
1625 dev
[0].set("dpp_config_processing", "2")
1626 dev
[0].set("sae_groups", "")
1628 cmd
= "DPP_CONFIGURATOR_ADD"
1629 res
= dev
[1].request(cmd
)
1631 raise Exception("Failed to add configurator")
1634 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1635 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1637 dev
[1].set("dpp_configurator_params",
1638 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1639 cmd
= "DPP_LISTEN 2437 role=configurator"
1640 if "OK" not in dev
[1].request(cmd
):
1641 raise Exception("Failed to start listen operation")
1643 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1644 if "status,COMPLETE" not in res
:
1645 raise Exception("dev_exec_action did not succeed: " + res
)
1647 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1648 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1649 raise Exception("Unexpected result: " + res
)
1651 dev
[0].set("dpp_config_processing", "0")
1652 stop_sigma_dut(sigma
)
1654 def test_sigma_dut_dpp_qr_init_configurator_1(dev
, apdev
):
1655 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1656 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1)
1658 def test_sigma_dut_dpp_qr_init_configurator_2(dev
, apdev
):
1659 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1660 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 2)
1662 def test_sigma_dut_dpp_qr_init_configurator_3(dev
, apdev
):
1663 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1664 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 3)
1666 def test_sigma_dut_dpp_qr_init_configurator_4(dev
, apdev
):
1667 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1668 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 4)
1670 def test_sigma_dut_dpp_qr_init_configurator_5(dev
, apdev
):
1671 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1672 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 5)
1674 def test_sigma_dut_dpp_qr_init_configurator_6(dev
, apdev
):
1675 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1676 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 6)
1678 def test_sigma_dut_dpp_qr_init_configurator_7(dev
, apdev
):
1679 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1680 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 7)
1682 def test_sigma_dut_dpp_qr_init_configurator_both(dev
, apdev
):
1683 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1684 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, "Both")
1686 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev
, apdev
):
1687 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1688 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, extra
='DPPSubsequentChannel,81/11')
1690 def run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, conf_idx
,
1691 prov_role
="Configurator",
1693 check_dpp_capab(dev
[0])
1694 check_dpp_capab(dev
[1])
1695 sigma
= start_sigma_dut(dev
[0].ifname
)
1697 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1698 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1700 cmd
= "DPP_LISTEN 2437 role=enrollee"
1701 if "OK" not in dev
[1].request(cmd
):
1702 raise Exception("Failed to start listen operation")
1704 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1705 if "status,COMPLETE" not in res
:
1706 raise Exception("dev_exec_action did not succeed: " + res
)
1708 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role
, conf_idx
)
1711 res
= sigma_dut_cmd(cmd
)
1712 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1713 raise Exception("Unexpected result: " + res
)
1715 stop_sigma_dut(sigma
)
1717 def test_sigma_dut_dpp_incompatible_roles_init(dev
, apdev
):
1718 """sigma_dut DPP roles incompatible (Initiator)"""
1719 check_dpp_capab(dev
[0])
1720 check_dpp_capab(dev
[1])
1721 sigma
= start_sigma_dut(dev
[0].ifname
)
1723 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1724 if "status,COMPLETE" not in res
:
1725 raise Exception("dev_exec_action did not succeed: " + res
)
1726 hex = res
.split(',')[3]
1728 logger
.info("URI from sigma_dut: " + uri
)
1730 id1
= dev
[1].dpp_qr_code(uri
)
1732 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1733 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1735 cmd
= "DPP_LISTEN 2437 role=enrollee"
1736 if "OK" not in dev
[1].request(cmd
):
1737 raise Exception("Failed to start listen operation")
1739 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1740 if "status,COMPLETE" not in res
:
1741 raise Exception("dev_exec_action did not succeed: " + res
)
1743 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1744 res
= sigma_dut_cmd(cmd
)
1745 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
1746 raise Exception("Unexpected result: " + res
)
1748 stop_sigma_dut(sigma
)
1750 def dpp_init_enrollee_mutual(dev
, id1
, own_id
):
1751 logger
.info("Starting DPP initiator/enrollee in a thread")
1753 cmd
= "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1
, own_id
)
1754 if "OK" not in dev
.request(cmd
):
1755 raise Exception("Failed to initiate DPP Authentication")
1756 ev
= dev
.wait_event(["DPP-CONF-RECEIVED",
1757 "DPP-NOT-COMPATIBLE"], timeout
=5)
1759 raise Exception("DPP configuration not completed (Enrollee)")
1760 logger
.info("DPP initiator/enrollee done")
1762 def test_sigma_dut_dpp_incompatible_roles_resp(dev
, apdev
):
1763 """sigma_dut DPP roles incompatible (Responder)"""
1764 check_dpp_capab(dev
[0])
1765 check_dpp_capab(dev
[1])
1766 sigma
= start_sigma_dut(dev
[0].ifname
)
1768 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1769 res
= sigma_dut_cmd(cmd
)
1770 if "status,COMPLETE" not in res
:
1771 raise Exception("dev_exec_action did not succeed: " + res
)
1772 hex = res
.split(',')[3]
1774 logger
.info("URI from sigma_dut: " + uri
)
1776 id1
= dev
[1].dpp_qr_code(uri
)
1778 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1779 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1781 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1782 if "status,COMPLETE" not in res
:
1783 raise Exception("dev_exec_action did not succeed: " + res
)
1785 t
= threading
.Thread(target
=dpp_init_enrollee_mutual
, args
=(dev
[1], id1
, id0
))
1787 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1788 res
= sigma_dut_cmd(cmd
, timeout
=10)
1790 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
1791 raise Exception("Unexpected result: " + res
)
1793 stop_sigma_dut(sigma
)
1795 def test_sigma_dut_dpp_pkex_init_configurator(dev
, apdev
):
1796 """sigma_dut DPP/PKEX initiator as Configurator"""
1797 check_dpp_capab(dev
[0])
1798 check_dpp_capab(dev
[1])
1799 sigma
= start_sigma_dut(dev
[0].ifname
)
1801 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
1802 cmd
= "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1
)
1803 res
= dev
[1].request(cmd
)
1805 raise Exception("Failed to set PKEX data (responder)")
1806 cmd
= "DPP_LISTEN 2437 role=enrollee"
1807 if "OK" not in dev
[1].request(cmd
):
1808 raise Exception("Failed to start listen operation")
1810 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1811 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1812 raise Exception("Unexpected result: " + res
)
1814 stop_sigma_dut(sigma
)
1816 def dpp_init_conf(dev
, id1
, conf
, conf_id
, extra
):
1817 logger
.info("Starting DPP initiator/configurator in a thread")
1818 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1
, conf
, extra
, conf_id
)
1819 if "OK" not in dev
.request(cmd
):
1820 raise Exception("Failed to initiate DPP Authentication")
1821 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
1823 raise Exception("DPP configuration not completed (Configurator)")
1824 logger
.info("DPP initiator/configurator done")
1826 def test_sigma_dut_ap_dpp_qr(dev
, apdev
, params
):
1827 """sigma_dut controlled AP (DPP)"""
1828 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-dpp", "sta-dpp")
1830 def test_sigma_dut_ap_dpp_qr_legacy(dev
, apdev
, params
):
1831 """sigma_dut controlled AP (legacy)"""
1832 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
1833 extra
="pass=%s" % to_hex("qwertyuiop"))
1835 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev
, apdev
, params
):
1836 """sigma_dut controlled AP (legacy)"""
1837 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
1838 extra
="psk=%s" % (32*"12"))
1840 def run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, ap_conf
, sta_conf
, extra
=""):
1841 check_dpp_capab(dev
[0])
1842 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
1843 with
HWSimRadio() as (radio
, iface
):
1844 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1846 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1847 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1848 if "status,COMPLETE" not in res
:
1849 raise Exception("dev_exec_action did not succeed: " + res
)
1850 hex = res
.split(',')[3]
1852 logger
.info("URI from sigma_dut: " + uri
)
1854 cmd
= "DPP_CONFIGURATOR_ADD"
1855 res
= dev
[0].request(cmd
)
1857 raise Exception("Failed to add configurator")
1860 id1
= dev
[0].dpp_qr_code(uri
)
1862 t
= threading
.Thread(target
=dpp_init_conf
,
1863 args
=(dev
[0], id1
, ap_conf
, conf_id
, extra
))
1865 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
1867 if "ConfResult,OK" not in res
:
1868 raise Exception("Unexpected result: " + res
)
1870 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1871 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
1873 id0b
= dev
[0].dpp_qr_code(uri1
)
1875 dev
[1].set("dpp_config_processing", "2")
1876 cmd
= "DPP_LISTEN 2412"
1877 if "OK" not in dev
[1].request(cmd
):
1878 raise Exception("Failed to start listen operation")
1879 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b
, sta_conf
, extra
, conf_id
)
1880 if "OK" not in dev
[0].request(cmd
):
1881 raise Exception("Failed to initiate DPP Authentication")
1882 dev
[1].wait_connected()
1884 sigma_dut_cmd_check("ap_reset_default")
1886 dev
[1].set("dpp_config_processing", "0")
1887 stop_sigma_dut(sigma
)
1889 def test_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
, params
):
1890 """sigma_dut controlled AP as DPP PKEX responder"""
1891 check_dpp_capab(dev
[0])
1892 logdir
= os
.path
.join(params
['logdir'],
1893 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
1894 with
HWSimRadio() as (radio
, iface
):
1895 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1897 run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
)
1899 stop_sigma_dut(sigma
)
1901 def dpp_init_conf_pkex(dev
, conf_id
, check_config
=True):
1902 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
1904 id = dev
.dpp_bootstrap_gen(type="pkex")
1905 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id
)
1906 res
= dev
.request(cmd
)
1908 raise Exception("Failed to initiate DPP PKEX")
1909 if not check_config
:
1911 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
1913 raise Exception("DPP configuration not completed (Configurator)")
1914 logger
.info("DPP initiator/configurator done")
1916 def run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
):
1917 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1919 cmd
= "DPP_CONFIGURATOR_ADD"
1920 res
= dev
[0].request(cmd
)
1922 raise Exception("Failed to add configurator")
1925 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[0], conf_id
))
1927 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout
=10)
1929 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1930 raise Exception("Unexpected result: " + res
)
1932 sigma_dut_cmd_check("ap_reset_default")
1934 def test_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
1935 """sigma_dut controlled STA as DPP PKEX responder and error case"""
1936 check_dpp_capab(dev
[0])
1937 sigma
= start_sigma_dut(dev
[0].ifname
)
1939 run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
)
1941 stop_sigma_dut(sigma
)
1943 def run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
1944 cmd
= "DPP_CONFIGURATOR_ADD"
1945 res
= dev
[1].request(cmd
)
1947 raise Exception("Failed to add configurator")
1950 dev
[1].set("dpp_test", "44")
1952 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[1], conf_id
,
1955 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout
=10)
1957 if "BootstrapResult,Timeout" not in res
:
1958 raise Exception("Unexpected result: " + res
)
1960 def dpp_proto_init(dev
, id1
):
1962 logger
.info("Starting DPP initiator/configurator in a thread")
1963 cmd
= "DPP_CONFIGURATOR_ADD"
1964 res
= dev
.request(cmd
)
1966 raise Exception("Failed to add configurator")
1969 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1
, conf_id
)
1970 if "OK" not in dev
.request(cmd
):
1971 raise Exception("Failed to initiate DPP Authentication")
1973 def test_sigma_dut_dpp_proto_initiator(dev
, apdev
):
1974 """sigma_dut DPP protocol testing - Initiator"""
1975 check_dpp_capab(dev
[0])
1976 check_dpp_capab(dev
[1])
1977 tests
= [("InvalidValue", "AuthenticationRequest", "WrappedData",
1978 "BootstrapResult,OK,AuthResult,Errorsent",
1980 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
1981 "BootstrapResult,OK,AuthResult,Errorsent",
1983 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
1984 "BootstrapResult,OK,AuthResult,Errorsent",
1985 "Missing or invalid I-capabilities"),
1986 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
1987 "BootstrapResult,OK,AuthResult,Errorsent",
1988 "Mismatching Initiator Authenticating Tag"),
1989 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
1990 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
1991 "Missing or invalid Enrollee Nonce attribute")]
1992 for step
, frame
, attr
, result
, fail
in tests
:
1993 dev
[0].request("FLUSH")
1994 dev
[1].request("FLUSH")
1995 sigma
= start_sigma_dut(dev
[0].ifname
)
1997 run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
,
2000 stop_sigma_dut(sigma
)
2002 def run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
, fail
):
2003 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2004 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2006 cmd
= "DPP_LISTEN 2437 role=enrollee"
2007 if "OK" not in dev
[1].request(cmd
):
2008 raise Exception("Failed to start listen operation")
2010 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2011 if "status,COMPLETE" not in res
:
2012 raise Exception("dev_exec_action did not succeed: " + res
)
2014 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
),
2016 if result
not in res
:
2017 raise Exception("Unexpected result: " + res
)
2019 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2020 if ev
is None or fail
not in ev
:
2021 raise Exception("Failure not reported correctly: " + str(ev
))
2023 dev
[1].request("DPP_STOP_LISTEN")
2024 dev
[0].dump_monitor()
2025 dev
[1].dump_monitor()
2027 def test_sigma_dut_dpp_proto_responder(dev
, apdev
):
2028 """sigma_dut DPP protocol testing - Responder"""
2029 check_dpp_capab(dev
[0])
2030 check_dpp_capab(dev
[1])
2031 tests
= [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2032 "BootstrapResult,OK,AuthResult,Errorsent",
2033 "Missing or invalid required DPP Status attribute"),
2034 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2035 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2036 "Missing or invalid Enrollee Nonce attribute")]
2037 for step
, frame
, attr
, result
, fail
in tests
:
2038 dev
[0].request("FLUSH")
2039 dev
[1].request("FLUSH")
2040 sigma
= start_sigma_dut(dev
[0].ifname
)
2042 run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
,
2045 stop_sigma_dut(sigma
)
2047 def run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
, fail
):
2048 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2049 if "status,COMPLETE" not in res
:
2050 raise Exception("dev_exec_action did not succeed: " + res
)
2051 hex = res
.split(',')[3]
2053 logger
.info("URI from sigma_dut: " + uri
)
2055 id1
= dev
[1].dpp_qr_code(uri
)
2057 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2059 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2061 if result
not in res
:
2062 raise Exception("Unexpected result: " + res
)
2064 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2065 if ev
is None or fail
not in ev
:
2066 raise Exception("Failure not reported correctly:" + str(ev
))
2068 dev
[1].request("DPP_STOP_LISTEN")
2069 dev
[0].dump_monitor()
2070 dev
[1].dump_monitor()
2072 def test_sigma_dut_dpp_proto_stop_at_initiator(dev
, apdev
):
2073 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2074 check_dpp_capab(dev
[0])
2075 check_dpp_capab(dev
[1])
2076 tests
= [("AuthenticationResponse",
2077 "BootstrapResult,OK,AuthResult,Errorsent",
2079 ("ConfigurationRequest",
2080 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2082 for frame
, result
, fail
in tests
:
2083 dev
[0].request("FLUSH")
2084 dev
[1].request("FLUSH")
2085 sigma
= start_sigma_dut(dev
[0].ifname
)
2087 run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
)
2089 stop_sigma_dut(sigma
)
2091 def run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
):
2092 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2093 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2095 cmd
= "DPP_LISTEN 2437 role=enrollee"
2096 if "OK" not in dev
[1].request(cmd
):
2097 raise Exception("Failed to start listen operation")
2099 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2100 if "status,COMPLETE" not in res
:
2101 raise Exception("dev_exec_action did not succeed: " + res
)
2103 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
))
2104 if result
not in res
:
2105 raise Exception("Unexpected result: " + res
)
2107 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2108 if ev
is None or fail
not in ev
:
2109 raise Exception("Failure not reported correctly: " + str(ev
))
2111 dev
[1].request("DPP_STOP_LISTEN")
2112 dev
[0].dump_monitor()
2113 dev
[1].dump_monitor()
2115 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, apdev
):
2116 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2117 check_dpp_capab(dev
[0])
2118 check_dpp_capab(dev
[1])
2119 tests
= [("AuthenticationConfirm",
2120 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2122 for frame
, result
, fail
in tests
:
2123 dev
[0].request("FLUSH")
2124 dev
[1].request("FLUSH")
2125 sigma
= start_sigma_dut(dev
[0].ifname
, debug
=True)
2127 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
,
2130 stop_sigma_dut(sigma
)
2132 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
, result
,
2134 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2135 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2137 cmd
= "DPP_LISTEN 2437 role=configurator"
2138 if "OK" not in dev
[1].request(cmd
):
2139 raise Exception("Failed to start listen operation")
2141 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2142 if "status,COMPLETE" not in res
:
2143 raise Exception("dev_exec_action did not succeed: " + res
)
2145 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2146 if result
not in res
:
2147 raise Exception("Unexpected result: " + res
)
2149 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2150 if ev
is None or fail
not in ev
:
2151 raise Exception("Failure not reported correctly: " + str(ev
))
2153 dev
[1].request("DPP_STOP_LISTEN")
2154 dev
[0].dump_monitor()
2155 dev
[1].dump_monitor()
2157 def test_sigma_dut_dpp_proto_stop_at_responder(dev
, apdev
):
2158 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2159 check_dpp_capab(dev
[0])
2160 check_dpp_capab(dev
[1])
2161 tests
= [("AuthenticationRequest",
2162 "BootstrapResult,OK,AuthResult,Errorsent",
2164 ("AuthenticationConfirm",
2165 "BootstrapResult,OK,AuthResult,Errorsent",
2167 for frame
, result
, fail
in tests
:
2168 dev
[0].request("FLUSH")
2169 dev
[1].request("FLUSH")
2170 sigma
= start_sigma_dut(dev
[0].ifname
)
2172 run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
)
2174 stop_sigma_dut(sigma
)
2176 def run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
):
2177 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2178 if "status,COMPLETE" not in res
:
2179 raise Exception("dev_exec_action did not succeed: " + res
)
2180 hex = res
.split(',')[3]
2182 logger
.info("URI from sigma_dut: " + uri
)
2184 id1
= dev
[1].dpp_qr_code(uri
)
2186 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2188 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2190 if result
not in res
:
2191 raise Exception("Unexpected result: " + res
)
2193 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2194 if ev
is None or fail
not in ev
:
2195 raise Exception("Failure not reported correctly:" + str(ev
))
2197 dev
[1].request("DPP_STOP_LISTEN")
2198 dev
[0].dump_monitor()
2199 dev
[1].dump_monitor()
2201 def dpp_proto_init_pkex(dev
):
2203 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2204 cmd
= "DPP_CONFIGURATOR_ADD"
2205 res
= dev
.request(cmd
)
2207 raise Exception("Failed to add configurator")
2210 id = dev
.dpp_bootstrap_gen(type="pkex")
2212 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id
)
2213 if "FAIL" in dev
.request(cmd
):
2214 raise Exception("Failed to initiate DPP PKEX")
2216 def test_sigma_dut_dpp_proto_initiator_pkex(dev
, apdev
):
2217 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2218 check_dpp_capab(dev
[0])
2219 check_dpp_capab(dev
[1])
2220 tests
= [("InvalidValue", "PKEXCRRequest", "WrappedData",
2221 "BootstrapResult,Errorsent",
2223 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2224 "BootstrapResult,Errorsent",
2225 "Missing or invalid Finite Cyclic Group attribute"),
2226 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2227 "BootstrapResult,Errorsent",
2228 "No valid peer bootstrapping key found")]
2229 for step
, frame
, attr
, result
, fail
in tests
:
2230 dev
[0].request("FLUSH")
2231 dev
[1].request("FLUSH")
2232 sigma
= start_sigma_dut(dev
[0].ifname
)
2234 run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
,
2237 stop_sigma_dut(sigma
)
2239 def run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
, result
, fail
):
2240 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2242 cmd
= "DPP_PKEX_ADD own=%d code=secret" % (id1
)
2243 res
= dev
[1].request(cmd
)
2245 raise Exception("Failed to set PKEX data (responder)")
2247 cmd
= "DPP_LISTEN 2437 role=enrollee"
2248 if "OK" not in dev
[1].request(cmd
):
2249 raise Exception("Failed to start listen operation")
2251 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
))
2252 if result
not in res
:
2253 raise Exception("Unexpected result: " + res
)
2255 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2256 if ev
is None or fail
not in ev
:
2257 raise Exception("Failure not reported correctly: " + str(ev
))
2259 dev
[1].request("DPP_STOP_LISTEN")
2260 dev
[0].dump_monitor()
2261 dev
[1].dump_monitor()
2263 def test_sigma_dut_dpp_proto_responder_pkex(dev
, apdev
):
2264 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2265 check_dpp_capab(dev
[0])
2266 check_dpp_capab(dev
[1])
2267 tests
= [("InvalidValue", "PKEXCRResponse", "WrappedData",
2268 "BootstrapResult,Errorsent",
2270 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2271 "BootstrapResult,Errorsent",
2272 "No DPP Status attribute"),
2273 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2274 "BootstrapResult,Errorsent",
2275 "No valid peer bootstrapping key found")]
2276 for step
, frame
, attr
, result
, fail
in tests
:
2277 dev
[0].request("FLUSH")
2278 dev
[1].request("FLUSH")
2279 sigma
= start_sigma_dut(dev
[0].ifname
)
2281 run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
,
2284 stop_sigma_dut(sigma
)
2286 def run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
, result
, fail
):
2287 t
= threading
.Thread(target
=dpp_proto_init_pkex
, args
=(dev
[1],))
2289 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2291 if result
not in res
:
2292 raise Exception("Unexpected result: " + res
)
2294 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2295 if ev
is None or fail
not in ev
:
2296 raise Exception("Failure not reported correctly:" + str(ev
))
2298 dev
[1].request("DPP_STOP_LISTEN")
2299 dev
[0].dump_monitor()
2300 dev
[1].dump_monitor()
2302 def init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2303 check_dpp_capab(dev
[0])
2304 check_dpp_capab(dev
[1])
2306 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2307 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2308 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2309 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2311 params
= {"ssid": "DPPNET01",
2314 "wpa_key_mgmt": "DPP",
2315 "rsn_pairwise": "CCMP",
2316 "dpp_connector": ap_connector
,
2317 "dpp_csign": csign_pub
,
2318 "dpp_netaccesskey": ap_netaccesskey
}
2320 hapd
= hostapd
.add_ap(apdev
[0], params
)
2322 raise HwsimSkip("DPP not supported")
2324 dev
[0].set("dpp_config_processing", "2")
2326 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
2327 res
= dev
[1].request(cmd
)
2329 raise Exception("Failed to add configurator")
2332 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2333 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2335 dev
[1].set("dpp_configurator_params",
2336 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2338 cmd
= "DPP_LISTEN 2437 role=configurator"
2339 if "OK" not in dev
[1].request(cmd
):
2340 raise Exception("Failed to start listen operation")
2342 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2343 if "status,COMPLETE" not in res
:
2344 raise Exception("dev_exec_action did not succeed: " + res
)
2346 def test_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2347 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2348 sigma
= start_sigma_dut(dev
[0].ifname
)
2350 init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
)
2352 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout
=10)
2353 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res
:
2354 raise Exception("Unexpected result: " + res
)
2356 dev
[0].set("dpp_config_processing", "0")
2357 stop_sigma_dut(sigma
)
2359 def test_sigma_dut_dpp_self_config(dev
, apdev
):
2360 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2361 check_dpp_capab(dev
[0])
2363 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2364 check_dpp_capab(hapd
)
2366 sigma
= start_sigma_dut(dev
[0].ifname
)
2368 dev
[0].set("dpp_config_processing", "2")
2369 id = hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2370 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2372 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2373 if "status,COMPLETE" not in res
:
2374 raise Exception("dev_exec_action did not succeed: " + res
)
2376 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2377 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2378 raise Exception("Unexpected result: " + res
)
2379 update_hapd_config(hapd
)
2381 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2382 res
= sigma_dut_cmd(cmd
, timeout
=10)
2383 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
2384 raise Exception("Unexpected result: " + res
)
2386 stop_sigma_dut(sigma
)
2387 dev
[0].set("dpp_config_processing", "0")
2389 def test_sigma_dut_ap_dpp_self_config(dev
, apdev
, params
):
2390 """sigma_dut DPP AP Configurator using self-configuration"""
2391 logdir
= os
.path
.join(params
['logdir'],
2392 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2393 with
HWSimRadio() as (radio
, iface
):
2394 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2396 run_sigma_dut_ap_dpp_self_config(dev
, apdev
)
2398 stop_sigma_dut(sigma
)
2399 dev
[0].set("dpp_config_processing", "0")
2401 def run_sigma_dut_ap_dpp_self_config(dev
, apdev
):
2402 check_dpp_capab(dev
[0])
2404 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2406 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout
=10)
2407 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2408 raise Exception("Unexpected result: " + res
)
2410 dev
[0].set("dpp_config_processing", "2")
2412 id = dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True)
2413 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2414 cmd
= "DPP_LISTEN 2462 role=enrollee"
2415 if "OK" not in dev
[0].request(cmd
):
2416 raise Exception("Failed to start listen operation")
2418 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2419 if "status,COMPLETE" not in res
:
2420 raise Exception("dev_exec_action did not succeed: " + res
)
2421 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2422 res
= sigma_dut_cmd(cmd
)
2423 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2424 raise Exception("Unexpected result: " + res
)
2425 dev
[0].wait_connected()
2426 dev
[0].request("DISCONNECT")
2427 dev
[0].wait_disconnected()
2428 sigma_dut_cmd_check("ap_reset_default")
2431 def test_sigma_dut_ap_dpp_relay(dev
, apdev
, params
):
2432 """sigma_dut DPP AP as Relay to Controller"""
2433 logdir
= os
.path
.join(params
['logdir'],
2434 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2435 with
HWSimRadio() as (radio
, iface
):
2436 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2438 run_sigma_dut_ap_dpp_relay(dev
, apdev
)
2440 stop_sigma_dut(sigma
)
2441 dev
[1].request("DPP_CONTROLLER_STOP")
2443 def run_sigma_dut_ap_dpp_relay(dev
, apdev
):
2444 check_dpp_capab(dev
[0])
2445 check_dpp_capab(dev
[1])
2448 conf_id
= dev
[1].dpp_configurator_add()
2449 dev
[1].set("dpp_configurator_params",
2450 " conf=sta-dpp configurator=%d" % conf_id
)
2451 id_c
= dev
[1].dpp_bootstrap_gen()
2452 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2453 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
2455 for line
in res
.splitlines():
2456 name
, value
= line
.split('=')
2457 if name
== "pkhash":
2461 raise Exception("Could not fetch public key hash from Controller")
2462 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2463 raise Exception("Failed to start Controller")
2465 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2466 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash
)
2467 res
= sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2469 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
2470 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0])
2472 sigma_dut_cmd_check("ap_reset_default")
2474 def test_sigma_dut_preconfigured_profile(dev
, apdev
):
2475 """sigma_dut controlled connection using preconfigured profile"""
2477 run_sigma_dut_preconfigured_profile(dev
, apdev
)
2479 dev
[0].set("ignore_old_scan_res", "0")
2481 def run_sigma_dut_preconfigured_profile(dev
, apdev
):
2482 ifname
= dev
[0].ifname
2483 sigma
= start_sigma_dut(ifname
)
2485 params
= hostapd
.wpa2_params(ssid
="test-psk", passphrase
="12345678")
2486 hapd
= hostapd
.add_ap(apdev
[0], params
)
2487 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412",
2488 only_add_network
=True)
2490 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2491 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "test-psk"))
2492 sigma_dut_wait_connected(ifname
)
2493 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2494 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2495 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2497 stop_sigma_dut(sigma
)
2499 def test_sigma_dut_wps_pbc(dev
, apdev
):
2500 """sigma_dut and WPS PBC Enrollee"""
2502 run_sigma_dut_wps_pbc(dev
, apdev
)
2504 dev
[0].set("ignore_old_scan_res", "0")
2506 def run_sigma_dut_wps_pbc(dev
, apdev
):
2507 ssid
= "test-wps-conf"
2508 hapd
= hostapd
.add_ap(apdev
[0],
2509 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2510 "wpa_passphrase": "12345678", "wpa": "2",
2511 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2512 hapd
.request("WPS_PBC")
2514 ifname
= dev
[0].ifname
2515 sigma
= start_sigma_dut(ifname
)
2517 cmd
= "start_wps_registration,interface,%s" % ifname
2518 cmd
+= ",WpsRole,Enrollee"
2519 cmd
+= ",WpsConfigMethod,PBC"
2520 sigma_dut_cmd_check(cmd
, timeout
=15)
2522 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2524 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2525 stop_sigma_dut(sigma
)
2526 dev
[0].flush_scan_cache()
2528 def test_sigma_dut_sta_scan_bss(dev
, apdev
):
2529 """sigma_dut sta_scan_bss"""
2530 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "test"})
2531 sigma
= start_sigma_dut(dev
[0].ifname
)
2533 cmd
= "sta_scan_bss,Interface,%s,BSSID,%s" % (dev
[0].ifname
, \
2535 res
= sigma_dut_cmd(cmd
, timeout
=10)
2536 if "ssid,test,bsschannel,1" not in res
:
2537 raise Exception("Unexpected result: " + res
)
2539 stop_sigma_dut(sigma
)
2541 def test_sigma_dut_sta_scan_ssid_bssid(dev
, apdev
):
2542 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2543 hostapd
.add_ap(apdev
[0], {"ssid": "abcdef"})
2544 hostapd
.add_ap(apdev
[1], {"ssid": "qwerty"})
2545 sigma
= start_sigma_dut(dev
[0].ifname
, debug
=True)
2547 cmd
= "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev
[0].ifname
2548 res
= sigma_dut_cmd(cmd
, timeout
=10)
2549 if "abcdef" not in res
or "qwerty" not in res
:
2550 raise Exception("Unexpected result: " + res
)
2552 stop_sigma_dut(sigma
)
2554 def test_sigma_dut_ap_osen(dev
, apdev
, params
):
2555 """sigma_dut controlled AP with OSEN"""
2556 logdir
= os
.path
.join(params
['logdir'],
2557 "sigma_dut_ap_osen.sigma-hostapd")
2558 with
HWSimRadio() as (radio
, iface
):
2559 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2561 sigma_dut_cmd_check("ap_reset_default")
2562 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2563 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2564 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2565 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2567 # RSN-OSEN (for OSU)
2568 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2569 pairwise
="CCMP", group
="GTK_NOT_USED",
2570 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2571 ca_cert
="auth_serv/ca.pem", scan_freq
="2412")
2573 sigma_dut_cmd_check("ap_reset_default")
2575 stop_sigma_dut(sigma
)
2577 def test_sigma_dut_ap_eap_osen(dev
, apdev
, params
):
2578 """sigma_dut controlled AP with EAP+OSEN"""
2579 logdir
= os
.path
.join(params
['logdir'],
2580 "sigma_dut_ap_eap_osen.sigma-hostapd")
2581 with
HWSimRadio() as (radio
, iface
):
2582 sigma
= start_sigma_dut(iface
, bridge
="ap-br0", hostapd_logdir
=logdir
)
2584 sigma_dut_cmd_check("ap_reset_default")
2585 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2586 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2587 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2588 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2590 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
2591 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2593 # RSN-OSEN (for OSU)
2594 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2596 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2597 ca_cert
="auth_serv/ca.pem", ieee80211w
='2',
2599 # RSN-EAP (for data connection)
2600 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
2601 identity
="hs20-test", password
="password",
2602 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
2603 ieee80211w
='2', scan_freq
="2412")
2605 hwsim_utils
.test_connectivity(dev
[0], dev
[1], broadcast
=False,
2606 success_expected
=False, timeout
=1)
2608 sigma_dut_cmd_check("ap_reset_default")
2610 stop_sigma_dut(sigma
)
2611 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2612 stderr
=open('/dev/null', 'w'))
2613 subprocess
.call(['brctl', 'delbr', 'ap-br0'],
2614 stderr
=open('/dev/null', 'w'))
2616 def test_sigma_dut_ap_eap(dev
, apdev
, params
):
2617 """sigma_dut controlled AP WPA2-Enterprise"""
2618 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2619 with
HWSimRadio() as (radio
, iface
):
2620 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2622 sigma_dut_cmd_check("ap_reset_default")
2623 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2624 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2625 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2626 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2628 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
2629 identity
="gpsk user",
2630 password
="abcdefghijklmnop0123456789abcdef",
2633 sigma_dut_cmd_check("ap_reset_default")
2635 stop_sigma_dut(sigma
)
2637 def test_sigma_dut_ap_eap_sha256(dev
, apdev
, params
):
2638 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2639 logdir
= os
.path
.join(params
['logdir'],
2640 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2641 with
HWSimRadio() as (radio
, iface
):
2642 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2644 sigma_dut_cmd_check("ap_reset_default")
2645 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2646 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2647 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2648 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2650 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP-SHA256", eap
="GPSK",
2651 identity
="gpsk user",
2652 password
="abcdefghijklmnop0123456789abcdef",
2655 sigma_dut_cmd_check("ap_reset_default")
2657 stop_sigma_dut(sigma
)
2659 def test_sigma_dut_ap_ft_eap(dev
, apdev
, params
):
2660 """sigma_dut controlled AP FT-EAP"""
2661 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2662 with
HWSimRadio() as (radio
, iface
):
2663 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2665 sigma_dut_cmd_check("ap_reset_default")
2666 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2667 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2668 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2669 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2671 dev
[0].connect("test-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
2672 identity
="gpsk user",
2673 password
="abcdefghijklmnop0123456789abcdef",
2676 sigma_dut_cmd_check("ap_reset_default")
2678 stop_sigma_dut(sigma
)
2680 def test_sigma_dut_ap_ft_psk(dev
, apdev
, params
):
2681 """sigma_dut controlled AP FT-PSK"""
2682 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2683 with
HWSimRadio() as (radio
, iface
):
2684 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2686 sigma_dut_cmd_check("ap_reset_default")
2687 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2688 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2689 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2691 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
2694 sigma_dut_cmd_check("ap_reset_default")
2696 stop_sigma_dut(sigma
)
2698 def test_sigma_dut_ap_ft_over_ds_psk(dev
, apdev
, params
):
2699 """sigma_dut controlled AP FT-PSK (over-DS)"""
2700 logdir
= os
.path
.join(params
['logdir'],
2701 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
2702 conffile
= os
.path
.join(params
['logdir'],
2703 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
2704 with
HWSimRadio() as (radio
, iface
):
2705 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2707 sigma_dut_cmd_check("ap_reset_default")
2708 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
2709 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2710 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2712 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
2713 with
open(conffile
, "wb") as f2
:
2716 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
2719 sigma_dut_cmd_check("ap_reset_default")
2721 stop_sigma_dut(sigma
)
2723 def test_sigma_dut_ap_ent_ft_eap(dev
, apdev
, params
):
2724 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2725 logdir
= os
.path
.join(params
['logdir'],
2726 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2727 with
HWSimRadio() as (radio
, iface
):
2728 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2730 sigma_dut_cmd_check("ap_reset_default")
2731 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2732 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2733 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2734 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2736 dev
[0].connect("test-ent-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
2737 identity
="gpsk user",
2738 password
="abcdefghijklmnop0123456789abcdef",
2740 dev
[1].connect("test-ent-ft-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
2741 identity
="gpsk user",
2742 password
="abcdefghijklmnop0123456789abcdef",
2745 sigma_dut_cmd_check("ap_reset_default")
2747 stop_sigma_dut(sigma
)
2749 def test_sigma_dut_venue_url(dev
, apdev
):
2750 """sigma_dut controlled Venue URL fetch"""
2752 run_sigma_dut_venue_url(dev
, apdev
)
2754 dev
[0].set("ignore_old_scan_res", "0")
2756 def run_sigma_dut_venue_url(dev
, apdev
):
2757 ifname
= dev
[0].ifname
2758 sigma
= start_sigma_dut(ifname
, debug
=True)
2761 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
2762 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
2763 params
["ieee80211w"] = "2"
2767 venue_info
= struct
.pack('BB', venue_group
, venue_type
)
2769 name1
= "Example venue"
2771 name2
= "Esimerkkipaikka"
2772 venue1
= struct
.pack('B', len(lang1
+ name1
)) + lang1
.encode() + name1
.encode()
2773 venue2
= struct
.pack('B', len(lang2
+ name2
)) + lang2
.encode() + name2
.encode()
2774 venue_name
= binascii
.hexlify(venue_info
+ venue1
+ venue2
)
2776 url1
= "http://example.com/venue"
2777 url2
= "https://example.org/venue-info/"
2778 params
["venue_group"] = str(venue_group
)
2779 params
["venue_type"] = str(venue_type
)
2780 params
["venue_name"] = [lang1
+ ":" + name1
, lang2
+ ":" + name2
]
2781 params
["venue_url"] = ["1:" + url1
, "2:" + url2
]
2783 hapd
= hostapd
.add_ap(apdev
[0], params
)
2785 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
2786 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2787 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "venue", "12345678"))
2788 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "venue"))
2789 sigma_dut_wait_connected(ifname
)
2790 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2791 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname
+ ",Display,Yes")
2792 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2793 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2795 stop_sigma_dut(sigma
)
2797 def test_sigma_dut_hs20_assoc_24(dev
, apdev
):
2798 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
2799 run_sigma_dut_hs20_assoc(dev
, apdev
, True)
2801 def test_sigma_dut_hs20_assoc_5(dev
, apdev
):
2802 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
2803 run_sigma_dut_hs20_assoc(dev
, apdev
, False)
2805 def run_sigma_dut_hs20_assoc(dev
, apdev
, band24
):
2809 bssid0
= apdev
[0]['bssid']
2810 params
= hs20_ap_params()
2811 params
['hessid'] = bssid0
2812 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2814 bssid1
= apdev
[1]['bssid']
2815 params
= hs20_ap_params()
2816 params
['hessid'] = bssid0
2817 params
["hw_mode"] = "a"
2818 params
["channel"] = "36"
2819 params
["country_code"] = "US"
2820 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2822 band
= "2.4" if band24
else "5"
2823 exp_bssid
= bssid0
if band24
else bssid1
2824 run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, exp_bssid
)
2826 dev
[0].request("DISCONNECT")
2828 hapd0
.request("DISABLE")
2830 hapd1
.request("DISABLE")
2831 subprocess
.call(['iw', 'reg', 'set', '00'])
2832 dev
[0].flush_scan_cache()
2834 def run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, expect_bssid
):
2835 check_eap_capa(dev
[0], "MSCHAPV2")
2836 dev
[0].flush_scan_cache()
2838 ifname
= dev
[0].ifname
2839 sigma
= start_sigma_dut(ifname
, debug
=True)
2841 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname
)
2842 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2843 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname
)
2844 res
= sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname
, band
),
2846 sigma_dut_wait_connected(ifname
)
2847 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2848 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2849 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2851 stop_sigma_dut(sigma
)
2853 if "BSSID," + expect_bssid
not in res
:
2854 raise Exception("Unexpected BSSID: " + res
)
2856 def test_sigma_dut_ap_hs20(dev
, apdev
, params
):
2857 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
2858 logdir
= os
.path
.join(params
['logdir'],
2859 "sigma_dut_ap_hs20.sigma-hostapd")
2860 conffile
= os
.path
.join(params
['logdir'],
2861 "sigma_dut_ap_hs20.sigma-conf")
2862 with
HWSimRadio() as (radio
, iface
):
2863 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2865 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
2866 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2867 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2868 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
2869 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
2870 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
2871 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
2872 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
2873 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
2874 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
2875 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
2876 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
2877 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
2878 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2880 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
2881 with
open(conffile
, "wb") as f2
:
2884 sigma_dut_cmd_check("ap_reset_default")
2886 stop_sigma_dut(sigma
)
2888 def test_sigma_dut_eap_ttls_uosc(dev
, apdev
, params
):
2889 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
2890 logdir
= params
['logdir']
2892 with
open("auth_serv/ca.pem", "r") as f
:
2893 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.ca.pem"),
2897 src
= "auth_serv/server.pem"
2898 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.der")
2899 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
2900 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
2902 stderr
=open('/dev/null', 'w'))
2903 with
open(dst
, "rb") as f
:
2905 hash = hashlib
.sha256(der
).digest()
2906 with
open(hashdst
, "w") as f
:
2907 f
.write(binascii
.hexlify(hash).decode())
2909 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
2910 with
open(dst
, "w") as f
:
2913 ssid
= "test-wpa2-eap"
2914 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
2915 hapd
= hostapd
.add_ap(apdev
[0], params
)
2917 ifname
= dev
[0].ifname
2918 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
2921 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname
, ssid
)
2923 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
2924 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2925 sigma_dut_cmd_check(cmd
)
2926 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
2927 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
2929 raise Exception("Server certificate error not reported")
2931 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
2932 if "ServerCertTrustResult,Accepted" not in res
:
2933 raise Exception("Server certificate trust was not accepted")
2934 sigma_dut_wait_connected(ifname
)
2935 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2936 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2937 dev
[0].dump_monitor()
2939 stop_sigma_dut(sigma
)
2941 def test_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
):
2942 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
2943 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, False)
2945 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev
, apdev
, params
):
2946 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
2947 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, True)
2949 def run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, tofu
):
2950 logdir
= params
['logdir']
2952 name
= "sigma_dut_eap_ttls_uosc_tod"
2955 with
open("auth_serv/ca.pem", "r") as f
:
2956 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
2960 src
= "auth_serv/server-certpol2.pem"
2962 src
= "auth_serv/server-certpol.pem"
2963 dst
= os
.path
.join(logdir
, name
+ ".server.der")
2964 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
2965 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
2967 stderr
=open('/dev/null', 'w'))
2968 with
open(dst
, "rb") as f
:
2970 hash = hashlib
.sha256(der
).digest()
2971 with
open(hashdst
, "w") as f
:
2972 f
.write(binascii
.hexlify(hash).decode())
2974 ssid
= "test-wpa2-eap"
2975 params
= int_eap_server_params()
2976 params
["ssid"] = ssid
2978 params
["server_cert"] = "auth_serv/server-certpol2.pem"
2979 params
["private_key"] = "auth_serv/server-certpol2.key"
2981 params
["server_cert"] = "auth_serv/server-certpol.pem"
2982 params
["private_key"] = "auth_serv/server-certpol.key"
2983 hapd
= hostapd
.add_ap(apdev
[0], params
)
2985 ifname
= dev
[0].ifname
2986 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
2989 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name
+ ".server.pem") % (ifname
, ssid
)
2990 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
2991 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2992 sigma_dut_cmd_check(cmd
)
2993 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
2994 sigma_dut_wait_connected(ifname
)
2995 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2996 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
+ ",maintain_profile,1")
2997 dev
[0].wait_disconnected()
2998 dev
[0].dump_monitor()
3001 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3002 hapd
= hostapd
.add_ap(apdev
[0], params
)
3004 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
3005 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3007 raise Exception("Server certificate error not reported")
3009 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3010 if "ServerCertTrustResult,Accepted" in res
:
3011 raise Exception("Server certificate trust override was accepted unexpectedly")
3012 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3013 dev
[0].dump_monitor()
3015 stop_sigma_dut(sigma
)
3017 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev
, apdev
, params
):
3018 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3019 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, False)
3021 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev
, apdev
, params
):
3022 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3023 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, True)
3025 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, tofu
):
3026 logdir
= params
['logdir']
3028 name
= "sigma_dut_eap_ttls_uosc_initial_tod"
3031 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
3032 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3036 src
= "auth_serv/server-certpol2.pem"
3038 src
= "auth_serv/server-certpol.pem"
3039 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3040 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3041 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3043 stderr
=open('/dev/null', 'w'))
3044 with
open(dst
, "rb") as f
:
3046 hash = hashlib
.sha256(der
).digest()
3047 with
open(hashdst
, "w") as f
:
3048 f
.write(binascii
.hexlify(hash).decode())
3050 ssid
= "test-wpa2-eap"
3051 params
= int_eap_server_params()
3052 params
["ssid"] = ssid
3054 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3055 params
["private_key"] = "auth_serv/server-certpol2.key"
3057 params
["server_cert"] = "auth_serv/server-certpol.pem"
3058 params
["private_key"] = "auth_serv/server-certpol.key"
3059 hapd
= hostapd
.add_ap(apdev
[0], params
)
3061 ifname
= dev
[0].ifname
3062 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
3065 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname
, ssid
)
3066 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3067 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3068 sigma_dut_cmd_check(cmd
)
3069 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
3070 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=15)
3072 raise Exception("Server certificate validation failure not reported")
3074 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3075 if not tofu
and "ServerCertTrustResult,Accepted" in res
:
3076 raise Exception("Server certificate trust override was accepted unexpectedly")
3077 if tofu
and "ServerCertTrustResult,Accepted" not in res
:
3078 raise Exception("Server certificate trust override was not accepted")
3079 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3080 dev
[0].dump_monitor()
3082 stop_sigma_dut(sigma
)
3084 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev
, apdev
, params
):
3085 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3086 logdir
= params
['logdir']
3088 with
open("auth_serv/ca.pem", "r") as f
:
3089 with
open(os
.path
.join(logdir
,
3090 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3094 ssid
= "test-wpa2-eap"
3095 params
= int_eap_server_params()
3096 params
["ssid"] = ssid
3097 params
["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3098 params
["server_cert"] = "auth_serv/rsa3072-server.pem"
3099 params
["private_key"] = "auth_serv/rsa3072-server.key"
3100 hapd
= hostapd
.add_ap(apdev
[0], params
)
3102 ifname
= dev
[0].ifname
3103 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
3106 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname
, ssid
)
3107 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3108 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3109 sigma_dut_cmd_check(cmd
)
3110 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
3111 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3113 raise Exception("Server certificate error not reported")
3115 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3116 if "ServerCertTrustResult,Accepted" not in res
:
3117 raise Exception("Server certificate trust was not accepted")
3118 sigma_dut_wait_connected(ifname
)
3119 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3120 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3121 dev
[0].dump_monitor()
3123 stop_sigma_dut(sigma
)