]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: sigma_dut controlled AP and deauth commands
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import binascii
9 import hashlib
10 import logging
11 logger = logging.getLogger()
12 import os
13 import socket
14 import struct
15 import subprocess
16 import threading
17 import time
18
19 import hostapd
20 from utils import HwsimSkip
21 from hwsim import HWSimRadio
22 import hwsim_utils
23 from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
24 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
25 from test_ap_eap import check_eap_capa, int_eap_server_params
26 from test_ap_hs20 import hs20_ap_params
27
28 def check_sigma_dut():
29 if not os.path.exists("./sigma_dut"):
30 raise HwsimSkip("sigma_dut not available")
31
32 def to_hex(s):
33 return binascii.hexlify(s.encode()).decode()
34
35 def from_hex(s):
36 return binascii.unhexlify(s).decode()
37
38 def sigma_dut_cmd(cmd, port=9000, timeout=2):
39 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
40 socket.IPPROTO_TCP)
41 sock.settimeout(timeout)
42 addr = ('127.0.0.1', port)
43 sock.connect(addr)
44 sock.send(cmd.encode() + b"\r\n")
45 try:
46 res = sock.recv(1000).decode()
47 running = False
48 done = False
49 for line in res.splitlines():
50 if line.startswith("status,RUNNING"):
51 running = True
52 elif line.startswith("status,INVALID"):
53 done = True
54 elif line.startswith("status,ERROR"):
55 done = True
56 elif line.startswith("status,COMPLETE"):
57 done = True
58 if running and not done:
59 # Read the actual response
60 res = sock.recv(1000).decode()
61 except:
62 res = ''
63 pass
64 sock.close()
65 res = res.rstrip()
66 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
67 return res
68
69 def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
70 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
71 if "COMPLETE" not in res:
72 raise Exception("sigma_dut command failed: " + cmd)
73 return res
74
75 def start_sigma_dut(ifname, debug=False, hostapd_logdir=None, cert_path=None,
76 bridge=None):
77 check_sigma_dut()
78 cmd = ['./sigma_dut',
79 '-M', ifname,
80 '-S', ifname,
81 '-F', '../../hostapd/hostapd',
82 '-G',
83 '-w', '/var/run/wpa_supplicant/',
84 '-j', ifname]
85 if debug:
86 cmd += ['-d']
87 if hostapd_logdir:
88 cmd += ['-H', hostapd_logdir]
89 if cert_path:
90 cmd += ['-C', cert_path]
91 if bridge:
92 cmd += ['-b', bridge]
93 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
94 stderr=subprocess.PIPE)
95 for i in range(20):
96 try:
97 res = sigma_dut_cmd("HELLO")
98 break
99 except:
100 time.sleep(0.05)
101 return sigma
102
103 def stop_sigma_dut(sigma):
104 sigma.terminate()
105 sigma.wait()
106 out, err = sigma.communicate()
107 logger.debug("sigma_dut stdout: " + str(out.decode()))
108 logger.debug("sigma_dut stderr: " + str(err.decode()))
109
110 def sigma_dut_wait_connected(ifname):
111 for i in range(50):
112 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
113 if "connected,1" in res:
114 break
115 time.sleep(0.2)
116 if i == 49:
117 raise Exception("Connection did not complete")
118
119 def test_sigma_dut_basic(dev, apdev):
120 """sigma_dut basic functionality"""
121 sigma = start_sigma_dut(dev[0].ifname)
122
123 res = sigma_dut_cmd("UNKNOWN")
124 if "status,INVALID,errorCode,Unknown command" not in res:
125 raise Exception("Unexpected sigma_dut response to unknown command")
126
127 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
128 ("device_get_info", "status,COMPLETE,vendor"),
129 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
130 ("device_list_interfaces,interfaceType,802.11",
131 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
132 for cmd, response in tests:
133 res = sigma_dut_cmd(cmd)
134 if response not in res:
135 raise Exception("Unexpected %s response: %s" % (cmd, res))
136
137 stop_sigma_dut(sigma)
138
139 def test_sigma_dut_open(dev, apdev):
140 """sigma_dut controlled open network association"""
141 try:
142 run_sigma_dut_open(dev, apdev)
143 finally:
144 dev[0].set("ignore_old_scan_res", "0")
145
146 def run_sigma_dut_open(dev, apdev):
147 ifname = dev[0].ifname
148 sigma = start_sigma_dut(ifname)
149
150 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
151
152 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
153 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
154 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"))
155 sigma_dut_wait_connected(ifname)
156 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
157 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
158 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
159
160 stop_sigma_dut(sigma)
161
162 def test_sigma_dut_psk_pmf(dev, apdev):
163 """sigma_dut controlled PSK+PMF association"""
164 try:
165 run_sigma_dut_psk_pmf(dev, apdev)
166 finally:
167 dev[0].set("ignore_old_scan_res", "0")
168
169 def run_sigma_dut_psk_pmf(dev, apdev):
170 ifname = dev[0].ifname
171 sigma = start_sigma_dut(ifname)
172
173 ssid = "test-pmf-required"
174 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
175 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
176 params["ieee80211w"] = "2"
177 hapd = hostapd.add_ap(apdev[0], params)
178
179 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
180 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
181 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
182 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
183 sigma_dut_wait_connected(ifname)
184 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
185 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
186 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
187
188 stop_sigma_dut(sigma)
189
190 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
191 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
192 try:
193 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
194 finally:
195 dev[0].set("ignore_old_scan_res", "0")
196
197 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
198 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
199 try:
200 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
201 finally:
202 dev[0].set("ignore_old_scan_res", "0")
203
204 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
205 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
206 try:
207 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
208 finally:
209 dev[0].set("ignore_old_scan_res", "0")
210
211 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
212 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
213 try:
214 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
215 finally:
216 dev[0].set("ignore_old_scan_res", "0")
217
218 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
219 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
220 try:
221 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
222 failure=True)
223 finally:
224 dev[0].set("ignore_old_scan_res", "0")
225
226 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
227 failure=False):
228 ifname = dev[0].ifname
229 sigma = start_sigma_dut(ifname)
230
231 ssid = "test-pmf-required"
232 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
233 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
234 params["ieee80211w"] = "2"
235 params["group_mgmt_cipher"] = hostapd_cipher
236 hapd = hostapd.add_ap(apdev[0], params)
237
238 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
239 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
240 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
241 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
242 if failure:
243 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
244 "CTRL-EVENT-CONNECTED"], timeout=10)
245 if ev is None:
246 raise Exception("Network selection result not indicated")
247 if "CTRL-EVENT-CONNECTED" in ev:
248 raise Exception("Unexpected connection")
249 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
250 if "connected,1" in res:
251 raise Exception("Connection reported")
252 else:
253 sigma_dut_wait_connected(ifname)
254 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
255
256 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
257 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
258
259 stop_sigma_dut(sigma)
260
261 def test_sigma_dut_sae(dev, apdev):
262 """sigma_dut controlled SAE association"""
263 if "SAE" not in dev[0].get_capability("auth_alg"):
264 raise HwsimSkip("SAE not supported")
265
266 ifname = dev[0].ifname
267 sigma = start_sigma_dut(ifname)
268
269 ssid = "test-sae"
270 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
271 params['wpa_key_mgmt'] = 'SAE'
272 params["ieee80211w"] = "2"
273 params['sae_groups'] = '19 20 21'
274 hapd = hostapd.add_ap(apdev[0], params)
275
276 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
277 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
278 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
279 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
280 sigma_dut_wait_connected(ifname)
281 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
282 if dev[0].get_status_field('sae_group') != '19':
283 raise Exception("Expected default SAE group not used")
284 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
285
286 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
287
288 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
289 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
290 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
291 sigma_dut_wait_connected(ifname)
292 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
293 if dev[0].get_status_field('sae_group') != '20':
294 raise Exception("Expected SAE group not used")
295 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
296 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
297
298 stop_sigma_dut(sigma)
299
300 def test_sigma_dut_sae_pmkid_include(dev, apdev):
301 """sigma_dut controlled SAE association with PMKID"""
302 if "SAE" not in dev[0].get_capability("auth_alg"):
303 raise HwsimSkip("SAE not supported")
304
305 ifname = dev[0].ifname
306 sigma = start_sigma_dut(ifname)
307
308 ssid = "test-sae"
309 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
310 params['wpa_key_mgmt'] = 'SAE'
311 params["ieee80211w"] = "2"
312 params["sae_confirm_immediate"] = "1"
313 hapd = hostapd.add_ap(apdev[0], params)
314
315 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
316 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
317 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname, "test-sae", "12345678"))
318 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
319 sigma_dut_wait_connected(ifname)
320 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
321 stop_sigma_dut(sigma)
322
323 def test_sigma_dut_sae_password(dev, apdev):
324 """sigma_dut controlled SAE association and long password"""
325 if "SAE" not in dev[0].get_capability("auth_alg"):
326 raise HwsimSkip("SAE not supported")
327
328 ifname = dev[0].ifname
329 sigma = start_sigma_dut(ifname)
330
331 try:
332 ssid = "test-sae"
333 params = hostapd.wpa2_params(ssid=ssid)
334 params['sae_password'] = 100*'B'
335 params['wpa_key_mgmt'] = 'SAE'
336 params["ieee80211w"] = "2"
337 hapd = hostapd.add_ap(apdev[0], params)
338
339 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
340 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
341 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
342 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
343 sigma_dut_wait_connected(ifname)
344 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
345 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
346 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
347 finally:
348 stop_sigma_dut(sigma)
349
350 def test_sigma_dut_sae_pw_id(dev, apdev):
351 """sigma_dut controlled SAE association with Password Identifier"""
352 if "SAE" not in dev[0].get_capability("auth_alg"):
353 raise HwsimSkip("SAE not supported")
354
355 ifname = dev[0].ifname
356 sigma = start_sigma_dut(ifname, debug=True)
357
358 ssid = "test-sae"
359 params = hostapd.wpa2_params(ssid=ssid)
360 params['wpa_key_mgmt'] = 'SAE'
361 params["ieee80211w"] = "2"
362 params['sae_password'] = 'secret|id=pw id'
363 params['sae_groups'] = '19'
364 hapd = hostapd.add_ap(apdev[0], params)
365
366 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
367 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
368 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
369 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
370 sigma_dut_wait_connected(ifname)
371 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
372 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
373
374 stop_sigma_dut(sigma)
375
376 def test_sigma_dut_sae_pw_id_ft(dev, apdev):
377 """sigma_dut controlled SAE association with Password Identifier and FT"""
378 run_sigma_dut_sae_pw_id_ft(dev, apdev)
379
380 def test_sigma_dut_sae_pw_id_ft_over_ds(dev, apdev):
381 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
382 run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=True)
383
384 def run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=False):
385 if "SAE" not in dev[0].get_capability("auth_alg"):
386 raise HwsimSkip("SAE not supported")
387
388 ifname = dev[0].ifname
389 sigma = start_sigma_dut(ifname, debug=True)
390
391 ssid = "test-sae"
392 params = hostapd.wpa2_params(ssid=ssid)
393 params['wpa_key_mgmt'] = 'SAE FT-SAE'
394 params["ieee80211w"] = "2"
395 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
396 params['mobility_domain'] = 'aabb'
397 params['ft_over_ds'] = '1' if over_ds else '0'
398 bssid = apdev[0]['bssid'].replace(':', '')
399 params['nas_identifier'] = bssid + '.nas.example.com'
400 params['r1_key_holder'] = bssid
401 params['pmk_r1_push'] = '0'
402 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
403 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
404 hapd = hostapd.add_ap(apdev[0], params)
405
406 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
407 if over_ds:
408 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname)
409 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
410 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
411 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
412 sigma_dut_wait_connected(ifname)
413
414 bssid = apdev[1]['bssid'].replace(':', '')
415 params['nas_identifier'] = bssid + '.nas.example.com'
416 params['r1_key_holder'] = bssid
417 hapd2 = hostapd.add_ap(apdev[1], params)
418 bssid = hapd2.own_addr()
419 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
420 dev[0].wait_connected()
421
422 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
423 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
424
425 stop_sigma_dut(sigma)
426
427 def test_sigma_dut_sta_override_rsne(dev, apdev):
428 """sigma_dut and RSNE override on STA"""
429 try:
430 run_sigma_dut_sta_override_rsne(dev, apdev)
431 finally:
432 dev[0].set("ignore_old_scan_res", "0")
433
434 def run_sigma_dut_sta_override_rsne(dev, apdev):
435 ifname = dev[0].ifname
436 sigma = start_sigma_dut(ifname)
437
438 ssid = "test-psk"
439 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
440 hapd = hostapd.add_ap(apdev[0], params)
441
442 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
443
444 tests = ["30120100000fac040100000fac040100000fac02",
445 "30140100000fac040100000fac040100000fac02ffff"]
446 for test in tests:
447 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
448 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
449 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
450 sigma_dut_wait_connected(ifname)
451 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
452 dev[0].dump_monitor()
453
454 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
455 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
456 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
457
458 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
459 if ev is None:
460 raise Exception("Association rejection not reported")
461 if "status_code=40" not in ev:
462 raise Exception("Unexpected status code: " + ev)
463
464 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
465
466 stop_sigma_dut(sigma)
467
468 def test_sigma_dut_ap_psk(dev, apdev):
469 """sigma_dut controlled AP"""
470 with HWSimRadio() as (radio, iface):
471 sigma = start_sigma_dut(iface)
472 try:
473 sigma_dut_cmd_check("ap_reset_default")
474 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
475 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
476 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
477
478 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
479
480 sigma_dut_cmd_check("ap_reset_default")
481 finally:
482 stop_sigma_dut(sigma)
483
484 def test_sigma_dut_ap_pskhex(dev, apdev, params):
485 """sigma_dut controlled AP and PSKHEX"""
486 logdir = os.path.join(params['logdir'],
487 "sigma_dut_ap_pskhex.sigma-hostapd")
488 with HWSimRadio() as (radio, iface):
489 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
490 try:
491 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
492 sigma_dut_cmd_check("ap_reset_default")
493 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
494 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
495 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
496
497 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
498
499 sigma_dut_cmd_check("ap_reset_default")
500 finally:
501 stop_sigma_dut(sigma)
502
503 def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
504 """sigma_dut controlled AP PSK SHA256"""
505 logdir = os.path.join(params['logdir'],
506 "sigma_dut_ap_psk_sha256.sigma-hostapd")
507 with HWSimRadio() as (radio, iface):
508 sigma = start_sigma_dut(iface)
509 try:
510 sigma_dut_cmd_check("ap_reset_default")
511 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
512 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
513 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
514
515 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
516 psk="12345678", scan_freq="2412")
517
518 sigma_dut_cmd_check("ap_reset_default")
519 finally:
520 stop_sigma_dut(sigma)
521
522 def test_sigma_dut_ap_psk_deauth(dev, apdev, params):
523 """sigma_dut controlled AP and deauth commands"""
524 logdir = os.path.join(params['logdir'],
525 "sigma_dut_ap_psk_deauth.sigma-hostapd")
526 with HWSimRadio() as (radio, iface):
527 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
528 try:
529 sigma_dut_cmd_check("ap_reset_default")
530 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
531 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
532 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
533
534 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
535 psk="12345678", ieee80211w="2", scan_freq="2412")
536 addr = dev[0].own_addr()
537 dev[0].dump_monitor()
538
539 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr)
540 ev = dev[0].wait_disconnected()
541 dev[0].dump_monitor()
542 if "locally_generated=1" in ev:
543 raise Exception("Unexpected disconnection reason")
544 dev[0].wait_connected()
545 dev[0].dump_monitor()
546
547 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr + ",disconnect,silent")
548 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
549 if ev and "locally_generated=1" not in ev:
550 raise Exception("Unexpected disconnection")
551
552 sigma_dut_cmd_check("ap_reset_default")
553 finally:
554 stop_sigma_dut(sigma)
555
556 def test_sigma_dut_eap_ttls(dev, apdev, params):
557 """sigma_dut controlled STA and EAP-TTLS parameters"""
558 logdir = params['logdir']
559
560 with open("auth_serv/ca.pem", "r") as f:
561 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
562 f2.write(f.read())
563
564 src = "auth_serv/server.pem"
565 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
566 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
567 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
568 "-outform", "DER"],
569 stderr=open('/dev/null', 'w'))
570 with open(dst, "rb") as f:
571 der = f.read()
572 hash = hashlib.sha256(der).digest()
573 with open(hashdst, "w") as f:
574 f.write(binascii.hexlify(hash).decode())
575
576 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
577 with open(dst, "w") as f:
578 f.write(32*"00")
579
580 ssid = "test-wpa2-eap"
581 params = hostapd.wpa2_eap_params(ssid=ssid)
582 hapd = hostapd.add_ap(apdev[0], params)
583
584 ifname = dev[0].ifname
585 sigma = start_sigma_dut(ifname, cert_path=logdir)
586
587 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
588
589 tests = ["",
590 ",Domain,server.w1.fi",
591 ",DomainSuffix,w1.fi",
592 ",DomainSuffix,server.w1.fi",
593 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
594 for extra in tests:
595 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
596 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
597 sigma_dut_cmd_check(cmd + extra)
598 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
599 sigma_dut_wait_connected(ifname)
600 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
601 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
602 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
603 dev[0].dump_monitor()
604
605 tests = [",Domain,w1.fi",
606 ",DomainSuffix,example.com",
607 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
608 for extra in tests:
609 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
610 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
611 sigma_dut_cmd_check(cmd + extra)
612 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
613 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
614 if ev is None:
615 raise Exception("Server certificate error not reported")
616 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
617 if "connected,1" in res:
618 raise Exception("Unexpected connection reported")
619 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
620 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
621 dev[0].dump_monitor()
622
623 stop_sigma_dut(sigma)
624
625 def test_sigma_dut_suite_b(dev, apdev, params):
626 """sigma_dut controlled STA Suite B"""
627 check_suite_b_192_capa(dev)
628 logdir = params['logdir']
629
630 with open("auth_serv/ec2-ca.pem", "r") as f:
631 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
632 f2.write(f.read())
633
634 with open("auth_serv/ec2-user.pem", "r") as f:
635 with open("auth_serv/ec2-user.key", "r") as f2:
636 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
637 f3.write(f.read())
638 f3.write(f2.read())
639
640 dev[0].flush_scan_cache()
641 params = suite_b_as_params()
642 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
643 params['server_cert'] = 'auth_serv/ec2-server.pem'
644 params['private_key'] = 'auth_serv/ec2-server.key'
645 params['openssl_ciphers'] = 'SUITEB192'
646 hostapd.add_ap(apdev[1], params)
647
648 params = {"ssid": "test-suite-b",
649 "wpa": "2",
650 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
651 "rsn_pairwise": "GCMP-256",
652 "group_mgmt_cipher": "BIP-GMAC-256",
653 "ieee80211w": "2",
654 "ieee8021x": "1",
655 'auth_server_addr': "127.0.0.1",
656 'auth_server_port': "18129",
657 'auth_server_shared_secret': "radius",
658 'nas_identifier': "nas.w1.fi"}
659 hapd = hostapd.add_ap(apdev[0], params)
660
661 ifname = dev[0].ifname
662 sigma = start_sigma_dut(ifname, cert_path=logdir)
663
664 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
665 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
666 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
667 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
668 sigma_dut_wait_connected(ifname)
669 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
670 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
671 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
672
673 stop_sigma_dut(sigma)
674
675 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
676 """sigma_dut controlled STA Suite B (RSA)"""
677 check_suite_b_192_capa(dev)
678 logdir = params['logdir']
679
680 with open("auth_serv/rsa3072-ca.pem", "r") as f:
681 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
682 f2.write(f.read())
683
684 with open("auth_serv/rsa3072-user.pem", "r") as f:
685 with open("auth_serv/rsa3072-user.key", "r") as f2:
686 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
687 f3.write(f.read())
688 f3.write(f2.read())
689
690 dev[0].flush_scan_cache()
691 params = suite_b_192_rsa_ap_params()
692 hapd = hostapd.add_ap(apdev[0], params)
693
694 ifname = dev[0].ifname
695 sigma = start_sigma_dut(ifname, cert_path=logdir)
696
697 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
698
699 tests = ["",
700 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
701 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
702 for extra in tests:
703 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
704 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
705 sigma_dut_cmd_check(cmd + extra)
706 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
707 sigma_dut_wait_connected(ifname)
708 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
709 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
710 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
711
712 stop_sigma_dut(sigma)
713
714 def test_sigma_dut_ap_suite_b(dev, apdev, params):
715 """sigma_dut controlled AP Suite B"""
716 check_suite_b_192_capa(dev)
717 logdir = os.path.join(params['logdir'],
718 "sigma_dut_ap_suite_b.sigma-hostapd")
719 params = suite_b_as_params()
720 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
721 params['server_cert'] = 'auth_serv/ec2-server.pem'
722 params['private_key'] = 'auth_serv/ec2-server.key'
723 params['openssl_ciphers'] = 'SUITEB192'
724 hostapd.add_ap(apdev[1], params)
725 with HWSimRadio() as (radio, iface):
726 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
727 try:
728 sigma_dut_cmd_check("ap_reset_default")
729 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
730 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
731 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
732 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
733
734 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
735 ieee80211w="2",
736 openssl_ciphers="SUITEB192",
737 eap="TLS", identity="tls user",
738 ca_cert="auth_serv/ec2-ca.pem",
739 client_cert="auth_serv/ec2-user.pem",
740 private_key="auth_serv/ec2-user.key",
741 pairwise="GCMP-256", group="GCMP-256",
742 scan_freq="2412")
743
744 sigma_dut_cmd_check("ap_reset_default")
745 finally:
746 stop_sigma_dut(sigma)
747
748 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
749 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
750 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
751 "GCMP")
752
753 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
754 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
755 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
756 "GCMP-256")
757
758 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
759 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
760 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
761 "CCMP")
762
763 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
764 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
765 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
766 "CCMP-256")
767
768 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
769 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
770 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
771 "BIP-GMAC-256", "CCMP")
772
773 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
774 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
775 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
776 "BIP-GMAC-256", "GCMP-256", "CCMP")
777
778 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
779 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
780 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
781 "GCMP-256", "CCMP", "AES-CCMP-128")
782
783 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
784 sta_cipher, sta_cipher_group=None, ap_group=None):
785 check_suite_b_192_capa(dev)
786 logdir = os.path.join(params['logdir'],
787 "sigma_dut_ap_cipher.sigma-hostapd")
788 params = suite_b_as_params()
789 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
790 params['server_cert'] = 'auth_serv/ec2-server.pem'
791 params['private_key'] = 'auth_serv/ec2-server.key'
792 params['openssl_ciphers'] = 'SUITEB192'
793 hostapd.add_ap(apdev[1], params)
794 with HWSimRadio() as (radio, iface):
795 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
796 try:
797 sigma_dut_cmd_check("ap_reset_default")
798 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
799 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
800 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
801 if ap_group:
802 cmd += ",GroupCipher,%s" % ap_group
803 sigma_dut_cmd_check(cmd)
804 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
805
806 if sta_cipher_group is None:
807 sta_cipher_group = sta_cipher
808 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
809 ieee80211w="2",
810 openssl_ciphers="SUITEB192",
811 eap="TLS", identity="tls user",
812 ca_cert="auth_serv/ec2-ca.pem",
813 client_cert="auth_serv/ec2-user.pem",
814 private_key="auth_serv/ec2-user.key",
815 pairwise=sta_cipher, group=sta_cipher_group,
816 scan_freq="2412")
817
818 sigma_dut_cmd_check("ap_reset_default")
819 finally:
820 stop_sigma_dut(sigma)
821
822 def test_sigma_dut_ap_override_rsne(dev, apdev):
823 """sigma_dut controlled AP overriding RSNE"""
824 with HWSimRadio() as (radio, iface):
825 sigma = start_sigma_dut(iface)
826 try:
827 sigma_dut_cmd_check("ap_reset_default")
828 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
829 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
830 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
831 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
832
833 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
834
835 sigma_dut_cmd_check("ap_reset_default")
836 finally:
837 stop_sigma_dut(sigma)
838
839 def test_sigma_dut_ap_sae(dev, apdev, params):
840 """sigma_dut controlled AP with SAE"""
841 logdir = os.path.join(params['logdir'],
842 "sigma_dut_ap_sae.sigma-hostapd")
843 if "SAE" not in dev[0].get_capability("auth_alg"):
844 raise HwsimSkip("SAE not supported")
845 with HWSimRadio() as (radio, iface):
846 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
847 try:
848 sigma_dut_cmd_check("ap_reset_default")
849 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
850 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
851 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
852
853 dev[0].request("SET sae_groups ")
854 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
855 ieee80211w="2", scan_freq="2412")
856 if dev[0].get_status_field('sae_group') != '19':
857 raise Exception("Expected default SAE group not used")
858
859 sigma_dut_cmd_check("ap_reset_default")
860 finally:
861 stop_sigma_dut(sigma)
862
863 def test_sigma_dut_ap_sae_confirm_immediate(dev, apdev, params):
864 """sigma_dut controlled AP with SAE Confirm immediate"""
865 logdir = os.path.join(params['logdir'],
866 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
867 if "SAE" not in dev[0].get_capability("auth_alg"):
868 raise HwsimSkip("SAE not supported")
869 with HWSimRadio() as (radio, iface):
870 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
871 try:
872 sigma_dut_cmd_check("ap_reset_default")
873 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
874 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
875 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
876
877 dev[0].request("SET sae_groups ")
878 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
879 ieee80211w="2", scan_freq="2412")
880 if dev[0].get_status_field('sae_group') != '19':
881 raise Exception("Expected default SAE group not used")
882
883 sigma_dut_cmd_check("ap_reset_default")
884 finally:
885 stop_sigma_dut(sigma)
886
887 def test_sigma_dut_ap_sae_password(dev, apdev, params):
888 """sigma_dut controlled AP with SAE and long password"""
889 logdir = os.path.join(params['logdir'],
890 "sigma_dut_ap_sae_password.sigma-hostapd")
891 if "SAE" not in dev[0].get_capability("auth_alg"):
892 raise HwsimSkip("SAE not supported")
893 with HWSimRadio() as (radio, iface):
894 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
895 try:
896 sigma_dut_cmd_check("ap_reset_default")
897 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
898 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
899 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
900
901 dev[0].request("SET sae_groups ")
902 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
903 ieee80211w="2", scan_freq="2412")
904 if dev[0].get_status_field('sae_group') != '19':
905 raise Exception("Expected default SAE group not used")
906
907 sigma_dut_cmd_check("ap_reset_default")
908 finally:
909 stop_sigma_dut(sigma)
910
911 def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
912 """sigma_dut controlled AP with SAE Password Identifier"""
913 logdir = os.path.join(params['logdir'],
914 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
915 conffile = os.path.join(params['logdir'],
916 "sigma_dut_ap_sae_pw_id.sigma-conf")
917 if "SAE" not in dev[0].get_capability("auth_alg"):
918 raise HwsimSkip("SAE not supported")
919 with HWSimRadio() as (radio, iface):
920 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
921 try:
922 sigma_dut_cmd_check("ap_reset_default")
923 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
924 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
925 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
926
927 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
928 with open(conffile, "wb") as f2:
929 f2.write(f.read())
930
931 dev[0].request("SET sae_groups ")
932 tests = [("pw1", "id1"),
933 ("pw2", "id2"),
934 ("pw3", None),
935 ("pw4", "id4")]
936 for pw, pw_id in tests:
937 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
938 sae_password_id=pw_id,
939 ieee80211w="2", scan_freq="2412")
940 dev[0].request("REMOVE_NETWORK all")
941 dev[0].wait_disconnected()
942
943 sigma_dut_cmd_check("ap_reset_default")
944 finally:
945 stop_sigma_dut(sigma)
946
947 def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
948 """sigma_dut controlled AP with SAE Password Identifier and FT"""
949 logdir = os.path.join(params['logdir'],
950 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
951 conffile = os.path.join(params['logdir'],
952 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
953 if "SAE" not in dev[0].get_capability("auth_alg"):
954 raise HwsimSkip("SAE not supported")
955 with HWSimRadio() as (radio, iface):
956 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
957 try:
958 sigma_dut_cmd_check("ap_reset_default")
959 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
960 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
961 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
962
963 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
964 with open(conffile, "wb") as f2:
965 f2.write(f.read())
966
967 dev[0].request("SET sae_groups ")
968 tests = [("pw1", "id1", "SAE"),
969 ("pw2", "id2", "FT-SAE"),
970 ("pw3", None, "FT-SAE"),
971 ("pw4", "id4", "SAE")]
972 for pw, pw_id, key_mgmt in tests:
973 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
974 sae_password_id=pw_id,
975 ieee80211w="2", scan_freq="2412")
976 dev[0].request("REMOVE_NETWORK all")
977 dev[0].wait_disconnected()
978
979 sigma_dut_cmd_check("ap_reset_default")
980 finally:
981 stop_sigma_dut(sigma)
982
983 def test_sigma_dut_ap_sae_group(dev, apdev, params):
984 """sigma_dut controlled AP with SAE and specific group"""
985 logdir = os.path.join(params['logdir'],
986 "sigma_dut_ap_sae_group.sigma-hostapd")
987 if "SAE" not in dev[0].get_capability("auth_alg"):
988 raise HwsimSkip("SAE not supported")
989 with HWSimRadio() as (radio, iface):
990 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
991 try:
992 sigma_dut_cmd_check("ap_reset_default")
993 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
994 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
995 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
996
997 dev[0].request("SET sae_groups ")
998 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
999 ieee80211w="2", scan_freq="2412")
1000 if dev[0].get_status_field('sae_group') != '20':
1001 raise Exception("Expected SAE group not used")
1002
1003 sigma_dut_cmd_check("ap_reset_default")
1004 finally:
1005 stop_sigma_dut(sigma)
1006
1007 def test_sigma_dut_ap_psk_sae(dev, apdev, params):
1008 """sigma_dut controlled AP with PSK+SAE"""
1009 if "SAE" not in dev[0].get_capability("auth_alg"):
1010 raise HwsimSkip("SAE not supported")
1011 logdir = os.path.join(params['logdir'],
1012 "sigma_dut_ap_psk_sae.sigma-hostapd")
1013 with HWSimRadio() as (radio, iface):
1014 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1015 try:
1016 sigma_dut_cmd_check("ap_reset_default")
1017 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1018 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1019 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1020
1021 dev[2].request("SET sae_groups ")
1022 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
1023 scan_freq="2412", ieee80211w="0", wait_connect=False)
1024 dev[0].request("SET sae_groups ")
1025 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1026 scan_freq="2412", ieee80211w="2")
1027 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
1028
1029 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1030 dev[2].request("DISCONNECT")
1031 if ev is not None:
1032 raise Exception("Unexpected connection without PMF")
1033
1034 sigma_dut_cmd_check("ap_reset_default")
1035 finally:
1036 stop_sigma_dut(sigma)
1037
1038 def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
1039 """sigma_dut controlled AP with PSK, SAE, FT"""
1040 logdir = os.path.join(params['logdir'],
1041 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1042 conffile = os.path.join(params['logdir'],
1043 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1044 if "SAE" not in dev[0].get_capability("auth_alg"):
1045 raise HwsimSkip("SAE not supported")
1046 with HWSimRadio() as (radio, iface):
1047 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
1048 try:
1049 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1050 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1051 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1052 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1053 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
1054 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1055
1056 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1057 with open(conffile, "wb") as f2:
1058 f2.write(f.read())
1059
1060 dev[0].request("SET sae_groups ")
1061 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
1062 sae_password="12345678", scan_freq="2412")
1063 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
1064 psk="12345678", scan_freq="2412")
1065 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
1066 psk="12345678", scan_freq="2412")
1067
1068 sigma_dut_cmd_check("ap_reset_default")
1069 finally:
1070 stop_sigma_dut(sigma)
1071
1072 def test_sigma_dut_owe(dev, apdev):
1073 """sigma_dut controlled OWE station"""
1074 try:
1075 run_sigma_dut_owe(dev, apdev)
1076 finally:
1077 dev[0].set("ignore_old_scan_res", "0")
1078
1079 def run_sigma_dut_owe(dev, apdev):
1080 if "OWE" not in dev[0].get_capability("key_mgmt"):
1081 raise HwsimSkip("OWE not supported")
1082
1083 ifname = dev[0].ifname
1084 sigma = start_sigma_dut(ifname)
1085
1086 try:
1087 params = {"ssid": "owe",
1088 "wpa": "2",
1089 "wpa_key_mgmt": "OWE",
1090 "ieee80211w": "2",
1091 "rsn_pairwise": "CCMP"}
1092 hapd = hostapd.add_ap(apdev[0], params)
1093 bssid = hapd.own_addr()
1094
1095 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1096 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1097 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
1098 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1099 sigma_dut_wait_connected(ifname)
1100 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1101
1102 dev[0].dump_monitor()
1103 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1104 dev[0].wait_connected()
1105 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1106 dev[0].wait_disconnected()
1107 dev[0].dump_monitor()
1108
1109 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1110 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1111 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1112 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1113 sigma_dut_wait_connected(ifname)
1114 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1115 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1116 dev[0].wait_disconnected()
1117 dev[0].dump_monitor()
1118
1119 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1120 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1121 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
1122 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1123 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1124 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1125 if ev is None:
1126 raise Exception("Association not rejected")
1127 if "status_code=77" not in ev:
1128 raise Exception("Unexpected rejection reason: " + ev)
1129
1130 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1131 finally:
1132 stop_sigma_dut(sigma)
1133
1134 def test_sigma_dut_ap_owe(dev, apdev, params):
1135 """sigma_dut controlled AP with OWE"""
1136 logdir = os.path.join(params['logdir'],
1137 "sigma_dut_ap_owe.sigma-hostapd")
1138 if "OWE" not in dev[0].get_capability("key_mgmt"):
1139 raise HwsimSkip("OWE not supported")
1140 with HWSimRadio() as (radio, iface):
1141 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1142 try:
1143 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1144 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1145 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1146 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1147
1148 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1149 scan_freq="2412")
1150
1151 sigma_dut_cmd_check("ap_reset_default")
1152 finally:
1153 stop_sigma_dut(sigma)
1154
1155 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1156 """sigma_dut controlled AP with OWE and ECGroupID"""
1157 if "OWE" not in dev[0].get_capability("key_mgmt"):
1158 raise HwsimSkip("OWE not supported")
1159 with HWSimRadio() as (radio, iface):
1160 sigma = start_sigma_dut(iface)
1161 try:
1162 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1163 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1164 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1165 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1166
1167 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1168 owe_group="20", scan_freq="2412")
1169 dev[0].request("REMOVE_NETWORK all")
1170 dev[0].wait_disconnected()
1171
1172 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1173 owe_group="21", scan_freq="2412")
1174 dev[0].request("REMOVE_NETWORK all")
1175 dev[0].wait_disconnected()
1176
1177 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1178 owe_group="19", scan_freq="2412", wait_connect=False)
1179 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1180 dev[0].request("DISCONNECT")
1181 if ev is None:
1182 raise Exception("Association not rejected")
1183 if "status_code=77" not in ev:
1184 raise Exception("Unexpected rejection reason: " + ev)
1185 dev[0].dump_monitor()
1186
1187 sigma_dut_cmd_check("ap_reset_default")
1188 finally:
1189 stop_sigma_dut(sigma)
1190
1191 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1192 """sigma_dut controlled AP with OWE and transition mode"""
1193 if "OWE" not in dev[0].get_capability("key_mgmt"):
1194 raise HwsimSkip("OWE not supported")
1195 logdir = os.path.join(params['logdir'],
1196 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1197 with HWSimRadio() as (radio, iface):
1198 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1199 try:
1200 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1201 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1202 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1203 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1204 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1205 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1206
1207 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1208 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1209
1210 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1211 scan_freq="2412")
1212 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1213 if dev[0].get_status_field('bssid') not in res1:
1214 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1215 if dev[1].get_status_field('bssid') not in res2:
1216 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
1217
1218 sigma_dut_cmd_check("ap_reset_default")
1219 finally:
1220 stop_sigma_dut(sigma)
1221
1222 def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1223 """sigma_dut controlled AP with OWE and transition mode (2)"""
1224 if "OWE" not in dev[0].get_capability("key_mgmt"):
1225 raise HwsimSkip("OWE not supported")
1226 logdir = os.path.join(params['logdir'],
1227 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1228 with HWSimRadio() as (radio, iface):
1229 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1230 try:
1231 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1232 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1233 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1234 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1235 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1236 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1237
1238 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1239 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1240
1241 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1242 scan_freq="2412")
1243 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1244 if dev[0].get_status_field('bssid') not in res2:
1245 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1246 if dev[1].get_status_field('bssid') not in res1:
1247 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1248
1249 sigma_dut_cmd_check("ap_reset_default")
1250 finally:
1251 stop_sigma_dut(sigma)
1252
1253 def dpp_init_enrollee(dev, id1):
1254 logger.info("Starting DPP initiator/enrollee in a thread")
1255 time.sleep(1)
1256 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1257 if "OK" not in dev.request(cmd):
1258 raise Exception("Failed to initiate DPP Authentication")
1259 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1260 if ev is None:
1261 raise Exception("DPP configuration not completed (Enrollee)")
1262 logger.info("DPP initiator/enrollee done")
1263
1264 def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1265 """sigma_dut DPP/QR responder (conf index 1)"""
1266 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1267
1268 def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1269 """sigma_dut DPP/QR responder (conf index 2)"""
1270 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1271
1272 def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1273 """sigma_dut DPP/QR responder (conf index 3)"""
1274 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1275
1276 def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1277 """sigma_dut DPP/QR responder (conf index 4)"""
1278 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1279
1280 def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1281 """sigma_dut DPP/QR responder (conf index 5)"""
1282 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1283
1284 def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1285 """sigma_dut DPP/QR responder (conf index 6)"""
1286 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1287
1288 def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1289 """sigma_dut DPP/QR responder (conf index 7)"""
1290 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1291
1292 def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1293 """sigma_dut DPP/QR responder (conf index 8)"""
1294 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1295
1296 def test_sigma_dut_dpp_qr_resp_9(dev, apdev):
1297 """sigma_dut DPP/QR responder (conf index 9)"""
1298 run_sigma_dut_dpp_qr_resp(dev, apdev, 9)
1299
1300 def test_sigma_dut_dpp_qr_resp_10(dev, apdev):
1301 """sigma_dut DPP/QR responder (conf index 10)"""
1302 run_sigma_dut_dpp_qr_resp(dev, apdev, 10)
1303
1304 def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1305 """sigma_dut DPP/QR responder (channel list override)"""
1306 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1307 listen_chan=2)
1308
1309 def test_sigma_dut_dpp_qr_resp_status_query(dev, apdev):
1310 """sigma_dut DPP/QR responder status query"""
1311 params = hostapd.wpa2_params(ssid="DPPNET01",
1312 passphrase="ThisIsDppPassphrase")
1313 hapd = hostapd.add_ap(apdev[0], params)
1314
1315 try:
1316 dev[1].set("dpp_config_processing", "2")
1317 run_sigma_dut_dpp_qr_resp(dev, apdev, 3, status_query=True)
1318 finally:
1319 dev[1].set("dpp_config_processing", "0")
1320
1321 def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1322 listen_chan=None, status_query=False):
1323 check_dpp_capab(dev[0])
1324 check_dpp_capab(dev[1])
1325 sigma = start_sigma_dut(dev[0].ifname)
1326 try:
1327 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1328 if chan_list:
1329 cmd += ",DPPChannelList," + chan_list
1330 res = sigma_dut_cmd(cmd)
1331 if "status,COMPLETE" not in res:
1332 raise Exception("dev_exec_action did not succeed: " + res)
1333 hex = res.split(',')[3]
1334 uri = from_hex(hex)
1335 logger.info("URI from sigma_dut: " + uri)
1336
1337 id1 = dev[1].dpp_qr_code(uri)
1338
1339 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1))
1340 t.start()
1341 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1342 if listen_chan:
1343 cmd += ",DPPListenChannel," + str(listen_chan)
1344 if status_query:
1345 cmd += ",DPPStatusQuery,Yes"
1346 res = sigma_dut_cmd(cmd, timeout=10)
1347 t.join()
1348 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1349 raise Exception("Unexpected result: " + res)
1350 if status_query and "StatusResult,0" not in res:
1351 raise Exception("Status query did not succeed: " + res)
1352 finally:
1353 stop_sigma_dut(sigma)
1354
1355 def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1356 """sigma_dut DPP/QR initiator as Enrollee"""
1357 check_dpp_capab(dev[0])
1358 check_dpp_capab(dev[1])
1359
1360 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1361 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1362 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1363 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1364
1365 params = {"ssid": "DPPNET01",
1366 "wpa": "2",
1367 "ieee80211w": "2",
1368 "wpa_key_mgmt": "DPP",
1369 "rsn_pairwise": "CCMP",
1370 "dpp_connector": ap_connector,
1371 "dpp_csign": csign_pub,
1372 "dpp_netaccesskey": ap_netaccesskey}
1373 try:
1374 hapd = hostapd.add_ap(apdev[0], params)
1375 except:
1376 raise HwsimSkip("DPP not supported")
1377
1378 sigma = start_sigma_dut(dev[0].ifname)
1379 try:
1380 dev[0].set("dpp_config_processing", "2")
1381
1382 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1383 res = dev[1].request(cmd)
1384 if "FAIL" in res:
1385 raise Exception("Failed to add configurator")
1386 conf_id = int(res)
1387
1388 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1389 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1390
1391 dev[1].set("dpp_configurator_params",
1392 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1393 cmd = "DPP_LISTEN 2437 role=configurator"
1394 if "OK" not in dev[1].request(cmd):
1395 raise Exception("Failed to start listen operation")
1396
1397 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1398 if "status,COMPLETE" not in res:
1399 raise Exception("dev_exec_action did not succeed: " + res)
1400
1401 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1402 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1403 raise Exception("Unexpected result: " + res)
1404 finally:
1405 dev[0].set("dpp_config_processing", "0")
1406 stop_sigma_dut(sigma)
1407
1408 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1409 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1410 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1411
1412 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1413 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1414 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1415 extra="DPPAuthDirection,Mutual,")
1416
1417 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
1418 check_dpp_capab(dev[0])
1419 check_dpp_capab(dev[1])
1420
1421 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1422 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1423 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1424 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1425
1426 params = {"ssid": "DPPNET01",
1427 "wpa": "2",
1428 "ieee80211w": "2",
1429 "wpa_key_mgmt": "DPP",
1430 "rsn_pairwise": "CCMP",
1431 "dpp_connector": ap_connector,
1432 "dpp_csign": csign_pub,
1433 "dpp_netaccesskey": ap_netaccesskey}
1434 try:
1435 hapd = hostapd.add_ap(apdev[0], params)
1436 except:
1437 raise HwsimSkip("DPP not supported")
1438
1439 sigma = start_sigma_dut(dev[0].ifname)
1440 try:
1441 dev[0].set("dpp_config_processing", "2")
1442
1443 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1444 res = dev[1].request(cmd)
1445 if "FAIL" in res:
1446 raise Exception("Failed to add configurator")
1447 conf_id = int(res)
1448
1449 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1450 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1451
1452 dev[1].set("dpp_configurator_params",
1453 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1454 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1455 if "OK" not in dev[1].request(cmd):
1456 raise Exception("Failed to start listen operation")
1457
1458 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1459 if "status,COMPLETE" not in res:
1460 raise Exception("dev_exec_action did not succeed: " + res)
1461 hex = res.split(',')[3]
1462 uri = from_hex(hex)
1463 logger.info("URI from sigma_dut: " + uri)
1464
1465 id1 = dev[1].dpp_qr_code(uri)
1466
1467 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1468 if "status,COMPLETE" not in res:
1469 raise Exception("dev_exec_action did not succeed: " + res)
1470
1471 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
1472 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1473 raise Exception("Unexpected result: " + res)
1474 finally:
1475 dev[0].set("dpp_config_processing", "0")
1476 stop_sigma_dut(sigma)
1477
1478 def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1479 time.sleep(1)
1480 logger.info("Starting DPP initiator/configurator in a thread")
1481 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
1482 if own_id is not None:
1483 cmd += " own=%d" % own_id
1484 if "OK" not in dev.request(cmd):
1485 raise Exception("Failed to initiate DPP Authentication")
1486 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1487 if ev is None:
1488 raise Exception("DPP configuration not completed (Configurator)")
1489 logger.info("DPP initiator/configurator done")
1490
1491 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1492 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1493 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1494
1495 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1496 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1497 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1498
1499 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
1500 check_dpp_capab(dev[0])
1501 check_dpp_capab(dev[1])
1502
1503 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1504 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1505 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1506 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1507
1508 params = {"ssid": "DPPNET01",
1509 "wpa": "2",
1510 "ieee80211w": "2",
1511 "wpa_key_mgmt": "DPP",
1512 "rsn_pairwise": "CCMP",
1513 "dpp_connector": ap_connector,
1514 "dpp_csign": csign_pub,
1515 "dpp_netaccesskey": ap_netaccesskey}
1516 try:
1517 hapd = hostapd.add_ap(apdev[0], params)
1518 except:
1519 raise HwsimSkip("DPP not supported")
1520
1521 sigma = start_sigma_dut(dev[0].ifname)
1522 try:
1523 dev[0].set("dpp_config_processing", "2")
1524
1525 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1526 res = dev[1].request(cmd)
1527 if "FAIL" in res:
1528 raise Exception("Failed to add configurator")
1529 conf_id = int(res)
1530
1531 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1532 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1533
1534 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1535 if "status,COMPLETE" not in res:
1536 raise Exception("dev_exec_action did not succeed: " + res)
1537 hex = res.split(',')[3]
1538 uri = from_hex(hex)
1539 logger.info("URI from sigma_dut: " + uri)
1540
1541 id1 = dev[1].dpp_qr_code(uri)
1542
1543 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1544 if "status,COMPLETE" not in res:
1545 raise Exception("dev_exec_action did not succeed: " + res)
1546
1547 t = threading.Thread(target=dpp_init_conf_mutual,
1548 args=(dev[1], id1, conf_id, id0))
1549 t.start()
1550
1551 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1552 if extra:
1553 cmd += extra
1554 res = sigma_dut_cmd(cmd, timeout=25)
1555 t.join()
1556 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1557 raise Exception("Unexpected result: " + res)
1558 finally:
1559 dev[0].set("dpp_config_processing", "0")
1560 stop_sigma_dut(sigma)
1561
1562 def dpp_resp_conf_mutual(dev, conf_id, uri):
1563 logger.info("Starting DPP responder/configurator in a thread")
1564 dev.set("dpp_configurator_params",
1565 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1566 conf_id))
1567 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1568 if "OK" not in dev.request(cmd):
1569 raise Exception("Failed to initiate DPP listen")
1570 if uri:
1571 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1572 if ev is None:
1573 raise Exception("QR Code scan for mutual authentication not requested")
1574 dev.dpp_qr_code(uri)
1575 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1576 if ev is None:
1577 raise Exception("DPP configuration not completed (Configurator)")
1578 logger.info("DPP responder/configurator done")
1579
1580 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1581 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1582 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1583
1584 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1585 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1586 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1587
1588 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1589 check_dpp_capab(dev[0])
1590 check_dpp_capab(dev[1])
1591
1592 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1593 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1594 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1595 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1596
1597 params = {"ssid": "DPPNET01",
1598 "wpa": "2",
1599 "ieee80211w": "2",
1600 "wpa_key_mgmt": "DPP",
1601 "rsn_pairwise": "CCMP",
1602 "dpp_connector": ap_connector,
1603 "dpp_csign": csign_pub,
1604 "dpp_netaccesskey": ap_netaccesskey}
1605 try:
1606 hapd = hostapd.add_ap(apdev[0], params)
1607 except:
1608 raise HwsimSkip("DPP not supported")
1609
1610 sigma = start_sigma_dut(dev[0].ifname)
1611 try:
1612 dev[0].set("dpp_config_processing", "2")
1613
1614 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1615 res = dev[1].request(cmd)
1616 if "FAIL" in res:
1617 raise Exception("Failed to add configurator")
1618 conf_id = int(res)
1619
1620 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1621 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1622
1623 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1624 if "status,COMPLETE" not in res:
1625 raise Exception("dev_exec_action did not succeed: " + res)
1626 hex = res.split(',')[3]
1627 uri = from_hex(hex)
1628 logger.info("URI from sigma_dut: " + uri)
1629
1630 if not resp_pending:
1631 dev[1].dpp_qr_code(uri)
1632 uri = None
1633
1634 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1635 if "status,COMPLETE" not in res:
1636 raise Exception("dev_exec_action did not succeed: " + res)
1637
1638 t = threading.Thread(target=dpp_resp_conf_mutual,
1639 args=(dev[1], conf_id, uri))
1640 t.start()
1641
1642 time.sleep(1)
1643 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1644 res = sigma_dut_cmd(cmd, timeout=15)
1645 t.join()
1646 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1647 raise Exception("Unexpected result: " + res)
1648 finally:
1649 dev[0].set("dpp_config_processing", "0")
1650 stop_sigma_dut(sigma)
1651
1652 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1653 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1654 check_dpp_capab(dev[0])
1655 check_dpp_capab(dev[1])
1656
1657 params = hostapd.wpa2_params(ssid="DPPNET01",
1658 passphrase="ThisIsDppPassphrase")
1659 hapd = hostapd.add_ap(apdev[0], params)
1660
1661 sigma = start_sigma_dut(dev[0].ifname)
1662 try:
1663 dev[0].set("dpp_config_processing", "2")
1664
1665 cmd = "DPP_CONFIGURATOR_ADD"
1666 res = dev[1].request(cmd)
1667 if "FAIL" in res:
1668 raise Exception("Failed to add configurator")
1669 conf_id = int(res)
1670
1671 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1672 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1673
1674 dev[1].set("dpp_configurator_params",
1675 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1676 cmd = "DPP_LISTEN 2437 role=configurator"
1677 if "OK" not in dev[1].request(cmd):
1678 raise Exception("Failed to start listen operation")
1679
1680 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1681 if "status,COMPLETE" not in res:
1682 raise Exception("dev_exec_action did not succeed: " + res)
1683
1684 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1685 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1686 raise Exception("Unexpected result: " + res)
1687 finally:
1688 dev[0].set("dpp_config_processing", "0")
1689 stop_sigma_dut(sigma)
1690
1691 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1692 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1693 check_dpp_capab(dev[0])
1694 check_dpp_capab(dev[1])
1695 if "SAE" not in dev[0].get_capability("auth_alg"):
1696 raise HwsimSkip("SAE not supported")
1697
1698 params = hostapd.wpa2_params(ssid="DPPNET01",
1699 passphrase="ThisIsDppPassphrase")
1700 params['wpa_key_mgmt'] = 'SAE'
1701 params["ieee80211w"] = "2"
1702 hapd = hostapd.add_ap(apdev[0], params)
1703
1704 sigma = start_sigma_dut(dev[0].ifname)
1705 try:
1706 dev[0].set("dpp_config_processing", "2")
1707 dev[0].set("sae_groups", "")
1708
1709 cmd = "DPP_CONFIGURATOR_ADD"
1710 res = dev[1].request(cmd)
1711 if "FAIL" in res:
1712 raise Exception("Failed to add configurator")
1713 conf_id = int(res)
1714
1715 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1716 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1717
1718 dev[1].set("dpp_configurator_params",
1719 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1720 cmd = "DPP_LISTEN 2437 role=configurator"
1721 if "OK" not in dev[1].request(cmd):
1722 raise Exception("Failed to start listen operation")
1723
1724 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1725 if "status,COMPLETE" not in res:
1726 raise Exception("dev_exec_action did not succeed: " + res)
1727
1728 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1729 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1730 raise Exception("Unexpected result: " + res)
1731 finally:
1732 dev[0].set("dpp_config_processing", "0")
1733 stop_sigma_dut(sigma)
1734
1735 def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
1736 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1737 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
1738
1739 def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
1740 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1741 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
1742
1743 def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
1744 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1745 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
1746
1747 def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
1748 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1749 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
1750
1751 def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
1752 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1753 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
1754
1755 def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
1756 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1757 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
1758
1759 def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
1760 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1761 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
1762
1763 def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
1764 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1765 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
1766
1767 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
1768 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1769 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
1770
1771 def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
1772 prov_role="Configurator",
1773 extra=None):
1774 check_dpp_capab(dev[0])
1775 check_dpp_capab(dev[1])
1776 sigma = start_sigma_dut(dev[0].ifname)
1777 try:
1778 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1779 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1780
1781 cmd = "DPP_LISTEN 2437 role=enrollee"
1782 if "OK" not in dev[1].request(cmd):
1783 raise Exception("Failed to start listen operation")
1784
1785 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1786 if "status,COMPLETE" not in res:
1787 raise Exception("dev_exec_action did not succeed: " + res)
1788
1789 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
1790 if extra:
1791 cmd += "," + extra
1792 res = sigma_dut_cmd(cmd)
1793 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1794 raise Exception("Unexpected result: " + res)
1795 finally:
1796 stop_sigma_dut(sigma)
1797
1798 def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
1799 """sigma_dut DPP roles incompatible (Initiator)"""
1800 check_dpp_capab(dev[0])
1801 check_dpp_capab(dev[1])
1802 sigma = start_sigma_dut(dev[0].ifname)
1803 try:
1804 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1805 if "status,COMPLETE" not in res:
1806 raise Exception("dev_exec_action did not succeed: " + res)
1807 hex = res.split(',')[3]
1808 uri = from_hex(hex)
1809 logger.info("URI from sigma_dut: " + uri)
1810
1811 id1 = dev[1].dpp_qr_code(uri)
1812
1813 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1814 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1815
1816 cmd = "DPP_LISTEN 2437 role=enrollee"
1817 if "OK" not in dev[1].request(cmd):
1818 raise Exception("Failed to start listen operation")
1819
1820 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1821 if "status,COMPLETE" not in res:
1822 raise Exception("dev_exec_action did not succeed: " + res)
1823
1824 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1825 res = sigma_dut_cmd(cmd)
1826 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1827 raise Exception("Unexpected result: " + res)
1828 finally:
1829 stop_sigma_dut(sigma)
1830
1831 def dpp_init_enrollee_mutual(dev, id1, own_id):
1832 logger.info("Starting DPP initiator/enrollee in a thread")
1833 time.sleep(1)
1834 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
1835 if "OK" not in dev.request(cmd):
1836 raise Exception("Failed to initiate DPP Authentication")
1837 ev = dev.wait_event(["DPP-CONF-RECEIVED",
1838 "DPP-NOT-COMPATIBLE"], timeout=5)
1839 if ev is None:
1840 raise Exception("DPP configuration not completed (Enrollee)")
1841 logger.info("DPP initiator/enrollee done")
1842
1843 def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
1844 """sigma_dut DPP roles incompatible (Responder)"""
1845 check_dpp_capab(dev[0])
1846 check_dpp_capab(dev[1])
1847 sigma = start_sigma_dut(dev[0].ifname)
1848 try:
1849 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1850 res = sigma_dut_cmd(cmd)
1851 if "status,COMPLETE" not in res:
1852 raise Exception("dev_exec_action did not succeed: " + res)
1853 hex = res.split(',')[3]
1854 uri = from_hex(hex)
1855 logger.info("URI from sigma_dut: " + uri)
1856
1857 id1 = dev[1].dpp_qr_code(uri)
1858
1859 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1860 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1861
1862 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1863 if "status,COMPLETE" not in res:
1864 raise Exception("dev_exec_action did not succeed: " + res)
1865
1866 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
1867 t.start()
1868 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1869 res = sigma_dut_cmd(cmd, timeout=10)
1870 t.join()
1871 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1872 raise Exception("Unexpected result: " + res)
1873 finally:
1874 stop_sigma_dut(sigma)
1875
1876 def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
1877 """sigma_dut DPP/PKEX initiator as Configurator"""
1878 check_dpp_capab(dev[0])
1879 check_dpp_capab(dev[1])
1880 sigma = start_sigma_dut(dev[0].ifname)
1881 try:
1882 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
1883 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
1884 res = dev[1].request(cmd)
1885 if "FAIL" in res:
1886 raise Exception("Failed to set PKEX data (responder)")
1887 cmd = "DPP_LISTEN 2437 role=enrollee"
1888 if "OK" not in dev[1].request(cmd):
1889 raise Exception("Failed to start listen operation")
1890
1891 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1892 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1893 raise Exception("Unexpected result: " + res)
1894 finally:
1895 stop_sigma_dut(sigma)
1896
1897 def dpp_init_conf(dev, id1, conf, conf_id, extra):
1898 logger.info("Starting DPP initiator/configurator in a thread")
1899 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
1900 if "OK" not in dev.request(cmd):
1901 raise Exception("Failed to initiate DPP Authentication")
1902 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1903 if ev is None:
1904 raise Exception("DPP configuration not completed (Configurator)")
1905 logger.info("DPP initiator/configurator done")
1906
1907 def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
1908 """sigma_dut controlled AP (DPP)"""
1909 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
1910
1911 def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
1912 """sigma_dut controlled AP (legacy)"""
1913 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1914 extra="pass=%s" % to_hex("qwertyuiop"))
1915
1916 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
1917 """sigma_dut controlled AP (legacy)"""
1918 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1919 extra="psk=%s" % (32*"12"))
1920
1921 def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
1922 check_dpp_capab(dev[0])
1923 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
1924 with HWSimRadio() as (radio, iface):
1925 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1926 try:
1927 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1928 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1929 if "status,COMPLETE" not in res:
1930 raise Exception("dev_exec_action did not succeed: " + res)
1931 hex = res.split(',')[3]
1932 uri = from_hex(hex)
1933 logger.info("URI from sigma_dut: " + uri)
1934
1935 cmd = "DPP_CONFIGURATOR_ADD"
1936 res = dev[0].request(cmd)
1937 if "FAIL" in res:
1938 raise Exception("Failed to add configurator")
1939 conf_id = int(res)
1940
1941 id1 = dev[0].dpp_qr_code(uri)
1942
1943 t = threading.Thread(target=dpp_init_conf,
1944 args=(dev[0], id1, ap_conf, conf_id, extra))
1945 t.start()
1946 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
1947 t.join()
1948 if "ConfResult,OK" not in res:
1949 raise Exception("Unexpected result: " + res)
1950
1951 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
1952 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1953
1954 id0b = dev[0].dpp_qr_code(uri1)
1955
1956 dev[1].set("dpp_config_processing", "2")
1957 cmd = "DPP_LISTEN 2412"
1958 if "OK" not in dev[1].request(cmd):
1959 raise Exception("Failed to start listen operation")
1960 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
1961 if "OK" not in dev[0].request(cmd):
1962 raise Exception("Failed to initiate DPP Authentication")
1963 dev[1].wait_connected()
1964
1965 sigma_dut_cmd_check("ap_reset_default")
1966 finally:
1967 dev[1].set("dpp_config_processing", "0")
1968 stop_sigma_dut(sigma)
1969
1970 def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
1971 """sigma_dut controlled AP as DPP PKEX responder"""
1972 check_dpp_capab(dev[0])
1973 logdir = os.path.join(params['logdir'],
1974 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
1975 with HWSimRadio() as (radio, iface):
1976 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1977 try:
1978 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
1979 finally:
1980 stop_sigma_dut(sigma)
1981
1982 def dpp_init_conf_pkex(dev, conf_id, check_config=True):
1983 logger.info("Starting DPP PKEX initiator/configurator in a thread")
1984 time.sleep(1.5)
1985 id = dev.dpp_bootstrap_gen(type="pkex")
1986 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
1987 res = dev.request(cmd)
1988 if "FAIL" in res:
1989 raise Exception("Failed to initiate DPP PKEX")
1990 if not check_config:
1991 return
1992 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1993 if ev is None:
1994 raise Exception("DPP configuration not completed (Configurator)")
1995 logger.info("DPP initiator/configurator done")
1996
1997 def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
1998 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1999
2000 cmd = "DPP_CONFIGURATOR_ADD"
2001 res = dev[0].request(cmd)
2002 if "FAIL" in res:
2003 raise Exception("Failed to add configurator")
2004 conf_id = int(res)
2005
2006 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
2007 t.start()
2008 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
2009 t.join()
2010 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2011 raise Exception("Unexpected result: " + res)
2012
2013 sigma_dut_cmd_check("ap_reset_default")
2014
2015 def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2016 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2017 check_dpp_capab(dev[0])
2018 sigma = start_sigma_dut(dev[0].ifname)
2019 try:
2020 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
2021 finally:
2022 stop_sigma_dut(sigma)
2023
2024 def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2025 cmd = "DPP_CONFIGURATOR_ADD"
2026 res = dev[1].request(cmd)
2027 if "FAIL" in res:
2028 raise Exception("Failed to add configurator")
2029 conf_id = int(res)
2030
2031 dev[1].set("dpp_test", "44")
2032
2033 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
2034 False))
2035 t.start()
2036 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
2037 t.join()
2038 if "BootstrapResult,Timeout" not in res:
2039 raise Exception("Unexpected result: " + res)
2040
2041 def dpp_proto_init(dev, id1):
2042 time.sleep(1)
2043 logger.info("Starting DPP initiator/configurator in a thread")
2044 cmd = "DPP_CONFIGURATOR_ADD"
2045 res = dev.request(cmd)
2046 if "FAIL" in res:
2047 raise Exception("Failed to add configurator")
2048 conf_id = int(res)
2049
2050 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
2051 if "OK" not in dev.request(cmd):
2052 raise Exception("Failed to initiate DPP Authentication")
2053
2054 def test_sigma_dut_dpp_proto_initiator(dev, apdev):
2055 """sigma_dut DPP protocol testing - Initiator"""
2056 check_dpp_capab(dev[0])
2057 check_dpp_capab(dev[1])
2058 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
2059 "BootstrapResult,OK,AuthResult,Errorsent",
2060 None),
2061 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2062 "BootstrapResult,OK,AuthResult,Errorsent",
2063 None),
2064 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2065 "BootstrapResult,OK,AuthResult,Errorsent",
2066 "Missing or invalid I-capabilities"),
2067 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2068 "BootstrapResult,OK,AuthResult,Errorsent",
2069 "Mismatching Initiator Authenticating Tag"),
2070 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2071 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2072 "Missing or invalid Enrollee Nonce attribute")]
2073 for step, frame, attr, result, fail in tests:
2074 dev[0].request("FLUSH")
2075 dev[1].request("FLUSH")
2076 sigma = start_sigma_dut(dev[0].ifname)
2077 try:
2078 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
2079 fail)
2080 finally:
2081 stop_sigma_dut(sigma)
2082
2083 def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
2084 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2085 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2086
2087 cmd = "DPP_LISTEN 2437 role=enrollee"
2088 if "OK" not in dev[1].request(cmd):
2089 raise Exception("Failed to start listen operation")
2090
2091 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2092 if "status,COMPLETE" not in res:
2093 raise Exception("dev_exec_action did not succeed: " + res)
2094
2095 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
2096 timeout=10)
2097 if result not in res:
2098 raise Exception("Unexpected result: " + res)
2099 if fail:
2100 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2101 if ev is None or fail not in ev:
2102 raise Exception("Failure not reported correctly: " + str(ev))
2103
2104 dev[1].request("DPP_STOP_LISTEN")
2105 dev[0].dump_monitor()
2106 dev[1].dump_monitor()
2107
2108 def test_sigma_dut_dpp_proto_responder(dev, apdev):
2109 """sigma_dut DPP protocol testing - Responder"""
2110 check_dpp_capab(dev[0])
2111 check_dpp_capab(dev[1])
2112 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2113 "BootstrapResult,OK,AuthResult,Errorsent",
2114 "Missing or invalid required DPP Status attribute"),
2115 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2116 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2117 "Missing or invalid Enrollee Nonce attribute")]
2118 for step, frame, attr, result, fail in tests:
2119 dev[0].request("FLUSH")
2120 dev[1].request("FLUSH")
2121 sigma = start_sigma_dut(dev[0].ifname)
2122 try:
2123 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2124 fail)
2125 finally:
2126 stop_sigma_dut(sigma)
2127
2128 def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2129 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2130 if "status,COMPLETE" not in res:
2131 raise Exception("dev_exec_action did not succeed: " + res)
2132 hex = res.split(',')[3]
2133 uri = from_hex(hex)
2134 logger.info("URI from sigma_dut: " + uri)
2135
2136 id1 = dev[1].dpp_qr_code(uri)
2137
2138 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2139 t.start()
2140 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2141 t.join()
2142 if result not in res:
2143 raise Exception("Unexpected result: " + res)
2144 if fail:
2145 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2146 if ev is None or fail not in ev:
2147 raise Exception("Failure not reported correctly:" + str(ev))
2148
2149 dev[1].request("DPP_STOP_LISTEN")
2150 dev[0].dump_monitor()
2151 dev[1].dump_monitor()
2152
2153 def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2154 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2155 check_dpp_capab(dev[0])
2156 check_dpp_capab(dev[1])
2157 tests = [("AuthenticationResponse",
2158 "BootstrapResult,OK,AuthResult,Errorsent",
2159 None),
2160 ("ConfigurationRequest",
2161 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2162 None)]
2163 for frame, result, fail in tests:
2164 dev[0].request("FLUSH")
2165 dev[1].request("FLUSH")
2166 sigma = start_sigma_dut(dev[0].ifname)
2167 try:
2168 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2169 finally:
2170 stop_sigma_dut(sigma)
2171
2172 def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
2173 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2174 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2175
2176 cmd = "DPP_LISTEN 2437 role=enrollee"
2177 if "OK" not in dev[1].request(cmd):
2178 raise Exception("Failed to start listen operation")
2179
2180 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2181 if "status,COMPLETE" not in res:
2182 raise Exception("dev_exec_action did not succeed: " + res)
2183
2184 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2185 if result not in res:
2186 raise Exception("Unexpected result: " + res)
2187 if fail:
2188 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2189 if ev is None or fail not in ev:
2190 raise Exception("Failure not reported correctly: " + str(ev))
2191
2192 dev[1].request("DPP_STOP_LISTEN")
2193 dev[0].dump_monitor()
2194 dev[1].dump_monitor()
2195
2196 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2197 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2198 check_dpp_capab(dev[0])
2199 check_dpp_capab(dev[1])
2200 tests = [("AuthenticationConfirm",
2201 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2202 None)]
2203 for frame, result, fail in tests:
2204 dev[0].request("FLUSH")
2205 dev[1].request("FLUSH")
2206 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2207 try:
2208 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2209 result, fail)
2210 finally:
2211 stop_sigma_dut(sigma)
2212
2213 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2214 fail):
2215 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2216 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2217
2218 cmd = "DPP_LISTEN 2437 role=configurator"
2219 if "OK" not in dev[1].request(cmd):
2220 raise Exception("Failed to start listen operation")
2221
2222 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2223 if "status,COMPLETE" not in res:
2224 raise Exception("dev_exec_action did not succeed: " + res)
2225
2226 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2227 if result not in res:
2228 raise Exception("Unexpected result: " + res)
2229 if fail:
2230 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2231 if ev is None or fail not in ev:
2232 raise Exception("Failure not reported correctly: " + str(ev))
2233
2234 dev[1].request("DPP_STOP_LISTEN")
2235 dev[0].dump_monitor()
2236 dev[1].dump_monitor()
2237
2238 def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2239 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2240 check_dpp_capab(dev[0])
2241 check_dpp_capab(dev[1])
2242 tests = [("AuthenticationRequest",
2243 "BootstrapResult,OK,AuthResult,Errorsent",
2244 None),
2245 ("AuthenticationConfirm",
2246 "BootstrapResult,OK,AuthResult,Errorsent",
2247 None)]
2248 for frame, result, fail in tests:
2249 dev[0].request("FLUSH")
2250 dev[1].request("FLUSH")
2251 sigma = start_sigma_dut(dev[0].ifname)
2252 try:
2253 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2254 finally:
2255 stop_sigma_dut(sigma)
2256
2257 def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2258 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2259 if "status,COMPLETE" not in res:
2260 raise Exception("dev_exec_action did not succeed: " + res)
2261 hex = res.split(',')[3]
2262 uri = from_hex(hex)
2263 logger.info("URI from sigma_dut: " + uri)
2264
2265 id1 = dev[1].dpp_qr_code(uri)
2266
2267 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2268 t.start()
2269 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2270 t.join()
2271 if result not in res:
2272 raise Exception("Unexpected result: " + res)
2273 if fail:
2274 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2275 if ev is None or fail not in ev:
2276 raise Exception("Failure not reported correctly:" + str(ev))
2277
2278 dev[1].request("DPP_STOP_LISTEN")
2279 dev[0].dump_monitor()
2280 dev[1].dump_monitor()
2281
2282 def dpp_proto_init_pkex(dev):
2283 time.sleep(1)
2284 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2285 cmd = "DPP_CONFIGURATOR_ADD"
2286 res = dev.request(cmd)
2287 if "FAIL" in res:
2288 raise Exception("Failed to add configurator")
2289 conf_id = int(res)
2290
2291 id = dev.dpp_bootstrap_gen(type="pkex")
2292
2293 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2294 if "FAIL" in dev.request(cmd):
2295 raise Exception("Failed to initiate DPP PKEX")
2296
2297 def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2298 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2299 check_dpp_capab(dev[0])
2300 check_dpp_capab(dev[1])
2301 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2302 "BootstrapResult,Errorsent",
2303 None),
2304 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2305 "BootstrapResult,Errorsent",
2306 "Missing or invalid Finite Cyclic Group attribute"),
2307 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2308 "BootstrapResult,Errorsent",
2309 "No valid peer bootstrapping key found")]
2310 for step, frame, attr, result, fail in tests:
2311 dev[0].request("FLUSH")
2312 dev[1].request("FLUSH")
2313 sigma = start_sigma_dut(dev[0].ifname)
2314 try:
2315 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2316 result, fail)
2317 finally:
2318 stop_sigma_dut(sigma)
2319
2320 def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
2321 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2322
2323 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2324 res = dev[1].request(cmd)
2325 if "FAIL" in res:
2326 raise Exception("Failed to set PKEX data (responder)")
2327
2328 cmd = "DPP_LISTEN 2437 role=enrollee"
2329 if "OK" not in dev[1].request(cmd):
2330 raise Exception("Failed to start listen operation")
2331
2332 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
2333 if result not in res:
2334 raise Exception("Unexpected result: " + res)
2335 if fail:
2336 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2337 if ev is None or fail not in ev:
2338 raise Exception("Failure not reported correctly: " + str(ev))
2339
2340 dev[1].request("DPP_STOP_LISTEN")
2341 dev[0].dump_monitor()
2342 dev[1].dump_monitor()
2343
2344 def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2345 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2346 check_dpp_capab(dev[0])
2347 check_dpp_capab(dev[1])
2348 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2349 "BootstrapResult,Errorsent",
2350 None),
2351 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2352 "BootstrapResult,Errorsent",
2353 "No DPP Status attribute"),
2354 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2355 "BootstrapResult,Errorsent",
2356 "No valid peer bootstrapping key found")]
2357 for step, frame, attr, result, fail in tests:
2358 dev[0].request("FLUSH")
2359 dev[1].request("FLUSH")
2360 sigma = start_sigma_dut(dev[0].ifname)
2361 try:
2362 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2363 result, fail)
2364 finally:
2365 stop_sigma_dut(sigma)
2366
2367 def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2368 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2369 t.start()
2370 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2371 t.join()
2372 if result not in res:
2373 raise Exception("Unexpected result: " + res)
2374 if fail:
2375 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2376 if ev is None or fail not in ev:
2377 raise Exception("Failure not reported correctly:" + str(ev))
2378
2379 dev[1].request("DPP_STOP_LISTEN")
2380 dev[0].dump_monitor()
2381 dev[1].dump_monitor()
2382
2383 def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2384 check_dpp_capab(dev[0])
2385 check_dpp_capab(dev[1])
2386
2387 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2388 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2389 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2390 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2391
2392 params = {"ssid": "DPPNET01",
2393 "wpa": "2",
2394 "ieee80211w": "2",
2395 "wpa_key_mgmt": "DPP",
2396 "rsn_pairwise": "CCMP",
2397 "dpp_connector": ap_connector,
2398 "dpp_csign": csign_pub,
2399 "dpp_netaccesskey": ap_netaccesskey}
2400 try:
2401 hapd = hostapd.add_ap(apdev[0], params)
2402 except:
2403 raise HwsimSkip("DPP not supported")
2404
2405 dev[0].set("dpp_config_processing", "2")
2406
2407 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2408 res = dev[1].request(cmd)
2409 if "FAIL" in res:
2410 raise Exception("Failed to add configurator")
2411 conf_id = int(res)
2412
2413 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2414 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2415
2416 dev[1].set("dpp_configurator_params",
2417 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2418 conf_id))
2419 cmd = "DPP_LISTEN 2437 role=configurator"
2420 if "OK" not in dev[1].request(cmd):
2421 raise Exception("Failed to start listen operation")
2422
2423 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2424 if "status,COMPLETE" not in res:
2425 raise Exception("dev_exec_action did not succeed: " + res)
2426
2427 def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2428 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2429 sigma = start_sigma_dut(dev[0].ifname)
2430 try:
2431 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2432
2433 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2434 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2435 raise Exception("Unexpected result: " + res)
2436 finally:
2437 dev[0].set("dpp_config_processing", "0")
2438 stop_sigma_dut(sigma)
2439
2440 def test_sigma_dut_dpp_self_config(dev, apdev):
2441 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2442 check_dpp_capab(dev[0])
2443
2444 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2445 check_dpp_capab(hapd)
2446
2447 sigma = start_sigma_dut(dev[0].ifname)
2448 try:
2449 dev[0].set("dpp_config_processing", "2")
2450 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2451 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2452
2453 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2454 if "status,COMPLETE" not in res:
2455 raise Exception("dev_exec_action did not succeed: " + res)
2456
2457 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2458 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2459 raise Exception("Unexpected result: " + res)
2460 update_hapd_config(hapd)
2461
2462 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2463 res = sigma_dut_cmd(cmd, timeout=10)
2464 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2465 raise Exception("Unexpected result: " + res)
2466 finally:
2467 stop_sigma_dut(sigma)
2468 dev[0].set("dpp_config_processing", "0")
2469
2470 def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2471 """sigma_dut DPP AP Configurator using self-configuration"""
2472 logdir = os.path.join(params['logdir'],
2473 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2474 with HWSimRadio() as (radio, iface):
2475 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2476 try:
2477 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2478 finally:
2479 stop_sigma_dut(sigma)
2480 dev[0].set("dpp_config_processing", "0")
2481
2482 def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2483 check_dpp_capab(dev[0])
2484
2485 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2486
2487 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2488 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2489 raise Exception("Unexpected result: " + res)
2490
2491 dev[0].set("dpp_config_processing", "2")
2492
2493 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
2494 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2495 cmd = "DPP_LISTEN 2462 role=enrollee"
2496 if "OK" not in dev[0].request(cmd):
2497 raise Exception("Failed to start listen operation")
2498
2499 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2500 if "status,COMPLETE" not in res:
2501 raise Exception("dev_exec_action did not succeed: " + res)
2502 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2503 res = sigma_dut_cmd(cmd)
2504 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2505 raise Exception("Unexpected result: " + res)
2506 dev[0].wait_connected()
2507 dev[0].request("DISCONNECT")
2508 dev[0].wait_disconnected()
2509 sigma_dut_cmd_check("ap_reset_default")
2510
2511
2512 def test_sigma_dut_ap_dpp_relay(dev, apdev, params):
2513 """sigma_dut DPP AP as Relay to Controller"""
2514 logdir = os.path.join(params['logdir'],
2515 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2516 with HWSimRadio() as (radio, iface):
2517 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2518 try:
2519 run_sigma_dut_ap_dpp_relay(dev, apdev)
2520 finally:
2521 stop_sigma_dut(sigma)
2522 dev[1].request("DPP_CONTROLLER_STOP")
2523
2524 def run_sigma_dut_ap_dpp_relay(dev, apdev):
2525 check_dpp_capab(dev[0])
2526 check_dpp_capab(dev[1])
2527
2528 # Controller
2529 conf_id = dev[1].dpp_configurator_add()
2530 dev[1].set("dpp_configurator_params",
2531 " conf=sta-dpp configurator=%d" % conf_id)
2532 id_c = dev[1].dpp_bootstrap_gen()
2533 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2534 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
2535 pkhash = None
2536 for line in res.splitlines():
2537 name, value = line.split('=')
2538 if name == "pkhash":
2539 pkhash = value
2540 break
2541 if not pkhash:
2542 raise Exception("Could not fetch public key hash from Controller")
2543 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2544 raise Exception("Failed to start Controller")
2545
2546 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2547 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash)
2548 res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2549
2550 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
2551 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0])
2552
2553 sigma_dut_cmd_check("ap_reset_default")
2554
2555 def dpp_init_tcp_enrollee(dev, id1):
2556 logger.info("Starting DPP initiator/enrollee (TCP) in a thread")
2557 time.sleep(1)
2558 cmd = "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2559 if "OK" not in dev.request(cmd):
2560 raise Exception("Failed to initiate DPP Authentication")
2561 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2562 if ev is None:
2563 raise Exception("DPP configuration not completed (Enrollee)")
2564 logger.info("DPP initiator/enrollee done")
2565
2566 def test_sigma_dut_dpp_tcp_conf_resp(dev, apdev):
2567 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2568 run_sigma_dut_dpp_tcp_conf_resp(dev)
2569
2570 def run_sigma_dut_dpp_tcp_conf_resp(dev, status_query=False):
2571 check_dpp_capab(dev[0])
2572 check_dpp_capab(dev[1])
2573 sigma = start_sigma_dut(dev[0].ifname)
2574 try:
2575 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2576 res = sigma_dut_cmd(cmd)
2577 if "status,COMPLETE" not in res:
2578 raise Exception("dev_exec_action did not succeed: " + res)
2579 hex = res.split(',')[3]
2580 uri = from_hex(hex)
2581 logger.info("URI from sigma_dut: " + uri)
2582
2583 id1 = dev[1].dpp_qr_code(uri)
2584
2585 t = threading.Thread(target=dpp_init_tcp_enrollee, args=(dev[1], id1))
2586 t.start()
2587 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2588 if status_query:
2589 cmd += ",DPPStatusQuery,Yes"
2590 res = sigma_dut_cmd(cmd, timeout=10)
2591 t.join()
2592 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2593 raise Exception("Unexpected result: " + res)
2594 if status_query and "StatusResult,0" not in res:
2595 raise Exception("Status query did not succeed: " + res)
2596 finally:
2597 stop_sigma_dut(sigma)
2598
2599 def test_sigma_dut_dpp_tcp_enrollee_init(dev, apdev):
2600 """sigma_dut DPP TCP Enrollee as initiator"""
2601 check_dpp_capab(dev[0])
2602 check_dpp_capab(dev[1])
2603 sigma = start_sigma_dut(dev[0].ifname)
2604 try:
2605 # Controller
2606 conf_id = dev[1].dpp_configurator_add()
2607 dev[1].set("dpp_configurator_params",
2608 " conf=sta-dpp configurator=%d" % conf_id)
2609 id_c = dev[1].dpp_bootstrap_gen()
2610 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2611 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2612 raise Exception("Failed to start Controller")
2613
2614 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
2615 if "status,COMPLETE" not in res:
2616 raise Exception("dev_exec_action did not succeed: " + res)
2617
2618 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2619 res = sigma_dut_cmd(cmd, timeout=10)
2620 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2621 raise Exception("Unexpected result: " + res)
2622 finally:
2623 stop_sigma_dut(sigma)
2624 dev[1].request("DPP_CONTROLLER_STOP")
2625
2626 def test_sigma_dut_preconfigured_profile(dev, apdev):
2627 """sigma_dut controlled connection using preconfigured profile"""
2628 try:
2629 run_sigma_dut_preconfigured_profile(dev, apdev)
2630 finally:
2631 dev[0].set("ignore_old_scan_res", "0")
2632
2633 def run_sigma_dut_preconfigured_profile(dev, apdev):
2634 ifname = dev[0].ifname
2635 sigma = start_sigma_dut(ifname)
2636
2637 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2638 hapd = hostapd.add_ap(apdev[0], params)
2639 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2640 only_add_network=True)
2641
2642 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2643 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"))
2644 sigma_dut_wait_connected(ifname)
2645 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2646 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2647 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2648
2649 stop_sigma_dut(sigma)
2650
2651 def test_sigma_dut_wps_pbc(dev, apdev):
2652 """sigma_dut and WPS PBC Enrollee"""
2653 try:
2654 run_sigma_dut_wps_pbc(dev, apdev)
2655 finally:
2656 dev[0].set("ignore_old_scan_res", "0")
2657
2658 def run_sigma_dut_wps_pbc(dev, apdev):
2659 ssid = "test-wps-conf"
2660 hapd = hostapd.add_ap(apdev[0],
2661 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2662 "wpa_passphrase": "12345678", "wpa": "2",
2663 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2664 hapd.request("WPS_PBC")
2665
2666 ifname = dev[0].ifname
2667 sigma = start_sigma_dut(ifname)
2668
2669 cmd = "start_wps_registration,interface,%s" % ifname
2670 cmd += ",WpsRole,Enrollee"
2671 cmd += ",WpsConfigMethod,PBC"
2672 sigma_dut_cmd_check(cmd, timeout=15)
2673
2674 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2675 hapd.disable()
2676 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2677 stop_sigma_dut(sigma)
2678 dev[0].flush_scan_cache()
2679
2680 def test_sigma_dut_sta_scan_bss(dev, apdev):
2681 """sigma_dut sta_scan_bss"""
2682 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
2683 sigma = start_sigma_dut(dev[0].ifname)
2684 try:
2685 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2686 hapd.own_addr())
2687 res = sigma_dut_cmd(cmd, timeout=10)
2688 if "ssid,test,bsschannel,1" not in res:
2689 raise Exception("Unexpected result: " + res)
2690 finally:
2691 stop_sigma_dut(sigma)
2692
2693 def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2694 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2695 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2696 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2697 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2698 try:
2699 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
2700 res = sigma_dut_cmd(cmd, timeout=10)
2701 if "abcdef" not in res or "qwerty" not in res:
2702 raise Exception("Unexpected result: " + res)
2703 finally:
2704 stop_sigma_dut(sigma)
2705
2706 def test_sigma_dut_ap_osen(dev, apdev, params):
2707 """sigma_dut controlled AP with OSEN"""
2708 logdir = os.path.join(params['logdir'],
2709 "sigma_dut_ap_osen.sigma-hostapd")
2710 with HWSimRadio() as (radio, iface):
2711 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2712 try:
2713 sigma_dut_cmd_check("ap_reset_default")
2714 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2715 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2716 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2717 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2718
2719 # RSN-OSEN (for OSU)
2720 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2721 pairwise="CCMP", group="GTK_NOT_USED",
2722 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2723 ca_cert="auth_serv/ca.pem", scan_freq="2412")
2724
2725 sigma_dut_cmd_check("ap_reset_default")
2726 finally:
2727 stop_sigma_dut(sigma)
2728
2729 def test_sigma_dut_ap_eap_osen(dev, apdev, params):
2730 """sigma_dut controlled AP with EAP+OSEN"""
2731 logdir = os.path.join(params['logdir'],
2732 "sigma_dut_ap_eap_osen.sigma-hostapd")
2733 with HWSimRadio() as (radio, iface):
2734 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
2735 try:
2736 sigma_dut_cmd_check("ap_reset_default")
2737 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2738 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2739 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2740 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2741
2742 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2743 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2744
2745 # RSN-OSEN (for OSU)
2746 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2747 pairwise="CCMP",
2748 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2749 ca_cert="auth_serv/ca.pem", ieee80211w='2',
2750 scan_freq="2412")
2751 # RSN-EAP (for data connection)
2752 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2753 identity="hs20-test", password="password",
2754 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2755 ieee80211w='2', scan_freq="2412")
2756
2757 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
2758 success_expected=False, timeout=1)
2759
2760 sigma_dut_cmd_check("ap_reset_default")
2761 finally:
2762 stop_sigma_dut(sigma)
2763 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2764 stderr=open('/dev/null', 'w'))
2765 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2766 stderr=open('/dev/null', 'w'))
2767
2768 def test_sigma_dut_ap_eap(dev, apdev, params):
2769 """sigma_dut controlled AP WPA2-Enterprise"""
2770 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2771 with HWSimRadio() as (radio, iface):
2772 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2773 try:
2774 sigma_dut_cmd_check("ap_reset_default")
2775 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2776 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2777 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2778 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2779
2780 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
2781 identity="gpsk user",
2782 password="abcdefghijklmnop0123456789abcdef",
2783 scan_freq="2412")
2784
2785 sigma_dut_cmd_check("ap_reset_default")
2786 finally:
2787 stop_sigma_dut(sigma)
2788
2789 def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
2790 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2791 logdir = os.path.join(params['logdir'],
2792 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2793 with HWSimRadio() as (radio, iface):
2794 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2795 try:
2796 sigma_dut_cmd_check("ap_reset_default")
2797 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2798 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2799 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2800 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2801
2802 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
2803 identity="gpsk user",
2804 password="abcdefghijklmnop0123456789abcdef",
2805 scan_freq="2412")
2806
2807 sigma_dut_cmd_check("ap_reset_default")
2808 finally:
2809 stop_sigma_dut(sigma)
2810
2811 def test_sigma_dut_ap_ft_eap(dev, apdev, params):
2812 """sigma_dut controlled AP FT-EAP"""
2813 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2814 with HWSimRadio() as (radio, iface):
2815 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2816 try:
2817 sigma_dut_cmd_check("ap_reset_default")
2818 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2819 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2820 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2821 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2822
2823 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2824 identity="gpsk user",
2825 password="abcdefghijklmnop0123456789abcdef",
2826 scan_freq="2412")
2827
2828 sigma_dut_cmd_check("ap_reset_default")
2829 finally:
2830 stop_sigma_dut(sigma)
2831
2832 def test_sigma_dut_ap_ft_psk(dev, apdev, params):
2833 """sigma_dut controlled AP FT-PSK"""
2834 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2835 with HWSimRadio() as (radio, iface):
2836 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2837 try:
2838 sigma_dut_cmd_check("ap_reset_default")
2839 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2840 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2841 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2842
2843 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2844 scan_freq="2412")
2845
2846 sigma_dut_cmd_check("ap_reset_default")
2847 finally:
2848 stop_sigma_dut(sigma)
2849
2850 def test_sigma_dut_ap_ft_over_ds_psk(dev, apdev, params):
2851 """sigma_dut controlled AP FT-PSK (over-DS)"""
2852 logdir = os.path.join(params['logdir'],
2853 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
2854 conffile = os.path.join(params['logdir'],
2855 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
2856 with HWSimRadio() as (radio, iface):
2857 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2858 try:
2859 sigma_dut_cmd_check("ap_reset_default")
2860 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
2861 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2862 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2863
2864 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
2865 with open(conffile, "wb") as f2:
2866 f2.write(f.read())
2867
2868 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2869 scan_freq="2412")
2870
2871 sigma_dut_cmd_check("ap_reset_default")
2872 finally:
2873 stop_sigma_dut(sigma)
2874
2875 def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
2876 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2877 logdir = os.path.join(params['logdir'],
2878 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2879 with HWSimRadio() as (radio, iface):
2880 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2881 try:
2882 sigma_dut_cmd_check("ap_reset_default")
2883 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2884 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2885 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2886 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2887
2888 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2889 identity="gpsk user",
2890 password="abcdefghijklmnop0123456789abcdef",
2891 scan_freq="2412")
2892 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
2893 identity="gpsk user",
2894 password="abcdefghijklmnop0123456789abcdef",
2895 scan_freq="2412")
2896
2897 sigma_dut_cmd_check("ap_reset_default")
2898 finally:
2899 stop_sigma_dut(sigma)
2900
2901 def test_sigma_dut_venue_url(dev, apdev):
2902 """sigma_dut controlled Venue URL fetch"""
2903 try:
2904 run_sigma_dut_venue_url(dev, apdev)
2905 finally:
2906 dev[0].set("ignore_old_scan_res", "0")
2907
2908 def run_sigma_dut_venue_url(dev, apdev):
2909 ifname = dev[0].ifname
2910 sigma = start_sigma_dut(ifname, debug=True)
2911
2912 ssid = "venue"
2913 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
2914 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
2915 params["ieee80211w"] = "2"
2916
2917 venue_group = 1
2918 venue_type = 13
2919 venue_info = struct.pack('BB', venue_group, venue_type)
2920 lang1 = "eng"
2921 name1 = "Example venue"
2922 lang2 = "fin"
2923 name2 = "Esimerkkipaikka"
2924 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
2925 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
2926 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
2927
2928 url1 = "http://example.com/venue"
2929 url2 = "https://example.org/venue-info/"
2930 params["venue_group"] = str(venue_group)
2931 params["venue_type"] = str(venue_type)
2932 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
2933 params["venue_url"] = ["1:" + url1, "2:" + url2]
2934
2935 hapd = hostapd.add_ap(apdev[0], params)
2936
2937 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
2938 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2939 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
2940 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"))
2941 sigma_dut_wait_connected(ifname)
2942 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2943 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
2944 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2945 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2946
2947 stop_sigma_dut(sigma)
2948
2949 def test_sigma_dut_hs20_assoc_24(dev, apdev):
2950 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
2951 run_sigma_dut_hs20_assoc(dev, apdev, True)
2952
2953 def test_sigma_dut_hs20_assoc_5(dev, apdev):
2954 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
2955 run_sigma_dut_hs20_assoc(dev, apdev, False)
2956
2957 def run_sigma_dut_hs20_assoc(dev, apdev, band24):
2958 hapd0 = None
2959 hapd1 = None
2960 try:
2961 bssid0 = apdev[0]['bssid']
2962 params = hs20_ap_params()
2963 params['hessid'] = bssid0
2964 hapd0 = hostapd.add_ap(apdev[0], params)
2965
2966 bssid1 = apdev[1]['bssid']
2967 params = hs20_ap_params()
2968 params['hessid'] = bssid0
2969 params["hw_mode"] = "a"
2970 params["channel"] = "36"
2971 params["country_code"] = "US"
2972 hapd1 = hostapd.add_ap(apdev[1], params)
2973
2974 band = "2.4" if band24 else "5"
2975 exp_bssid = bssid0 if band24 else bssid1
2976 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
2977 finally:
2978 dev[0].request("DISCONNECT")
2979 if hapd0:
2980 hapd0.request("DISABLE")
2981 if hapd1:
2982 hapd1.request("DISABLE")
2983 subprocess.call(['iw', 'reg', 'set', '00'])
2984 dev[0].flush_scan_cache()
2985
2986 def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
2987 check_eap_capa(dev[0], "MSCHAPV2")
2988 dev[0].flush_scan_cache()
2989
2990 ifname = dev[0].ifname
2991 sigma = start_sigma_dut(ifname, debug=True)
2992
2993 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
2994 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2995 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
2996 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
2997 timeout=15)
2998 sigma_dut_wait_connected(ifname)
2999 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3000 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3001 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3002
3003 stop_sigma_dut(sigma)
3004
3005 if "BSSID," + expect_bssid not in res:
3006 raise Exception("Unexpected BSSID: " + res)
3007
3008 def test_sigma_dut_ap_hs20(dev, apdev, params):
3009 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3010 logdir = os.path.join(params['logdir'],
3011 "sigma_dut_ap_hs20.sigma-hostapd")
3012 conffile = os.path.join(params['logdir'],
3013 "sigma_dut_ap_hs20.sigma-conf")
3014 with HWSimRadio() as (radio, iface):
3015 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
3016 try:
3017 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3018 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3019 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3020 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3021 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3022 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3023 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3024 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3025 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3026 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3027 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3028 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3029 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3030 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3031
3032 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3033 with open(conffile, "wb") as f2:
3034 f2.write(f.read())
3035
3036 sigma_dut_cmd_check("ap_reset_default")
3037 finally:
3038 stop_sigma_dut(sigma)
3039
3040 def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
3041 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3042 logdir = params['logdir']
3043
3044 with open("auth_serv/ca.pem", "r") as f:
3045 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
3046 "w") as f2:
3047 f2.write(f.read())
3048
3049 src = "auth_serv/server.pem"
3050 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
3051 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3052 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3053 "-outform", "DER"],
3054 stderr=open('/dev/null', 'w'))
3055 with open(dst, "rb") as f:
3056 der = f.read()
3057 hash = hashlib.sha256(der).digest()
3058 with open(hashdst, "w") as f:
3059 f.write(binascii.hexlify(hash).decode())
3060
3061 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3062 with open(dst, "w") as f:
3063 f.write(32*"00")
3064
3065 ssid = "test-wpa2-eap"
3066 params = hostapd.wpa2_eap_params(ssid=ssid)
3067 hapd = hostapd.add_ap(apdev[0], params)
3068
3069 ifname = dev[0].ifname
3070 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3071
3072 try:
3073 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
3074
3075 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3076 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3077 sigma_dut_cmd_check(cmd)
3078 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3079 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3080 if ev is None:
3081 raise Exception("Server certificate error not reported")
3082
3083 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3084 if "ServerCertTrustResult,Accepted" not in res:
3085 raise Exception("Server certificate trust was not accepted")
3086 sigma_dut_wait_connected(ifname)
3087 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3088 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3089 dev[0].dump_monitor()
3090 finally:
3091 stop_sigma_dut(sigma)
3092
3093 def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
3094 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3095 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
3096
3097 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
3098 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3099 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
3100
3101 def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
3102 logdir = params['logdir']
3103
3104 name = "sigma_dut_eap_ttls_uosc_tod"
3105 if tofu:
3106 name += "_tofu"
3107 with open("auth_serv/ca.pem", "r") as f:
3108 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3109 f2.write(f.read())
3110
3111 if tofu:
3112 src = "auth_serv/server-certpol2.pem"
3113 else:
3114 src = "auth_serv/server-certpol.pem"
3115 dst = os.path.join(logdir, name + ".server.der")
3116 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3117 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3118 "-outform", "DER"],
3119 stderr=open('/dev/null', 'w'))
3120 with open(dst, "rb") as f:
3121 der = f.read()
3122 hash = hashlib.sha256(der).digest()
3123 with open(hashdst, "w") as f:
3124 f.write(binascii.hexlify(hash).decode())
3125
3126 ssid = "test-wpa2-eap"
3127 params = int_eap_server_params()
3128 params["ssid"] = ssid
3129 if tofu:
3130 params["server_cert"] = "auth_serv/server-certpol2.pem"
3131 params["private_key"] = "auth_serv/server-certpol2.key"
3132 else:
3133 params["server_cert"] = "auth_serv/server-certpol.pem"
3134 params["private_key"] = "auth_serv/server-certpol.key"
3135 hapd = hostapd.add_ap(apdev[0], params)
3136
3137 ifname = dev[0].ifname
3138 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3139
3140 try:
3141 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
3142 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3143 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3144 sigma_dut_cmd_check(cmd)
3145 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3146 sigma_dut_wait_connected(ifname)
3147 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3148 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
3149 dev[0].wait_disconnected()
3150 dev[0].dump_monitor()
3151
3152 hapd.disable()
3153 params = hostapd.wpa2_eap_params(ssid=ssid)
3154 hapd = hostapd.add_ap(apdev[0], params)
3155
3156 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3157 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3158 if ev is None:
3159 raise Exception("Server certificate error not reported")
3160
3161 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3162 if "ServerCertTrustResult,Accepted" in res:
3163 raise Exception("Server certificate trust override was accepted unexpectedly")
3164 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3165 dev[0].dump_monitor()
3166 finally:
3167 stop_sigma_dut(sigma)
3168
3169 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
3170 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3171 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
3172
3173 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
3174 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3175 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
3176
3177 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
3178 logdir = params['logdir']
3179
3180 name = "sigma_dut_eap_ttls_uosc_initial_tod"
3181 if tofu:
3182 name += "_tofu"
3183 with open("auth_serv/rsa3072-ca.pem", "r") as f:
3184 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3185 f2.write(f.read())
3186
3187 if tofu:
3188 src = "auth_serv/server-certpol2.pem"
3189 else:
3190 src = "auth_serv/server-certpol.pem"
3191 dst = os.path.join(logdir, name + ".server.der")
3192 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3193 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3194 "-outform", "DER"],
3195 stderr=open('/dev/null', 'w'))
3196 with open(dst, "rb") as f:
3197 der = f.read()
3198 hash = hashlib.sha256(der).digest()
3199 with open(hashdst, "w") as f:
3200 f.write(binascii.hexlify(hash).decode())
3201
3202 ssid = "test-wpa2-eap"
3203 params = int_eap_server_params()
3204 params["ssid"] = ssid
3205 if tofu:
3206 params["server_cert"] = "auth_serv/server-certpol2.pem"
3207 params["private_key"] = "auth_serv/server-certpol2.key"
3208 else:
3209 params["server_cert"] = "auth_serv/server-certpol.pem"
3210 params["private_key"] = "auth_serv/server-certpol.key"
3211 hapd = hostapd.add_ap(apdev[0], params)
3212
3213 ifname = dev[0].ifname
3214 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3215
3216 try:
3217 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
3218 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3219 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3220 sigma_dut_cmd_check(cmd)
3221 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3222 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
3223 if ev is None:
3224 raise Exception("Server certificate validation failure not reported")
3225
3226 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3227 if not tofu and "ServerCertTrustResult,Accepted" in res:
3228 raise Exception("Server certificate trust override was accepted unexpectedly")
3229 if tofu and "ServerCertTrustResult,Accepted" not in res:
3230 raise Exception("Server certificate trust override was not accepted")
3231 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3232 dev[0].dump_monitor()
3233 finally:
3234 stop_sigma_dut(sigma)
3235
3236 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
3237 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3238 logdir = params['logdir']
3239
3240 with open("auth_serv/ca.pem", "r") as f:
3241 with open(os.path.join(logdir,
3242 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3243 "w") as f2:
3244 f2.write(f.read())
3245
3246 ssid = "test-wpa2-eap"
3247 params = int_eap_server_params()
3248 params["ssid"] = ssid
3249 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3250 params["server_cert"] = "auth_serv/rsa3072-server.pem"
3251 params["private_key"] = "auth_serv/rsa3072-server.key"
3252 hapd = hostapd.add_ap(apdev[0], params)
3253
3254 ifname = dev[0].ifname
3255 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3256
3257 try:
3258 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
3259 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3260 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3261 sigma_dut_cmd_check(cmd)
3262 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3263 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3264 if ev is None:
3265 raise Exception("Server certificate error not reported")
3266
3267 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3268 if "ServerCertTrustResult,Accepted" not in res:
3269 raise Exception("Server certificate trust was not accepted")
3270 sigma_dut_wait_connected(ifname)
3271 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3272 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3273 dev[0].dump_monitor()
3274 finally:
3275 stop_sigma_dut(sigma)
Unnamed repository; edit this file 'description' to name the repository.