1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
8 logger
= logging
.getLogger()
15 from utils
import HwsimSkip
16 from hwsim
import HWSimRadio
17 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
19 def check_sigma_dut():
20 if not os
.path
.exists("./sigma_dut"):
21 raise HwsimSkip("sigma_dut not available")
23 def sigma_dut_cmd(cmd
, port
=9000):
24 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
27 addr
= ('127.0.0.1', port
)
29 sock
.send(cmd
+ "\r\n")
34 for line
in res
.splitlines():
35 if line
.startswith("status,RUNNING"):
37 elif line
.startswith("status,INVALID"):
39 elif line
.startswith("status,ERROR"):
41 elif line
.startswith("status,COMPLETE"):
43 if running
and not done
:
44 # Read the actual response
51 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
54 def sigma_dut_cmd_check(cmd
):
55 res
= sigma_dut_cmd(cmd
)
56 if "COMPLETE" not in res
:
57 raise Exception("sigma_dut command failed: " + cmd
)
60 def start_sigma_dut(ifname
, debug
=False, hostapd_logdir
=None, cert_path
=None):
62 cmd
= [ './sigma_dut',
65 '-F', '../../hostapd/hostapd',
71 cmd
+= [ '-H', hostapd_logdir
]
73 cmd
+= [ '-C', cert_path
]
74 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
75 stderr
=subprocess
.PIPE
)
78 res
= sigma_dut_cmd("HELLO")
84 def stop_sigma_dut(sigma
):
87 out
, err
= sigma
.communicate()
88 logger
.debug("sigma_dut stdout: " + str(out
))
89 logger
.debug("sigma_dut stderr: " + str(err
))
91 def sigma_dut_wait_connected(ifname
):
93 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
94 if "connected,1" in res
:
98 raise Exception("Connection did not complete")
100 def test_sigma_dut_basic(dev
, apdev
):
101 """sigma_dut basic functionality"""
102 sigma
= start_sigma_dut(dev
[0].ifname
)
104 res
= sigma_dut_cmd("UNKNOWN")
105 if "status,INVALID,errorCode,Unknown command" not in res
:
106 raise Exception("Unexpected sigma_dut response to unknown command")
108 tests
= [ ("ca_get_version", "status,COMPLETE,version,1.0"),
109 ("device_get_info", "status,COMPLETE,vendor"),
110 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
111 ("device_list_interfaces,interfaceType,802.11",
112 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
) ]
113 for cmd
, response
in tests
:
114 res
= sigma_dut_cmd(cmd
)
115 if response
not in res
:
116 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
118 stop_sigma_dut(sigma
)
120 def test_sigma_dut_open(dev
, apdev
):
121 """sigma_dut controlled open network association"""
123 run_sigma_dut_open(dev
, apdev
)
125 dev
[0].set("ignore_old_scan_res", "0")
127 def run_sigma_dut_open(dev
, apdev
):
128 ifname
= dev
[0].ifname
129 sigma
= start_sigma_dut(ifname
)
131 hapd
= hostapd
.add_ap(apdev
[0], { "ssid": "open" })
133 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
134 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
135 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"))
136 sigma_dut_wait_connected(ifname
)
137 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
138 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
139 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
141 stop_sigma_dut(sigma
)
143 def test_sigma_dut_psk_pmf(dev
, apdev
):
144 """sigma_dut controlled PSK+PMF association"""
146 run_sigma_dut_psk_pmf(dev
, apdev
)
148 dev
[0].set("ignore_old_scan_res", "0")
150 def run_sigma_dut_psk_pmf(dev
, apdev
):
151 ifname
= dev
[0].ifname
152 sigma
= start_sigma_dut(ifname
)
154 ssid
= "test-pmf-required"
155 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
156 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
157 params
["ieee80211w"] = "2"
158 hapd
= hostapd
.add_ap(apdev
[0], params
)
160 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
161 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
162 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
163 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"))
164 sigma_dut_wait_connected(ifname
)
165 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
166 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
167 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
169 stop_sigma_dut(sigma
)
171 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
172 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
174 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
176 dev
[0].set("ignore_old_scan_res", "0")
178 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
179 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
181 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
183 dev
[0].set("ignore_old_scan_res", "0")
185 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
186 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
188 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
190 dev
[0].set("ignore_old_scan_res", "0")
192 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
193 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
195 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
197 dev
[0].set("ignore_old_scan_res", "0")
199 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
200 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
202 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
205 dev
[0].set("ignore_old_scan_res", "0")
207 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
209 ifname
= dev
[0].ifname
210 sigma
= start_sigma_dut(ifname
)
212 ssid
= "test-pmf-required"
213 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
214 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
215 params
["ieee80211w"] = "2"
216 params
["group_mgmt_cipher"] = hostapd_cipher
217 hapd
= hostapd
.add_ap(apdev
[0], params
)
219 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
220 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
221 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
222 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"))
224 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
225 "CTRL-EVENT-CONNECTED"], timeout
=10)
227 raise Exception("Network selection result not indicated")
228 if "CTRL-EVENT-CONNECTED" in ev
:
229 raise Exception("Unexpected connection")
230 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
231 if "connected,1" in res
:
232 raise Exception("Connection reported")
234 sigma_dut_wait_connected(ifname
)
235 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
237 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
238 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
240 stop_sigma_dut(sigma
)
242 def test_sigma_dut_sae(dev
, apdev
):
243 """sigma_dut controlled SAE association"""
244 if "SAE" not in dev
[0].get_capability("auth_alg"):
245 raise HwsimSkip("SAE not supported")
247 ifname
= dev
[0].ifname
248 sigma
= start_sigma_dut(ifname
)
251 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
252 params
['wpa_key_mgmt'] = 'SAE'
253 hapd
= hostapd
.add_ap(apdev
[0], params
)
255 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
256 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
257 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
258 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
259 sigma_dut_wait_connected(ifname
)
260 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
261 if dev
[0].get_status_field('sae_group') != '19':
262 raise Exception("Expected default SAE group not used")
263 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
265 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
267 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
268 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
269 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
270 sigma_dut_wait_connected(ifname
)
271 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
272 if dev
[0].get_status_field('sae_group') != '20':
273 raise Exception("Expected SAE group not used")
274 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
275 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
277 stop_sigma_dut(sigma
)
279 def test_sigma_dut_sae_password(dev
, apdev
):
280 """sigma_dut controlled SAE association and long password"""
281 if "SAE" not in dev
[0].get_capability("auth_alg"):
282 raise HwsimSkip("SAE not supported")
284 ifname
= dev
[0].ifname
285 sigma
= start_sigma_dut(ifname
)
289 params
= hostapd
.wpa2_params(ssid
=ssid
)
290 params
['sae_password'] = 100*'B'
291 params
['wpa_key_mgmt'] = 'SAE'
292 hapd
= hostapd
.add_ap(apdev
[0], params
)
294 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
295 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
296 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
297 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
298 sigma_dut_wait_connected(ifname
)
299 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
300 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
301 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
303 stop_sigma_dut(sigma
)
305 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
306 """sigma_dut and RSNE override on STA"""
308 run_sigma_dut_sta_override_rsne(dev
, apdev
)
310 dev
[0].set("ignore_old_scan_res", "0")
312 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
313 ifname
= dev
[0].ifname
314 sigma
= start_sigma_dut(ifname
)
317 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
318 hapd
= hostapd
.add_ap(apdev
[0], params
)
320 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
322 tests
= [ "30120100000fac040100000fac040100000fac02",
323 "30140100000fac040100000fac040100000fac02ffff" ]
325 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
326 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
327 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"))
328 sigma_dut_wait_connected(ifname
)
329 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
330 dev
[0].dump_monitor()
332 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
333 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
334 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"))
336 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
338 raise Exception("Association rejection not reported")
339 if "status_code=40" not in ev
:
340 raise Exception("Unexpected status code: " + ev
)
342 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
344 stop_sigma_dut(sigma
)
346 def test_sigma_dut_ap_psk(dev
, apdev
):
347 """sigma_dut controlled AP"""
348 with
HWSimRadio() as (radio
, iface
):
349 sigma
= start_sigma_dut(iface
)
351 sigma_dut_cmd_check("ap_reset_default")
352 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
353 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
354 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
356 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
358 sigma_dut_cmd_check("ap_reset_default")
360 stop_sigma_dut(sigma
)
362 def test_sigma_dut_suite_b(dev
, apdev
, params
):
363 """sigma_dut controlled STA Suite B"""
364 check_suite_b_192_capa(dev
)
365 logdir
= params
['logdir']
367 with
open("auth_serv/ec2-ca.pem", "r") as f
:
368 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
371 with
open("auth_serv/ec2-user.pem", "r") as f
:
372 with
open("auth_serv/ec2-user.key", "r") as f2
:
373 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
377 dev
[0].flush_scan_cache()
378 params
= suite_b_as_params()
379 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
380 params
['server_cert'] = 'auth_serv/ec2-server.pem'
381 params
['private_key'] = 'auth_serv/ec2-server.key'
382 params
['openssl_ciphers'] = 'SUITEB192'
383 hostapd
.add_ap(apdev
[1], params
)
385 params
= { "ssid": "test-suite-b",
387 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
388 "rsn_pairwise": "GCMP-256",
389 "group_mgmt_cipher": "BIP-GMAC-256",
392 'auth_server_addr': "127.0.0.1",
393 'auth_server_port': "18129",
394 'auth_server_shared_secret': "radius",
395 'nas_identifier': "nas.w1.fi" }
396 hapd
= hostapd
.add_ap(apdev
[0], params
)
398 ifname
= dev
[0].ifname
399 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
401 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
402 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
403 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,PMF,Required,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
404 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"))
405 sigma_dut_wait_connected(ifname
)
406 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
407 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
408 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
410 stop_sigma_dut(sigma
)
412 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
413 """sigma_dut controlled STA Suite B (RSA)"""
414 check_suite_b_192_capa(dev
)
415 logdir
= params
['logdir']
417 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
418 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
421 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
422 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
423 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
427 dev
[0].flush_scan_cache()
428 params
= suite_b_192_rsa_ap_params()
429 hapd
= hostapd
.add_ap(apdev
[0], params
)
431 ifname
= dev
[0].ifname
432 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
434 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,PMF,Required,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
437 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
438 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" ]
440 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
441 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
442 sigma_dut_cmd_check(cmd
+ extra
)
443 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"))
444 sigma_dut_wait_connected(ifname
)
445 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
446 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
447 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
449 stop_sigma_dut(sigma
)
451 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
452 """sigma_dut controlled AP Suite B"""
453 check_suite_b_192_capa(dev
)
454 logdir
= os
.path
.join(params
['logdir'],
455 "sigma_dut_ap_suite_b.sigma-hostapd")
456 params
= suite_b_as_params()
457 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
458 params
['server_cert'] = 'auth_serv/ec2-server.pem'
459 params
['private_key'] = 'auth_serv/ec2-server.key'
460 params
['openssl_ciphers'] = 'SUITEB192'
461 hostapd
.add_ap(apdev
[1], params
)
462 with
HWSimRadio() as (radio
, iface
):
463 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
465 sigma_dut_cmd_check("ap_reset_default")
466 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
467 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
468 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required")
469 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
471 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
473 openssl_ciphers
="SUITEB192",
474 eap
="TLS", identity
="tls user",
475 ca_cert
="auth_serv/ec2-ca.pem",
476 client_cert
="auth_serv/ec2-user.pem",
477 private_key
="auth_serv/ec2-user.key",
478 pairwise
="GCMP-256", group
="GCMP-256",
481 sigma_dut_cmd_check("ap_reset_default")
483 stop_sigma_dut(sigma
)
485 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
486 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
487 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
490 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
491 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
492 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
495 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
496 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
497 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
500 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
501 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
502 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
505 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
507 check_suite_b_192_capa(dev
)
508 logdir
= os
.path
.join(params
['logdir'],
509 "sigma_dut_ap_cipher.sigma-hostapd")
510 params
= suite_b_as_params()
511 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
512 params
['server_cert'] = 'auth_serv/ec2-server.pem'
513 params
['private_key'] = 'auth_serv/ec2-server.key'
514 params
['openssl_ciphers'] = 'SUITEB192'
515 hostapd
.add_ap(apdev
[1], params
)
516 with
HWSimRadio() as (radio
, iface
):
517 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
519 sigma_dut_cmd_check("ap_reset_default")
520 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
521 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
522 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
))
523 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
525 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
527 openssl_ciphers
="SUITEB192",
528 eap
="TLS", identity
="tls user",
529 ca_cert
="auth_serv/ec2-ca.pem",
530 client_cert
="auth_serv/ec2-user.pem",
531 private_key
="auth_serv/ec2-user.key",
532 pairwise
=sta_cipher
, group
=sta_cipher
,
535 sigma_dut_cmd_check("ap_reset_default")
537 stop_sigma_dut(sigma
)
539 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
540 """sigma_dut controlled AP overriding RSNE"""
541 with
HWSimRadio() as (radio
, iface
):
542 sigma
= start_sigma_dut(iface
)
544 sigma_dut_cmd_check("ap_reset_default")
545 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
546 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
547 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
548 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
550 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
552 sigma_dut_cmd_check("ap_reset_default")
554 stop_sigma_dut(sigma
)
556 def test_sigma_dut_ap_sae(dev
, apdev
):
557 """sigma_dut controlled AP with SAE"""
558 with
HWSimRadio() as (radio
, iface
):
559 sigma
= start_sigma_dut(iface
)
561 sigma_dut_cmd_check("ap_reset_default")
562 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
563 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
564 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
566 dev
[0].request("SET sae_groups ")
567 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
569 if dev
[0].get_status_field('sae_group') != '19':
570 raise Exception("Expected default SAE group not used")
572 sigma_dut_cmd_check("ap_reset_default")
574 stop_sigma_dut(sigma
)
576 def test_sigma_dut_ap_sae_password(dev
, apdev
):
577 """sigma_dut controlled AP with SAE and long password"""
578 with
HWSimRadio() as (radio
, iface
):
579 sigma
= start_sigma_dut(iface
)
581 sigma_dut_cmd_check("ap_reset_default")
582 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
583 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
584 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
586 dev
[0].request("SET sae_groups ")
587 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
589 if dev
[0].get_status_field('sae_group') != '19':
590 raise Exception("Expected default SAE group not used")
592 sigma_dut_cmd_check("ap_reset_default")
594 stop_sigma_dut(sigma
)
596 def test_sigma_dut_ap_sae_group(dev
, apdev
):
597 """sigma_dut controlled AP with SAE and specific group"""
598 with
HWSimRadio() as (radio
, iface
):
599 sigma
= start_sigma_dut(iface
)
601 sigma_dut_cmd_check("ap_reset_default")
602 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
603 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
604 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
606 dev
[0].request("SET sae_groups ")
607 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
609 if dev
[0].get_status_field('sae_group') != '20':
610 raise Exception("Expected SAE group not used")
612 sigma_dut_cmd_check("ap_reset_default")
614 stop_sigma_dut(sigma
)
616 def test_sigma_dut_ap_psk_sae(dev
, apdev
):
617 """sigma_dut controlled AP with PSK+SAE"""
618 with
HWSimRadio() as (radio
, iface
):
619 sigma
= start_sigma_dut(iface
)
621 sigma_dut_cmd_check("ap_reset_default")
622 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
623 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
624 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
626 dev
[0].request("SET sae_groups ")
627 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
629 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
631 sigma_dut_cmd_check("ap_reset_default")
633 stop_sigma_dut(sigma
)
635 def test_sigma_dut_owe(dev
, apdev
):
636 """sigma_dut controlled OWE station"""
638 run_sigma_dut_owe(dev
, apdev
)
640 dev
[0].set("ignore_old_scan_res", "0")
642 def run_sigma_dut_owe(dev
, apdev
):
643 if "OWE" not in dev
[0].get_capability("key_mgmt"):
644 raise HwsimSkip("OWE not supported")
646 ifname
= dev
[0].ifname
647 sigma
= start_sigma_dut(ifname
)
650 params
= { "ssid": "owe",
652 "wpa_key_mgmt": "OWE",
653 "rsn_pairwise": "CCMP" }
654 hapd
= hostapd
.add_ap(apdev
[0], params
)
655 bssid
= hapd
.own_addr()
657 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
658 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
659 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
660 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
661 sigma_dut_wait_connected(ifname
)
662 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
664 dev
[0].dump_monitor()
665 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
666 dev
[0].wait_connected()
667 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
668 dev
[0].wait_disconnected()
669 dev
[0].dump_monitor()
671 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
672 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
673 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
674 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
675 sigma_dut_wait_connected(ifname
)
676 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
677 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
678 dev
[0].wait_disconnected()
679 dev
[0].dump_monitor()
681 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
682 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
683 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
684 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
685 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
686 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
688 raise Exception("Association not rejected")
689 if "status_code=77" not in ev
:
690 raise Exception("Unexpected rejection reason: " + ev
)
692 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
694 stop_sigma_dut(sigma
)
696 def test_sigma_dut_ap_owe(dev
, apdev
):
697 """sigma_dut controlled AP with OWE"""
698 if "OWE" not in dev
[0].get_capability("key_mgmt"):
699 raise HwsimSkip("OWE not supported")
700 with
HWSimRadio() as (radio
, iface
):
701 sigma
= start_sigma_dut(iface
)
703 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
704 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
705 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
706 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
708 dev
[0].connect("owe", key_mgmt
="OWE", scan_freq
="2412")
710 sigma_dut_cmd_check("ap_reset_default")
712 stop_sigma_dut(sigma
)
714 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
715 """sigma_dut controlled AP with OWE and ECGroupID"""
716 if "OWE" not in dev
[0].get_capability("key_mgmt"):
717 raise HwsimSkip("OWE not supported")
718 with
HWSimRadio() as (radio
, iface
):
719 sigma
= start_sigma_dut(iface
)
721 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
722 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
723 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
724 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
726 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
727 owe_group
="20", scan_freq
="2412")
728 dev
[0].request("REMOVE_NETWORK all")
729 dev
[0].wait_disconnected()
731 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
732 owe_group
="21", scan_freq
="2412")
733 dev
[0].request("REMOVE_NETWORK all")
734 dev
[0].wait_disconnected()
736 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
737 owe_group
="19", scan_freq
="2412", wait_connect
=False)
738 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
739 dev
[0].request("DISCONNECT")
741 raise Exception("Association not rejected")
742 if "status_code=77" not in ev
:
743 raise Exception("Unexpected rejection reason: " + ev
)
744 dev
[0].dump_monitor()
746 sigma_dut_cmd_check("ap_reset_default")
748 stop_sigma_dut(sigma
)
750 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
751 """sigma_dut controlled AP with OWE and transition mode"""
752 if "OWE" not in dev
[0].get_capability("key_mgmt"):
753 raise HwsimSkip("OWE not supported")
754 logdir
= os
.path
.join(params
['logdir'],
755 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
756 with
HWSimRadio() as (radio
, iface
):
757 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
759 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
760 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
761 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
762 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
763 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
764 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
766 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
767 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
769 dev
[0].connect("owe", key_mgmt
="OWE", scan_freq
="2412")
770 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
771 if dev
[0].get_status_field('bssid') not in res1
:
772 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
773 if dev
[1].get_status_field('bssid') not in res2
:
774 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
776 sigma_dut_cmd_check("ap_reset_default")
778 stop_sigma_dut(sigma
)