1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
11 logger
= logging
.getLogger()
20 from utils
import HwsimSkip
21 from hwsim
import HWSimRadio
23 from test_dpp
import check_dpp_capab
, update_hapd_config
, wait_auth_success
24 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
25 from test_ap_eap
import check_eap_capa
, int_eap_server_params
26 from test_ap_hs20
import hs20_ap_params
28 def check_sigma_dut():
29 if not os
.path
.exists("./sigma_dut"):
30 raise HwsimSkip("sigma_dut not available")
33 return binascii
.hexlify(s
.encode()).decode()
36 return binascii
.unhexlify(s
).decode()
38 def sigma_dut_cmd(cmd
, port
=9000, timeout
=2):
39 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
41 sock
.settimeout(timeout
)
42 addr
= ('127.0.0.1', port
)
44 sock
.send(cmd
.encode() + b
"\r\n")
46 res
= sock
.recv(1000).decode()
49 for line
in res
.splitlines():
50 if line
.startswith("status,RUNNING"):
52 elif line
.startswith("status,INVALID"):
54 elif line
.startswith("status,ERROR"):
56 elif line
.startswith("status,COMPLETE"):
58 if running
and not done
:
59 # Read the actual response
60 res
= sock
.recv(1000).decode()
66 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
69 def sigma_dut_cmd_check(cmd
, port
=9000, timeout
=2):
70 res
= sigma_dut_cmd(cmd
, port
=port
, timeout
=timeout
)
71 if "COMPLETE" not in res
:
72 raise Exception("sigma_dut command failed: " + cmd
)
75 def start_sigma_dut(ifname
, debug
=False, hostapd_logdir
=None, cert_path
=None,
81 '-F', '../../hostapd/hostapd',
83 '-w', '/var/run/wpa_supplicant/',
88 cmd
+= ['-H', hostapd_logdir
]
90 cmd
+= ['-C', cert_path
]
93 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
94 stderr
=subprocess
.PIPE
)
97 res
= sigma_dut_cmd("HELLO")
103 def stop_sigma_dut(sigma
):
106 out
, err
= sigma
.communicate()
107 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
108 logger
.debug("sigma_dut stderr: " + str(err
.decode()))
110 def sigma_dut_wait_connected(ifname
):
112 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
113 if "connected,1" in res
:
117 raise Exception("Connection did not complete")
119 def test_sigma_dut_basic(dev
, apdev
):
120 """sigma_dut basic functionality"""
121 sigma
= start_sigma_dut(dev
[0].ifname
)
123 res
= sigma_dut_cmd("UNKNOWN")
124 if "status,INVALID,errorCode,Unknown command" not in res
:
125 raise Exception("Unexpected sigma_dut response to unknown command")
127 tests
= [("ca_get_version", "status,COMPLETE,version,1.0"),
128 ("device_get_info", "status,COMPLETE,vendor"),
129 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
130 ("device_list_interfaces,interfaceType,802.11",
131 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
)]
132 for cmd
, response
in tests
:
133 res
= sigma_dut_cmd(cmd
)
134 if response
not in res
:
135 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
137 stop_sigma_dut(sigma
)
139 def test_sigma_dut_open(dev
, apdev
):
140 """sigma_dut controlled open network association"""
142 run_sigma_dut_open(dev
, apdev
)
144 dev
[0].set("ignore_old_scan_res", "0")
146 def run_sigma_dut_open(dev
, apdev
):
147 ifname
= dev
[0].ifname
148 sigma
= start_sigma_dut(ifname
)
150 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "open"})
152 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
153 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
154 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"))
155 sigma_dut_wait_connected(ifname
)
156 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
157 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
158 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
160 stop_sigma_dut(sigma
)
162 def test_sigma_dut_psk_pmf(dev
, apdev
):
163 """sigma_dut controlled PSK+PMF association"""
165 run_sigma_dut_psk_pmf(dev
, apdev
)
167 dev
[0].set("ignore_old_scan_res", "0")
169 def run_sigma_dut_psk_pmf(dev
, apdev
):
170 ifname
= dev
[0].ifname
171 sigma
= start_sigma_dut(ifname
)
173 ssid
= "test-pmf-required"
174 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
175 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
176 params
["ieee80211w"] = "2"
177 hapd
= hostapd
.add_ap(apdev
[0], params
)
179 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
180 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
181 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
182 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"))
183 sigma_dut_wait_connected(ifname
)
184 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
185 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
186 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
188 stop_sigma_dut(sigma
)
190 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
191 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
193 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
195 dev
[0].set("ignore_old_scan_res", "0")
197 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
198 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
200 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
202 dev
[0].set("ignore_old_scan_res", "0")
204 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
205 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
207 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
209 dev
[0].set("ignore_old_scan_res", "0")
211 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
212 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
214 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
216 dev
[0].set("ignore_old_scan_res", "0")
218 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
219 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
221 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
224 dev
[0].set("ignore_old_scan_res", "0")
226 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
228 ifname
= dev
[0].ifname
229 sigma
= start_sigma_dut(ifname
)
231 ssid
= "test-pmf-required"
232 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
233 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
234 params
["ieee80211w"] = "2"
235 params
["group_mgmt_cipher"] = hostapd_cipher
236 hapd
= hostapd
.add_ap(apdev
[0], params
)
238 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
239 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
240 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
241 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"))
243 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
244 "CTRL-EVENT-CONNECTED"], timeout
=10)
246 raise Exception("Network selection result not indicated")
247 if "CTRL-EVENT-CONNECTED" in ev
:
248 raise Exception("Unexpected connection")
249 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
250 if "connected,1" in res
:
251 raise Exception("Connection reported")
253 sigma_dut_wait_connected(ifname
)
254 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
256 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
257 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
259 stop_sigma_dut(sigma
)
261 def test_sigma_dut_sae(dev
, apdev
):
262 """sigma_dut controlled SAE association"""
263 if "SAE" not in dev
[0].get_capability("auth_alg"):
264 raise HwsimSkip("SAE not supported")
266 ifname
= dev
[0].ifname
267 sigma
= start_sigma_dut(ifname
)
270 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
271 params
['wpa_key_mgmt'] = 'SAE'
272 params
["ieee80211w"] = "2"
273 params
['sae_groups'] = '19 20 21'
274 hapd
= hostapd
.add_ap(apdev
[0], params
)
276 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
277 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
278 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
279 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
280 sigma_dut_wait_connected(ifname
)
281 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
282 if dev
[0].get_status_field('sae_group') != '19':
283 raise Exception("Expected default SAE group not used")
284 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
286 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
288 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
289 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
290 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
291 sigma_dut_wait_connected(ifname
)
292 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
293 if dev
[0].get_status_field('sae_group') != '20':
294 raise Exception("Expected SAE group not used")
295 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
296 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
298 stop_sigma_dut(sigma
)
300 def test_sigma_dut_sae_pmkid_include(dev
, apdev
):
301 """sigma_dut controlled SAE association with PMKID"""
302 if "SAE" not in dev
[0].get_capability("auth_alg"):
303 raise HwsimSkip("SAE not supported")
305 ifname
= dev
[0].ifname
306 sigma
= start_sigma_dut(ifname
)
309 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
310 params
['wpa_key_mgmt'] = 'SAE'
311 params
["ieee80211w"] = "2"
312 params
["sae_confirm_immediate"] = "1"
313 hapd
= hostapd
.add_ap(apdev
[0], params
)
315 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
316 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
317 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname
, "test-sae", "12345678"))
318 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
319 sigma_dut_wait_connected(ifname
)
320 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
321 stop_sigma_dut(sigma
)
323 def test_sigma_dut_sae_password(dev
, apdev
):
324 """sigma_dut controlled SAE association and long password"""
325 if "SAE" not in dev
[0].get_capability("auth_alg"):
326 raise HwsimSkip("SAE not supported")
328 ifname
= dev
[0].ifname
329 sigma
= start_sigma_dut(ifname
)
333 params
= hostapd
.wpa2_params(ssid
=ssid
)
334 params
['sae_password'] = 100*'B'
335 params
['wpa_key_mgmt'] = 'SAE'
336 params
["ieee80211w"] = "2"
337 hapd
= hostapd
.add_ap(apdev
[0], params
)
339 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
340 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
341 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
342 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
343 sigma_dut_wait_connected(ifname
)
344 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
345 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
346 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
348 stop_sigma_dut(sigma
)
350 def test_sigma_dut_sae_pw_id(dev
, apdev
):
351 """sigma_dut controlled SAE association with Password Identifier"""
352 if "SAE" not in dev
[0].get_capability("auth_alg"):
353 raise HwsimSkip("SAE not supported")
355 ifname
= dev
[0].ifname
356 sigma
= start_sigma_dut(ifname
, debug
=True)
359 params
= hostapd
.wpa2_params(ssid
=ssid
)
360 params
['wpa_key_mgmt'] = 'SAE'
361 params
["ieee80211w"] = "2"
362 params
['sae_password'] = 'secret|id=pw id'
363 params
['sae_groups'] = '19'
364 hapd
= hostapd
.add_ap(apdev
[0], params
)
366 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
367 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
368 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname
, "test-sae", "secret"))
369 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
370 sigma_dut_wait_connected(ifname
)
371 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
372 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
374 stop_sigma_dut(sigma
)
376 def test_sigma_dut_sae_pw_id_ft(dev
, apdev
):
377 """sigma_dut controlled SAE association with Password Identifier and FT"""
378 run_sigma_dut_sae_pw_id_ft(dev
, apdev
)
380 def test_sigma_dut_sae_pw_id_ft_over_ds(dev
, apdev
):
381 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
382 run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=True)
384 def run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=False):
385 if "SAE" not in dev
[0].get_capability("auth_alg"):
386 raise HwsimSkip("SAE not supported")
388 ifname
= dev
[0].ifname
389 sigma
= start_sigma_dut(ifname
, debug
=True)
392 params
= hostapd
.wpa2_params(ssid
=ssid
)
393 params
['wpa_key_mgmt'] = 'SAE FT-SAE'
394 params
["ieee80211w"] = "2"
395 params
['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
396 params
['mobility_domain'] = 'aabb'
397 params
['ft_over_ds'] = '1' if over_ds
else '0'
398 bssid
= apdev
[0]['bssid'].replace(':', '')
399 params
['nas_identifier'] = bssid
+ '.nas.example.com'
400 params
['r1_key_holder'] = bssid
401 params
['pmk_r1_push'] = '0'
402 params
['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
403 params
['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
404 hapd
= hostapd
.add_ap(apdev
[0], params
)
406 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
408 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname
)
409 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
410 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname
, "test-sae", "pw2"))
411 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"))
412 sigma_dut_wait_connected(ifname
)
414 bssid
= apdev
[1]['bssid'].replace(':', '')
415 params
['nas_identifier'] = bssid
+ '.nas.example.com'
416 params
['r1_key_holder'] = bssid
417 hapd2
= hostapd
.add_ap(apdev
[1], params
)
418 bssid
= hapd2
.own_addr()
419 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
420 dev
[0].wait_connected()
422 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
423 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
425 stop_sigma_dut(sigma
)
427 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
428 """sigma_dut and RSNE override on STA"""
430 run_sigma_dut_sta_override_rsne(dev
, apdev
)
432 dev
[0].set("ignore_old_scan_res", "0")
434 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
435 ifname
= dev
[0].ifname
436 sigma
= start_sigma_dut(ifname
)
439 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
440 hapd
= hostapd
.add_ap(apdev
[0], params
)
442 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
444 tests
= ["30120100000fac040100000fac040100000fac02",
445 "30140100000fac040100000fac040100000fac02ffff"]
447 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
448 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
449 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"))
450 sigma_dut_wait_connected(ifname
)
451 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
452 dev
[0].dump_monitor()
454 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
455 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
456 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"))
458 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
460 raise Exception("Association rejection not reported")
461 if "status_code=40" not in ev
:
462 raise Exception("Unexpected status code: " + ev
)
464 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
466 stop_sigma_dut(sigma
)
468 def test_sigma_dut_ap_psk(dev
, apdev
):
469 """sigma_dut controlled AP"""
470 with
HWSimRadio() as (radio
, iface
):
471 sigma
= start_sigma_dut(iface
)
473 sigma_dut_cmd_check("ap_reset_default")
474 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
475 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
476 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
478 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
480 sigma_dut_cmd_check("ap_reset_default")
482 stop_sigma_dut(sigma
)
484 def test_sigma_dut_ap_pskhex(dev
, apdev
, params
):
485 """sigma_dut controlled AP and PSKHEX"""
486 logdir
= os
.path
.join(params
['logdir'],
487 "sigma_dut_ap_pskhex.sigma-hostapd")
488 with
HWSimRadio() as (radio
, iface
):
489 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
491 psk
= "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
492 sigma_dut_cmd_check("ap_reset_default")
493 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
494 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk
)
495 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
497 dev
[0].connect("test-psk", raw_psk
=psk
, scan_freq
="2412")
499 sigma_dut_cmd_check("ap_reset_default")
501 stop_sigma_dut(sigma
)
503 def test_sigma_dut_ap_psk_sha256(dev
, apdev
, params
):
504 """sigma_dut controlled AP PSK SHA256"""
505 logdir
= os
.path
.join(params
['logdir'],
506 "sigma_dut_ap_psk_sha256.sigma-hostapd")
507 with
HWSimRadio() as (radio
, iface
):
508 sigma
= start_sigma_dut(iface
)
510 sigma_dut_cmd_check("ap_reset_default")
511 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
512 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
513 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
515 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
516 psk
="12345678", scan_freq
="2412")
518 sigma_dut_cmd_check("ap_reset_default")
520 stop_sigma_dut(sigma
)
522 def test_sigma_dut_ap_psk_deauth(dev
, apdev
, params
):
523 """sigma_dut controlled AP and deauth commands"""
524 logdir
= os
.path
.join(params
['logdir'],
525 "sigma_dut_ap_psk_deauth.sigma-hostapd")
526 with
HWSimRadio() as (radio
, iface
):
527 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
529 sigma_dut_cmd_check("ap_reset_default")
530 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
531 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
532 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
534 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
535 psk
="12345678", ieee80211w
="2", scan_freq
="2412")
536 addr
= dev
[0].own_addr()
537 dev
[0].dump_monitor()
539 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
)
540 ev
= dev
[0].wait_disconnected()
541 dev
[0].dump_monitor()
542 if "locally_generated=1" in ev
:
543 raise Exception("Unexpected disconnection reason")
544 dev
[0].wait_connected()
545 dev
[0].dump_monitor()
547 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
+ ",disconnect,silent")
548 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
549 if ev
and "locally_generated=1" not in ev
:
550 raise Exception("Unexpected disconnection")
552 sigma_dut_cmd_check("ap_reset_default")
554 stop_sigma_dut(sigma
)
556 def test_sigma_dut_eap_ttls(dev
, apdev
, params
):
557 """sigma_dut controlled STA and EAP-TTLS parameters"""
558 logdir
= params
['logdir']
560 with
open("auth_serv/ca.pem", "r") as f
:
561 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls.ca.pem"), "w") as f2
:
564 src
= "auth_serv/server.pem"
565 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.der")
566 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.pem.sha256")
567 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
569 stderr
=open('/dev/null', 'w'))
570 with
open(dst
, "rb") as f
:
572 hash = hashlib
.sha256(der
).digest()
573 with
open(hashdst
, "w") as f
:
574 f
.write(binascii
.hexlify(hash).decode())
576 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.incorrect.pem.sha256")
577 with
open(dst
, "w") as f
:
580 ssid
= "test-wpa2-eap"
581 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
582 hapd
= hostapd
.add_ap(apdev
[0], params
)
584 ifname
= dev
[0].ifname
585 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
587 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname
, ssid
)
590 ",Domain,server.w1.fi",
591 ",DomainSuffix,w1.fi",
592 ",DomainSuffix,server.w1.fi",
593 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
595 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
596 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
597 sigma_dut_cmd_check(cmd
+ extra
)
598 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
599 sigma_dut_wait_connected(ifname
)
600 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
601 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
602 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
603 dev
[0].dump_monitor()
605 tests
= [",Domain,w1.fi",
606 ",DomainSuffix,example.com",
607 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
609 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
610 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
611 sigma_dut_cmd_check(cmd
+ extra
)
612 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
613 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
615 raise Exception("Server certificate error not reported")
616 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
617 if "connected,1" in res
:
618 raise Exception("Unexpected connection reported")
619 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
620 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
621 dev
[0].dump_monitor()
623 stop_sigma_dut(sigma
)
625 def test_sigma_dut_suite_b(dev
, apdev
, params
):
626 """sigma_dut controlled STA Suite B"""
627 check_suite_b_192_capa(dev
)
628 logdir
= params
['logdir']
630 with
open("auth_serv/ec2-ca.pem", "r") as f
:
631 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
634 with
open("auth_serv/ec2-user.pem", "r") as f
:
635 with
open("auth_serv/ec2-user.key", "r") as f2
:
636 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
640 dev
[0].flush_scan_cache()
641 params
= suite_b_as_params()
642 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
643 params
['server_cert'] = 'auth_serv/ec2-server.pem'
644 params
['private_key'] = 'auth_serv/ec2-server.key'
645 params
['openssl_ciphers'] = 'SUITEB192'
646 hostapd
.add_ap(apdev
[1], params
)
648 params
= {"ssid": "test-suite-b",
650 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
651 "rsn_pairwise": "GCMP-256",
652 "group_mgmt_cipher": "BIP-GMAC-256",
655 'auth_server_addr': "127.0.0.1",
656 'auth_server_port': "18129",
657 'auth_server_shared_secret': "radius",
658 'nas_identifier': "nas.w1.fi"}
659 hapd
= hostapd
.add_ap(apdev
[0], params
)
661 ifname
= dev
[0].ifname
662 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
664 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
665 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
666 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
667 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"))
668 sigma_dut_wait_connected(ifname
)
669 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
670 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
671 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
673 stop_sigma_dut(sigma
)
675 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
676 """sigma_dut controlled STA Suite B (RSA)"""
677 check_suite_b_192_capa(dev
)
678 logdir
= params
['logdir']
680 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
681 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
684 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
685 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
686 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
690 dev
[0].flush_scan_cache()
691 params
= suite_b_192_rsa_ap_params()
692 hapd
= hostapd
.add_ap(apdev
[0], params
)
694 ifname
= dev
[0].ifname
695 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
697 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
700 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
701 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
703 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
704 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
705 sigma_dut_cmd_check(cmd
+ extra
)
706 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"))
707 sigma_dut_wait_connected(ifname
)
708 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
709 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
710 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
712 stop_sigma_dut(sigma
)
714 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
715 """sigma_dut controlled AP Suite B"""
716 check_suite_b_192_capa(dev
)
717 logdir
= os
.path
.join(params
['logdir'],
718 "sigma_dut_ap_suite_b.sigma-hostapd")
719 params
= suite_b_as_params()
720 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
721 params
['server_cert'] = 'auth_serv/ec2-server.pem'
722 params
['private_key'] = 'auth_serv/ec2-server.key'
723 params
['openssl_ciphers'] = 'SUITEB192'
724 hostapd
.add_ap(apdev
[1], params
)
725 with
HWSimRadio() as (radio
, iface
):
726 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
728 sigma_dut_cmd_check("ap_reset_default")
729 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
730 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
731 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
732 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
734 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
736 openssl_ciphers
="SUITEB192",
737 eap
="TLS", identity
="tls user",
738 ca_cert
="auth_serv/ec2-ca.pem",
739 client_cert
="auth_serv/ec2-user.pem",
740 private_key
="auth_serv/ec2-user.key",
741 pairwise
="GCMP-256", group
="GCMP-256",
744 sigma_dut_cmd_check("ap_reset_default")
746 stop_sigma_dut(sigma
)
748 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
749 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
750 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
753 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
754 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
755 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
758 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
759 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
760 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
763 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
764 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
765 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
768 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev
, apdev
, params
):
769 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
770 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
771 "BIP-GMAC-256", "CCMP")
773 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev
, apdev
, params
):
774 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
775 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
776 "BIP-GMAC-256", "GCMP-256", "CCMP")
778 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev
, apdev
, params
):
779 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
780 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
781 "GCMP-256", "CCMP", "AES-CCMP-128")
783 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
784 sta_cipher
, sta_cipher_group
=None, ap_group
=None):
785 check_suite_b_192_capa(dev
)
786 logdir
= os
.path
.join(params
['logdir'],
787 "sigma_dut_ap_cipher.sigma-hostapd")
788 params
= suite_b_as_params()
789 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
790 params
['server_cert'] = 'auth_serv/ec2-server.pem'
791 params
['private_key'] = 'auth_serv/ec2-server.key'
792 params
['openssl_ciphers'] = 'SUITEB192'
793 hostapd
.add_ap(apdev
[1], params
)
794 with
HWSimRadio() as (radio
, iface
):
795 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
797 sigma_dut_cmd_check("ap_reset_default")
798 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
799 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
800 cmd
= "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
)
802 cmd
+= ",GroupCipher,%s" % ap_group
803 sigma_dut_cmd_check(cmd
)
804 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
806 if sta_cipher_group
is None:
807 sta_cipher_group
= sta_cipher
808 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
810 openssl_ciphers
="SUITEB192",
811 eap
="TLS", identity
="tls user",
812 ca_cert
="auth_serv/ec2-ca.pem",
813 client_cert
="auth_serv/ec2-user.pem",
814 private_key
="auth_serv/ec2-user.key",
815 pairwise
=sta_cipher
, group
=sta_cipher_group
,
818 sigma_dut_cmd_check("ap_reset_default")
820 stop_sigma_dut(sigma
)
822 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
823 """sigma_dut controlled AP overriding RSNE"""
824 with
HWSimRadio() as (radio
, iface
):
825 sigma
= start_sigma_dut(iface
)
827 sigma_dut_cmd_check("ap_reset_default")
828 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
829 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
830 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
831 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
833 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
835 sigma_dut_cmd_check("ap_reset_default")
837 stop_sigma_dut(sigma
)
839 def test_sigma_dut_ap_sae(dev
, apdev
, params
):
840 """sigma_dut controlled AP with SAE"""
841 logdir
= os
.path
.join(params
['logdir'],
842 "sigma_dut_ap_sae.sigma-hostapd")
843 if "SAE" not in dev
[0].get_capability("auth_alg"):
844 raise HwsimSkip("SAE not supported")
845 with
HWSimRadio() as (radio
, iface
):
846 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
848 sigma_dut_cmd_check("ap_reset_default")
849 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
850 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
851 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
853 dev
[0].request("SET sae_groups ")
854 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
855 ieee80211w
="2", scan_freq
="2412")
856 if dev
[0].get_status_field('sae_group') != '19':
857 raise Exception("Expected default SAE group not used")
859 sigma_dut_cmd_check("ap_reset_default")
861 stop_sigma_dut(sigma
)
863 def test_sigma_dut_ap_sae_confirm_immediate(dev
, apdev
, params
):
864 """sigma_dut controlled AP with SAE Confirm immediate"""
865 logdir
= os
.path
.join(params
['logdir'],
866 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
867 if "SAE" not in dev
[0].get_capability("auth_alg"):
868 raise HwsimSkip("SAE not supported")
869 with
HWSimRadio() as (radio
, iface
):
870 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
872 sigma_dut_cmd_check("ap_reset_default")
873 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
874 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
875 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
877 dev
[0].request("SET sae_groups ")
878 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
879 ieee80211w
="2", scan_freq
="2412")
880 if dev
[0].get_status_field('sae_group') != '19':
881 raise Exception("Expected default SAE group not used")
883 sigma_dut_cmd_check("ap_reset_default")
885 stop_sigma_dut(sigma
)
887 def test_sigma_dut_ap_sae_password(dev
, apdev
, params
):
888 """sigma_dut controlled AP with SAE and long password"""
889 logdir
= os
.path
.join(params
['logdir'],
890 "sigma_dut_ap_sae_password.sigma-hostapd")
891 if "SAE" not in dev
[0].get_capability("auth_alg"):
892 raise HwsimSkip("SAE not supported")
893 with
HWSimRadio() as (radio
, iface
):
894 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
896 sigma_dut_cmd_check("ap_reset_default")
897 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
898 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
899 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
901 dev
[0].request("SET sae_groups ")
902 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
903 ieee80211w
="2", scan_freq
="2412")
904 if dev
[0].get_status_field('sae_group') != '19':
905 raise Exception("Expected default SAE group not used")
907 sigma_dut_cmd_check("ap_reset_default")
909 stop_sigma_dut(sigma
)
911 def test_sigma_dut_ap_sae_pw_id(dev
, apdev
, params
):
912 """sigma_dut controlled AP with SAE Password Identifier"""
913 logdir
= os
.path
.join(params
['logdir'],
914 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
915 conffile
= os
.path
.join(params
['logdir'],
916 "sigma_dut_ap_sae_pw_id.sigma-conf")
917 if "SAE" not in dev
[0].get_capability("auth_alg"):
918 raise HwsimSkip("SAE not supported")
919 with
HWSimRadio() as (radio
, iface
):
920 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
922 sigma_dut_cmd_check("ap_reset_default")
923 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
924 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
925 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
927 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
928 with
open(conffile
, "wb") as f2
:
931 dev
[0].request("SET sae_groups ")
932 tests
= [("pw1", "id1"),
936 for pw
, pw_id
in tests
:
937 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=pw
,
938 sae_password_id
=pw_id
,
939 ieee80211w
="2", scan_freq
="2412")
940 dev
[0].request("REMOVE_NETWORK all")
941 dev
[0].wait_disconnected()
943 sigma_dut_cmd_check("ap_reset_default")
945 stop_sigma_dut(sigma
)
947 def test_sigma_dut_ap_sae_pw_id_ft(dev
, apdev
, params
):
948 """sigma_dut controlled AP with SAE Password Identifier and FT"""
949 logdir
= os
.path
.join(params
['logdir'],
950 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
951 conffile
= os
.path
.join(params
['logdir'],
952 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
953 if "SAE" not in dev
[0].get_capability("auth_alg"):
954 raise HwsimSkip("SAE not supported")
955 with
HWSimRadio() as (radio
, iface
):
956 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
958 sigma_dut_cmd_check("ap_reset_default")
959 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
960 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
961 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
963 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
964 with
open(conffile
, "wb") as f2
:
967 dev
[0].request("SET sae_groups ")
968 tests
= [("pw1", "id1", "SAE"),
969 ("pw2", "id2", "FT-SAE"),
970 ("pw3", None, "FT-SAE"),
971 ("pw4", "id4", "SAE")]
972 for pw
, pw_id
, key_mgmt
in tests
:
973 dev
[0].connect("test-sae", key_mgmt
=key_mgmt
, sae_password
=pw
,
974 sae_password_id
=pw_id
,
975 ieee80211w
="2", scan_freq
="2412")
976 dev
[0].request("REMOVE_NETWORK all")
977 dev
[0].wait_disconnected()
979 sigma_dut_cmd_check("ap_reset_default")
981 stop_sigma_dut(sigma
)
983 def test_sigma_dut_ap_sae_group(dev
, apdev
, params
):
984 """sigma_dut controlled AP with SAE and specific group"""
985 logdir
= os
.path
.join(params
['logdir'],
986 "sigma_dut_ap_sae_group.sigma-hostapd")
987 if "SAE" not in dev
[0].get_capability("auth_alg"):
988 raise HwsimSkip("SAE not supported")
989 with
HWSimRadio() as (radio
, iface
):
990 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
992 sigma_dut_cmd_check("ap_reset_default")
993 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
994 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
995 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
997 dev
[0].request("SET sae_groups ")
998 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
999 ieee80211w
="2", scan_freq
="2412")
1000 if dev
[0].get_status_field('sae_group') != '20':
1001 raise Exception("Expected SAE group not used")
1003 sigma_dut_cmd_check("ap_reset_default")
1005 stop_sigma_dut(sigma
)
1007 def test_sigma_dut_ap_psk_sae(dev
, apdev
, params
):
1008 """sigma_dut controlled AP with PSK+SAE"""
1009 if "SAE" not in dev
[0].get_capability("auth_alg"):
1010 raise HwsimSkip("SAE not supported")
1011 logdir
= os
.path
.join(params
['logdir'],
1012 "sigma_dut_ap_psk_sae.sigma-hostapd")
1013 with
HWSimRadio() as (radio
, iface
):
1014 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1016 sigma_dut_cmd_check("ap_reset_default")
1017 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1018 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1019 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1021 dev
[2].request("SET sae_groups ")
1022 dev
[2].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1023 scan_freq
="2412", ieee80211w
="0", wait_connect
=False)
1024 dev
[0].request("SET sae_groups ")
1025 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1026 scan_freq
="2412", ieee80211w
="2")
1027 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
1029 ev
= dev
[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1030 dev
[2].request("DISCONNECT")
1032 raise Exception("Unexpected connection without PMF")
1034 sigma_dut_cmd_check("ap_reset_default")
1036 stop_sigma_dut(sigma
)
1038 def test_sigma_dut_ap_psk_sae_ft(dev
, apdev
, params
):
1039 """sigma_dut controlled AP with PSK, SAE, FT"""
1040 logdir
= os
.path
.join(params
['logdir'],
1041 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1042 conffile
= os
.path
.join(params
['logdir'],
1043 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1044 if "SAE" not in dev
[0].get_capability("auth_alg"):
1045 raise HwsimSkip("SAE not supported")
1046 with
HWSimRadio() as (radio
, iface
):
1047 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
1049 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1050 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1051 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1052 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1053 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev
[1]['bssid'])
1054 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1056 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1057 with
open(conffile
, "wb") as f2
:
1060 dev
[0].request("SET sae_groups ")
1061 dev
[0].connect("test-sae-psk", key_mgmt
="SAE FT-SAE",
1062 sae_password
="12345678", scan_freq
="2412")
1063 dev
[1].connect("test-sae-psk", key_mgmt
="WPA-PSK FT-PSK",
1064 psk
="12345678", scan_freq
="2412")
1065 dev
[2].connect("test-sae-psk", key_mgmt
="WPA-PSK",
1066 psk
="12345678", scan_freq
="2412")
1068 sigma_dut_cmd_check("ap_reset_default")
1070 stop_sigma_dut(sigma
)
1072 def test_sigma_dut_owe(dev
, apdev
):
1073 """sigma_dut controlled OWE station"""
1075 run_sigma_dut_owe(dev
, apdev
)
1077 dev
[0].set("ignore_old_scan_res", "0")
1079 def run_sigma_dut_owe(dev
, apdev
):
1080 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1081 raise HwsimSkip("OWE not supported")
1083 ifname
= dev
[0].ifname
1084 sigma
= start_sigma_dut(ifname
)
1087 params
= {"ssid": "owe",
1089 "wpa_key_mgmt": "OWE",
1091 "rsn_pairwise": "CCMP"}
1092 hapd
= hostapd
.add_ap(apdev
[0], params
)
1093 bssid
= hapd
.own_addr()
1095 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1096 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1097 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
1098 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
1099 sigma_dut_wait_connected(ifname
)
1100 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1102 dev
[0].dump_monitor()
1103 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
1104 dev
[0].wait_connected()
1105 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1106 dev
[0].wait_disconnected()
1107 dev
[0].dump_monitor()
1109 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1110 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1111 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1112 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
1113 sigma_dut_wait_connected(ifname
)
1114 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1115 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1116 dev
[0].wait_disconnected()
1117 dev
[0].dump_monitor()
1119 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1120 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1121 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
1122 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
)
1123 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1124 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1126 raise Exception("Association not rejected")
1127 if "status_code=77" not in ev
:
1128 raise Exception("Unexpected rejection reason: " + ev
)
1130 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1132 stop_sigma_dut(sigma
)
1134 def test_sigma_dut_ap_owe(dev
, apdev
, params
):
1135 """sigma_dut controlled AP with OWE"""
1136 logdir
= os
.path
.join(params
['logdir'],
1137 "sigma_dut_ap_owe.sigma-hostapd")
1138 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1139 raise HwsimSkip("OWE not supported")
1140 with
HWSimRadio() as (radio
, iface
):
1141 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1143 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1144 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1145 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1146 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1148 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1151 sigma_dut_cmd_check("ap_reset_default")
1153 stop_sigma_dut(sigma
)
1155 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
1156 """sigma_dut controlled AP with OWE and ECGroupID"""
1157 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1158 raise HwsimSkip("OWE not supported")
1159 with
HWSimRadio() as (radio
, iface
):
1160 sigma
= start_sigma_dut(iface
)
1162 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1163 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1164 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1165 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1167 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1168 owe_group
="20", scan_freq
="2412")
1169 dev
[0].request("REMOVE_NETWORK all")
1170 dev
[0].wait_disconnected()
1172 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1173 owe_group
="21", scan_freq
="2412")
1174 dev
[0].request("REMOVE_NETWORK all")
1175 dev
[0].wait_disconnected()
1177 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1178 owe_group
="19", scan_freq
="2412", wait_connect
=False)
1179 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1180 dev
[0].request("DISCONNECT")
1182 raise Exception("Association not rejected")
1183 if "status_code=77" not in ev
:
1184 raise Exception("Unexpected rejection reason: " + ev
)
1185 dev
[0].dump_monitor()
1187 sigma_dut_cmd_check("ap_reset_default")
1189 stop_sigma_dut(sigma
)
1191 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
1192 """sigma_dut controlled AP with OWE and transition mode"""
1193 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1194 raise HwsimSkip("OWE not supported")
1195 logdir
= os
.path
.join(params
['logdir'],
1196 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1197 with
HWSimRadio() as (radio
, iface
):
1198 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1200 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1201 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1202 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1203 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1204 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1205 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1207 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1208 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1210 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1212 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1213 if dev
[0].get_status_field('bssid') not in res1
:
1214 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
1215 if dev
[1].get_status_field('bssid') not in res2
:
1216 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
1218 sigma_dut_cmd_check("ap_reset_default")
1220 stop_sigma_dut(sigma
)
1222 def test_sigma_dut_ap_owe_transition_mode_2(dev
, apdev
, params
):
1223 """sigma_dut controlled AP with OWE and transition mode (2)"""
1224 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1225 raise HwsimSkip("OWE not supported")
1226 logdir
= os
.path
.join(params
['logdir'],
1227 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1228 with
HWSimRadio() as (radio
, iface
):
1229 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1231 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1232 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1233 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1234 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1235 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1236 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1238 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1239 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1241 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1243 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1244 if dev
[0].get_status_field('bssid') not in res2
:
1245 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1
)
1246 if dev
[1].get_status_field('bssid') not in res1
:
1247 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2
)
1249 sigma_dut_cmd_check("ap_reset_default")
1251 stop_sigma_dut(sigma
)
1253 def dpp_init_enrollee(dev
, id1
):
1254 logger
.info("Starting DPP initiator/enrollee in a thread")
1256 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1257 if "OK" not in dev
.request(cmd
):
1258 raise Exception("Failed to initiate DPP Authentication")
1259 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
1261 raise Exception("DPP configuration not completed (Enrollee)")
1262 logger
.info("DPP initiator/enrollee done")
1264 def test_sigma_dut_dpp_qr_resp_1(dev
, apdev
):
1265 """sigma_dut DPP/QR responder (conf index 1)"""
1266 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1)
1268 def test_sigma_dut_dpp_qr_resp_2(dev
, apdev
):
1269 """sigma_dut DPP/QR responder (conf index 2)"""
1270 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 2)
1272 def test_sigma_dut_dpp_qr_resp_3(dev
, apdev
):
1273 """sigma_dut DPP/QR responder (conf index 3)"""
1274 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3)
1276 def test_sigma_dut_dpp_qr_resp_4(dev
, apdev
):
1277 """sigma_dut DPP/QR responder (conf index 4)"""
1278 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 4)
1280 def test_sigma_dut_dpp_qr_resp_5(dev
, apdev
):
1281 """sigma_dut DPP/QR responder (conf index 5)"""
1282 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 5)
1284 def test_sigma_dut_dpp_qr_resp_6(dev
, apdev
):
1285 """sigma_dut DPP/QR responder (conf index 6)"""
1286 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 6)
1288 def test_sigma_dut_dpp_qr_resp_7(dev
, apdev
):
1289 """sigma_dut DPP/QR responder (conf index 7)"""
1290 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 7)
1292 def test_sigma_dut_dpp_qr_resp_8(dev
, apdev
):
1293 """sigma_dut DPP/QR responder (conf index 8)"""
1294 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 8)
1296 def test_sigma_dut_dpp_qr_resp_9(dev
, apdev
):
1297 """sigma_dut DPP/QR responder (conf index 9)"""
1298 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 9)
1300 def test_sigma_dut_dpp_qr_resp_10(dev
, apdev
):
1301 """sigma_dut DPP/QR responder (conf index 10)"""
1302 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 10)
1304 def test_sigma_dut_dpp_qr_resp_chan_list(dev
, apdev
):
1305 """sigma_dut DPP/QR responder (channel list override)"""
1306 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1, chan_list
='81/2 81/6 81/1',
1309 def test_sigma_dut_dpp_qr_resp_status_query(dev
, apdev
):
1310 """sigma_dut DPP/QR responder status query"""
1311 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1312 passphrase
="ThisIsDppPassphrase")
1313 hapd
= hostapd
.add_ap(apdev
[0], params
)
1316 dev
[1].set("dpp_config_processing", "2")
1317 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3, status_query
=True)
1319 dev
[1].set("dpp_config_processing", "0")
1321 def run_sigma_dut_dpp_qr_resp(dev
, apdev
, conf_idx
, chan_list
=None,
1322 listen_chan
=None, status_query
=False):
1323 check_dpp_capab(dev
[0])
1324 check_dpp_capab(dev
[1])
1325 sigma
= start_sigma_dut(dev
[0].ifname
)
1327 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1329 cmd
+= ",DPPChannelList," + chan_list
1330 res
= sigma_dut_cmd(cmd
)
1331 if "status,COMPLETE" not in res
:
1332 raise Exception("dev_exec_action did not succeed: " + res
)
1333 hex = res
.split(',')[3]
1335 logger
.info("URI from sigma_dut: " + uri
)
1337 id1
= dev
[1].dpp_qr_code(uri
)
1339 t
= threading
.Thread(target
=dpp_init_enrollee
, args
=(dev
[1], id1
))
1341 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1343 cmd
+= ",DPPListenChannel," + str(listen_chan
)
1345 cmd
+= ",DPPStatusQuery,Yes"
1346 res
= sigma_dut_cmd(cmd
, timeout
=10)
1348 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1349 raise Exception("Unexpected result: " + res
)
1350 if status_query
and "StatusResult,0" not in res
:
1351 raise Exception("Status query did not succeed: " + res
)
1353 stop_sigma_dut(sigma
)
1355 def test_sigma_dut_dpp_qr_init_enrollee(dev
, apdev
):
1356 """sigma_dut DPP/QR initiator as Enrollee"""
1357 check_dpp_capab(dev
[0])
1358 check_dpp_capab(dev
[1])
1360 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1361 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1362 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1363 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1365 params
= {"ssid": "DPPNET01",
1368 "wpa_key_mgmt": "DPP",
1369 "rsn_pairwise": "CCMP",
1370 "dpp_connector": ap_connector
,
1371 "dpp_csign": csign_pub
,
1372 "dpp_netaccesskey": ap_netaccesskey
}
1374 hapd
= hostapd
.add_ap(apdev
[0], params
)
1376 raise HwsimSkip("DPP not supported")
1378 sigma
= start_sigma_dut(dev
[0].ifname
)
1380 dev
[0].set("dpp_config_processing", "2")
1382 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1383 res
= dev
[1].request(cmd
)
1385 raise Exception("Failed to add configurator")
1388 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1389 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1391 dev
[1].set("dpp_configurator_params",
1392 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1393 cmd
= "DPP_LISTEN 2437 role=configurator"
1394 if "OK" not in dev
[1].request(cmd
):
1395 raise Exception("Failed to start listen operation")
1397 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1398 if "status,COMPLETE" not in res
:
1399 raise Exception("dev_exec_action did not succeed: " + res
)
1401 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1402 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1403 raise Exception("Unexpected result: " + res
)
1405 dev
[0].set("dpp_config_processing", "0")
1406 stop_sigma_dut(sigma
)
1408 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1409 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1410 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
)
1412 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
):
1413 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1414 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
,
1415 extra
="DPPAuthDirection,Mutual,")
1417 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
, extra
=''):
1418 check_dpp_capab(dev
[0])
1419 check_dpp_capab(dev
[1])
1421 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1422 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1423 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1424 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1426 params
= {"ssid": "DPPNET01",
1429 "wpa_key_mgmt": "DPP",
1430 "rsn_pairwise": "CCMP",
1431 "dpp_connector": ap_connector
,
1432 "dpp_csign": csign_pub
,
1433 "dpp_netaccesskey": ap_netaccesskey
}
1435 hapd
= hostapd
.add_ap(apdev
[0], params
)
1437 raise HwsimSkip("DPP not supported")
1439 sigma
= start_sigma_dut(dev
[0].ifname
)
1441 dev
[0].set("dpp_config_processing", "2")
1443 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1444 res
= dev
[1].request(cmd
)
1446 raise Exception("Failed to add configurator")
1449 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1450 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1452 dev
[1].set("dpp_configurator_params",
1453 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1454 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1455 if "OK" not in dev
[1].request(cmd
):
1456 raise Exception("Failed to start listen operation")
1458 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1459 if "status,COMPLETE" not in res
:
1460 raise Exception("dev_exec_action did not succeed: " + res
)
1461 hex = res
.split(',')[3]
1463 logger
.info("URI from sigma_dut: " + uri
)
1465 id1
= dev
[1].dpp_qr_code(uri
)
1467 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1468 if "status,COMPLETE" not in res
:
1469 raise Exception("dev_exec_action did not succeed: " + res
)
1471 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
, timeout
=10)
1472 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1473 raise Exception("Unexpected result: " + res
)
1475 dev
[0].set("dpp_config_processing", "0")
1476 stop_sigma_dut(sigma
)
1478 def dpp_init_conf_mutual(dev
, id1
, conf_id
, own_id
=None):
1480 logger
.info("Starting DPP initiator/configurator in a thread")
1481 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1
, to_hex("DPPNET01"), conf_id
)
1482 if own_id
is not None:
1483 cmd
+= " own=%d" % own_id
1484 if "OK" not in dev
.request(cmd
):
1485 raise Exception("Failed to initiate DPP Authentication")
1486 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1488 raise Exception("DPP configuration not completed (Configurator)")
1489 logger
.info("DPP initiator/configurator done")
1491 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
):
1492 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1493 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
)
1495 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev
, apdev
):
1496 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1497 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, ',DPPDelayQRResponse,1')
1499 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, extra
=None):
1500 check_dpp_capab(dev
[0])
1501 check_dpp_capab(dev
[1])
1503 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1504 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1505 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1506 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1508 params
= {"ssid": "DPPNET01",
1511 "wpa_key_mgmt": "DPP",
1512 "rsn_pairwise": "CCMP",
1513 "dpp_connector": ap_connector
,
1514 "dpp_csign": csign_pub
,
1515 "dpp_netaccesskey": ap_netaccesskey
}
1517 hapd
= hostapd
.add_ap(apdev
[0], params
)
1519 raise HwsimSkip("DPP not supported")
1521 sigma
= start_sigma_dut(dev
[0].ifname
)
1523 dev
[0].set("dpp_config_processing", "2")
1525 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1526 res
= dev
[1].request(cmd
)
1528 raise Exception("Failed to add configurator")
1531 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1532 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1534 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1535 if "status,COMPLETE" not in res
:
1536 raise Exception("dev_exec_action did not succeed: " + res
)
1537 hex = res
.split(',')[3]
1539 logger
.info("URI from sigma_dut: " + uri
)
1541 id1
= dev
[1].dpp_qr_code(uri
)
1543 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1544 if "status,COMPLETE" not in res
:
1545 raise Exception("dev_exec_action did not succeed: " + res
)
1547 t
= threading
.Thread(target
=dpp_init_conf_mutual
,
1548 args
=(dev
[1], id1
, conf_id
, id0
))
1551 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1554 res
= sigma_dut_cmd(cmd
, timeout
=25)
1556 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1557 raise Exception("Unexpected result: " + res
)
1559 dev
[0].set("dpp_config_processing", "0")
1560 stop_sigma_dut(sigma
)
1562 def dpp_resp_conf_mutual(dev
, conf_id
, uri
):
1563 logger
.info("Starting DPP responder/configurator in a thread")
1564 dev
.set("dpp_configurator_params",
1565 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1567 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1568 if "OK" not in dev
.request(cmd
):
1569 raise Exception("Failed to initiate DPP listen")
1571 ev
= dev
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=10)
1573 raise Exception("QR Code scan for mutual authentication not requested")
1574 dev
.dpp_qr_code(uri
)
1575 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1577 raise Exception("DPP configuration not completed (Configurator)")
1578 logger
.info("DPP responder/configurator done")
1580 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1581 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1582 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, False)
1584 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev
, apdev
):
1585 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1586 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, True)
1588 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, resp_pending
):
1589 check_dpp_capab(dev
[0])
1590 check_dpp_capab(dev
[1])
1592 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1593 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1594 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1595 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1597 params
= {"ssid": "DPPNET01",
1600 "wpa_key_mgmt": "DPP",
1601 "rsn_pairwise": "CCMP",
1602 "dpp_connector": ap_connector
,
1603 "dpp_csign": csign_pub
,
1604 "dpp_netaccesskey": ap_netaccesskey
}
1606 hapd
= hostapd
.add_ap(apdev
[0], params
)
1608 raise HwsimSkip("DPP not supported")
1610 sigma
= start_sigma_dut(dev
[0].ifname
)
1612 dev
[0].set("dpp_config_processing", "2")
1614 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1615 res
= dev
[1].request(cmd
)
1617 raise Exception("Failed to add configurator")
1620 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1621 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1623 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1624 if "status,COMPLETE" not in res
:
1625 raise Exception("dev_exec_action did not succeed: " + res
)
1626 hex = res
.split(',')[3]
1628 logger
.info("URI from sigma_dut: " + uri
)
1630 if not resp_pending
:
1631 dev
[1].dpp_qr_code(uri
)
1634 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1635 if "status,COMPLETE" not in res
:
1636 raise Exception("dev_exec_action did not succeed: " + res
)
1638 t
= threading
.Thread(target
=dpp_resp_conf_mutual
,
1639 args
=(dev
[1], conf_id
, uri
))
1643 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1644 res
= sigma_dut_cmd(cmd
, timeout
=15)
1646 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1647 raise Exception("Unexpected result: " + res
)
1649 dev
[0].set("dpp_config_processing", "0")
1650 stop_sigma_dut(sigma
)
1652 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev
, apdev
):
1653 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1654 check_dpp_capab(dev
[0])
1655 check_dpp_capab(dev
[1])
1657 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1658 passphrase
="ThisIsDppPassphrase")
1659 hapd
= hostapd
.add_ap(apdev
[0], params
)
1661 sigma
= start_sigma_dut(dev
[0].ifname
)
1663 dev
[0].set("dpp_config_processing", "2")
1665 cmd
= "DPP_CONFIGURATOR_ADD"
1666 res
= dev
[1].request(cmd
)
1668 raise Exception("Failed to add configurator")
1671 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1672 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1674 dev
[1].set("dpp_configurator_params",
1675 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1676 cmd
= "DPP_LISTEN 2437 role=configurator"
1677 if "OK" not in dev
[1].request(cmd
):
1678 raise Exception("Failed to start listen operation")
1680 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1681 if "status,COMPLETE" not in res
:
1682 raise Exception("dev_exec_action did not succeed: " + res
)
1684 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1685 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1686 raise Exception("Unexpected result: " + res
)
1688 dev
[0].set("dpp_config_processing", "0")
1689 stop_sigma_dut(sigma
)
1691 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev
, apdev
):
1692 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1693 check_dpp_capab(dev
[0])
1694 check_dpp_capab(dev
[1])
1695 if "SAE" not in dev
[0].get_capability("auth_alg"):
1696 raise HwsimSkip("SAE not supported")
1698 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1699 passphrase
="ThisIsDppPassphrase")
1700 params
['wpa_key_mgmt'] = 'SAE'
1701 params
["ieee80211w"] = "2"
1702 hapd
= hostapd
.add_ap(apdev
[0], params
)
1704 sigma
= start_sigma_dut(dev
[0].ifname
)
1706 dev
[0].set("dpp_config_processing", "2")
1707 dev
[0].set("sae_groups", "")
1709 cmd
= "DPP_CONFIGURATOR_ADD"
1710 res
= dev
[1].request(cmd
)
1712 raise Exception("Failed to add configurator")
1715 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1716 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1718 dev
[1].set("dpp_configurator_params",
1719 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1720 cmd
= "DPP_LISTEN 2437 role=configurator"
1721 if "OK" not in dev
[1].request(cmd
):
1722 raise Exception("Failed to start listen operation")
1724 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1725 if "status,COMPLETE" not in res
:
1726 raise Exception("dev_exec_action did not succeed: " + res
)
1728 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1729 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1730 raise Exception("Unexpected result: " + res
)
1732 dev
[0].set("dpp_config_processing", "0")
1733 stop_sigma_dut(sigma
)
1735 def test_sigma_dut_dpp_qr_init_configurator_1(dev
, apdev
):
1736 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1737 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1)
1739 def test_sigma_dut_dpp_qr_init_configurator_2(dev
, apdev
):
1740 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1741 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 2)
1743 def test_sigma_dut_dpp_qr_init_configurator_3(dev
, apdev
):
1744 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1745 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 3)
1747 def test_sigma_dut_dpp_qr_init_configurator_4(dev
, apdev
):
1748 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1749 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 4)
1751 def test_sigma_dut_dpp_qr_init_configurator_5(dev
, apdev
):
1752 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1753 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 5)
1755 def test_sigma_dut_dpp_qr_init_configurator_6(dev
, apdev
):
1756 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1757 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 6)
1759 def test_sigma_dut_dpp_qr_init_configurator_7(dev
, apdev
):
1760 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1761 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 7)
1763 def test_sigma_dut_dpp_qr_init_configurator_both(dev
, apdev
):
1764 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1765 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, "Both")
1767 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev
, apdev
):
1768 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1769 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, extra
='DPPSubsequentChannel,81/11')
1771 def run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, conf_idx
,
1772 prov_role
="Configurator",
1774 check_dpp_capab(dev
[0])
1775 check_dpp_capab(dev
[1])
1776 sigma
= start_sigma_dut(dev
[0].ifname
)
1778 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1779 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1781 cmd
= "DPP_LISTEN 2437 role=enrollee"
1782 if "OK" not in dev
[1].request(cmd
):
1783 raise Exception("Failed to start listen operation")
1785 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1786 if "status,COMPLETE" not in res
:
1787 raise Exception("dev_exec_action did not succeed: " + res
)
1789 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role
, conf_idx
)
1792 res
= sigma_dut_cmd(cmd
)
1793 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1794 raise Exception("Unexpected result: " + res
)
1796 stop_sigma_dut(sigma
)
1798 def test_sigma_dut_dpp_incompatible_roles_init(dev
, apdev
):
1799 """sigma_dut DPP roles incompatible (Initiator)"""
1800 check_dpp_capab(dev
[0])
1801 check_dpp_capab(dev
[1])
1802 sigma
= start_sigma_dut(dev
[0].ifname
)
1804 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1805 if "status,COMPLETE" not in res
:
1806 raise Exception("dev_exec_action did not succeed: " + res
)
1807 hex = res
.split(',')[3]
1809 logger
.info("URI from sigma_dut: " + uri
)
1811 id1
= dev
[1].dpp_qr_code(uri
)
1813 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1814 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1816 cmd
= "DPP_LISTEN 2437 role=enrollee"
1817 if "OK" not in dev
[1].request(cmd
):
1818 raise Exception("Failed to start listen operation")
1820 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1821 if "status,COMPLETE" not in res
:
1822 raise Exception("dev_exec_action did not succeed: " + res
)
1824 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1825 res
= sigma_dut_cmd(cmd
)
1826 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
1827 raise Exception("Unexpected result: " + res
)
1829 stop_sigma_dut(sigma
)
1831 def dpp_init_enrollee_mutual(dev
, id1
, own_id
):
1832 logger
.info("Starting DPP initiator/enrollee in a thread")
1834 cmd
= "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1
, own_id
)
1835 if "OK" not in dev
.request(cmd
):
1836 raise Exception("Failed to initiate DPP Authentication")
1837 ev
= dev
.wait_event(["DPP-CONF-RECEIVED",
1838 "DPP-NOT-COMPATIBLE"], timeout
=5)
1840 raise Exception("DPP configuration not completed (Enrollee)")
1841 logger
.info("DPP initiator/enrollee done")
1843 def test_sigma_dut_dpp_incompatible_roles_resp(dev
, apdev
):
1844 """sigma_dut DPP roles incompatible (Responder)"""
1845 check_dpp_capab(dev
[0])
1846 check_dpp_capab(dev
[1])
1847 sigma
= start_sigma_dut(dev
[0].ifname
)
1849 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1850 res
= sigma_dut_cmd(cmd
)
1851 if "status,COMPLETE" not in res
:
1852 raise Exception("dev_exec_action did not succeed: " + res
)
1853 hex = res
.split(',')[3]
1855 logger
.info("URI from sigma_dut: " + uri
)
1857 id1
= dev
[1].dpp_qr_code(uri
)
1859 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1860 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1862 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1863 if "status,COMPLETE" not in res
:
1864 raise Exception("dev_exec_action did not succeed: " + res
)
1866 t
= threading
.Thread(target
=dpp_init_enrollee_mutual
, args
=(dev
[1], id1
, id0
))
1868 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1869 res
= sigma_dut_cmd(cmd
, timeout
=10)
1871 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
1872 raise Exception("Unexpected result: " + res
)
1874 stop_sigma_dut(sigma
)
1876 def test_sigma_dut_dpp_pkex_init_configurator(dev
, apdev
):
1877 """sigma_dut DPP/PKEX initiator as Configurator"""
1878 check_dpp_capab(dev
[0])
1879 check_dpp_capab(dev
[1])
1880 sigma
= start_sigma_dut(dev
[0].ifname
)
1882 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
1883 cmd
= "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1
)
1884 res
= dev
[1].request(cmd
)
1886 raise Exception("Failed to set PKEX data (responder)")
1887 cmd
= "DPP_LISTEN 2437 role=enrollee"
1888 if "OK" not in dev
[1].request(cmd
):
1889 raise Exception("Failed to start listen operation")
1891 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1892 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1893 raise Exception("Unexpected result: " + res
)
1895 stop_sigma_dut(sigma
)
1897 def dpp_init_conf(dev
, id1
, conf
, conf_id
, extra
):
1898 logger
.info("Starting DPP initiator/configurator in a thread")
1899 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1
, conf
, extra
, conf_id
)
1900 if "OK" not in dev
.request(cmd
):
1901 raise Exception("Failed to initiate DPP Authentication")
1902 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
1904 raise Exception("DPP configuration not completed (Configurator)")
1905 logger
.info("DPP initiator/configurator done")
1907 def test_sigma_dut_ap_dpp_qr(dev
, apdev
, params
):
1908 """sigma_dut controlled AP (DPP)"""
1909 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-dpp", "sta-dpp")
1911 def test_sigma_dut_ap_dpp_qr_legacy(dev
, apdev
, params
):
1912 """sigma_dut controlled AP (legacy)"""
1913 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
1914 extra
="pass=%s" % to_hex("qwertyuiop"))
1916 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev
, apdev
, params
):
1917 """sigma_dut controlled AP (legacy)"""
1918 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
1919 extra
="psk=%s" % (32*"12"))
1921 def run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, ap_conf
, sta_conf
, extra
=""):
1922 check_dpp_capab(dev
[0])
1923 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
1924 with
HWSimRadio() as (radio
, iface
):
1925 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1927 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1928 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1929 if "status,COMPLETE" not in res
:
1930 raise Exception("dev_exec_action did not succeed: " + res
)
1931 hex = res
.split(',')[3]
1933 logger
.info("URI from sigma_dut: " + uri
)
1935 cmd
= "DPP_CONFIGURATOR_ADD"
1936 res
= dev
[0].request(cmd
)
1938 raise Exception("Failed to add configurator")
1941 id1
= dev
[0].dpp_qr_code(uri
)
1943 t
= threading
.Thread(target
=dpp_init_conf
,
1944 args
=(dev
[0], id1
, ap_conf
, conf_id
, extra
))
1946 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
1948 if "ConfResult,OK" not in res
:
1949 raise Exception("Unexpected result: " + res
)
1951 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1952 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
1954 id0b
= dev
[0].dpp_qr_code(uri1
)
1956 dev
[1].set("dpp_config_processing", "2")
1957 cmd
= "DPP_LISTEN 2412"
1958 if "OK" not in dev
[1].request(cmd
):
1959 raise Exception("Failed to start listen operation")
1960 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b
, sta_conf
, extra
, conf_id
)
1961 if "OK" not in dev
[0].request(cmd
):
1962 raise Exception("Failed to initiate DPP Authentication")
1963 dev
[1].wait_connected()
1965 sigma_dut_cmd_check("ap_reset_default")
1967 dev
[1].set("dpp_config_processing", "0")
1968 stop_sigma_dut(sigma
)
1970 def test_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
, params
):
1971 """sigma_dut controlled AP as DPP PKEX responder"""
1972 check_dpp_capab(dev
[0])
1973 logdir
= os
.path
.join(params
['logdir'],
1974 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
1975 with
HWSimRadio() as (radio
, iface
):
1976 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1978 run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
)
1980 stop_sigma_dut(sigma
)
1982 def dpp_init_conf_pkex(dev
, conf_id
, check_config
=True):
1983 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
1985 id = dev
.dpp_bootstrap_gen(type="pkex")
1986 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id
)
1987 res
= dev
.request(cmd
)
1989 raise Exception("Failed to initiate DPP PKEX")
1990 if not check_config
:
1992 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
1994 raise Exception("DPP configuration not completed (Configurator)")
1995 logger
.info("DPP initiator/configurator done")
1997 def run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
):
1998 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2000 cmd
= "DPP_CONFIGURATOR_ADD"
2001 res
= dev
[0].request(cmd
)
2003 raise Exception("Failed to add configurator")
2006 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[0], conf_id
))
2008 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout
=10)
2010 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2011 raise Exception("Unexpected result: " + res
)
2013 sigma_dut_cmd_check("ap_reset_default")
2015 def test_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2016 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2017 check_dpp_capab(dev
[0])
2018 sigma
= start_sigma_dut(dev
[0].ifname
)
2020 run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
)
2022 stop_sigma_dut(sigma
)
2024 def run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2025 cmd
= "DPP_CONFIGURATOR_ADD"
2026 res
= dev
[1].request(cmd
)
2028 raise Exception("Failed to add configurator")
2031 dev
[1].set("dpp_test", "44")
2033 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[1], conf_id
,
2036 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout
=10)
2038 if "BootstrapResult,Timeout" not in res
:
2039 raise Exception("Unexpected result: " + res
)
2041 def dpp_proto_init(dev
, id1
):
2043 logger
.info("Starting DPP initiator/configurator in a thread")
2044 cmd
= "DPP_CONFIGURATOR_ADD"
2045 res
= dev
.request(cmd
)
2047 raise Exception("Failed to add configurator")
2050 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1
, conf_id
)
2051 if "OK" not in dev
.request(cmd
):
2052 raise Exception("Failed to initiate DPP Authentication")
2054 def test_sigma_dut_dpp_proto_initiator(dev
, apdev
):
2055 """sigma_dut DPP protocol testing - Initiator"""
2056 check_dpp_capab(dev
[0])
2057 check_dpp_capab(dev
[1])
2058 tests
= [("InvalidValue", "AuthenticationRequest", "WrappedData",
2059 "BootstrapResult,OK,AuthResult,Errorsent",
2061 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2062 "BootstrapResult,OK,AuthResult,Errorsent",
2064 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2065 "BootstrapResult,OK,AuthResult,Errorsent",
2066 "Missing or invalid I-capabilities"),
2067 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2068 "BootstrapResult,OK,AuthResult,Errorsent",
2069 "Mismatching Initiator Authenticating Tag"),
2070 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2071 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2072 "Missing or invalid Enrollee Nonce attribute")]
2073 for step
, frame
, attr
, result
, fail
in tests
:
2074 dev
[0].request("FLUSH")
2075 dev
[1].request("FLUSH")
2076 sigma
= start_sigma_dut(dev
[0].ifname
)
2078 run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
,
2081 stop_sigma_dut(sigma
)
2083 def run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
, fail
):
2084 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2085 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2087 cmd
= "DPP_LISTEN 2437 role=enrollee"
2088 if "OK" not in dev
[1].request(cmd
):
2089 raise Exception("Failed to start listen operation")
2091 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2092 if "status,COMPLETE" not in res
:
2093 raise Exception("dev_exec_action did not succeed: " + res
)
2095 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
),
2097 if result
not in res
:
2098 raise Exception("Unexpected result: " + res
)
2100 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2101 if ev
is None or fail
not in ev
:
2102 raise Exception("Failure not reported correctly: " + str(ev
))
2104 dev
[1].request("DPP_STOP_LISTEN")
2105 dev
[0].dump_monitor()
2106 dev
[1].dump_monitor()
2108 def test_sigma_dut_dpp_proto_responder(dev
, apdev
):
2109 """sigma_dut DPP protocol testing - Responder"""
2110 check_dpp_capab(dev
[0])
2111 check_dpp_capab(dev
[1])
2112 tests
= [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2113 "BootstrapResult,OK,AuthResult,Errorsent",
2114 "Missing or invalid required DPP Status attribute"),
2115 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2116 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2117 "Missing or invalid Enrollee Nonce attribute")]
2118 for step
, frame
, attr
, result
, fail
in tests
:
2119 dev
[0].request("FLUSH")
2120 dev
[1].request("FLUSH")
2121 sigma
= start_sigma_dut(dev
[0].ifname
)
2123 run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
,
2126 stop_sigma_dut(sigma
)
2128 def run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
, fail
):
2129 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2130 if "status,COMPLETE" not in res
:
2131 raise Exception("dev_exec_action did not succeed: " + res
)
2132 hex = res
.split(',')[3]
2134 logger
.info("URI from sigma_dut: " + uri
)
2136 id1
= dev
[1].dpp_qr_code(uri
)
2138 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2140 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2142 if result
not in res
:
2143 raise Exception("Unexpected result: " + res
)
2145 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2146 if ev
is None or fail
not in ev
:
2147 raise Exception("Failure not reported correctly:" + str(ev
))
2149 dev
[1].request("DPP_STOP_LISTEN")
2150 dev
[0].dump_monitor()
2151 dev
[1].dump_monitor()
2153 def test_sigma_dut_dpp_proto_stop_at_initiator(dev
, apdev
):
2154 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2155 check_dpp_capab(dev
[0])
2156 check_dpp_capab(dev
[1])
2157 tests
= [("AuthenticationResponse",
2158 "BootstrapResult,OK,AuthResult,Errorsent",
2160 ("ConfigurationRequest",
2161 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2163 for frame
, result
, fail
in tests
:
2164 dev
[0].request("FLUSH")
2165 dev
[1].request("FLUSH")
2166 sigma
= start_sigma_dut(dev
[0].ifname
)
2168 run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
)
2170 stop_sigma_dut(sigma
)
2172 def run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
):
2173 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2174 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2176 cmd
= "DPP_LISTEN 2437 role=enrollee"
2177 if "OK" not in dev
[1].request(cmd
):
2178 raise Exception("Failed to start listen operation")
2180 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2181 if "status,COMPLETE" not in res
:
2182 raise Exception("dev_exec_action did not succeed: " + res
)
2184 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
))
2185 if result
not in res
:
2186 raise Exception("Unexpected result: " + res
)
2188 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2189 if ev
is None or fail
not in ev
:
2190 raise Exception("Failure not reported correctly: " + str(ev
))
2192 dev
[1].request("DPP_STOP_LISTEN")
2193 dev
[0].dump_monitor()
2194 dev
[1].dump_monitor()
2196 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, apdev
):
2197 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2198 check_dpp_capab(dev
[0])
2199 check_dpp_capab(dev
[1])
2200 tests
= [("AuthenticationConfirm",
2201 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2203 for frame
, result
, fail
in tests
:
2204 dev
[0].request("FLUSH")
2205 dev
[1].request("FLUSH")
2206 sigma
= start_sigma_dut(dev
[0].ifname
, debug
=True)
2208 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
,
2211 stop_sigma_dut(sigma
)
2213 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
, result
,
2215 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2216 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2218 cmd
= "DPP_LISTEN 2437 role=configurator"
2219 if "OK" not in dev
[1].request(cmd
):
2220 raise Exception("Failed to start listen operation")
2222 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2223 if "status,COMPLETE" not in res
:
2224 raise Exception("dev_exec_action did not succeed: " + res
)
2226 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2227 if result
not in res
:
2228 raise Exception("Unexpected result: " + res
)
2230 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2231 if ev
is None or fail
not in ev
:
2232 raise Exception("Failure not reported correctly: " + str(ev
))
2234 dev
[1].request("DPP_STOP_LISTEN")
2235 dev
[0].dump_monitor()
2236 dev
[1].dump_monitor()
2238 def test_sigma_dut_dpp_proto_stop_at_responder(dev
, apdev
):
2239 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2240 check_dpp_capab(dev
[0])
2241 check_dpp_capab(dev
[1])
2242 tests
= [("AuthenticationRequest",
2243 "BootstrapResult,OK,AuthResult,Errorsent",
2245 ("AuthenticationConfirm",
2246 "BootstrapResult,OK,AuthResult,Errorsent",
2248 for frame
, result
, fail
in tests
:
2249 dev
[0].request("FLUSH")
2250 dev
[1].request("FLUSH")
2251 sigma
= start_sigma_dut(dev
[0].ifname
)
2253 run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
)
2255 stop_sigma_dut(sigma
)
2257 def run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
):
2258 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2259 if "status,COMPLETE" not in res
:
2260 raise Exception("dev_exec_action did not succeed: " + res
)
2261 hex = res
.split(',')[3]
2263 logger
.info("URI from sigma_dut: " + uri
)
2265 id1
= dev
[1].dpp_qr_code(uri
)
2267 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2269 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2271 if result
not in res
:
2272 raise Exception("Unexpected result: " + res
)
2274 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2275 if ev
is None or fail
not in ev
:
2276 raise Exception("Failure not reported correctly:" + str(ev
))
2278 dev
[1].request("DPP_STOP_LISTEN")
2279 dev
[0].dump_monitor()
2280 dev
[1].dump_monitor()
2282 def dpp_proto_init_pkex(dev
):
2284 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2285 cmd
= "DPP_CONFIGURATOR_ADD"
2286 res
= dev
.request(cmd
)
2288 raise Exception("Failed to add configurator")
2291 id = dev
.dpp_bootstrap_gen(type="pkex")
2293 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id
)
2294 if "FAIL" in dev
.request(cmd
):
2295 raise Exception("Failed to initiate DPP PKEX")
2297 def test_sigma_dut_dpp_proto_initiator_pkex(dev
, apdev
):
2298 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2299 check_dpp_capab(dev
[0])
2300 check_dpp_capab(dev
[1])
2301 tests
= [("InvalidValue", "PKEXCRRequest", "WrappedData",
2302 "BootstrapResult,Errorsent",
2304 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2305 "BootstrapResult,Errorsent",
2306 "Missing or invalid Finite Cyclic Group attribute"),
2307 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2308 "BootstrapResult,Errorsent",
2309 "No valid peer bootstrapping key found")]
2310 for step
, frame
, attr
, result
, fail
in tests
:
2311 dev
[0].request("FLUSH")
2312 dev
[1].request("FLUSH")
2313 sigma
= start_sigma_dut(dev
[0].ifname
)
2315 run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
,
2318 stop_sigma_dut(sigma
)
2320 def run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
, result
, fail
):
2321 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2323 cmd
= "DPP_PKEX_ADD own=%d code=secret" % (id1
)
2324 res
= dev
[1].request(cmd
)
2326 raise Exception("Failed to set PKEX data (responder)")
2328 cmd
= "DPP_LISTEN 2437 role=enrollee"
2329 if "OK" not in dev
[1].request(cmd
):
2330 raise Exception("Failed to start listen operation")
2332 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
))
2333 if result
not in res
:
2334 raise Exception("Unexpected result: " + res
)
2336 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2337 if ev
is None or fail
not in ev
:
2338 raise Exception("Failure not reported correctly: " + str(ev
))
2340 dev
[1].request("DPP_STOP_LISTEN")
2341 dev
[0].dump_monitor()
2342 dev
[1].dump_monitor()
2344 def test_sigma_dut_dpp_proto_responder_pkex(dev
, apdev
):
2345 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2346 check_dpp_capab(dev
[0])
2347 check_dpp_capab(dev
[1])
2348 tests
= [("InvalidValue", "PKEXCRResponse", "WrappedData",
2349 "BootstrapResult,Errorsent",
2351 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2352 "BootstrapResult,Errorsent",
2353 "No DPP Status attribute"),
2354 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2355 "BootstrapResult,Errorsent",
2356 "No valid peer bootstrapping key found")]
2357 for step
, frame
, attr
, result
, fail
in tests
:
2358 dev
[0].request("FLUSH")
2359 dev
[1].request("FLUSH")
2360 sigma
= start_sigma_dut(dev
[0].ifname
)
2362 run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
,
2365 stop_sigma_dut(sigma
)
2367 def run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
, result
, fail
):
2368 t
= threading
.Thread(target
=dpp_proto_init_pkex
, args
=(dev
[1],))
2370 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2372 if result
not in res
:
2373 raise Exception("Unexpected result: " + res
)
2375 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2376 if ev
is None or fail
not in ev
:
2377 raise Exception("Failure not reported correctly:" + str(ev
))
2379 dev
[1].request("DPP_STOP_LISTEN")
2380 dev
[0].dump_monitor()
2381 dev
[1].dump_monitor()
2383 def init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2384 check_dpp_capab(dev
[0])
2385 check_dpp_capab(dev
[1])
2387 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2388 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2389 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2390 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2392 params
= {"ssid": "DPPNET01",
2395 "wpa_key_mgmt": "DPP",
2396 "rsn_pairwise": "CCMP",
2397 "dpp_connector": ap_connector
,
2398 "dpp_csign": csign_pub
,
2399 "dpp_netaccesskey": ap_netaccesskey
}
2401 hapd
= hostapd
.add_ap(apdev
[0], params
)
2403 raise HwsimSkip("DPP not supported")
2405 dev
[0].set("dpp_config_processing", "2")
2407 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
2408 res
= dev
[1].request(cmd
)
2410 raise Exception("Failed to add configurator")
2413 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2414 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2416 dev
[1].set("dpp_configurator_params",
2417 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2419 cmd
= "DPP_LISTEN 2437 role=configurator"
2420 if "OK" not in dev
[1].request(cmd
):
2421 raise Exception("Failed to start listen operation")
2423 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2424 if "status,COMPLETE" not in res
:
2425 raise Exception("dev_exec_action did not succeed: " + res
)
2427 def test_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2428 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2429 sigma
= start_sigma_dut(dev
[0].ifname
)
2431 init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
)
2433 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout
=10)
2434 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res
:
2435 raise Exception("Unexpected result: " + res
)
2437 dev
[0].set("dpp_config_processing", "0")
2438 stop_sigma_dut(sigma
)
2440 def test_sigma_dut_dpp_self_config(dev
, apdev
):
2441 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2442 check_dpp_capab(dev
[0])
2444 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2445 check_dpp_capab(hapd
)
2447 sigma
= start_sigma_dut(dev
[0].ifname
)
2449 dev
[0].set("dpp_config_processing", "2")
2450 id = hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2451 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2453 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2454 if "status,COMPLETE" not in res
:
2455 raise Exception("dev_exec_action did not succeed: " + res
)
2457 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2458 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2459 raise Exception("Unexpected result: " + res
)
2460 update_hapd_config(hapd
)
2462 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2463 res
= sigma_dut_cmd(cmd
, timeout
=10)
2464 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
2465 raise Exception("Unexpected result: " + res
)
2467 stop_sigma_dut(sigma
)
2468 dev
[0].set("dpp_config_processing", "0")
2470 def test_sigma_dut_ap_dpp_self_config(dev
, apdev
, params
):
2471 """sigma_dut DPP AP Configurator using self-configuration"""
2472 logdir
= os
.path
.join(params
['logdir'],
2473 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2474 with
HWSimRadio() as (radio
, iface
):
2475 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2477 run_sigma_dut_ap_dpp_self_config(dev
, apdev
)
2479 stop_sigma_dut(sigma
)
2480 dev
[0].set("dpp_config_processing", "0")
2482 def run_sigma_dut_ap_dpp_self_config(dev
, apdev
):
2483 check_dpp_capab(dev
[0])
2485 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2487 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout
=10)
2488 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2489 raise Exception("Unexpected result: " + res
)
2491 dev
[0].set("dpp_config_processing", "2")
2493 id = dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True)
2494 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2495 cmd
= "DPP_LISTEN 2462 role=enrollee"
2496 if "OK" not in dev
[0].request(cmd
):
2497 raise Exception("Failed to start listen operation")
2499 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2500 if "status,COMPLETE" not in res
:
2501 raise Exception("dev_exec_action did not succeed: " + res
)
2502 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2503 res
= sigma_dut_cmd(cmd
)
2504 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2505 raise Exception("Unexpected result: " + res
)
2506 dev
[0].wait_connected()
2507 dev
[0].request("DISCONNECT")
2508 dev
[0].wait_disconnected()
2509 sigma_dut_cmd_check("ap_reset_default")
2512 def test_sigma_dut_ap_dpp_relay(dev
, apdev
, params
):
2513 """sigma_dut DPP AP as Relay to Controller"""
2514 logdir
= os
.path
.join(params
['logdir'],
2515 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2516 with
HWSimRadio() as (radio
, iface
):
2517 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2519 run_sigma_dut_ap_dpp_relay(dev
, apdev
)
2521 stop_sigma_dut(sigma
)
2522 dev
[1].request("DPP_CONTROLLER_STOP")
2524 def run_sigma_dut_ap_dpp_relay(dev
, apdev
):
2525 check_dpp_capab(dev
[0])
2526 check_dpp_capab(dev
[1])
2529 conf_id
= dev
[1].dpp_configurator_add()
2530 dev
[1].set("dpp_configurator_params",
2531 " conf=sta-dpp configurator=%d" % conf_id
)
2532 id_c
= dev
[1].dpp_bootstrap_gen()
2533 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2534 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
2536 for line
in res
.splitlines():
2537 name
, value
= line
.split('=')
2538 if name
== "pkhash":
2542 raise Exception("Could not fetch public key hash from Controller")
2543 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2544 raise Exception("Failed to start Controller")
2546 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2547 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash
)
2548 res
= sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2550 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
2551 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0])
2553 sigma_dut_cmd_check("ap_reset_default")
2555 def dpp_init_tcp_enrollee(dev
, id1
):
2556 logger
.info("Starting DPP initiator/enrollee (TCP) in a thread")
2558 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2559 if "OK" not in dev
.request(cmd
):
2560 raise Exception("Failed to initiate DPP Authentication")
2561 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
2563 raise Exception("DPP configuration not completed (Enrollee)")
2564 logger
.info("DPP initiator/enrollee done")
2566 def test_sigma_dut_dpp_tcp_conf_resp(dev
, apdev
):
2567 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2568 run_sigma_dut_dpp_tcp_conf_resp(dev
)
2570 def run_sigma_dut_dpp_tcp_conf_resp(dev
, status_query
=False):
2571 check_dpp_capab(dev
[0])
2572 check_dpp_capab(dev
[1])
2573 sigma
= start_sigma_dut(dev
[0].ifname
)
2575 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2576 res
= sigma_dut_cmd(cmd
)
2577 if "status,COMPLETE" not in res
:
2578 raise Exception("dev_exec_action did not succeed: " + res
)
2579 hex = res
.split(',')[3]
2581 logger
.info("URI from sigma_dut: " + uri
)
2583 id1
= dev
[1].dpp_qr_code(uri
)
2585 t
= threading
.Thread(target
=dpp_init_tcp_enrollee
, args
=(dev
[1], id1
))
2587 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2589 cmd
+= ",DPPStatusQuery,Yes"
2590 res
= sigma_dut_cmd(cmd
, timeout
=10)
2592 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2593 raise Exception("Unexpected result: " + res
)
2594 if status_query
and "StatusResult,0" not in res
:
2595 raise Exception("Status query did not succeed: " + res
)
2597 stop_sigma_dut(sigma
)
2599 def test_sigma_dut_dpp_tcp_enrollee_init(dev
, apdev
):
2600 """sigma_dut DPP TCP Enrollee as initiator"""
2601 check_dpp_capab(dev
[0])
2602 check_dpp_capab(dev
[1])
2603 sigma
= start_sigma_dut(dev
[0].ifname
)
2606 conf_id
= dev
[1].dpp_configurator_add()
2607 dev
[1].set("dpp_configurator_params",
2608 " conf=sta-dpp configurator=%d" % conf_id
)
2609 id_c
= dev
[1].dpp_bootstrap_gen()
2610 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2611 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2612 raise Exception("Failed to start Controller")
2614 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c
))
2615 if "status,COMPLETE" not in res
:
2616 raise Exception("dev_exec_action did not succeed: " + res
)
2618 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2619 res
= sigma_dut_cmd(cmd
, timeout
=10)
2620 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2621 raise Exception("Unexpected result: " + res
)
2623 stop_sigma_dut(sigma
)
2624 dev
[1].request("DPP_CONTROLLER_STOP")
2626 def test_sigma_dut_preconfigured_profile(dev
, apdev
):
2627 """sigma_dut controlled connection using preconfigured profile"""
2629 run_sigma_dut_preconfigured_profile(dev
, apdev
)
2631 dev
[0].set("ignore_old_scan_res", "0")
2633 def run_sigma_dut_preconfigured_profile(dev
, apdev
):
2634 ifname
= dev
[0].ifname
2635 sigma
= start_sigma_dut(ifname
)
2637 params
= hostapd
.wpa2_params(ssid
="test-psk", passphrase
="12345678")
2638 hapd
= hostapd
.add_ap(apdev
[0], params
)
2639 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412",
2640 only_add_network
=True)
2642 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2643 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "test-psk"))
2644 sigma_dut_wait_connected(ifname
)
2645 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2646 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2647 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2649 stop_sigma_dut(sigma
)
2651 def test_sigma_dut_wps_pbc(dev
, apdev
):
2652 """sigma_dut and WPS PBC Enrollee"""
2654 run_sigma_dut_wps_pbc(dev
, apdev
)
2656 dev
[0].set("ignore_old_scan_res", "0")
2658 def run_sigma_dut_wps_pbc(dev
, apdev
):
2659 ssid
= "test-wps-conf"
2660 hapd
= hostapd
.add_ap(apdev
[0],
2661 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2662 "wpa_passphrase": "12345678", "wpa": "2",
2663 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2664 hapd
.request("WPS_PBC")
2666 ifname
= dev
[0].ifname
2667 sigma
= start_sigma_dut(ifname
)
2669 cmd
= "start_wps_registration,interface,%s" % ifname
2670 cmd
+= ",WpsRole,Enrollee"
2671 cmd
+= ",WpsConfigMethod,PBC"
2672 sigma_dut_cmd_check(cmd
, timeout
=15)
2674 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2676 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2677 stop_sigma_dut(sigma
)
2678 dev
[0].flush_scan_cache()
2680 def test_sigma_dut_sta_scan_bss(dev
, apdev
):
2681 """sigma_dut sta_scan_bss"""
2682 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "test"})
2683 sigma
= start_sigma_dut(dev
[0].ifname
)
2685 cmd
= "sta_scan_bss,Interface,%s,BSSID,%s" % (dev
[0].ifname
, \
2687 res
= sigma_dut_cmd(cmd
, timeout
=10)
2688 if "ssid,test,bsschannel,1" not in res
:
2689 raise Exception("Unexpected result: " + res
)
2691 stop_sigma_dut(sigma
)
2693 def test_sigma_dut_sta_scan_ssid_bssid(dev
, apdev
):
2694 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2695 hostapd
.add_ap(apdev
[0], {"ssid": "abcdef"})
2696 hostapd
.add_ap(apdev
[1], {"ssid": "qwerty"})
2697 sigma
= start_sigma_dut(dev
[0].ifname
, debug
=True)
2699 cmd
= "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev
[0].ifname
2700 res
= sigma_dut_cmd(cmd
, timeout
=10)
2701 if "abcdef" not in res
or "qwerty" not in res
:
2702 raise Exception("Unexpected result: " + res
)
2704 stop_sigma_dut(sigma
)
2706 def test_sigma_dut_ap_osen(dev
, apdev
, params
):
2707 """sigma_dut controlled AP with OSEN"""
2708 logdir
= os
.path
.join(params
['logdir'],
2709 "sigma_dut_ap_osen.sigma-hostapd")
2710 with
HWSimRadio() as (radio
, iface
):
2711 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2713 sigma_dut_cmd_check("ap_reset_default")
2714 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2715 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2716 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2717 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2719 # RSN-OSEN (for OSU)
2720 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2721 pairwise
="CCMP", group
="GTK_NOT_USED",
2722 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2723 ca_cert
="auth_serv/ca.pem", scan_freq
="2412")
2725 sigma_dut_cmd_check("ap_reset_default")
2727 stop_sigma_dut(sigma
)
2729 def test_sigma_dut_ap_eap_osen(dev
, apdev
, params
):
2730 """sigma_dut controlled AP with EAP+OSEN"""
2731 logdir
= os
.path
.join(params
['logdir'],
2732 "sigma_dut_ap_eap_osen.sigma-hostapd")
2733 with
HWSimRadio() as (radio
, iface
):
2734 sigma
= start_sigma_dut(iface
, bridge
="ap-br0", hostapd_logdir
=logdir
)
2736 sigma_dut_cmd_check("ap_reset_default")
2737 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2738 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2739 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2740 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2742 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
2743 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2745 # RSN-OSEN (for OSU)
2746 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
2748 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
2749 ca_cert
="auth_serv/ca.pem", ieee80211w
='2',
2751 # RSN-EAP (for data connection)
2752 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
2753 identity
="hs20-test", password
="password",
2754 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
2755 ieee80211w
='2', scan_freq
="2412")
2757 hwsim_utils
.test_connectivity(dev
[0], dev
[1], broadcast
=False,
2758 success_expected
=False, timeout
=1)
2760 sigma_dut_cmd_check("ap_reset_default")
2762 stop_sigma_dut(sigma
)
2763 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2764 stderr
=open('/dev/null', 'w'))
2765 subprocess
.call(['brctl', 'delbr', 'ap-br0'],
2766 stderr
=open('/dev/null', 'w'))
2768 def test_sigma_dut_ap_eap(dev
, apdev
, params
):
2769 """sigma_dut controlled AP WPA2-Enterprise"""
2770 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2771 with
HWSimRadio() as (radio
, iface
):
2772 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2774 sigma_dut_cmd_check("ap_reset_default")
2775 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2776 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2777 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2778 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2780 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
2781 identity
="gpsk user",
2782 password
="abcdefghijklmnop0123456789abcdef",
2785 sigma_dut_cmd_check("ap_reset_default")
2787 stop_sigma_dut(sigma
)
2789 def test_sigma_dut_ap_eap_sha256(dev
, apdev
, params
):
2790 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2791 logdir
= os
.path
.join(params
['logdir'],
2792 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2793 with
HWSimRadio() as (radio
, iface
):
2794 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2796 sigma_dut_cmd_check("ap_reset_default")
2797 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2798 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2799 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2800 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2802 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP-SHA256", eap
="GPSK",
2803 identity
="gpsk user",
2804 password
="abcdefghijklmnop0123456789abcdef",
2807 sigma_dut_cmd_check("ap_reset_default")
2809 stop_sigma_dut(sigma
)
2811 def test_sigma_dut_ap_ft_eap(dev
, apdev
, params
):
2812 """sigma_dut controlled AP FT-EAP"""
2813 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2814 with
HWSimRadio() as (radio
, iface
):
2815 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2817 sigma_dut_cmd_check("ap_reset_default")
2818 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2819 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2820 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2821 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2823 dev
[0].connect("test-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
2824 identity
="gpsk user",
2825 password
="abcdefghijklmnop0123456789abcdef",
2828 sigma_dut_cmd_check("ap_reset_default")
2830 stop_sigma_dut(sigma
)
2832 def test_sigma_dut_ap_ft_psk(dev
, apdev
, params
):
2833 """sigma_dut controlled AP FT-PSK"""
2834 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2835 with
HWSimRadio() as (radio
, iface
):
2836 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2838 sigma_dut_cmd_check("ap_reset_default")
2839 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2840 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2841 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2843 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
2846 sigma_dut_cmd_check("ap_reset_default")
2848 stop_sigma_dut(sigma
)
2850 def test_sigma_dut_ap_ft_over_ds_psk(dev
, apdev
, params
):
2851 """sigma_dut controlled AP FT-PSK (over-DS)"""
2852 logdir
= os
.path
.join(params
['logdir'],
2853 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
2854 conffile
= os
.path
.join(params
['logdir'],
2855 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
2856 with
HWSimRadio() as (radio
, iface
):
2857 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2859 sigma_dut_cmd_check("ap_reset_default")
2860 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
2861 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2862 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2864 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
2865 with
open(conffile
, "wb") as f2
:
2868 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
2871 sigma_dut_cmd_check("ap_reset_default")
2873 stop_sigma_dut(sigma
)
2875 def test_sigma_dut_ap_ent_ft_eap(dev
, apdev
, params
):
2876 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2877 logdir
= os
.path
.join(params
['logdir'],
2878 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2879 with
HWSimRadio() as (radio
, iface
):
2880 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
2882 sigma_dut_cmd_check("ap_reset_default")
2883 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2884 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2885 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2886 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2888 dev
[0].connect("test-ent-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
2889 identity
="gpsk user",
2890 password
="abcdefghijklmnop0123456789abcdef",
2892 dev
[1].connect("test-ent-ft-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
2893 identity
="gpsk user",
2894 password
="abcdefghijklmnop0123456789abcdef",
2897 sigma_dut_cmd_check("ap_reset_default")
2899 stop_sigma_dut(sigma
)
2901 def test_sigma_dut_venue_url(dev
, apdev
):
2902 """sigma_dut controlled Venue URL fetch"""
2904 run_sigma_dut_venue_url(dev
, apdev
)
2906 dev
[0].set("ignore_old_scan_res", "0")
2908 def run_sigma_dut_venue_url(dev
, apdev
):
2909 ifname
= dev
[0].ifname
2910 sigma
= start_sigma_dut(ifname
, debug
=True)
2913 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
2914 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
2915 params
["ieee80211w"] = "2"
2919 venue_info
= struct
.pack('BB', venue_group
, venue_type
)
2921 name1
= "Example venue"
2923 name2
= "Esimerkkipaikka"
2924 venue1
= struct
.pack('B', len(lang1
+ name1
)) + lang1
.encode() + name1
.encode()
2925 venue2
= struct
.pack('B', len(lang2
+ name2
)) + lang2
.encode() + name2
.encode()
2926 venue_name
= binascii
.hexlify(venue_info
+ venue1
+ venue2
)
2928 url1
= "http://example.com/venue"
2929 url2
= "https://example.org/venue-info/"
2930 params
["venue_group"] = str(venue_group
)
2931 params
["venue_type"] = str(venue_type
)
2932 params
["venue_name"] = [lang1
+ ":" + name1
, lang2
+ ":" + name2
]
2933 params
["venue_url"] = ["1:" + url1
, "2:" + url2
]
2935 hapd
= hostapd
.add_ap(apdev
[0], params
)
2937 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
2938 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2939 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "venue", "12345678"))
2940 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "venue"))
2941 sigma_dut_wait_connected(ifname
)
2942 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2943 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname
+ ",Display,Yes")
2944 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2945 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2947 stop_sigma_dut(sigma
)
2949 def test_sigma_dut_hs20_assoc_24(dev
, apdev
):
2950 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
2951 run_sigma_dut_hs20_assoc(dev
, apdev
, True)
2953 def test_sigma_dut_hs20_assoc_5(dev
, apdev
):
2954 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
2955 run_sigma_dut_hs20_assoc(dev
, apdev
, False)
2957 def run_sigma_dut_hs20_assoc(dev
, apdev
, band24
):
2961 bssid0
= apdev
[0]['bssid']
2962 params
= hs20_ap_params()
2963 params
['hessid'] = bssid0
2964 hapd0
= hostapd
.add_ap(apdev
[0], params
)
2966 bssid1
= apdev
[1]['bssid']
2967 params
= hs20_ap_params()
2968 params
['hessid'] = bssid0
2969 params
["hw_mode"] = "a"
2970 params
["channel"] = "36"
2971 params
["country_code"] = "US"
2972 hapd1
= hostapd
.add_ap(apdev
[1], params
)
2974 band
= "2.4" if band24
else "5"
2975 exp_bssid
= bssid0
if band24
else bssid1
2976 run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, exp_bssid
)
2978 dev
[0].request("DISCONNECT")
2980 hapd0
.request("DISABLE")
2982 hapd1
.request("DISABLE")
2983 subprocess
.call(['iw', 'reg', 'set', '00'])
2984 dev
[0].flush_scan_cache()
2986 def run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, expect_bssid
):
2987 check_eap_capa(dev
[0], "MSCHAPV2")
2988 dev
[0].flush_scan_cache()
2990 ifname
= dev
[0].ifname
2991 sigma
= start_sigma_dut(ifname
, debug
=True)
2993 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname
)
2994 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2995 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname
)
2996 res
= sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname
, band
),
2998 sigma_dut_wait_connected(ifname
)
2999 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3000 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3001 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3003 stop_sigma_dut(sigma
)
3005 if "BSSID," + expect_bssid
not in res
:
3006 raise Exception("Unexpected BSSID: " + res
)
3008 def test_sigma_dut_ap_hs20(dev
, apdev
, params
):
3009 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3010 logdir
= os
.path
.join(params
['logdir'],
3011 "sigma_dut_ap_hs20.sigma-hostapd")
3012 conffile
= os
.path
.join(params
['logdir'],
3013 "sigma_dut_ap_hs20.sigma-conf")
3014 with
HWSimRadio() as (radio
, iface
):
3015 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
, debug
=True)
3017 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3018 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3019 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3020 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3021 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3022 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3023 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3024 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3025 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3026 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3027 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3028 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3029 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3030 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3032 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3033 with
open(conffile
, "wb") as f2
:
3036 sigma_dut_cmd_check("ap_reset_default")
3038 stop_sigma_dut(sigma
)
3040 def test_sigma_dut_eap_ttls_uosc(dev
, apdev
, params
):
3041 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3042 logdir
= params
['logdir']
3044 with
open("auth_serv/ca.pem", "r") as f
:
3045 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.ca.pem"),
3049 src
= "auth_serv/server.pem"
3050 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.der")
3051 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3052 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3054 stderr
=open('/dev/null', 'w'))
3055 with
open(dst
, "rb") as f
:
3057 hash = hashlib
.sha256(der
).digest()
3058 with
open(hashdst
, "w") as f
:
3059 f
.write(binascii
.hexlify(hash).decode())
3061 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3062 with
open(dst
, "w") as f
:
3065 ssid
= "test-wpa2-eap"
3066 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3067 hapd
= hostapd
.add_ap(apdev
[0], params
)
3069 ifname
= dev
[0].ifname
3070 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
3073 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname
, ssid
)
3075 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3076 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3077 sigma_dut_cmd_check(cmd
)
3078 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
3079 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3081 raise Exception("Server certificate error not reported")
3083 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3084 if "ServerCertTrustResult,Accepted" not in res
:
3085 raise Exception("Server certificate trust was not accepted")
3086 sigma_dut_wait_connected(ifname
)
3087 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3088 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3089 dev
[0].dump_monitor()
3091 stop_sigma_dut(sigma
)
3093 def test_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
):
3094 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3095 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, False)
3097 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev
, apdev
, params
):
3098 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3099 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, True)
3101 def run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, tofu
):
3102 logdir
= params
['logdir']
3104 name
= "sigma_dut_eap_ttls_uosc_tod"
3107 with
open("auth_serv/ca.pem", "r") as f
:
3108 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3112 src
= "auth_serv/server-certpol2.pem"
3114 src
= "auth_serv/server-certpol.pem"
3115 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3116 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3117 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3119 stderr
=open('/dev/null', 'w'))
3120 with
open(dst
, "rb") as f
:
3122 hash = hashlib
.sha256(der
).digest()
3123 with
open(hashdst
, "w") as f
:
3124 f
.write(binascii
.hexlify(hash).decode())
3126 ssid
= "test-wpa2-eap"
3127 params
= int_eap_server_params()
3128 params
["ssid"] = ssid
3130 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3131 params
["private_key"] = "auth_serv/server-certpol2.key"
3133 params
["server_cert"] = "auth_serv/server-certpol.pem"
3134 params
["private_key"] = "auth_serv/server-certpol.key"
3135 hapd
= hostapd
.add_ap(apdev
[0], params
)
3137 ifname
= dev
[0].ifname
3138 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
3141 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name
+ ".server.pem") % (ifname
, ssid
)
3142 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3143 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3144 sigma_dut_cmd_check(cmd
)
3145 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
3146 sigma_dut_wait_connected(ifname
)
3147 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3148 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
+ ",maintain_profile,1")
3149 dev
[0].wait_disconnected()
3150 dev
[0].dump_monitor()
3153 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3154 hapd
= hostapd
.add_ap(apdev
[0], params
)
3156 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
3157 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3159 raise Exception("Server certificate error not reported")
3161 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3162 if "ServerCertTrustResult,Accepted" in res
:
3163 raise Exception("Server certificate trust override was accepted unexpectedly")
3164 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3165 dev
[0].dump_monitor()
3167 stop_sigma_dut(sigma
)
3169 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev
, apdev
, params
):
3170 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3171 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, False)
3173 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev
, apdev
, params
):
3174 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3175 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, True)
3177 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, tofu
):
3178 logdir
= params
['logdir']
3180 name
= "sigma_dut_eap_ttls_uosc_initial_tod"
3183 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
3184 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3188 src
= "auth_serv/server-certpol2.pem"
3190 src
= "auth_serv/server-certpol.pem"
3191 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3192 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3193 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3195 stderr
=open('/dev/null', 'w'))
3196 with
open(dst
, "rb") as f
:
3198 hash = hashlib
.sha256(der
).digest()
3199 with
open(hashdst
, "w") as f
:
3200 f
.write(binascii
.hexlify(hash).decode())
3202 ssid
= "test-wpa2-eap"
3203 params
= int_eap_server_params()
3204 params
["ssid"] = ssid
3206 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3207 params
["private_key"] = "auth_serv/server-certpol2.key"
3209 params
["server_cert"] = "auth_serv/server-certpol.pem"
3210 params
["private_key"] = "auth_serv/server-certpol.key"
3211 hapd
= hostapd
.add_ap(apdev
[0], params
)
3213 ifname
= dev
[0].ifname
3214 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
3217 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname
, ssid
)
3218 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3219 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3220 sigma_dut_cmd_check(cmd
)
3221 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
3222 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=15)
3224 raise Exception("Server certificate validation failure not reported")
3226 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3227 if not tofu
and "ServerCertTrustResult,Accepted" in res
:
3228 raise Exception("Server certificate trust override was accepted unexpectedly")
3229 if tofu
and "ServerCertTrustResult,Accepted" not in res
:
3230 raise Exception("Server certificate trust override was not accepted")
3231 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3232 dev
[0].dump_monitor()
3234 stop_sigma_dut(sigma
)
3236 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev
, apdev
, params
):
3237 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3238 logdir
= params
['logdir']
3240 with
open("auth_serv/ca.pem", "r") as f
:
3241 with
open(os
.path
.join(logdir
,
3242 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3246 ssid
= "test-wpa2-eap"
3247 params
= int_eap_server_params()
3248 params
["ssid"] = ssid
3249 params
["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3250 params
["server_cert"] = "auth_serv/rsa3072-server.pem"
3251 params
["private_key"] = "auth_serv/rsa3072-server.key"
3252 hapd
= hostapd
.add_ap(apdev
[0], params
)
3254 ifname
= dev
[0].ifname
3255 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
, debug
=True)
3258 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname
, ssid
)
3259 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3260 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3261 sigma_dut_cmd_check(cmd
)
3262 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
))
3263 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3265 raise Exception("Server certificate error not reported")
3267 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3268 if "ServerCertTrustResult,Accepted" not in res
:
3269 raise Exception("Server certificate trust was not accepted")
3270 sigma_dut_wait_connected(ifname
)
3271 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3272 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3273 dev
[0].dump_monitor()
3275 stop_sigma_dut(sigma
)