]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: sigma_dut ap_get_mac_address
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 import logging
8 logger = logging.getLogger()
9 import os
10 import socket
11 import subprocess
12 import time
13
14 import hostapd
15 from utils import HwsimSkip
16 from hwsim import HWSimRadio
17 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
18
19 def check_sigma_dut():
20 if not os.path.exists("./sigma_dut"):
21 raise HwsimSkip("sigma_dut not available")
22
23 def sigma_dut_cmd(cmd, port=9000):
24 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
25 socket.IPPROTO_TCP)
26 sock.settimeout(2)
27 addr = ('127.0.0.1', port)
28 sock.connect(addr)
29 sock.send(cmd + "\r\n")
30 try:
31 res = sock.recv(1000)
32 running = False
33 done = False
34 for line in res.splitlines():
35 if line.startswith("status,RUNNING"):
36 running = True
37 elif line.startswith("status,INVALID"):
38 done = True
39 elif line.startswith("status,ERROR"):
40 done = True
41 elif line.startswith("status,COMPLETE"):
42 done = True
43 if running and not done:
44 # Read the actual response
45 res = sock.recv(1000)
46 except:
47 res = ''
48 pass
49 sock.close()
50 res = res.rstrip()
51 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
52 return res
53
54 def sigma_dut_cmd_check(cmd):
55 res = sigma_dut_cmd(cmd)
56 if "COMPLETE" not in res:
57 raise Exception("sigma_dut command failed: " + cmd)
58 return res
59
60 def start_sigma_dut(ifname, debug=False, hostapd_logdir=None, cert_path=None):
61 check_sigma_dut()
62 cmd = [ './sigma_dut',
63 '-M', ifname,
64 '-S', ifname,
65 '-F', '../../hostapd/hostapd',
66 '-G',
67 '-j', ifname ]
68 if debug:
69 cmd += [ '-d' ]
70 if hostapd_logdir:
71 cmd += [ '-H', hostapd_logdir ]
72 if cert_path:
73 cmd += [ '-C', cert_path ]
74 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
75 stderr=subprocess.PIPE)
76 for i in range(20):
77 try:
78 res = sigma_dut_cmd("HELLO")
79 break
80 except:
81 time.sleep(0.05)
82 return sigma
83
84 def stop_sigma_dut(sigma):
85 sigma.terminate()
86 sigma.wait()
87 out, err = sigma.communicate()
88 logger.debug("sigma_dut stdout: " + str(out))
89 logger.debug("sigma_dut stderr: " + str(err))
90
91 def sigma_dut_wait_connected(ifname):
92 for i in range(50):
93 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
94 if "connected,1" in res:
95 break
96 time.sleep(0.2)
97 if i == 49:
98 raise Exception("Connection did not complete")
99
100 def test_sigma_dut_basic(dev, apdev):
101 """sigma_dut basic functionality"""
102 sigma = start_sigma_dut(dev[0].ifname)
103
104 res = sigma_dut_cmd("UNKNOWN")
105 if "status,INVALID,errorCode,Unknown command" not in res:
106 raise Exception("Unexpected sigma_dut response to unknown command")
107
108 tests = [ ("ca_get_version", "status,COMPLETE,version,1.0"),
109 ("device_get_info", "status,COMPLETE,vendor"),
110 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
111 ("device_list_interfaces,interfaceType,802.11",
112 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname) ]
113 for cmd, response in tests:
114 res = sigma_dut_cmd(cmd)
115 if response not in res:
116 raise Exception("Unexpected %s response: %s" % (cmd, res))
117
118 stop_sigma_dut(sigma)
119
120 def test_sigma_dut_open(dev, apdev):
121 """sigma_dut controlled open network association"""
122 try:
123 run_sigma_dut_open(dev, apdev)
124 finally:
125 dev[0].set("ignore_old_scan_res", "0")
126
127 def run_sigma_dut_open(dev, apdev):
128 ifname = dev[0].ifname
129 sigma = start_sigma_dut(ifname)
130
131 hapd = hostapd.add_ap(apdev[0], { "ssid": "open" })
132
133 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
134 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
135 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"))
136 sigma_dut_wait_connected(ifname)
137 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
138 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
139 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
140
141 stop_sigma_dut(sigma)
142
143 def test_sigma_dut_psk_pmf(dev, apdev):
144 """sigma_dut controlled PSK+PMF association"""
145 try:
146 run_sigma_dut_psk_pmf(dev, apdev)
147 finally:
148 dev[0].set("ignore_old_scan_res", "0")
149
150 def run_sigma_dut_psk_pmf(dev, apdev):
151 ifname = dev[0].ifname
152 sigma = start_sigma_dut(ifname)
153
154 ssid = "test-pmf-required"
155 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
156 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
157 params["ieee80211w"] = "2"
158 hapd = hostapd.add_ap(apdev[0], params)
159
160 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
161 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
162 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
163 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
164 sigma_dut_wait_connected(ifname)
165 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
166 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
167 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
168
169 stop_sigma_dut(sigma)
170
171 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
172 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
173 try:
174 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
175 finally:
176 dev[0].set("ignore_old_scan_res", "0")
177
178 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
179 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
180 try:
181 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
182 finally:
183 dev[0].set("ignore_old_scan_res", "0")
184
185 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
186 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
187 try:
188 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
189 finally:
190 dev[0].set("ignore_old_scan_res", "0")
191
192 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
193 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
194 try:
195 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
196 finally:
197 dev[0].set("ignore_old_scan_res", "0")
198
199 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
200 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
201 try:
202 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
203 failure=True)
204 finally:
205 dev[0].set("ignore_old_scan_res", "0")
206
207 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
208 failure=False):
209 ifname = dev[0].ifname
210 sigma = start_sigma_dut(ifname)
211
212 ssid = "test-pmf-required"
213 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
214 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
215 params["ieee80211w"] = "2"
216 params["group_mgmt_cipher"] = hostapd_cipher
217 hapd = hostapd.add_ap(apdev[0], params)
218
219 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
220 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
221 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
222 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
223 if failure:
224 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
225 "CTRL-EVENT-CONNECTED"], timeout=10)
226 if ev is None:
227 raise Exception("Network selection result not indicated")
228 if "CTRL-EVENT-CONNECTED" in ev:
229 raise Exception("Unexpected connection")
230 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
231 if "connected,1" in res:
232 raise Exception("Connection reported")
233 else:
234 sigma_dut_wait_connected(ifname)
235 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
236
237 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
238 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
239
240 stop_sigma_dut(sigma)
241
242 def test_sigma_dut_sae(dev, apdev):
243 """sigma_dut controlled SAE association"""
244 if "SAE" not in dev[0].get_capability("auth_alg"):
245 raise HwsimSkip("SAE not supported")
246
247 ifname = dev[0].ifname
248 sigma = start_sigma_dut(ifname)
249
250 ssid = "test-sae"
251 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
252 params['wpa_key_mgmt'] = 'SAE'
253 hapd = hostapd.add_ap(apdev[0], params)
254
255 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
256 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
257 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
258 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
259 sigma_dut_wait_connected(ifname)
260 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
261 if dev[0].get_status_field('sae_group') != '19':
262 raise Exception("Expected default SAE group not used")
263 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
264
265 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
266
267 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
268 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
269 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
270 sigma_dut_wait_connected(ifname)
271 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
272 if dev[0].get_status_field('sae_group') != '20':
273 raise Exception("Expected SAE group not used")
274 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
275 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
276
277 stop_sigma_dut(sigma)
278
279 def test_sigma_dut_sae_password(dev, apdev):
280 """sigma_dut controlled SAE association and long password"""
281 if "SAE" not in dev[0].get_capability("auth_alg"):
282 raise HwsimSkip("SAE not supported")
283
284 ifname = dev[0].ifname
285 sigma = start_sigma_dut(ifname)
286
287 try:
288 ssid = "test-sae"
289 params = hostapd.wpa2_params(ssid=ssid)
290 params['sae_password'] = 100*'B'
291 params['wpa_key_mgmt'] = 'SAE'
292 hapd = hostapd.add_ap(apdev[0], params)
293
294 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
295 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
296 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
297 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
298 sigma_dut_wait_connected(ifname)
299 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
300 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
301 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
302 finally:
303 stop_sigma_dut(sigma)
304
305 def test_sigma_dut_sta_override_rsne(dev, apdev):
306 """sigma_dut and RSNE override on STA"""
307 try:
308 run_sigma_dut_sta_override_rsne(dev, apdev)
309 finally:
310 dev[0].set("ignore_old_scan_res", "0")
311
312 def run_sigma_dut_sta_override_rsne(dev, apdev):
313 ifname = dev[0].ifname
314 sigma = start_sigma_dut(ifname)
315
316 ssid = "test-psk"
317 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
318 hapd = hostapd.add_ap(apdev[0], params)
319
320 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
321
322 tests = [ "30120100000fac040100000fac040100000fac02",
323 "30140100000fac040100000fac040100000fac02ffff" ]
324 for test in tests:
325 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
326 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
327 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
328 sigma_dut_wait_connected(ifname)
329 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
330 dev[0].dump_monitor()
331
332 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
333 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
334 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
335
336 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
337 if ev is None:
338 raise Exception("Association rejection not reported")
339 if "status_code=40" not in ev:
340 raise Exception("Unexpected status code: " + ev)
341
342 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
343
344 stop_sigma_dut(sigma)
345
346 def test_sigma_dut_ap_psk(dev, apdev):
347 """sigma_dut controlled AP"""
348 with HWSimRadio() as (radio, iface):
349 sigma = start_sigma_dut(iface)
350 try:
351 sigma_dut_cmd_check("ap_reset_default")
352 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
353 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
354 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
355
356 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
357
358 sigma_dut_cmd_check("ap_reset_default")
359 finally:
360 stop_sigma_dut(sigma)
361
362 def test_sigma_dut_suite_b(dev, apdev, params):
363 """sigma_dut controlled STA Suite B"""
364 check_suite_b_192_capa(dev)
365 logdir = params['logdir']
366
367 with open("auth_serv/ec2-ca.pem", "r") as f:
368 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
369 f2.write(f.read())
370
371 with open("auth_serv/ec2-user.pem", "r") as f:
372 with open("auth_serv/ec2-user.key", "r") as f2:
373 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
374 f3.write(f.read())
375 f3.write(f2.read())
376
377 dev[0].flush_scan_cache()
378 params = suite_b_as_params()
379 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
380 params['server_cert'] = 'auth_serv/ec2-server.pem'
381 params['private_key'] = 'auth_serv/ec2-server.key'
382 params['openssl_ciphers'] = 'SUITEB192'
383 hostapd.add_ap(apdev[1], params)
384
385 params = { "ssid": "test-suite-b",
386 "wpa": "2",
387 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
388 "rsn_pairwise": "GCMP-256",
389 "group_mgmt_cipher": "BIP-GMAC-256",
390 "ieee80211w": "2",
391 "ieee8021x": "1",
392 'auth_server_addr': "127.0.0.1",
393 'auth_server_port': "18129",
394 'auth_server_shared_secret': "radius",
395 'nas_identifier': "nas.w1.fi" }
396 hapd = hostapd.add_ap(apdev[0], params)
397
398 ifname = dev[0].ifname
399 sigma = start_sigma_dut(ifname, cert_path=logdir)
400
401 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
402 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
403 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,PMF,Required,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
404 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
405 sigma_dut_wait_connected(ifname)
406 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
407 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
408 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
409
410 stop_sigma_dut(sigma)
411
412 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
413 """sigma_dut controlled STA Suite B (RSA)"""
414 check_suite_b_192_capa(dev)
415 logdir = params['logdir']
416
417 with open("auth_serv/rsa3072-ca.pem", "r") as f:
418 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
419 f2.write(f.read())
420
421 with open("auth_serv/rsa3072-user.pem", "r") as f:
422 with open("auth_serv/rsa3072-user.key", "r") as f2:
423 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
424 f3.write(f.read())
425 f3.write(f2.read())
426
427 dev[0].flush_scan_cache()
428 params = suite_b_192_rsa_ap_params()
429 hapd = hostapd.add_ap(apdev[0], params)
430
431 ifname = dev[0].ifname
432 sigma = start_sigma_dut(ifname, cert_path=logdir)
433
434 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,PMF,Required,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
435
436 tests = [ "",
437 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
438 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" ]
439 for extra in tests:
440 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
441 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
442 sigma_dut_cmd_check(cmd + extra)
443 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
444 sigma_dut_wait_connected(ifname)
445 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
446 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
447 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
448
449 stop_sigma_dut(sigma)
450
451 def test_sigma_dut_ap_suite_b(dev, apdev, params):
452 """sigma_dut controlled AP Suite B"""
453 check_suite_b_192_capa(dev)
454 logdir = os.path.join(params['logdir'],
455 "sigma_dut_ap_suite_b.sigma-hostapd")
456 params = suite_b_as_params()
457 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
458 params['server_cert'] = 'auth_serv/ec2-server.pem'
459 params['private_key'] = 'auth_serv/ec2-server.key'
460 params['openssl_ciphers'] = 'SUITEB192'
461 hostapd.add_ap(apdev[1], params)
462 with HWSimRadio() as (radio, iface):
463 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
464 try:
465 sigma_dut_cmd_check("ap_reset_default")
466 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
467 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
468 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required")
469 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
470
471 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
472 ieee80211w="2",
473 openssl_ciphers="SUITEB192",
474 eap="TLS", identity="tls user",
475 ca_cert="auth_serv/ec2-ca.pem",
476 client_cert="auth_serv/ec2-user.pem",
477 private_key="auth_serv/ec2-user.key",
478 pairwise="GCMP-256", group="GCMP-256",
479 scan_freq="2412")
480
481 sigma_dut_cmd_check("ap_reset_default")
482 finally:
483 stop_sigma_dut(sigma)
484
485 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
486 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
487 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
488 "GCMP")
489
490 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
491 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
492 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
493 "GCMP-256")
494
495 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
496 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
497 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
498 "CCMP")
499
500 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
501 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
502 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
503 "CCMP-256")
504
505 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
506 sta_cipher):
507 check_suite_b_192_capa(dev)
508 logdir = os.path.join(params['logdir'],
509 "sigma_dut_ap_cipher.sigma-hostapd")
510 params = suite_b_as_params()
511 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
512 params['server_cert'] = 'auth_serv/ec2-server.pem'
513 params['private_key'] = 'auth_serv/ec2-server.key'
514 params['openssl_ciphers'] = 'SUITEB192'
515 hostapd.add_ap(apdev[1], params)
516 with HWSimRadio() as (radio, iface):
517 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
518 try:
519 sigma_dut_cmd_check("ap_reset_default")
520 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
521 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
522 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt))
523 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
524
525 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
526 ieee80211w="2",
527 openssl_ciphers="SUITEB192",
528 eap="TLS", identity="tls user",
529 ca_cert="auth_serv/ec2-ca.pem",
530 client_cert="auth_serv/ec2-user.pem",
531 private_key="auth_serv/ec2-user.key",
532 pairwise=sta_cipher, group=sta_cipher,
533 scan_freq="2412")
534
535 sigma_dut_cmd_check("ap_reset_default")
536 finally:
537 stop_sigma_dut(sigma)
538
539 def test_sigma_dut_ap_override_rsne(dev, apdev):
540 """sigma_dut controlled AP overriding RSNE"""
541 with HWSimRadio() as (radio, iface):
542 sigma = start_sigma_dut(iface)
543 try:
544 sigma_dut_cmd_check("ap_reset_default")
545 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
546 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
547 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
548 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
549
550 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
551
552 sigma_dut_cmd_check("ap_reset_default")
553 finally:
554 stop_sigma_dut(sigma)
555
556 def test_sigma_dut_ap_sae(dev, apdev):
557 """sigma_dut controlled AP with SAE"""
558 with HWSimRadio() as (radio, iface):
559 sigma = start_sigma_dut(iface)
560 try:
561 sigma_dut_cmd_check("ap_reset_default")
562 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
563 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
564 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
565
566 dev[0].request("SET sae_groups ")
567 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
568 scan_freq="2412")
569 if dev[0].get_status_field('sae_group') != '19':
570 raise Exception("Expected default SAE group not used")
571
572 sigma_dut_cmd_check("ap_reset_default")
573 finally:
574 stop_sigma_dut(sigma)
575
576 def test_sigma_dut_ap_sae_password(dev, apdev):
577 """sigma_dut controlled AP with SAE and long password"""
578 with HWSimRadio() as (radio, iface):
579 sigma = start_sigma_dut(iface)
580 try:
581 sigma_dut_cmd_check("ap_reset_default")
582 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
583 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
584 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
585
586 dev[0].request("SET sae_groups ")
587 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
588 scan_freq="2412")
589 if dev[0].get_status_field('sae_group') != '19':
590 raise Exception("Expected default SAE group not used")
591
592 sigma_dut_cmd_check("ap_reset_default")
593 finally:
594 stop_sigma_dut(sigma)
595
596 def test_sigma_dut_ap_sae_group(dev, apdev):
597 """sigma_dut controlled AP with SAE and specific group"""
598 with HWSimRadio() as (radio, iface):
599 sigma = start_sigma_dut(iface)
600 try:
601 sigma_dut_cmd_check("ap_reset_default")
602 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
603 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
604 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
605
606 dev[0].request("SET sae_groups ")
607 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
608 scan_freq="2412")
609 if dev[0].get_status_field('sae_group') != '20':
610 raise Exception("Expected SAE group not used")
611
612 sigma_dut_cmd_check("ap_reset_default")
613 finally:
614 stop_sigma_dut(sigma)
615
616 def test_sigma_dut_ap_psk_sae(dev, apdev):
617 """sigma_dut controlled AP with PSK+SAE"""
618 with HWSimRadio() as (radio, iface):
619 sigma = start_sigma_dut(iface)
620 try:
621 sigma_dut_cmd_check("ap_reset_default")
622 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
623 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
624 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
625
626 dev[0].request("SET sae_groups ")
627 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
628 scan_freq="2412")
629 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
630
631 sigma_dut_cmd_check("ap_reset_default")
632 finally:
633 stop_sigma_dut(sigma)
634
635 def test_sigma_dut_owe(dev, apdev):
636 """sigma_dut controlled OWE station"""
637 try:
638 run_sigma_dut_owe(dev, apdev)
639 finally:
640 dev[0].set("ignore_old_scan_res", "0")
641
642 def run_sigma_dut_owe(dev, apdev):
643 if "OWE" not in dev[0].get_capability("key_mgmt"):
644 raise HwsimSkip("OWE not supported")
645
646 ifname = dev[0].ifname
647 sigma = start_sigma_dut(ifname)
648
649 try:
650 params = { "ssid": "owe",
651 "wpa": "2",
652 "wpa_key_mgmt": "OWE",
653 "rsn_pairwise": "CCMP" }
654 hapd = hostapd.add_ap(apdev[0], params)
655 bssid = hapd.own_addr()
656
657 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
658 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
659 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
660 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
661 sigma_dut_wait_connected(ifname)
662 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
663
664 dev[0].dump_monitor()
665 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
666 dev[0].wait_connected()
667 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
668 dev[0].wait_disconnected()
669 dev[0].dump_monitor()
670
671 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
672 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
673 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
674 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
675 sigma_dut_wait_connected(ifname)
676 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
677 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
678 dev[0].wait_disconnected()
679 dev[0].dump_monitor()
680
681 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
682 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
683 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
684 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
685 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
686 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
687 if ev is None:
688 raise Exception("Association not rejected")
689 if "status_code=77" not in ev:
690 raise Exception("Unexpected rejection reason: " + ev)
691
692 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
693 finally:
694 stop_sigma_dut(sigma)
695
696 def test_sigma_dut_ap_owe(dev, apdev):
697 """sigma_dut controlled AP with OWE"""
698 if "OWE" not in dev[0].get_capability("key_mgmt"):
699 raise HwsimSkip("OWE not supported")
700 with HWSimRadio() as (radio, iface):
701 sigma = start_sigma_dut(iface)
702 try:
703 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
704 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
705 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
706 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
707
708 dev[0].connect("owe", key_mgmt="OWE", scan_freq="2412")
709
710 sigma_dut_cmd_check("ap_reset_default")
711 finally:
712 stop_sigma_dut(sigma)
713
714 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
715 """sigma_dut controlled AP with OWE and ECGroupID"""
716 if "OWE" not in dev[0].get_capability("key_mgmt"):
717 raise HwsimSkip("OWE not supported")
718 with HWSimRadio() as (radio, iface):
719 sigma = start_sigma_dut(iface)
720 try:
721 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
722 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
723 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
724 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
725
726 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
727 owe_group="20", scan_freq="2412")
728 dev[0].request("REMOVE_NETWORK all")
729 dev[0].wait_disconnected()
730
731 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
732 owe_group="21", scan_freq="2412")
733 dev[0].request("REMOVE_NETWORK all")
734 dev[0].wait_disconnected()
735
736 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
737 owe_group="19", scan_freq="2412", wait_connect=False)
738 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
739 dev[0].request("DISCONNECT")
740 if ev is None:
741 raise Exception("Association not rejected")
742 if "status_code=77" not in ev:
743 raise Exception("Unexpected rejection reason: " + ev)
744 dev[0].dump_monitor()
745
746 sigma_dut_cmd_check("ap_reset_default")
747 finally:
748 stop_sigma_dut(sigma)
749
750 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
751 """sigma_dut controlled AP with OWE and transition mode"""
752 if "OWE" not in dev[0].get_capability("key_mgmt"):
753 raise HwsimSkip("OWE not supported")
754 logdir = os.path.join(params['logdir'],
755 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
756 with HWSimRadio() as (radio, iface):
757 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
758 try:
759 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
760 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
761 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
762 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
763 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
764 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
765
766 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
767 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
768
769 dev[0].connect("owe", key_mgmt="OWE", scan_freq="2412")
770 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
771 if dev[0].get_status_field('bssid') not in res1:
772 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
773 if dev[1].get_status_field('bssid') not in res2:
774 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
775
776 sigma_dut_cmd_check("ap_reset_default")
777 finally:
778 stop_sigma_dut(sigma)
Unnamed repository; edit this file 'description' to name the repository.