1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
13 logger
= logging
.getLogger()
22 from utils
import HwsimSkip
23 from hwsim
import HWSimRadio
25 from test_dpp
import check_dpp_capab
, update_hapd_config
, wait_auth_success
26 from test_suite_b
import check_suite_b_192_capa
, suite_b_as_params
, suite_b_192_rsa_ap_params
27 from test_ap_eap
import check_eap_capa
, int_eap_server_params
, check_domain_match
, check_domain_suffix_match
28 from test_ap_hs20
import hs20_ap_params
30 def check_sigma_dut():
31 if not os
.path
.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
35 return binascii
.hexlify(s
.encode()).decode()
38 return binascii
.unhexlify(s
).decode()
40 def sigma_log_output(cmd
):
42 out
= cmd
.stdout
.read()
44 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
46 if e
.errno
!= errno
.EAGAIN
:
49 out
= cmd
.stderr
.read()
51 logger
.debug("sigma_dut stderr: " + str(out
.decode()))
53 if e
.errno
!= errno
.EAGAIN
:
58 def sigma_dut_cmd(cmd
, port
=9000, timeout
=2):
59 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
61 sock
.settimeout(timeout
)
62 addr
= ('127.0.0.1', port
)
64 sock
.send(cmd
.encode() + b
"\r\n")
66 res
= sock
.recv(1000).decode()
69 for line
in res
.splitlines():
70 if line
.startswith("status,RUNNING"):
72 elif line
.startswith("status,INVALID"):
74 elif line
.startswith("status,ERROR"):
76 elif line
.startswith("status,COMPLETE"):
78 if running
and not done
:
79 # Read the actual response
80 res
= sock
.recv(1000).decode()
86 logger
.debug("sigma_dut: '%s' --> '%s'" % (cmd
, res
))
89 sigma_log_output(sigma_prog
)
92 def sigma_dut_cmd_check(cmd
, port
=9000, timeout
=2):
93 res
= sigma_dut_cmd(cmd
, port
=port
, timeout
=timeout
)
94 if "COMPLETE" not in res
:
95 raise Exception("sigma_dut command failed: " + cmd
)
98 def start_sigma_dut(ifname
, hostapd_logdir
=None, cert_path
=None,
99 bridge
=None, sae_h2e
=False, owe_ptk_workaround
=False):
101 cmd
= ['./sigma_dut',
105 '-F', '../../hostapd/hostapd',
107 '-w', '/var/run/wpa_supplicant/',
110 cmd
+= ['-H', hostapd_logdir
]
112 cmd
+= ['-C', cert_path
]
114 cmd
+= ['-b', bridge
]
117 if owe_ptk_workaround
:
119 sigma
= subprocess
.Popen(cmd
, stdout
=subprocess
.PIPE
,
120 stderr
=subprocess
.PIPE
)
121 for stream
in [sigma
.stdout
, sigma
.stderr
]:
123 fl
= fcntl
.fcntl(fd
, fcntl
.F_GETFL
)
124 fcntl
.fcntl(fd
, fcntl
.F_SETFL
, fl | os
.O_NONBLOCK
)
131 res
= sigma_dut_cmd("HELLO")
135 if res
is None or "errorCode,Unknown command" not in res
:
136 raise Exception("Failed to start sigma_dut")
137 return {'cmd': sigma
, 'ifname': ifname
}
139 def stop_sigma_dut(sigma
):
143 sigma_log_output(cmd
)
144 logger
.debug("Terminating sigma_dut process")
147 out
, err
= cmd
.communicate()
148 logger
.debug("sigma_dut stdout: " + str(out
.decode()))
149 logger
.debug("sigma_dut stderr: " + str(err
.decode()))
150 subprocess
.call(["ip", "addr", "del", "dev", sigma
['ifname'],
152 stderr
=open('/dev/null', 'w'))
154 def sigma_dut_wait_connected(ifname
):
156 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
157 if "connected,1" in res
:
161 raise Exception("Connection did not complete")
163 def test_sigma_dut_basic(dev
, apdev
):
164 """sigma_dut basic functionality"""
165 sigma
= start_sigma_dut(dev
[0].ifname
)
167 tests
= [("ca_get_version", "status,COMPLETE,version,1.0"),
168 ("device_get_info", "status,COMPLETE,vendor"),
169 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
170 ("device_list_interfaces,interfaceType,802.11",
171 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev
[0].ifname
)]
173 res
= sigma_dut_cmd("UNKNOWN")
174 if "status,INVALID,errorCode,Unknown command" not in res
:
175 raise Exception("Unexpected sigma_dut response to unknown command")
177 for cmd
, response
in tests
:
178 res
= sigma_dut_cmd(cmd
)
179 if response
not in res
:
180 raise Exception("Unexpected %s response: %s" % (cmd
, res
))
182 stop_sigma_dut(sigma
)
184 def test_sigma_dut_open(dev
, apdev
):
185 """sigma_dut controlled open network association"""
187 run_sigma_dut_open(dev
, apdev
)
189 dev
[0].set("ignore_old_scan_res", "0")
191 def run_sigma_dut_open(dev
, apdev
):
192 ifname
= dev
[0].ifname
193 sigma
= start_sigma_dut(ifname
)
196 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "open"})
198 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
199 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname
, "open"))
200 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "open"),
202 sigma_dut_wait_connected(ifname
)
203 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
204 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
205 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
207 stop_sigma_dut(sigma
)
209 def test_sigma_dut_psk_pmf(dev
, apdev
):
210 """sigma_dut controlled PSK+PMF association"""
212 run_sigma_dut_psk_pmf(dev
, apdev
)
214 dev
[0].set("ignore_old_scan_res", "0")
216 def run_sigma_dut_psk_pmf(dev
, apdev
):
217 ifname
= dev
[0].ifname
218 sigma
= start_sigma_dut(ifname
)
221 ssid
= "test-pmf-required"
222 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
223 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
224 params
["ieee80211w"] = "2"
225 hapd
= hostapd
.add_ap(apdev
[0], params
)
227 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
228 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
229 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "test-pmf-required", "12345678"))
230 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
232 sigma_dut_wait_connected(ifname
)
233 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
234 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
235 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
237 stop_sigma_dut(sigma
)
239 def test_sigma_dut_psk_pmf_bip_cmac_128(dev
, apdev
):
240 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
242 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-128", "AES-128-CMAC")
244 dev
[0].set("ignore_old_scan_res", "0")
246 def test_sigma_dut_psk_pmf_bip_cmac_256(dev
, apdev
):
247 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
249 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-CMAC-256", "BIP-CMAC-256")
251 dev
[0].set("ignore_old_scan_res", "0")
253 def test_sigma_dut_psk_pmf_bip_gmac_128(dev
, apdev
):
254 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
256 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-128", "BIP-GMAC-128")
258 dev
[0].set("ignore_old_scan_res", "0")
260 def test_sigma_dut_psk_pmf_bip_gmac_256(dev
, apdev
):
261 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
263 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "BIP-GMAC-256")
265 dev
[0].set("ignore_old_scan_res", "0")
267 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev
, apdev
):
268 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
270 run_sigma_dut_psk_pmf_cipher(dev
, apdev
, "BIP-GMAC-256", "AES-128-CMAC",
273 dev
[0].set("ignore_old_scan_res", "0")
275 def run_sigma_dut_psk_pmf_cipher(dev
, apdev
, sigma_cipher
, hostapd_cipher
,
277 ifname
= dev
[0].ifname
278 sigma
= start_sigma_dut(ifname
)
281 ssid
= "test-pmf-required"
282 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
283 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
284 params
["ieee80211w"] = "2"
285 params
["group_mgmt_cipher"] = hostapd_cipher
286 hapd
= hostapd
.add_ap(apdev
[0], params
)
288 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
289 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
290 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname
, "test-pmf-required", "12345678", sigma_cipher
))
291 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-pmf-required"),
292 timeout
=2 if failure
else 10)
294 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
295 "CTRL-EVENT-CONNECTED"], timeout
=10)
297 raise Exception("Network selection result not indicated")
298 if "CTRL-EVENT-CONNECTED" in ev
:
299 raise Exception("Unexpected connection")
300 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
301 if "connected,1" in res
:
302 raise Exception("Connection reported")
304 sigma_dut_wait_connected(ifname
)
305 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
307 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
308 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
310 stop_sigma_dut(sigma
)
312 def test_sigma_dut_sae(dev
, apdev
):
313 """sigma_dut controlled SAE association"""
314 if "SAE" not in dev
[0].get_capability("auth_alg"):
315 raise HwsimSkip("SAE not supported")
317 ifname
= dev
[0].ifname
318 sigma
= start_sigma_dut(ifname
)
322 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
323 params
['wpa_key_mgmt'] = 'SAE'
324 params
["ieee80211w"] = "2"
325 params
['sae_groups'] = '19 20 21'
326 hapd
= hostapd
.add_ap(apdev
[0], params
)
328 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
329 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
330 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678"))
331 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
333 sigma_dut_wait_connected(ifname
)
334 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
335 if dev
[0].get_status_field('sae_group') != '19':
336 raise Exception("Expected default SAE group not used")
337 res
= sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname
)
338 logger
.info("Reported PMK: " + res
)
339 if ",PMK," not in res
:
340 raise Exception("PMK not reported");
341 if hapd
.request("GET_PMK " + dev
[0].own_addr()) != res
.split(',')[3]:
342 raise Exception("Mismatch in reported PMK")
343 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
345 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
347 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
348 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname
, "test-sae", "12345678"))
349 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
351 sigma_dut_wait_connected(ifname
)
352 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
353 if dev
[0].get_status_field('sae_group') != '20':
354 raise Exception("Expected SAE group not used")
355 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
356 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
358 stop_sigma_dut(sigma
)
360 def test_sigma_dut_sae_groups(dev
, apdev
):
361 """sigma_dut controlled SAE association with group negotiation"""
362 if "SAE" not in dev
[0].get_capability("auth_alg"):
363 raise HwsimSkip("SAE not supported")
365 ifname
= dev
[0].ifname
366 sigma
= start_sigma_dut(ifname
)
370 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
371 params
['wpa_key_mgmt'] = 'SAE'
372 params
["ieee80211w"] = "2"
373 params
['sae_groups'] = '19'
374 hapd
= hostapd
.add_ap(apdev
[0], params
)
376 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
377 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
378 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname
, "test-sae", "12345678"))
379 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
381 sigma_dut_wait_connected(ifname
)
382 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
383 if dev
[0].get_status_field('sae_group') != '19':
384 raise Exception("Expected default SAE group not used")
385 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
387 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
389 stop_sigma_dut(sigma
)
391 def test_sigma_dut_sae_pmkid_include(dev
, apdev
):
392 """sigma_dut controlled SAE association with PMKID"""
393 if "SAE" not in dev
[0].get_capability("auth_alg"):
394 raise HwsimSkip("SAE not supported")
396 ifname
= dev
[0].ifname
397 sigma
= start_sigma_dut(ifname
)
401 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
402 params
['wpa_key_mgmt'] = 'SAE'
403 params
["ieee80211w"] = "2"
404 params
["sae_confirm_immediate"] = "1"
405 hapd
= hostapd
.add_ap(apdev
[0], params
)
407 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
408 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
409 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname
, "test-sae", "12345678"))
410 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
412 sigma_dut_wait_connected(ifname
)
413 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
415 stop_sigma_dut(sigma
)
417 def test_sigma_dut_sae_password(dev
, apdev
):
418 """sigma_dut controlled SAE association and long password"""
419 if "SAE" not in dev
[0].get_capability("auth_alg"):
420 raise HwsimSkip("SAE not supported")
422 ifname
= dev
[0].ifname
423 sigma
= start_sigma_dut(ifname
)
427 params
= hostapd
.wpa2_params(ssid
=ssid
)
428 params
['sae_password'] = 100*'B'
429 params
['wpa_key_mgmt'] = 'SAE'
430 params
["ieee80211w"] = "2"
431 hapd
= hostapd
.add_ap(apdev
[0], params
)
433 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
434 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
435 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", 100*'B'))
436 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
438 sigma_dut_wait_connected(ifname
)
439 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
440 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
441 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
443 stop_sigma_dut(sigma
)
445 def test_sigma_dut_sae_pw_id(dev
, apdev
):
446 """sigma_dut controlled SAE association with Password Identifier"""
447 if "SAE" not in dev
[0].get_capability("auth_alg"):
448 raise HwsimSkip("SAE not supported")
450 ifname
= dev
[0].ifname
451 sigma
= start_sigma_dut(ifname
)
455 params
= hostapd
.wpa2_params(ssid
=ssid
)
456 params
['wpa_key_mgmt'] = 'SAE'
457 params
["ieee80211w"] = "2"
458 params
['sae_password'] = 'secret|id=pw id'
459 params
['sae_groups'] = '19'
460 hapd
= hostapd
.add_ap(apdev
[0], params
)
462 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
463 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
464 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname
, "test-sae", "secret"))
465 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
467 sigma_dut_wait_connected(ifname
)
468 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
469 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
471 stop_sigma_dut(sigma
)
473 def test_sigma_dut_sae_pw_id_pwe_loop(dev
, apdev
):
474 """sigma_dut controlled SAE association with Password Identifier and forced PWE looping"""
475 if "SAE" not in dev
[0].get_capability("auth_alg"):
476 raise HwsimSkip("SAE not supported")
478 ifname
= dev
[0].ifname
479 sigma
= start_sigma_dut(ifname
)
483 params
= hostapd
.wpa2_params(ssid
=ssid
)
484 params
['wpa_key_mgmt'] = 'SAE'
485 params
["ieee80211w"] = "2"
486 params
['sae_password'] = 'secret|id=pw id'
487 params
['sae_groups'] = '19'
488 hapd
= hostapd
.add_ap(apdev
[0], params
)
490 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
491 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
492 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id,sae_pwe,looping" % (ifname
, "test-sae", "secret"))
493 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
496 ev
= dev
[0].wait_event(["SME: Trying to authenticate",
497 "CTRL-EVENT-CONNECTED"], timeout
=10)
499 raise Exception("Network selection result not indicated")
500 if "CTRL-EVENT-CONNECTED" in ev
:
501 raise Exception("Unexpected connection")
502 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
503 if "connected,1" in res
:
504 raise Exception("Connection reported")
505 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
507 stop_sigma_dut(sigma
)
509 def test_sigma_dut_sae_pw_id_ft(dev
, apdev
):
510 """sigma_dut controlled SAE association with Password Identifier and FT"""
511 run_sigma_dut_sae_pw_id_ft(dev
, apdev
)
513 def test_sigma_dut_sae_pw_id_ft_over_ds(dev
, apdev
):
514 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
515 run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=True)
517 def run_sigma_dut_sae_pw_id_ft(dev
, apdev
, over_ds
=False):
518 if "SAE" not in dev
[0].get_capability("auth_alg"):
519 raise HwsimSkip("SAE not supported")
521 ifname
= dev
[0].ifname
522 sigma
= start_sigma_dut(ifname
)
526 params
= hostapd
.wpa2_params(ssid
=ssid
)
527 params
['wpa_key_mgmt'] = 'SAE FT-SAE'
528 params
["ieee80211w"] = "2"
529 params
['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
530 params
['mobility_domain'] = 'aabb'
531 params
['ft_over_ds'] = '1' if over_ds
else '0'
532 bssid
= apdev
[0]['bssid'].replace(':', '')
533 params
['nas_identifier'] = bssid
+ '.nas.example.com'
534 params
['r1_key_holder'] = bssid
535 params
['pmk_r1_push'] = '0'
536 params
['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
537 params
['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
538 hapd
= hostapd
.add_ap(apdev
[0], params
)
540 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
542 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname
)
543 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
544 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname
, "test-sae", "pw2"))
545 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
547 sigma_dut_wait_connected(ifname
)
549 bssid
= apdev
[1]['bssid'].replace(':', '')
550 params
['nas_identifier'] = bssid
+ '.nas.example.com'
551 params
['r1_key_holder'] = bssid
552 hapd2
= hostapd
.add_ap(apdev
[1], params
)
553 bssid
= hapd2
.own_addr()
554 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
555 dev
[0].wait_connected()
557 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
558 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
560 stop_sigma_dut(sigma
)
562 def test_sigma_dut_sta_override_rsne(dev
, apdev
):
563 """sigma_dut and RSNE override on STA"""
565 run_sigma_dut_sta_override_rsne(dev
, apdev
)
567 dev
[0].set("ignore_old_scan_res", "0")
569 def run_sigma_dut_sta_override_rsne(dev
, apdev
):
570 ifname
= dev
[0].ifname
571 sigma
= start_sigma_dut(ifname
)
575 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
576 hapd
= hostapd
.add_ap(apdev
[0], params
)
578 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
580 tests
= ["30120100000fac040100000fac040100000fac02",
581 "30140100000fac040100000fac040100000fac02ffff"]
583 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
584 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname
, test
))
585 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
587 sigma_dut_wait_connected(ifname
)
588 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
589 dev
[0].dump_monitor()
591 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname
, "test-psk", "12345678"))
592 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname
)
593 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-psk"),
596 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
598 raise Exception("Association rejection not reported")
599 if "status_code=40" not in ev
:
600 raise Exception("Unexpected status code: " + ev
)
602 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
604 stop_sigma_dut(sigma
)
606 def test_sigma_dut_ap_psk(dev
, apdev
):
607 """sigma_dut controlled AP"""
608 with
HWSimRadio() as (radio
, iface
):
609 sigma
= start_sigma_dut(iface
)
611 sigma_dut_cmd_check("ap_reset_default")
612 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
613 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
614 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
616 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
618 sigma_dut_cmd_check("ap_reset_default")
620 stop_sigma_dut(sigma
)
622 def test_sigma_dut_ap_pskhex(dev
, apdev
, params
):
623 """sigma_dut controlled AP and PSKHEX"""
624 logdir
= os
.path
.join(params
['logdir'],
625 "sigma_dut_ap_pskhex.sigma-hostapd")
626 with
HWSimRadio() as (radio
, iface
):
627 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
629 psk
= "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
630 sigma_dut_cmd_check("ap_reset_default")
631 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
632 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk
)
633 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
635 dev
[0].connect("test-psk", raw_psk
=psk
, scan_freq
="2412")
637 sigma_dut_cmd_check("ap_reset_default")
639 stop_sigma_dut(sigma
)
641 def test_sigma_dut_ap_psk_sha256(dev
, apdev
, params
):
642 """sigma_dut controlled AP PSK SHA256"""
643 logdir
= os
.path
.join(params
['logdir'],
644 "sigma_dut_ap_psk_sha256.sigma-hostapd")
645 with
HWSimRadio() as (radio
, iface
):
646 sigma
= start_sigma_dut(iface
)
648 sigma_dut_cmd_check("ap_reset_default")
649 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
650 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
651 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
653 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
654 psk
="12345678", scan_freq
="2412")
656 sigma_dut_cmd_check("ap_reset_default")
658 stop_sigma_dut(sigma
)
660 def test_sigma_dut_ap_psk_deauth(dev
, apdev
, params
):
661 """sigma_dut controlled AP and deauth commands"""
662 logdir
= os
.path
.join(params
['logdir'],
663 "sigma_dut_ap_psk_deauth.sigma-hostapd")
664 with
HWSimRadio() as (radio
, iface
):
665 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
667 sigma_dut_cmd_check("ap_reset_default")
668 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
669 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
670 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
672 dev
[0].connect("test-psk", key_mgmt
="WPA-PSK-SHA256",
673 psk
="12345678", ieee80211w
="2", scan_freq
="2412")
674 addr
= dev
[0].own_addr()
675 dev
[0].dump_monitor()
677 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
)
678 ev
= dev
[0].wait_disconnected()
679 dev
[0].dump_monitor()
680 if "locally_generated=1" in ev
:
681 raise Exception("Unexpected disconnection reason")
682 dev
[0].wait_connected()
683 dev
[0].dump_monitor()
685 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr
+ ",disconnect,silent")
686 ev
= dev
[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout
=5)
687 if ev
and "locally_generated=1" not in ev
:
688 raise Exception("Unexpected disconnection")
690 sigma_dut_cmd_check("ap_reset_default")
692 stop_sigma_dut(sigma
)
694 def test_sigma_dut_eap_ttls(dev
, apdev
, params
):
695 """sigma_dut controlled STA and EAP-TTLS parameters"""
696 check_domain_match(dev
[0])
697 logdir
= params
['logdir']
699 with
open("auth_serv/ca.pem", "r") as f
:
700 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls.ca.pem"), "w") as f2
:
703 src
= "auth_serv/server.pem"
704 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.der")
705 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.server.pem.sha256")
706 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
708 stderr
=open('/dev/null', 'w'))
709 with
open(dst
, "rb") as f
:
711 hash = hashlib
.sha256(der
).digest()
712 with
open(hashdst
, "w") as f
:
713 f
.write(binascii
.hexlify(hash).decode())
715 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls.incorrect.pem.sha256")
716 with
open(dst
, "w") as f
:
719 ssid
= "test-wpa2-eap"
720 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
721 hapd
= hostapd
.add_ap(apdev
[0], params
)
723 ifname
= dev
[0].ifname
724 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
726 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname
, ssid
)
730 ",Domain,server.w1.fi",
731 ",DomainSuffix,w1.fi",
732 ",DomainSuffix,server.w1.fi",
733 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
735 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
736 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
737 sigma_dut_cmd_check(cmd
+ extra
)
738 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
740 sigma_dut_wait_connected(ifname
)
741 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
742 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
743 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
744 dev
[0].dump_monitor()
746 tests
= [",Domain,w1.fi",
747 ",DomainSuffix,example.com",
748 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
750 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
751 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
752 sigma_dut_cmd_check(cmd
+ extra
)
753 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
755 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
757 raise Exception("Server certificate error not reported")
758 res
= sigma_dut_cmd("sta_is_connected,interface," + ifname
)
759 if "connected,1" in res
:
760 raise Exception("Unexpected connection reported")
761 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
762 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
763 dev
[0].dump_monitor()
765 stop_sigma_dut(sigma
)
767 def test_sigma_dut_suite_b(dev
, apdev
, params
):
768 """sigma_dut controlled STA Suite B"""
769 check_suite_b_192_capa(dev
)
770 logdir
= params
['logdir']
772 with
open("auth_serv/ec2-ca.pem", "r") as f
:
773 with
open(os
.path
.join(logdir
, "suite_b_ca.pem"), "w") as f2
:
776 with
open("auth_serv/ec2-user.pem", "r") as f
:
777 with
open("auth_serv/ec2-user.key", "r") as f2
:
778 with
open(os
.path
.join(logdir
, "suite_b.pem"), "w") as f3
:
782 dev
[0].flush_scan_cache()
783 params
= suite_b_as_params()
784 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
785 params
['server_cert'] = 'auth_serv/ec2-server.pem'
786 params
['private_key'] = 'auth_serv/ec2-server.key'
787 params
['openssl_ciphers'] = 'SUITEB192'
788 hostapd
.add_ap(apdev
[1], params
)
790 params
= {"ssid": "test-suite-b",
792 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
793 "rsn_pairwise": "GCMP-256",
794 "group_mgmt_cipher": "BIP-GMAC-256",
797 'auth_server_addr': "127.0.0.1",
798 'auth_server_port': "18129",
799 'auth_server_shared_secret': "radius",
800 'nas_identifier': "nas.w1.fi"}
801 hapd
= hostapd
.add_ap(apdev
[0], params
)
803 ifname
= dev
[0].ifname
804 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
807 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
808 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
809 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname
, "test-suite-b"))
810 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
812 sigma_dut_wait_connected(ifname
)
813 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
814 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
815 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
817 stop_sigma_dut(sigma
)
819 def test_sigma_dut_suite_b_rsa(dev
, apdev
, params
):
820 """sigma_dut controlled STA Suite B (RSA)"""
821 check_suite_b_192_capa(dev
)
822 logdir
= params
['logdir']
824 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
825 with
open(os
.path
.join(logdir
, "suite_b_ca_rsa.pem"), "w") as f2
:
828 with
open("auth_serv/rsa3072-user.pem", "r") as f
:
829 with
open("auth_serv/rsa3072-user.key", "r") as f2
:
830 with
open(os
.path
.join(logdir
, "suite_b_rsa.pem"), "w") as f3
:
834 dev
[0].flush_scan_cache()
835 params
= suite_b_192_rsa_ap_params()
836 hapd
= hostapd
.add_ap(apdev
[0], params
)
838 ifname
= dev
[0].ifname
839 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
841 cmd
= "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname
, "test-suite-b")
845 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
846 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
848 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
849 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
850 sigma_dut_cmd_check(cmd
+ extra
)
851 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-suite-b"),
853 sigma_dut_wait_connected(ifname
)
854 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
855 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
856 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
858 stop_sigma_dut(sigma
)
860 def test_sigma_dut_ap_suite_b(dev
, apdev
, params
):
861 """sigma_dut controlled AP Suite B"""
862 check_suite_b_192_capa(dev
)
863 logdir
= os
.path
.join(params
['logdir'],
864 "sigma_dut_ap_suite_b.sigma-hostapd")
865 params
= suite_b_as_params()
866 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
867 params
['server_cert'] = 'auth_serv/ec2-server.pem'
868 params
['private_key'] = 'auth_serv/ec2-server.key'
869 params
['openssl_ciphers'] = 'SUITEB192'
870 hostapd
.add_ap(apdev
[1], params
)
871 with
HWSimRadio() as (radio
, iface
):
872 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
874 sigma_dut_cmd_check("ap_reset_default")
875 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
876 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
877 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
878 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
880 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
882 openssl_ciphers
="SUITEB192",
883 eap
="TLS", identity
="tls user",
884 ca_cert
="auth_serv/ec2-ca.pem",
885 client_cert
="auth_serv/ec2-user.pem",
886 private_key
="auth_serv/ec2-user.key",
887 pairwise
="GCMP-256", group
="GCMP-256",
890 sigma_dut_cmd_check("ap_reset_default")
892 stop_sigma_dut(sigma
)
894 def test_sigma_dut_ap_cipher_gcmp_128(dev
, apdev
, params
):
895 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
896 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-128", "BIP-GMAC-128",
899 def test_sigma_dut_ap_cipher_gcmp_256(dev
, apdev
, params
):
900 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
901 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
904 def test_sigma_dut_ap_cipher_ccmp_128(dev
, apdev
, params
):
905 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
906 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128", "BIP-CMAC-128",
909 def test_sigma_dut_ap_cipher_ccmp_256(dev
, apdev
, params
):
910 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
911 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-256", "BIP-CMAC-256",
914 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev
, apdev
, params
):
915 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
916 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
917 "BIP-GMAC-256", "CCMP")
919 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev
, apdev
, params
):
920 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
921 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-CCMP-128 AES-GCMP-256",
922 "BIP-GMAC-256", "GCMP-256", "CCMP")
924 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev
, apdev
, params
):
925 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
926 run_sigma_dut_ap_cipher(dev
, apdev
, params
, "AES-GCMP-256", "BIP-GMAC-256",
927 "GCMP-256", "CCMP", "AES-CCMP-128")
929 def run_sigma_dut_ap_cipher(dev
, apdev
, params
, ap_pairwise
, ap_group_mgmt
,
930 sta_cipher
, sta_cipher_group
=None, ap_group
=None):
931 check_suite_b_192_capa(dev
)
932 logdir
= os
.path
.join(params
['logdir'],
933 "sigma_dut_ap_cipher.sigma-hostapd")
934 params
= suite_b_as_params()
935 params
['ca_cert'] = 'auth_serv/ec2-ca.pem'
936 params
['server_cert'] = 'auth_serv/ec2-server.pem'
937 params
['private_key'] = 'auth_serv/ec2-server.key'
938 params
['openssl_ciphers'] = 'SUITEB192'
939 hostapd
.add_ap(apdev
[1], params
)
940 with
HWSimRadio() as (radio
, iface
):
941 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
943 sigma_dut_cmd_check("ap_reset_default")
944 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
945 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
946 cmd
= "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise
, ap_group_mgmt
)
948 cmd
+= ",GroupCipher,%s" % ap_group
949 sigma_dut_cmd_check(cmd
)
950 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
952 if sta_cipher_group
is None:
953 sta_cipher_group
= sta_cipher
954 dev
[0].connect("test-suite-b", key_mgmt
="WPA-EAP-SUITE-B-192",
956 openssl_ciphers
="SUITEB192",
957 eap
="TLS", identity
="tls user",
958 ca_cert
="auth_serv/ec2-ca.pem",
959 client_cert
="auth_serv/ec2-user.pem",
960 private_key
="auth_serv/ec2-user.key",
961 pairwise
=sta_cipher
, group
=sta_cipher_group
,
964 sigma_dut_cmd_check("ap_reset_default")
966 stop_sigma_dut(sigma
)
968 def test_sigma_dut_ap_override_rsne(dev
, apdev
):
969 """sigma_dut controlled AP overriding RSNE"""
970 with
HWSimRadio() as (radio
, iface
):
971 sigma
= start_sigma_dut(iface
)
973 sigma_dut_cmd_check("ap_reset_default")
974 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
975 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
976 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface
)
977 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
979 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412")
981 sigma_dut_cmd_check("ap_reset_default")
983 stop_sigma_dut(sigma
)
985 def test_sigma_dut_ap_sae(dev
, apdev
, params
):
986 """sigma_dut controlled AP with SAE"""
987 logdir
= os
.path
.join(params
['logdir'],
988 "sigma_dut_ap_sae.sigma-hostapd")
989 if "SAE" not in dev
[0].get_capability("auth_alg"):
990 raise HwsimSkip("SAE not supported")
991 with
HWSimRadio() as (radio
, iface
):
992 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
994 sigma_dut_cmd_check("ap_reset_default")
995 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
996 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
997 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
999 dev
[0].request("SET sae_groups ")
1000 id = dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1001 ieee80211w
="2", scan_freq
="2412")
1002 if dev
[0].get_status_field('sae_group') != '19':
1003 raise Exception("Expected default SAE group not used")
1005 res
= sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev
[0].own_addr())
1006 logger
.info("Reported PMK: " + res
)
1007 if ",PMK," not in res
:
1008 raise Exception("PMK not reported");
1009 if dev
[0].get_pmk(id) != res
.split(',')[3]:
1010 raise Exception("Mismatch in reported PMK")
1012 sigma_dut_cmd_check("ap_reset_default")
1014 stop_sigma_dut(sigma
)
1016 def test_sigma_dut_ap_sae_confirm_immediate(dev
, apdev
, params
):
1017 """sigma_dut controlled AP with SAE Confirm immediate"""
1018 logdir
= os
.path
.join(params
['logdir'],
1019 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
1020 if "SAE" not in dev
[0].get_capability("auth_alg"):
1021 raise HwsimSkip("SAE not supported")
1022 with
HWSimRadio() as (radio
, iface
):
1023 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1025 sigma_dut_cmd_check("ap_reset_default")
1026 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1027 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
1028 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1030 dev
[0].request("SET sae_groups ")
1031 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1032 ieee80211w
="2", scan_freq
="2412")
1033 if dev
[0].get_status_field('sae_group') != '19':
1034 raise Exception("Expected default SAE group not used")
1036 sigma_dut_cmd_check("ap_reset_default")
1038 stop_sigma_dut(sigma
)
1040 def test_sigma_dut_ap_sae_password(dev
, apdev
, params
):
1041 """sigma_dut controlled AP with SAE and long password"""
1042 logdir
= os
.path
.join(params
['logdir'],
1043 "sigma_dut_ap_sae_password.sigma-hostapd")
1044 if "SAE" not in dev
[0].get_capability("auth_alg"):
1045 raise HwsimSkip("SAE not supported")
1046 with
HWSimRadio() as (radio
, iface
):
1047 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1049 sigma_dut_cmd_check("ap_reset_default")
1050 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1051 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1052 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1054 dev
[0].request("SET sae_groups ")
1055 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=100*'C',
1056 ieee80211w
="2", scan_freq
="2412")
1057 if dev
[0].get_status_field('sae_group') != '19':
1058 raise Exception("Expected default SAE group not used")
1060 sigma_dut_cmd_check("ap_reset_default")
1062 stop_sigma_dut(sigma
)
1064 def test_sigma_dut_ap_sae_pw_id(dev
, apdev
, params
):
1065 """sigma_dut controlled AP with SAE Password Identifier"""
1066 logdir
= os
.path
.join(params
['logdir'],
1067 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1068 conffile
= os
.path
.join(params
['logdir'],
1069 "sigma_dut_ap_sae_pw_id.sigma-conf")
1070 if "SAE" not in dev
[0].get_capability("auth_alg"):
1071 raise HwsimSkip("SAE not supported")
1072 with
HWSimRadio() as (radio
, iface
):
1073 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1075 sigma_dut_cmd_check("ap_reset_default")
1076 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1077 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1078 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1080 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1081 with
open(conffile
, "wb") as f2
:
1084 dev
[0].request("SET sae_groups ")
1085 tests
= [("pw1", "id1"),
1089 for pw
, pw_id
in tests
:
1090 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
=pw
,
1091 sae_password_id
=pw_id
,
1092 ieee80211w
="2", scan_freq
="2412")
1093 dev
[0].request("REMOVE_NETWORK all")
1094 dev
[0].wait_disconnected()
1096 sigma_dut_cmd_check("ap_reset_default")
1098 stop_sigma_dut(sigma
)
1100 def test_sigma_dut_ap_sae_pw_id_pwe_loop(dev
, apdev
, params
):
1101 """sigma_dut controlled AP with SAE Password Identifier and forced PWE looping"""
1102 logdir
= os
.path
.join(params
['logdir'],
1103 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-hostapd")
1104 conffile
= os
.path
.join(params
['logdir'],
1105 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-conf")
1106 if "SAE" not in dev
[0].get_capability("auth_alg"):
1107 raise HwsimSkip("SAE not supported")
1108 with
HWSimRadio() as (radio
, iface
):
1109 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1111 sigma_dut_cmd_check("ap_reset_default")
1112 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1113 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,12345678:pwid,PMF,Required,sae_pwe,looping")
1114 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1116 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1117 with
open(conffile
, "wb") as f2
:
1120 dev
[0].set("sae_groups", "")
1121 dev
[0].connect("test-sae", key_mgmt
="SAE", sae_password
="12345678",
1122 sae_password_id
="pwid",
1123 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
1124 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
1125 "CTRL-EVENT-CONNECTED"], timeout
=10)
1127 raise Exception("Network selection result not indicated")
1128 if "CTRL-EVENT-CONNECTED" in ev
:
1129 raise Exception("Unexpected connection")
1130 dev
[0].request("REMOVE_NETWORK all")
1132 sigma_dut_cmd_check("ap_reset_default")
1134 stop_sigma_dut(sigma
)
1136 def test_sigma_dut_ap_sae_pw_id_ft(dev
, apdev
, params
):
1137 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1138 logdir
= os
.path
.join(params
['logdir'],
1139 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1140 conffile
= os
.path
.join(params
['logdir'],
1141 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1142 if "SAE" not in dev
[0].get_capability("auth_alg"):
1143 raise HwsimSkip("SAE not supported")
1144 with
HWSimRadio() as (radio
, iface
):
1145 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1147 sigma_dut_cmd_check("ap_reset_default")
1148 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1149 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1150 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1152 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1153 with
open(conffile
, "wb") as f2
:
1156 dev
[0].request("SET sae_groups ")
1157 tests
= [("pw1", "id1", "SAE"),
1158 ("pw2", "id2", "FT-SAE"),
1159 ("pw3", None, "FT-SAE"),
1160 ("pw4", "id4", "SAE")]
1161 for pw
, pw_id
, key_mgmt
in tests
:
1162 dev
[0].connect("test-sae", key_mgmt
=key_mgmt
, sae_password
=pw
,
1163 sae_password_id
=pw_id
,
1164 ieee80211w
="2", scan_freq
="2412")
1165 dev
[0].request("REMOVE_NETWORK all")
1166 dev
[0].wait_disconnected()
1168 sigma_dut_cmd_check("ap_reset_default")
1170 stop_sigma_dut(sigma
)
1172 def test_sigma_dut_ap_sae_group(dev
, apdev
, params
):
1173 """sigma_dut controlled AP with SAE and specific group"""
1174 logdir
= os
.path
.join(params
['logdir'],
1175 "sigma_dut_ap_sae_group.sigma-hostapd")
1176 if "SAE" not in dev
[0].get_capability("auth_alg"):
1177 raise HwsimSkip("SAE not supported")
1178 with
HWSimRadio() as (radio
, iface
):
1179 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1181 sigma_dut_cmd_check("ap_reset_default")
1182 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1183 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1184 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1186 dev
[0].request("SET sae_groups ")
1187 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1188 ieee80211w
="2", scan_freq
="2412")
1189 if dev
[0].get_status_field('sae_group') != '20':
1190 raise Exception("Expected SAE group not used")
1192 sigma_dut_cmd_check("ap_reset_default")
1194 stop_sigma_dut(sigma
)
1196 def test_sigma_dut_ap_psk_sae(dev
, apdev
, params
):
1197 """sigma_dut controlled AP with PSK+SAE"""
1198 if "SAE" not in dev
[0].get_capability("auth_alg"):
1199 raise HwsimSkip("SAE not supported")
1200 logdir
= os
.path
.join(params
['logdir'],
1201 "sigma_dut_ap_psk_sae.sigma-hostapd")
1202 with
HWSimRadio() as (radio
, iface
):
1203 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1205 sigma_dut_cmd_check("ap_reset_default")
1206 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1207 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1208 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1210 dev
[2].request("SET sae_groups ")
1211 dev
[2].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1212 scan_freq
="2412", ieee80211w
="0", wait_connect
=False)
1213 dev
[0].request("SET sae_groups ")
1214 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
1215 scan_freq
="2412", ieee80211w
="2")
1216 dev
[1].connect("test-sae", psk
="12345678", scan_freq
="2412")
1218 ev
= dev
[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.1)
1219 dev
[2].request("DISCONNECT")
1221 raise Exception("Unexpected connection without PMF")
1223 sigma_dut_cmd_check("ap_reset_default")
1225 stop_sigma_dut(sigma
)
1227 def test_sigma_dut_ap_psk_sae_ft(dev
, apdev
, params
):
1228 """sigma_dut controlled AP with PSK, SAE, FT"""
1229 logdir
= os
.path
.join(params
['logdir'],
1230 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1231 conffile
= os
.path
.join(params
['logdir'],
1232 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1233 if "SAE" not in dev
[0].get_capability("auth_alg"):
1234 raise HwsimSkip("SAE not supported")
1235 with
HWSimRadio() as (radio
, iface
):
1236 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1238 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1239 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1240 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1241 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1242 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev
[1]['bssid'])
1243 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1245 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
1246 with
open(conffile
, "wb") as f2
:
1249 dev
[0].request("SET sae_groups ")
1250 dev
[0].connect("test-sae-psk", key_mgmt
="SAE FT-SAE",
1251 sae_password
="12345678", scan_freq
="2412")
1252 dev
[1].connect("test-sae-psk", key_mgmt
="WPA-PSK FT-PSK",
1253 psk
="12345678", scan_freq
="2412")
1254 dev
[2].connect("test-sae-psk", key_mgmt
="WPA-PSK",
1255 psk
="12345678", scan_freq
="2412")
1257 sigma_dut_cmd_check("ap_reset_default")
1259 stop_sigma_dut(sigma
)
1261 def test_sigma_dut_owe(dev
, apdev
):
1262 """sigma_dut controlled OWE station"""
1264 run_sigma_dut_owe(dev
, apdev
)
1266 dev
[0].set("ignore_old_scan_res", "0")
1268 def run_sigma_dut_owe(dev
, apdev
):
1269 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1270 raise HwsimSkip("OWE not supported")
1272 ifname
= dev
[0].ifname
1273 sigma
= start_sigma_dut(ifname
)
1276 params
= {"ssid": "owe",
1278 "wpa_key_mgmt": "OWE",
1280 "rsn_pairwise": "CCMP"}
1281 hapd
= hostapd
.add_ap(apdev
[0], params
)
1282 bssid
= hapd
.own_addr()
1284 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1285 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1286 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname
)
1287 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1289 sigma_dut_wait_connected(ifname
)
1290 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1291 res
= sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname
)
1292 logger
.info("Reported PMK: " + res
)
1293 if ",PMK," not in res
:
1294 raise Exception("PMK not reported");
1295 if hapd
.request("GET_PMK " + dev
[0].own_addr()) != res
.split(',')[3]:
1296 raise Exception("Mismatch in reported PMK")
1298 dev
[0].dump_monitor()
1299 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname
, bssid
))
1300 dev
[0].wait_connected()
1301 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1302 dev
[0].wait_disconnected()
1303 dev
[0].dump_monitor()
1305 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1306 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1307 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1308 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1310 sigma_dut_wait_connected(ifname
)
1311 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
1312 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1313 dev
[0].wait_disconnected()
1314 dev
[0].dump_monitor()
1316 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1317 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1318 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname
)
1319 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1321 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1322 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
1324 raise Exception("Association not rejected")
1325 if "status_code=77" not in ev
:
1326 raise Exception("Unexpected rejection reason: " + ev
)
1328 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1330 stop_sigma_dut(sigma
)
1332 def test_sigma_dut_owe_ptk_workaround(dev
, apdev
):
1333 """sigma_dut controlled OWE station with PTK workaround"""
1334 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1335 raise HwsimSkip("OWE not supported")
1337 params
= {"ssid": "owe",
1339 "wpa_key_mgmt": "OWE",
1340 "owe_ptk_workaround": "1",
1343 "rsn_pairwise": "CCMP"}
1344 hapd
= hostapd
.add_ap(apdev
[0], params
)
1346 ifname
= dev
[0].ifname
1347 sigma
= start_sigma_dut(ifname
, owe_ptk_workaround
=True)
1350 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
1351 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
1352 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname
)
1353 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname
,
1355 sigma_dut_wait_connected(ifname
)
1356 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
1358 stop_sigma_dut(sigma
)
1359 dev
[0].set("ignore_old_scan_res", "0")
1361 def test_sigma_dut_ap_owe(dev
, apdev
, params
):
1362 """sigma_dut controlled AP with OWE"""
1363 logdir
= os
.path
.join(params
['logdir'],
1364 "sigma_dut_ap_owe.sigma-hostapd")
1365 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1366 raise HwsimSkip("OWE not supported")
1367 with
HWSimRadio() as (radio
, iface
):
1368 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1370 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1371 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1372 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1373 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1375 id = dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1378 res
= sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev
[0].own_addr())
1379 logger
.info("Reported PMK: " + res
)
1380 if ",PMK," not in res
:
1381 raise Exception("PMK not reported");
1382 if dev
[0].get_pmk(id) != res
.split(',')[3]:
1383 raise Exception("Mismatch in reported PMK")
1385 sigma_dut_cmd_check("ap_reset_default")
1387 stop_sigma_dut(sigma
)
1389 def test_sigma_dut_ap_owe_ecgroupid(dev
, apdev
):
1390 """sigma_dut controlled AP with OWE and ECGroupID"""
1391 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1392 raise HwsimSkip("OWE not supported")
1393 with
HWSimRadio() as (radio
, iface
):
1394 sigma
= start_sigma_dut(iface
)
1396 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1397 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1398 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1399 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1401 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1402 owe_group
="20", scan_freq
="2412")
1403 dev
[0].request("REMOVE_NETWORK all")
1404 dev
[0].wait_disconnected()
1406 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1407 owe_group
="21", scan_freq
="2412")
1408 dev
[0].request("REMOVE_NETWORK all")
1409 dev
[0].wait_disconnected()
1411 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1412 owe_group
="19", scan_freq
="2412", wait_connect
=False)
1413 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=10)
1414 dev
[0].request("DISCONNECT")
1416 raise Exception("Association not rejected")
1417 if "status_code=77" not in ev
:
1418 raise Exception("Unexpected rejection reason: " + ev
)
1419 dev
[0].dump_monitor()
1421 sigma_dut_cmd_check("ap_reset_default")
1423 stop_sigma_dut(sigma
)
1425 def test_sigma_dut_ap_owe_ptk_workaround(dev
, apdev
):
1426 """sigma_dut controlled AP with OWE PTK workaround"""
1427 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1428 raise HwsimSkip("OWE not supported")
1429 with
HWSimRadio() as (radio
, iface
):
1430 sigma
= start_sigma_dut(iface
, owe_ptk_workaround
=True)
1432 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1433 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1434 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20,PMF,Required")
1435 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1437 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1438 owe_group
="20", owe_ptk_workaround
="1",
1440 sigma_dut_cmd_check("ap_reset_default")
1442 stop_sigma_dut(sigma
)
1444 def test_sigma_dut_ap_owe_transition_mode(dev
, apdev
, params
):
1445 """sigma_dut controlled AP with OWE and transition mode"""
1446 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1447 raise HwsimSkip("OWE not supported")
1448 logdir
= os
.path
.join(params
['logdir'],
1449 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1450 with
HWSimRadio() as (radio
, iface
):
1451 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1453 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1454 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1455 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1456 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1457 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1458 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1460 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1461 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1463 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1465 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1466 if dev
[0].get_status_field('bssid') not in res1
:
1467 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1
)
1468 if dev
[1].get_status_field('bssid') not in res2
:
1469 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2
)
1471 sigma_dut_cmd_check("ap_reset_default")
1473 stop_sigma_dut(sigma
)
1475 def test_sigma_dut_ap_owe_transition_mode_2(dev
, apdev
, params
):
1476 """sigma_dut controlled AP with OWE and transition mode (2)"""
1477 if "OWE" not in dev
[0].get_capability("key_mgmt"):
1478 raise HwsimSkip("OWE not supported")
1479 logdir
= os
.path
.join(params
['logdir'],
1480 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1481 with
HWSimRadio() as (radio
, iface
):
1482 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
1484 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1485 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1486 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1487 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1488 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1489 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1491 res1
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1492 res2
= sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1494 dev
[0].connect("owe", key_mgmt
="OWE", ieee80211w
="2",
1496 dev
[1].connect("owe", key_mgmt
="NONE", scan_freq
="2412")
1497 if dev
[0].get_status_field('bssid') not in res2
:
1498 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1
)
1499 if dev
[1].get_status_field('bssid') not in res1
:
1500 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2
)
1502 sigma_dut_cmd_check("ap_reset_default")
1504 stop_sigma_dut(sigma
)
1506 def dpp_init_enrollee(dev
, id1
, enrollee_role
):
1507 logger
.info("Starting DPP initiator/enrollee in a thread")
1509 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1510 if enrollee_role
== "Configurator":
1511 cmd
+= " netrole=configurator"
1512 if "OK" not in dev
.request(cmd
):
1513 raise Exception("Failed to initiate DPP Authentication")
1514 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
1516 raise Exception("DPP configuration not completed (Enrollee)")
1517 logger
.info("DPP initiator/enrollee done")
1519 def test_sigma_dut_dpp_qr_resp_1(dev
, apdev
):
1520 """sigma_dut DPP/QR responder (conf index 1)"""
1521 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1)
1523 def test_sigma_dut_dpp_qr_resp_2(dev
, apdev
):
1524 """sigma_dut DPP/QR responder (conf index 2)"""
1525 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 2)
1527 def test_sigma_dut_dpp_qr_resp_3(dev
, apdev
):
1528 """sigma_dut DPP/QR responder (conf index 3)"""
1529 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3)
1531 def test_sigma_dut_dpp_qr_resp_4(dev
, apdev
):
1532 """sigma_dut DPP/QR responder (conf index 4)"""
1533 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 4)
1535 def test_sigma_dut_dpp_qr_resp_5(dev
, apdev
):
1536 """sigma_dut DPP/QR responder (conf index 5)"""
1537 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 5)
1539 def test_sigma_dut_dpp_qr_resp_6(dev
, apdev
):
1540 """sigma_dut DPP/QR responder (conf index 6)"""
1541 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 6)
1543 def test_sigma_dut_dpp_qr_resp_7(dev
, apdev
):
1544 """sigma_dut DPP/QR responder (conf index 7)"""
1545 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 7)
1547 def test_sigma_dut_dpp_qr_resp_8(dev
, apdev
):
1548 """sigma_dut DPP/QR responder (conf index 8)"""
1549 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 8)
1551 def test_sigma_dut_dpp_qr_resp_9(dev
, apdev
):
1552 """sigma_dut DPP/QR responder (conf index 9)"""
1553 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 9)
1555 def test_sigma_dut_dpp_qr_resp_10(dev
, apdev
):
1556 """sigma_dut DPP/QR responder (conf index 10)"""
1557 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 10)
1559 def test_sigma_dut_dpp_qr_resp_chan_list(dev
, apdev
):
1560 """sigma_dut DPP/QR responder (channel list override)"""
1561 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 1, chan_list
='81/2 81/6 81/1',
1564 def test_sigma_dut_dpp_qr_resp_status_query(dev
, apdev
):
1565 """sigma_dut DPP/QR responder status query"""
1566 check_dpp_capab(dev
[1])
1567 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1568 passphrase
="ThisIsDppPassphrase")
1569 hapd
= hostapd
.add_ap(apdev
[0], params
)
1572 dev
[1].set("dpp_config_processing", "2")
1573 run_sigma_dut_dpp_qr_resp(dev
, apdev
, 3, status_query
=True)
1575 dev
[1].set("dpp_config_processing", "0", allow_fail
=True)
1577 def test_sigma_dut_dpp_qr_resp_configurator(dev
, apdev
):
1578 """sigma_dut DPP/QR responder (configurator provisioning)"""
1579 run_sigma_dut_dpp_qr_resp(dev
, apdev
, -1, enrollee_role
="Configurator")
1581 def run_sigma_dut_dpp_qr_resp(dev
, apdev
, conf_idx
, chan_list
=None,
1582 listen_chan
=None, status_query
=False,
1583 enrollee_role
="STA"):
1584 check_dpp_capab(dev
[0])
1585 check_dpp_capab(dev
[1])
1586 sigma
= start_sigma_dut(dev
[0].ifname
)
1588 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1590 cmd
+= ",DPPChannelList," + chan_list
1591 res
= sigma_dut_cmd(cmd
)
1592 if "status,COMPLETE" not in res
:
1593 raise Exception("dev_exec_action did not succeed: " + res
)
1594 hex = res
.split(',')[3]
1596 logger
.info("URI from sigma_dut: " + uri
)
1598 id1
= dev
[1].dpp_qr_code(uri
)
1600 t
= threading
.Thread(target
=dpp_init_enrollee
, args
=(dev
[1], id1
,
1603 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
1604 if conf_idx
is not None:
1605 cmd
+= ",DPPConfIndex,%d" % conf_idx
1607 cmd
+= ",DPPListenChannel," + str(listen_chan
)
1609 cmd
+= ",DPPStatusQuery,Yes"
1610 res
= sigma_dut_cmd(cmd
, timeout
=10)
1612 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1613 raise Exception("Unexpected result: " + res
)
1614 if status_query
and "StatusResult,0" not in res
:
1615 raise Exception("Status query did not succeed: " + res
)
1617 stop_sigma_dut(sigma
)
1619 def test_sigma_dut_dpp_qr_init_enrollee(dev
, apdev
):
1620 """sigma_dut DPP/QR initiator as Enrollee"""
1621 check_dpp_capab(dev
[0])
1622 check_dpp_capab(dev
[1])
1624 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1625 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1626 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1627 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1629 params
= {"ssid": "DPPNET01",
1632 "wpa_key_mgmt": "DPP",
1633 "rsn_pairwise": "CCMP",
1634 "dpp_connector": ap_connector
,
1635 "dpp_csign": csign_pub
,
1636 "dpp_netaccesskey": ap_netaccesskey
}
1638 hapd
= hostapd
.add_ap(apdev
[0], params
)
1640 raise HwsimSkip("DPP not supported")
1642 sigma
= start_sigma_dut(dev
[0].ifname
)
1644 dev
[0].set("dpp_config_processing", "2")
1646 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1647 res
= dev
[1].request(cmd
)
1649 raise Exception("Failed to add configurator")
1652 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1653 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1655 dev
[1].set("dpp_configurator_params",
1656 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1657 cmd
= "DPP_LISTEN 2437 role=configurator"
1658 if "OK" not in dev
[1].request(cmd
):
1659 raise Exception("Failed to start listen operation")
1661 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1662 if "status,COMPLETE" not in res
:
1663 raise Exception("dev_exec_action did not succeed: " + res
)
1665 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1666 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1667 raise Exception("Unexpected result: " + res
)
1669 dev
[0].set("dpp_config_processing", "0")
1670 stop_sigma_dut(sigma
)
1672 def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev
, apdev
):
1673 """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
1674 check_dpp_capab(dev
[0])
1675 check_dpp_capab(dev
[1])
1677 sigma
= start_sigma_dut(dev
[0].ifname
)
1679 cmd
= "DPP_CONFIGURATOR_ADD"
1680 res
= dev
[1].request(cmd
)
1682 raise Exception("Failed to add configurator")
1685 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1686 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1688 dev
[1].set("dpp_configurator_params",
1689 " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1690 cmd
= "DPP_LISTEN 2437 role=configurator"
1691 if "OK" not in dev
[1].request(cmd
):
1692 raise Exception("Failed to start listen operation")
1694 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1695 if "status,COMPLETE" not in res
:
1696 raise Exception("dev_exec_action did not succeed: " + res
)
1698 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout
=10)
1699 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
1700 raise Exception("Unexpected result: " + res
)
1702 dev
[0].set("dpp_config_processing", "0")
1703 stop_sigma_dut(sigma
)
1705 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1706 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1707 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
)
1709 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
):
1710 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1711 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
,
1712 extra
="DPPAuthDirection,Mutual,")
1714 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev
, apdev
, extra
=''):
1715 check_dpp_capab(dev
[0])
1716 check_dpp_capab(dev
[1])
1718 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1719 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1720 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1721 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1723 params
= {"ssid": "DPPNET01",
1726 "wpa_key_mgmt": "DPP",
1727 "rsn_pairwise": "CCMP",
1728 "dpp_connector": ap_connector
,
1729 "dpp_csign": csign_pub
,
1730 "dpp_netaccesskey": ap_netaccesskey
}
1732 hapd
= hostapd
.add_ap(apdev
[0], params
)
1734 raise HwsimSkip("DPP not supported")
1736 sigma
= start_sigma_dut(dev
[0].ifname
)
1738 dev
[0].set("dpp_config_processing", "2")
1740 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1741 res
= dev
[1].request(cmd
)
1743 raise Exception("Failed to add configurator")
1746 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1747 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1749 dev
[1].set("dpp_configurator_params",
1750 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id
))
1751 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1752 if "OK" not in dev
[1].request(cmd
):
1753 raise Exception("Failed to start listen operation")
1755 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1756 if "status,COMPLETE" not in res
:
1757 raise Exception("dev_exec_action did not succeed: " + res
)
1758 hex = res
.split(',')[3]
1760 logger
.info("URI from sigma_dut: " + uri
)
1762 id1
= dev
[1].dpp_qr_code(uri
)
1764 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1765 if "status,COMPLETE" not in res
:
1766 raise Exception("dev_exec_action did not succeed: " + res
)
1768 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra
, timeout
=10)
1769 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1770 raise Exception("Unexpected result: " + res
)
1772 dev
[0].set("dpp_config_processing", "0")
1773 stop_sigma_dut(sigma
)
1775 def dpp_init_conf_mutual(dev
, id1
, conf_id
, own_id
=None):
1777 logger
.info("Starting DPP initiator/configurator in a thread")
1778 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1
, to_hex("DPPNET01"), conf_id
)
1779 if own_id
is not None:
1780 cmd
+= " own=%d" % own_id
1781 if "OK" not in dev
.request(cmd
):
1782 raise Exception("Failed to initiate DPP Authentication")
1783 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1785 raise Exception("DPP configuration not completed (Configurator)")
1786 logger
.info("DPP initiator/configurator done")
1788 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
):
1789 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1790 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
)
1792 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev
, apdev
):
1793 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1794 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, ',DPPDelayQRResponse,1')
1796 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev
, apdev
, extra
=None):
1797 check_dpp_capab(dev
[0])
1798 check_dpp_capab(dev
[1])
1800 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1801 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1802 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1803 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1805 params
= {"ssid": "DPPNET01",
1808 "wpa_key_mgmt": "DPP",
1809 "rsn_pairwise": "CCMP",
1810 "dpp_connector": ap_connector
,
1811 "dpp_csign": csign_pub
,
1812 "dpp_netaccesskey": ap_netaccesskey
}
1814 hapd
= hostapd
.add_ap(apdev
[0], params
)
1816 raise HwsimSkip("DPP not supported")
1818 sigma
= start_sigma_dut(dev
[0].ifname
)
1820 dev
[0].set("dpp_config_processing", "2")
1822 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1823 res
= dev
[1].request(cmd
)
1825 raise Exception("Failed to add configurator")
1828 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1829 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1831 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1832 if "status,COMPLETE" not in res
:
1833 raise Exception("dev_exec_action did not succeed: " + res
)
1834 hex = res
.split(',')[3]
1836 logger
.info("URI from sigma_dut: " + uri
)
1838 id1
= dev
[1].dpp_qr_code(uri
)
1840 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1841 if "status,COMPLETE" not in res
:
1842 raise Exception("dev_exec_action did not succeed: " + res
)
1844 t
= threading
.Thread(target
=dpp_init_conf_mutual
,
1845 args
=(dev
[1], id1
, conf_id
, id0
))
1848 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1851 res
= sigma_dut_cmd(cmd
, timeout
=25)
1853 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1854 raise Exception("Unexpected result: " + res
)
1856 dev
[0].set("dpp_config_processing", "0")
1857 stop_sigma_dut(sigma
)
1859 def dpp_resp_conf_mutual(dev
, conf_id
, uri
):
1860 logger
.info("Starting DPP responder/configurator in a thread")
1861 dev
.set("dpp_configurator_params",
1862 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1864 cmd
= "DPP_LISTEN 2437 role=configurator qr=mutual"
1865 if "OK" not in dev
.request(cmd
):
1866 raise Exception("Failed to initiate DPP listen")
1868 ev
= dev
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=10)
1870 raise Exception("QR Code scan for mutual authentication not requested")
1871 dev
.dpp_qr_code(uri
)
1872 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=10)
1874 raise Exception("DPP configuration not completed (Configurator)")
1875 logger
.info("DPP responder/configurator done")
1877 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
):
1878 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1879 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, False)
1881 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev
, apdev
):
1882 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1883 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, True)
1885 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev
, apdev
, resp_pending
):
1886 check_dpp_capab(dev
[0])
1887 check_dpp_capab(dev
[1])
1889 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1890 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1891 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1892 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1894 params
= {"ssid": "DPPNET01",
1897 "wpa_key_mgmt": "DPP",
1898 "rsn_pairwise": "CCMP",
1899 "dpp_connector": ap_connector
,
1900 "dpp_csign": csign_pub
,
1901 "dpp_netaccesskey": ap_netaccesskey
}
1903 hapd
= hostapd
.add_ap(apdev
[0], params
)
1905 raise HwsimSkip("DPP not supported")
1907 sigma
= start_sigma_dut(dev
[0].ifname
)
1909 dev
[0].set("dpp_config_processing", "2")
1911 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
1912 res
= dev
[1].request(cmd
)
1914 raise Exception("Failed to add configurator")
1917 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1918 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1920 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1921 if "status,COMPLETE" not in res
:
1922 raise Exception("dev_exec_action did not succeed: " + res
)
1923 hex = res
.split(',')[3]
1925 logger
.info("URI from sigma_dut: " + uri
)
1927 if not resp_pending
:
1928 dev
[1].dpp_qr_code(uri
)
1931 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1932 if "status,COMPLETE" not in res
:
1933 raise Exception("dev_exec_action did not succeed: " + res
)
1935 t
= threading
.Thread(target
=dpp_resp_conf_mutual
,
1936 args
=(dev
[1], conf_id
, uri
))
1940 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1941 res
= sigma_dut_cmd(cmd
, timeout
=15)
1943 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
1944 raise Exception("Unexpected result: " + res
)
1946 dev
[0].set("dpp_config_processing", "0")
1947 stop_sigma_dut(sigma
)
1949 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev
, apdev
):
1950 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1951 check_dpp_capab(dev
[0])
1952 check_dpp_capab(dev
[1])
1954 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1955 passphrase
="ThisIsDppPassphrase")
1956 hapd
= hostapd
.add_ap(apdev
[0], params
)
1958 sigma
= start_sigma_dut(dev
[0].ifname
)
1960 dev
[0].set("dpp_config_processing", "2")
1962 cmd
= "DPP_CONFIGURATOR_ADD"
1963 res
= dev
[1].request(cmd
)
1965 raise Exception("Failed to add configurator")
1968 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1969 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1971 dev
[1].set("dpp_configurator_params",
1972 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
1973 cmd
= "DPP_LISTEN 2437 role=configurator"
1974 if "OK" not in dev
[1].request(cmd
):
1975 raise Exception("Failed to start listen operation")
1977 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
1978 if "status,COMPLETE" not in res
:
1979 raise Exception("dev_exec_action did not succeed: " + res
)
1981 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
1982 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
1983 raise Exception("Unexpected result: " + res
)
1985 dev
[0].set("dpp_config_processing", "0")
1986 stop_sigma_dut(sigma
)
1988 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev
, apdev
):
1989 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1990 check_dpp_capab(dev
[0])
1991 check_dpp_capab(dev
[1])
1992 if "SAE" not in dev
[0].get_capability("auth_alg"):
1993 raise HwsimSkip("SAE not supported")
1995 params
= hostapd
.wpa2_params(ssid
="DPPNET01",
1996 passphrase
="ThisIsDppPassphrase")
1997 params
['wpa_key_mgmt'] = 'SAE'
1998 params
["ieee80211w"] = "2"
1999 hapd
= hostapd
.add_ap(apdev
[0], params
)
2001 sigma
= start_sigma_dut(dev
[0].ifname
)
2003 dev
[0].set("dpp_config_processing", "2")
2004 dev
[0].set("sae_groups", "")
2006 cmd
= "DPP_CONFIGURATOR_ADD"
2007 res
= dev
[1].request(cmd
)
2009 raise Exception("Failed to add configurator")
2012 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2013 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2015 dev
[1].set("dpp_configurator_params",
2016 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id
))
2017 cmd
= "DPP_LISTEN 2437 role=configurator"
2018 if "OK" not in dev
[1].request(cmd
):
2019 raise Exception("Failed to start listen operation")
2021 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2022 if "status,COMPLETE" not in res
:
2023 raise Exception("dev_exec_action did not succeed: " + res
)
2025 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout
=10)
2026 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res
:
2027 raise Exception("Unexpected result: " + res
)
2029 dev
[0].set("dpp_config_processing", "0")
2030 stop_sigma_dut(sigma
)
2032 def test_sigma_dut_dpp_qr_init_configurator_1(dev
, apdev
):
2033 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
2034 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1)
2036 def test_sigma_dut_dpp_qr_init_configurator_2(dev
, apdev
):
2037 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
2038 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 2)
2040 def test_sigma_dut_dpp_qr_init_configurator_3(dev
, apdev
):
2041 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
2042 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 3)
2044 def test_sigma_dut_dpp_qr_init_configurator_4(dev
, apdev
):
2045 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
2046 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 4)
2048 def test_sigma_dut_dpp_qr_init_configurator_5(dev
, apdev
):
2049 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
2050 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 5)
2052 def test_sigma_dut_dpp_qr_init_configurator_6(dev
, apdev
):
2053 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
2054 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 6)
2056 def test_sigma_dut_dpp_qr_init_configurator_7(dev
, apdev
):
2057 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
2058 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 7)
2060 def test_sigma_dut_dpp_qr_init_configurator_both(dev
, apdev
):
2061 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
2062 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, "Both")
2064 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev
, apdev
):
2065 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
2066 run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, 1, extra
='DPPSubsequentChannel,81/11')
2068 def run_sigma_dut_dpp_qr_init_configurator(dev
, apdev
, conf_idx
,
2069 prov_role
="Configurator",
2071 check_dpp_capab(dev
[0])
2072 check_dpp_capab(dev
[1])
2073 sigma
= start_sigma_dut(dev
[0].ifname
)
2075 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2076 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2078 cmd
= "DPP_LISTEN 2437 role=enrollee"
2079 if "OK" not in dev
[1].request(cmd
):
2080 raise Exception("Failed to start listen operation")
2082 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2083 if "status,COMPLETE" not in res
:
2084 raise Exception("dev_exec_action did not succeed: " + res
)
2086 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role
, conf_idx
)
2089 res
= sigma_dut_cmd(cmd
)
2090 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2091 raise Exception("Unexpected result: " + res
)
2093 stop_sigma_dut(sigma
)
2095 def test_sigma_dut_dpp_incompatible_roles_init(dev
, apdev
):
2096 """sigma_dut DPP roles incompatible (Initiator)"""
2097 check_dpp_capab(dev
[0])
2098 check_dpp_capab(dev
[1])
2099 sigma
= start_sigma_dut(dev
[0].ifname
)
2101 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2102 if "status,COMPLETE" not in res
:
2103 raise Exception("dev_exec_action did not succeed: " + res
)
2104 hex = res
.split(',')[3]
2106 logger
.info("URI from sigma_dut: " + uri
)
2108 id1
= dev
[1].dpp_qr_code(uri
)
2110 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2111 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2113 cmd
= "DPP_LISTEN 2437 role=enrollee"
2114 if "OK" not in dev
[1].request(cmd
):
2115 raise Exception("Failed to start listen operation")
2117 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2118 if "status,COMPLETE" not in res
:
2119 raise Exception("dev_exec_action did not succeed: " + res
)
2121 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2122 res
= sigma_dut_cmd(cmd
)
2123 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
2124 raise Exception("Unexpected result: " + res
)
2126 stop_sigma_dut(sigma
)
2128 def dpp_init_enrollee_mutual(dev
, id1
, own_id
):
2129 logger
.info("Starting DPP initiator/enrollee in a thread")
2131 cmd
= "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1
, own_id
)
2132 if "OK" not in dev
.request(cmd
):
2133 raise Exception("Failed to initiate DPP Authentication")
2134 ev
= dev
.wait_event(["DPP-CONF-RECEIVED",
2135 "DPP-NOT-COMPATIBLE"], timeout
=5)
2137 raise Exception("DPP configuration not completed (Enrollee)")
2138 logger
.info("DPP initiator/enrollee done")
2140 def test_sigma_dut_dpp_incompatible_roles_resp(dev
, apdev
):
2141 """sigma_dut DPP roles incompatible (Responder)"""
2142 check_dpp_capab(dev
[0])
2143 check_dpp_capab(dev
[1])
2144 sigma
= start_sigma_dut(dev
[0].ifname
)
2146 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2147 res
= sigma_dut_cmd(cmd
)
2148 if "status,COMPLETE" not in res
:
2149 raise Exception("dev_exec_action did not succeed: " + res
)
2150 hex = res
.split(',')[3]
2152 logger
.info("URI from sigma_dut: " + uri
)
2154 id1
= dev
[1].dpp_qr_code(uri
)
2156 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2157 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2159 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2160 if "status,COMPLETE" not in res
:
2161 raise Exception("dev_exec_action did not succeed: " + res
)
2163 t
= threading
.Thread(target
=dpp_init_enrollee_mutual
, args
=(dev
[1], id1
, id0
))
2165 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2166 res
= sigma_dut_cmd(cmd
, timeout
=10)
2168 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res
:
2169 raise Exception("Unexpected result: " + res
)
2171 stop_sigma_dut(sigma
)
2173 def test_sigma_dut_dpp_pkex_init_configurator(dev
, apdev
):
2174 """sigma_dut DPP/PKEX initiator as Configurator"""
2175 check_dpp_capab(dev
[0])
2176 check_dpp_capab(dev
[1])
2177 sigma
= start_sigma_dut(dev
[0].ifname
)
2179 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2180 cmd
= "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1
)
2181 res
= dev
[1].request(cmd
)
2183 raise Exception("Failed to set PKEX data (responder)")
2184 cmd
= "DPP_LISTEN 2437 role=enrollee"
2185 if "OK" not in dev
[1].request(cmd
):
2186 raise Exception("Failed to start listen operation")
2188 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
2189 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2190 raise Exception("Unexpected result: " + res
)
2192 stop_sigma_dut(sigma
)
2194 def dpp_init_conf(dev
, id1
, conf
, conf_id
, extra
):
2195 logger
.info("Starting DPP initiator/configurator in a thread")
2196 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1
, conf
, extra
, conf_id
)
2197 if "OK" not in dev
.request(cmd
):
2198 raise Exception("Failed to initiate DPP Authentication")
2199 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2201 raise Exception("DPP configuration not completed (Configurator)")
2202 logger
.info("DPP initiator/configurator done")
2204 def test_sigma_dut_ap_dpp_qr(dev
, apdev
, params
):
2205 """sigma_dut controlled AP (DPP)"""
2206 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-dpp", "sta-dpp")
2208 def test_sigma_dut_ap_dpp_qr_legacy(dev
, apdev
, params
):
2209 """sigma_dut controlled AP (legacy)"""
2210 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2211 extra
="pass=%s" % to_hex("qwertyuiop"))
2213 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev
, apdev
, params
):
2214 """sigma_dut controlled AP (legacy)"""
2215 run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, "ap-psk", "sta-psk",
2216 extra
="psk=%s" % (32*"12"))
2218 def run_sigma_dut_ap_dpp_qr(dev
, apdev
, params
, ap_conf
, sta_conf
, extra
=""):
2219 check_dpp_capab(dev
[0])
2220 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2221 with
HWSimRadio() as (radio
, iface
):
2222 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2224 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2225 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2226 if "status,COMPLETE" not in res
:
2227 raise Exception("dev_exec_action did not succeed: " + res
)
2228 hex = res
.split(',')[3]
2230 logger
.info("URI from sigma_dut: " + uri
)
2232 cmd
= "DPP_CONFIGURATOR_ADD"
2233 res
= dev
[0].request(cmd
)
2235 raise Exception("Failed to add configurator")
2238 id1
= dev
[0].dpp_qr_code(uri
)
2240 t
= threading
.Thread(target
=dpp_init_conf
,
2241 args
=(dev
[0], id1
, ap_conf
, conf_id
, extra
))
2243 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2245 if "ConfResult,OK" not in res
:
2246 raise Exception("Unexpected result: " + res
)
2248 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2249 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
2251 id0b
= dev
[0].dpp_qr_code(uri1
)
2253 dev
[1].set("dpp_config_processing", "2")
2254 cmd
= "DPP_LISTEN 2412"
2255 if "OK" not in dev
[1].request(cmd
):
2256 raise Exception("Failed to start listen operation")
2257 cmd
= "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b
, sta_conf
, extra
, conf_id
)
2258 if "OK" not in dev
[0].request(cmd
):
2259 raise Exception("Failed to initiate DPP Authentication")
2260 dev
[1].wait_connected()
2262 sigma_dut_cmd_check("ap_reset_default")
2264 dev
[1].set("dpp_config_processing", "0")
2265 stop_sigma_dut(sigma
)
2267 def test_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
, params
):
2268 """sigma_dut controlled AP as DPP PKEX responder"""
2269 check_dpp_capab(dev
[0])
2270 logdir
= os
.path
.join(params
['logdir'],
2271 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2272 with
HWSimRadio() as (radio
, iface
):
2273 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2275 run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
)
2277 stop_sigma_dut(sigma
)
2279 def dpp_init_conf_pkex(dev
, conf_id
, check_config
=True):
2280 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2282 id = dev
.dpp_bootstrap_gen(type="pkex")
2283 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id
)
2284 res
= dev
.request(cmd
)
2286 raise Exception("Failed to initiate DPP PKEX")
2287 if not check_config
:
2289 ev
= dev
.wait_event(["DPP-CONF-SENT"], timeout
=5)
2291 raise Exception("DPP configuration not completed (Configurator)")
2292 logger
.info("DPP initiator/configurator done")
2294 def run_sigma_dut_ap_dpp_pkex_responder(dev
, apdev
):
2295 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2297 cmd
= "DPP_CONFIGURATOR_ADD"
2298 res
= dev
[0].request(cmd
)
2300 raise Exception("Failed to add configurator")
2303 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[0], conf_id
))
2305 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout
=10)
2307 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2308 raise Exception("Unexpected result: " + res
)
2310 sigma_dut_cmd_check("ap_reset_default")
2312 def test_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2313 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2314 check_dpp_capab(dev
[0])
2315 sigma
= start_sigma_dut(dev
[0].ifname
)
2317 run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
)
2319 stop_sigma_dut(sigma
)
2321 def run_sigma_dut_dpp_pkex_responder_proto(dev
, apdev
):
2322 cmd
= "DPP_CONFIGURATOR_ADD"
2323 res
= dev
[1].request(cmd
)
2325 raise Exception("Failed to add configurator")
2328 dev
[1].set("dpp_test", "44")
2330 t
= threading
.Thread(target
=dpp_init_conf_pkex
, args
=(dev
[1], conf_id
,
2333 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout
=10)
2335 if "BootstrapResult,Timeout" not in res
:
2336 raise Exception("Unexpected result: " + res
)
2338 def dpp_proto_init(dev
, id1
):
2340 logger
.info("Starting DPP initiator/configurator in a thread")
2341 cmd
= "DPP_CONFIGURATOR_ADD"
2342 res
= dev
.request(cmd
)
2344 raise Exception("Failed to add configurator")
2347 cmd
= "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1
, conf_id
)
2348 if "OK" not in dev
.request(cmd
):
2349 raise Exception("Failed to initiate DPP Authentication")
2351 def test_sigma_dut_dpp_proto_initiator(dev
, apdev
):
2352 """sigma_dut DPP protocol testing - Initiator"""
2353 check_dpp_capab(dev
[0])
2354 check_dpp_capab(dev
[1])
2355 tests
= [("InvalidValue", "AuthenticationRequest", "WrappedData",
2356 "BootstrapResult,OK,AuthResult,Errorsent",
2358 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2359 "BootstrapResult,OK,AuthResult,Errorsent",
2361 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2362 "BootstrapResult,OK,AuthResult,Errorsent",
2363 "Missing or invalid I-capabilities"),
2364 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2365 "BootstrapResult,OK,AuthResult,Errorsent",
2366 "Mismatching Initiator Authenticating Tag"),
2367 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2368 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2369 "Missing or invalid Enrollee Nonce attribute")]
2370 for step
, frame
, attr
, result
, fail
in tests
:
2371 dev
[0].request("FLUSH")
2372 dev
[1].request("FLUSH")
2373 sigma
= start_sigma_dut(dev
[0].ifname
)
2375 run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
,
2378 stop_sigma_dut(sigma
)
2380 def run_sigma_dut_dpp_proto_initiator(dev
, step
, frame
, attr
, result
, fail
):
2381 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2382 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2384 cmd
= "DPP_LISTEN 2437 role=enrollee"
2385 if "OK" not in dev
[1].request(cmd
):
2386 raise Exception("Failed to start listen operation")
2388 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2389 if "status,COMPLETE" not in res
:
2390 raise Exception("dev_exec_action did not succeed: " + res
)
2392 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
),
2394 if result
not in res
:
2395 raise Exception("Unexpected result: " + res
)
2397 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2398 if ev
is None or fail
not in ev
:
2399 raise Exception("Failure not reported correctly: " + str(ev
))
2401 dev
[1].request("DPP_STOP_LISTEN")
2402 dev
[0].dump_monitor()
2403 dev
[1].dump_monitor()
2405 def test_sigma_dut_dpp_proto_responder(dev
, apdev
):
2406 """sigma_dut DPP protocol testing - Responder"""
2407 check_dpp_capab(dev
[0])
2408 check_dpp_capab(dev
[1])
2409 tests
= [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2410 "BootstrapResult,OK,AuthResult,Errorsent",
2411 "Missing or invalid required DPP Status attribute"),
2412 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2413 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2414 "Missing or invalid Enrollee Nonce attribute")]
2415 for step
, frame
, attr
, result
, fail
in tests
:
2416 dev
[0].request("FLUSH")
2417 dev
[1].request("FLUSH")
2418 sigma
= start_sigma_dut(dev
[0].ifname
)
2420 run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
,
2423 stop_sigma_dut(sigma
)
2425 def run_sigma_dut_dpp_proto_responder(dev
, step
, frame
, attr
, result
, fail
):
2426 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2427 if "status,COMPLETE" not in res
:
2428 raise Exception("dev_exec_action did not succeed: " + res
)
2429 hex = res
.split(',')[3]
2431 logger
.info("URI from sigma_dut: " + uri
)
2433 id1
= dev
[1].dpp_qr_code(uri
)
2435 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2437 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2439 if result
not in res
:
2440 raise Exception("Unexpected result: " + res
)
2442 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2443 if ev
is None or fail
not in ev
:
2444 raise Exception("Failure not reported correctly:" + str(ev
))
2446 dev
[1].request("DPP_STOP_LISTEN")
2447 dev
[0].dump_monitor()
2448 dev
[1].dump_monitor()
2450 def test_sigma_dut_dpp_proto_stop_at_initiator(dev
, apdev
):
2451 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2452 check_dpp_capab(dev
[0])
2453 check_dpp_capab(dev
[1])
2454 tests
= [("AuthenticationResponse",
2455 "BootstrapResult,OK,AuthResult,Errorsent",
2457 ("ConfigurationRequest",
2458 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2460 for frame
, result
, fail
in tests
:
2461 dev
[0].request("FLUSH")
2462 dev
[1].request("FLUSH")
2463 sigma
= start_sigma_dut(dev
[0].ifname
)
2465 run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
)
2467 stop_sigma_dut(sigma
)
2469 def run_sigma_dut_dpp_proto_stop_at_initiator(dev
, frame
, result
, fail
):
2470 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2471 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2473 cmd
= "DPP_LISTEN 2437 role=enrollee"
2474 if "OK" not in dev
[1].request(cmd
):
2475 raise Exception("Failed to start listen operation")
2477 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2478 if "status,COMPLETE" not in res
:
2479 raise Exception("dev_exec_action did not succeed: " + res
)
2481 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
))
2482 if result
not in res
:
2483 raise Exception("Unexpected result: " + res
)
2485 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2486 if ev
is None or fail
not in ev
:
2487 raise Exception("Failure not reported correctly: " + str(ev
))
2489 dev
[1].request("DPP_STOP_LISTEN")
2490 dev
[0].dump_monitor()
2491 dev
[1].dump_monitor()
2493 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, apdev
):
2494 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2495 check_dpp_capab(dev
[0])
2496 check_dpp_capab(dev
[1])
2497 tests
= [("AuthenticationConfirm",
2498 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2500 for frame
, result
, fail
in tests
:
2501 dev
[0].request("FLUSH")
2502 dev
[1].request("FLUSH")
2503 sigma
= start_sigma_dut(dev
[0].ifname
)
2505 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
,
2508 stop_sigma_dut(sigma
)
2510 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev
, frame
, result
,
2512 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2513 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2515 cmd
= "DPP_LISTEN 2437 role=configurator"
2516 if "OK" not in dev
[1].request(cmd
):
2517 raise Exception("Failed to start listen operation")
2519 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2520 if "status,COMPLETE" not in res
:
2521 raise Exception("dev_exec_action did not succeed: " + res
)
2523 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2524 if result
not in res
:
2525 raise Exception("Unexpected result: " + res
)
2527 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2528 if ev
is None or fail
not in ev
:
2529 raise Exception("Failure not reported correctly: " + str(ev
))
2531 dev
[1].request("DPP_STOP_LISTEN")
2532 dev
[0].dump_monitor()
2533 dev
[1].dump_monitor()
2535 def test_sigma_dut_dpp_proto_stop_at_responder(dev
, apdev
):
2536 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2537 check_dpp_capab(dev
[0])
2538 check_dpp_capab(dev
[1])
2539 tests
= [("AuthenticationRequest",
2540 "BootstrapResult,OK,AuthResult,Errorsent",
2542 ("AuthenticationConfirm",
2543 "BootstrapResult,OK,AuthResult,Errorsent",
2545 for frame
, result
, fail
in tests
:
2546 dev
[0].request("FLUSH")
2547 dev
[1].request("FLUSH")
2548 sigma
= start_sigma_dut(dev
[0].ifname
)
2550 run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
)
2552 stop_sigma_dut(sigma
)
2554 def run_sigma_dut_dpp_proto_stop_at_responder(dev
, frame
, result
, fail
):
2555 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2556 if "status,COMPLETE" not in res
:
2557 raise Exception("dev_exec_action did not succeed: " + res
)
2558 hex = res
.split(',')[3]
2560 logger
.info("URI from sigma_dut: " + uri
)
2562 id1
= dev
[1].dpp_qr_code(uri
)
2564 t
= threading
.Thread(target
=dpp_proto_init
, args
=(dev
[1], id1
))
2566 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame
), timeout
=10)
2568 if result
not in res
:
2569 raise Exception("Unexpected result: " + res
)
2571 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2572 if ev
is None or fail
not in ev
:
2573 raise Exception("Failure not reported correctly:" + str(ev
))
2575 dev
[1].request("DPP_STOP_LISTEN")
2576 dev
[0].dump_monitor()
2577 dev
[1].dump_monitor()
2579 def dpp_proto_init_pkex(dev
):
2581 logger
.info("Starting DPP PKEX initiator/configurator in a thread")
2582 cmd
= "DPP_CONFIGURATOR_ADD"
2583 res
= dev
.request(cmd
)
2585 raise Exception("Failed to add configurator")
2588 id = dev
.dpp_bootstrap_gen(type="pkex")
2590 cmd
= "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id
)
2591 if "FAIL" in dev
.request(cmd
):
2592 raise Exception("Failed to initiate DPP PKEX")
2594 def test_sigma_dut_dpp_proto_initiator_pkex(dev
, apdev
):
2595 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2596 check_dpp_capab(dev
[0])
2597 check_dpp_capab(dev
[1])
2598 tests
= [("InvalidValue", "PKEXCRRequest", "WrappedData",
2599 "BootstrapResult,Errorsent",
2601 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2602 "BootstrapResult,Errorsent",
2603 "Missing or invalid Finite Cyclic Group attribute"),
2604 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2605 "BootstrapResult,Errorsent",
2606 "No valid peer bootstrapping key found")]
2607 for step
, frame
, attr
, result
, fail
in tests
:
2608 dev
[0].request("FLUSH")
2609 dev
[1].request("FLUSH")
2610 sigma
= start_sigma_dut(dev
[0].ifname
)
2612 run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
,
2615 stop_sigma_dut(sigma
)
2617 def run_sigma_dut_dpp_proto_initiator_pkex(dev
, step
, frame
, attr
, result
, fail
):
2618 id1
= dev
[1].dpp_bootstrap_gen(type="pkex")
2620 cmd
= "DPP_PKEX_ADD own=%d code=secret" % (id1
)
2621 res
= dev
[1].request(cmd
)
2623 raise Exception("Failed to set PKEX data (responder)")
2625 cmd
= "DPP_LISTEN 2437 role=enrollee"
2626 if "OK" not in dev
[1].request(cmd
):
2627 raise Exception("Failed to start listen operation")
2629 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
))
2630 if result
not in res
:
2631 raise Exception("Unexpected result: " + res
)
2633 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2634 if ev
is None or fail
not in ev
:
2635 raise Exception("Failure not reported correctly: " + str(ev
))
2637 dev
[1].request("DPP_STOP_LISTEN")
2638 dev
[0].dump_monitor()
2639 dev
[1].dump_monitor()
2641 def test_sigma_dut_dpp_proto_responder_pkex(dev
, apdev
):
2642 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2643 check_dpp_capab(dev
[0])
2644 check_dpp_capab(dev
[1])
2645 tests
= [("InvalidValue", "PKEXCRResponse", "WrappedData",
2646 "BootstrapResult,Errorsent",
2648 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2649 "BootstrapResult,Errorsent",
2650 "No DPP Status attribute"),
2651 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2652 "BootstrapResult,Errorsent",
2653 "No valid peer bootstrapping key found")]
2654 for step
, frame
, attr
, result
, fail
in tests
:
2655 dev
[0].request("FLUSH")
2656 dev
[1].request("FLUSH")
2657 sigma
= start_sigma_dut(dev
[0].ifname
)
2659 run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
,
2662 stop_sigma_dut(sigma
)
2664 def run_sigma_dut_dpp_proto_responder_pkex(dev
, step
, frame
, attr
, result
, fail
):
2665 t
= threading
.Thread(target
=dpp_proto_init_pkex
, args
=(dev
[1],))
2667 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step
, frame
, attr
), timeout
=10)
2669 if result
not in res
:
2670 raise Exception("Unexpected result: " + res
)
2672 ev
= dev
[1].wait_event(["DPP-FAIL"], timeout
=5)
2673 if ev
is None or fail
not in ev
:
2674 raise Exception("Failure not reported correctly:" + str(ev
))
2676 dev
[1].request("DPP_STOP_LISTEN")
2677 dev
[0].dump_monitor()
2678 dev
[1].dump_monitor()
2680 def init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2681 check_dpp_capab(dev
[0])
2682 check_dpp_capab(dev
[1])
2684 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2685 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2686 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2687 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2689 params
= {"ssid": "DPPNET01",
2692 "wpa_key_mgmt": "DPP",
2693 "rsn_pairwise": "CCMP",
2694 "dpp_connector": ap_connector
,
2695 "dpp_csign": csign_pub
,
2696 "dpp_netaccesskey": ap_netaccesskey
}
2698 hapd
= hostapd
.add_ap(apdev
[0], params
)
2700 raise HwsimSkip("DPP not supported")
2702 dev
[0].set("dpp_config_processing", "2")
2704 cmd
= "DPP_CONFIGURATOR_ADD key=" + csign
2705 res
= dev
[1].request(cmd
)
2707 raise Exception("Failed to add configurator")
2710 id0
= dev
[1].dpp_bootstrap_gen(chan
="81/6", mac
=True)
2711 uri0
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2713 dev
[1].set("dpp_configurator_params",
2714 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2716 cmd
= "DPP_LISTEN 2437 role=configurator"
2717 if "OK" not in dev
[1].request(cmd
):
2718 raise Exception("Failed to start listen operation")
2720 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0
))
2721 if "status,COMPLETE" not in res
:
2722 raise Exception("dev_exec_action did not succeed: " + res
)
2724 def test_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
):
2725 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2726 sigma
= start_sigma_dut(dev
[0].ifname
)
2728 init_sigma_dut_dpp_proto_peer_disc_req(dev
, apdev
)
2730 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout
=10)
2731 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res
:
2732 raise Exception("Unexpected result: " + res
)
2734 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2735 stop_sigma_dut(sigma
)
2737 def test_sigma_dut_dpp_self_config(dev
, apdev
):
2738 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2739 check_dpp_capab(dev
[0])
2741 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2742 check_dpp_capab(hapd
)
2744 sigma
= start_sigma_dut(dev
[0].ifname
)
2746 dev
[0].set("dpp_config_processing", "2")
2747 id = hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2748 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2750 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2751 if "status,COMPLETE" not in res
:
2752 raise Exception("dev_exec_action did not succeed: " + res
)
2754 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2755 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2756 raise Exception("Unexpected result: " + res
)
2757 update_hapd_config(hapd
)
2759 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2760 res
= sigma_dut_cmd(cmd
, timeout
=10)
2761 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res
:
2762 raise Exception("Unexpected result: " + res
)
2764 stop_sigma_dut(sigma
)
2765 dev
[0].set("dpp_config_processing", "0")
2767 def test_sigma_dut_ap_dpp_self_config(dev
, apdev
, params
):
2768 """sigma_dut DPP AP Configurator using self-configuration"""
2769 logdir
= os
.path
.join(params
['logdir'],
2770 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2771 with
HWSimRadio() as (radio
, iface
):
2772 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2774 run_sigma_dut_ap_dpp_self_config(dev
, apdev
)
2776 stop_sigma_dut(sigma
)
2777 dev
[0].set("dpp_config_processing", "0", allow_fail
=True)
2779 def run_sigma_dut_ap_dpp_self_config(dev
, apdev
):
2780 check_dpp_capab(dev
[0])
2782 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2784 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout
=10)
2785 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2786 raise Exception("Unexpected result: " + res
)
2788 dev
[0].set("dpp_config_processing", "2")
2790 id = dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True)
2791 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2792 cmd
= "DPP_LISTEN 2462 role=enrollee"
2793 if "OK" not in dev
[0].request(cmd
):
2794 raise Exception("Failed to start listen operation")
2796 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri
))
2797 if "status,COMPLETE" not in res
:
2798 raise Exception("dev_exec_action did not succeed: " + res
)
2799 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2800 res
= sigma_dut_cmd(cmd
)
2801 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2802 raise Exception("Unexpected result: " + res
)
2803 dev
[0].wait_connected()
2804 dev
[0].request("DISCONNECT")
2805 dev
[0].wait_disconnected()
2806 sigma_dut_cmd_check("ap_reset_default")
2809 def test_sigma_dut_ap_dpp_relay(dev
, apdev
, params
):
2810 """sigma_dut DPP AP as Relay to Controller"""
2811 logdir
= os
.path
.join(params
['logdir'],
2812 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2813 with
HWSimRadio() as (radio
, iface
):
2814 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
2816 run_sigma_dut_ap_dpp_relay(dev
, apdev
)
2818 stop_sigma_dut(sigma
)
2819 dev
[1].request("DPP_CONTROLLER_STOP")
2821 def run_sigma_dut_ap_dpp_relay(dev
, apdev
):
2822 check_dpp_capab(dev
[0])
2823 check_dpp_capab(dev
[1])
2826 conf_id
= dev
[1].dpp_configurator_add()
2827 dev
[1].set("dpp_configurator_params",
2828 " conf=sta-dpp configurator=%d" % conf_id
)
2829 id_c
= dev
[1].dpp_bootstrap_gen()
2830 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2831 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
2833 for line
in res
.splitlines():
2834 name
, value
= line
.split('=')
2835 if name
== "pkhash":
2839 raise Exception("Could not fetch public key hash from Controller")
2840 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2841 raise Exception("Failed to start Controller")
2843 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2844 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash
)
2845 res
= sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2847 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
2848 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0])
2850 sigma_dut_cmd_check("ap_reset_default")
2852 def dpp_init_tcp_enrollee(dev
, id1
):
2853 logger
.info("Starting DPP initiator/enrollee (TCP) in a thread")
2855 cmd
= "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2856 if "OK" not in dev
.request(cmd
):
2857 raise Exception("Failed to initiate DPP Authentication")
2858 ev
= dev
.wait_event(["DPP-CONF-RECEIVED"], timeout
=5)
2860 raise Exception("DPP configuration not completed (Enrollee)")
2861 logger
.info("DPP initiator/enrollee done")
2863 def test_sigma_dut_dpp_tcp_conf_resp(dev
, apdev
):
2864 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2865 run_sigma_dut_dpp_tcp_conf_resp(dev
)
2867 def run_sigma_dut_dpp_tcp_conf_resp(dev
, status_query
=False):
2868 check_dpp_capab(dev
[0])
2869 check_dpp_capab(dev
[1])
2870 sigma
= start_sigma_dut(dev
[0].ifname
)
2872 cmd
= "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2873 res
= sigma_dut_cmd(cmd
)
2874 if "status,COMPLETE" not in res
:
2875 raise Exception("dev_exec_action did not succeed: " + res
)
2876 hex = res
.split(',')[3]
2878 logger
.info("URI from sigma_dut: " + uri
)
2880 id1
= dev
[1].dpp_qr_code(uri
)
2882 t
= threading
.Thread(target
=dpp_init_tcp_enrollee
, args
=(dev
[1], id1
))
2884 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2886 cmd
+= ",DPPStatusQuery,Yes"
2887 res
= sigma_dut_cmd(cmd
, timeout
=10)
2889 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2890 raise Exception("Unexpected result: " + res
)
2891 if status_query
and "StatusResult,0" not in res
:
2892 raise Exception("Status query did not succeed: " + res
)
2894 stop_sigma_dut(sigma
)
2896 def test_sigma_dut_dpp_tcp_enrollee_init(dev
, apdev
):
2897 """sigma_dut DPP TCP Enrollee as initiator"""
2898 check_dpp_capab(dev
[0])
2899 check_dpp_capab(dev
[1])
2900 sigma
= start_sigma_dut(dev
[0].ifname
)
2903 conf_id
= dev
[1].dpp_configurator_add()
2904 dev
[1].set("dpp_configurator_params",
2905 " conf=sta-dpp configurator=%d" % conf_id
)
2906 id_c
= dev
[1].dpp_bootstrap_gen()
2907 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
2908 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
2909 raise Exception("Failed to start Controller")
2911 res
= sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c
))
2912 if "status,COMPLETE" not in res
:
2913 raise Exception("dev_exec_action did not succeed: " + res
)
2915 cmd
= "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2916 res
= sigma_dut_cmd(cmd
, timeout
=10)
2917 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res
:
2918 raise Exception("Unexpected result: " + res
)
2920 stop_sigma_dut(sigma
)
2921 dev
[1].request("DPP_CONTROLLER_STOP")
2923 def test_sigma_dut_preconfigured_profile(dev
, apdev
):
2924 """sigma_dut controlled connection using preconfigured profile"""
2926 run_sigma_dut_preconfigured_profile(dev
, apdev
)
2928 dev
[0].set("ignore_old_scan_res", "0")
2930 def run_sigma_dut_preconfigured_profile(dev
, apdev
):
2931 ifname
= dev
[0].ifname
2932 sigma
= start_sigma_dut(ifname
)
2935 params
= hostapd
.wpa2_params(ssid
="test-psk", passphrase
="12345678")
2936 hapd
= hostapd
.add_ap(apdev
[0], params
)
2937 dev
[0].connect("test-psk", psk
="12345678", scan_freq
="2412",
2938 only_add_network
=True)
2940 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
2941 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname
, "test-psk"),
2943 sigma_dut_wait_connected(ifname
)
2944 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
2945 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2946 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2948 stop_sigma_dut(sigma
)
2950 def test_sigma_dut_wps_pbc(dev
, apdev
):
2951 """sigma_dut and WPS PBC Enrollee"""
2953 run_sigma_dut_wps_pbc(dev
, apdev
)
2955 dev
[0].set("ignore_old_scan_res", "0")
2957 def run_sigma_dut_wps_pbc(dev
, apdev
):
2958 ssid
= "test-wps-conf"
2959 hapd
= hostapd
.add_ap(apdev
[0],
2960 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2961 "wpa_passphrase": "12345678", "wpa": "2",
2962 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2963 hapd
.request("WPS_PBC")
2965 ifname
= dev
[0].ifname
2966 sigma
= start_sigma_dut(ifname
)
2969 cmd
= "start_wps_registration,interface,%s" % ifname
2970 cmd
+= ",WpsRole,Enrollee"
2971 cmd
+= ",WpsConfigMethod,PBC"
2972 sigma_dut_cmd_check(cmd
, timeout
=15)
2974 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
2976 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
2978 stop_sigma_dut(sigma
)
2979 dev
[0].flush_scan_cache()
2981 def test_sigma_dut_sta_scan_bss(dev
, apdev
):
2982 """sigma_dut sta_scan_bss"""
2983 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "test"})
2984 sigma
= start_sigma_dut(dev
[0].ifname
)
2986 cmd
= "sta_scan_bss,Interface,%s,BSSID,%s" % (dev
[0].ifname
, \
2988 res
= sigma_dut_cmd(cmd
, timeout
=10)
2989 if "ssid,test,bsschannel,1" not in res
:
2990 raise Exception("Unexpected result: " + res
)
2992 stop_sigma_dut(sigma
)
2994 def test_sigma_dut_sta_scan_ssid_bssid(dev
, apdev
):
2995 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2996 hostapd
.add_ap(apdev
[0], {"ssid": "abcdef"})
2997 hostapd
.add_ap(apdev
[1], {"ssid": "qwerty"})
2998 sigma
= start_sigma_dut(dev
[0].ifname
)
3000 cmd
= "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev
[0].ifname
3001 res
= sigma_dut_cmd(cmd
, timeout
=10)
3002 if "abcdef" not in res
or "qwerty" not in res
:
3003 raise Exception("Unexpected result: " + res
)
3005 stop_sigma_dut(sigma
)
3007 def test_sigma_dut_ap_osen(dev
, apdev
, params
):
3008 """sigma_dut controlled AP with OSEN"""
3009 logdir
= os
.path
.join(params
['logdir'],
3010 "sigma_dut_ap_osen.sigma-hostapd")
3011 with
HWSimRadio() as (radio
, iface
):
3012 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3014 sigma_dut_cmd_check("ap_reset_default")
3015 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3016 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3017 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
3018 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3020 # RSN-OSEN (for OSU)
3021 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
3022 pairwise
="CCMP", group
="GTK_NOT_USED",
3023 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
3024 ca_cert
="auth_serv/ca.pem", scan_freq
="2412")
3026 sigma_dut_cmd_check("ap_reset_default")
3028 stop_sigma_dut(sigma
)
3030 def test_sigma_dut_ap_eap_osen(dev
, apdev
, params
):
3031 """sigma_dut controlled AP with EAP+OSEN"""
3032 logdir
= os
.path
.join(params
['logdir'],
3033 "sigma_dut_ap_eap_osen.sigma-hostapd")
3034 with
HWSimRadio() as (radio
, iface
):
3035 sigma
= start_sigma_dut(iface
, bridge
="ap-br0", hostapd_logdir
=logdir
)
3037 sigma_dut_cmd_check("ap_reset_default")
3038 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3039 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3040 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
3041 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3043 subprocess
.call(['brctl', 'setfd', 'ap-br0', '0'])
3044 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
3046 # RSN-OSEN (for OSU)
3047 dev
[0].connect("test-hs20", proto
="OSEN", key_mgmt
="OSEN",
3049 eap
="WFA-UNAUTH-TLS", identity
="osen@example.com",
3050 ca_cert
="auth_serv/ca.pem", ieee80211w
='2',
3052 # RSN-EAP (for data connection)
3053 dev
[1].connect("test-hs20", key_mgmt
="WPA-EAP", eap
="TTLS",
3054 identity
="hs20-test", password
="password",
3055 ca_cert
="auth_serv/ca.pem", phase2
="auth=MSCHAPV2",
3056 ieee80211w
='2', scan_freq
="2412")
3058 hwsim_utils
.test_connectivity(dev
[0], dev
[1], broadcast
=False,
3059 success_expected
=False, timeout
=1)
3061 sigma_dut_cmd_check("ap_reset_default")
3063 stop_sigma_dut(sigma
)
3064 subprocess
.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3065 stderr
=open('/dev/null', 'w'))
3066 subprocess
.call(['brctl', 'delbr', 'ap-br0'],
3067 stderr
=open('/dev/null', 'w'))
3069 def test_sigma_dut_ap_eap(dev
, apdev
, params
):
3070 """sigma_dut controlled AP WPA2-Enterprise"""
3071 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
3072 with
HWSimRadio() as (radio
, iface
):
3073 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3075 sigma_dut_cmd_check("ap_reset_default")
3076 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3077 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3078 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
3079 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3081 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
3082 identity
="gpsk user",
3083 password
="abcdefghijklmnop0123456789abcdef",
3086 sigma_dut_cmd_check("ap_reset_default")
3088 stop_sigma_dut(sigma
)
3090 def test_sigma_dut_ap_eap_sha256(dev
, apdev
, params
):
3091 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
3092 logdir
= os
.path
.join(params
['logdir'],
3093 "sigma_dut_ap_eap_sha256.sigma-hostapd")
3094 with
HWSimRadio() as (radio
, iface
):
3095 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3097 sigma_dut_cmd_check("ap_reset_default")
3098 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3099 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3100 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
3101 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3103 dev
[0].connect("test-eap", key_mgmt
="WPA-EAP-SHA256", eap
="GPSK",
3104 identity
="gpsk user",
3105 password
="abcdefghijklmnop0123456789abcdef",
3108 sigma_dut_cmd_check("ap_reset_default")
3110 stop_sigma_dut(sigma
)
3112 def test_sigma_dut_ap_ft_eap(dev
, apdev
, params
):
3113 """sigma_dut controlled AP FT-EAP"""
3114 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
3115 with
HWSimRadio() as (radio
, iface
):
3116 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3118 sigma_dut_cmd_check("ap_reset_default")
3119 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3120 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3121 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
3122 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3124 dev
[0].connect("test-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
3125 identity
="gpsk user",
3126 password
="abcdefghijklmnop0123456789abcdef",
3129 sigma_dut_cmd_check("ap_reset_default")
3131 stop_sigma_dut(sigma
)
3133 def test_sigma_dut_ap_ft_psk(dev
, apdev
, params
):
3134 """sigma_dut controlled AP FT-PSK"""
3135 logdir
= os
.path
.join(params
['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
3136 with
HWSimRadio() as (radio
, iface
):
3137 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3139 sigma_dut_cmd_check("ap_reset_default")
3140 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3141 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3142 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3144 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
3147 sigma_dut_cmd_check("ap_reset_default")
3149 stop_sigma_dut(sigma
)
3151 def test_sigma_dut_ap_ft_over_ds_psk(dev
, apdev
, params
):
3152 """sigma_dut controlled AP FT-PSK (over-DS)"""
3153 logdir
= os
.path
.join(params
['logdir'],
3154 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
3155 conffile
= os
.path
.join(params
['logdir'],
3156 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
3157 with
HWSimRadio() as (radio
, iface
):
3158 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3160 sigma_dut_cmd_check("ap_reset_default")
3161 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
3162 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3163 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3165 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3166 with
open(conffile
, "wb") as f2
:
3169 dev
[0].connect("test-ft-psk", key_mgmt
="FT-PSK", psk
="12345678",
3172 sigma_dut_cmd_check("ap_reset_default")
3174 stop_sigma_dut(sigma
)
3176 def test_sigma_dut_ap_ent_ft_eap(dev
, apdev
, params
):
3177 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
3178 logdir
= os
.path
.join(params
['logdir'],
3179 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
3180 with
HWSimRadio() as (radio
, iface
):
3181 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3183 sigma_dut_cmd_check("ap_reset_default")
3184 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3185 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3186 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
3187 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3189 dev
[0].connect("test-ent-ft-eap", key_mgmt
="FT-EAP", eap
="GPSK",
3190 identity
="gpsk user",
3191 password
="abcdefghijklmnop0123456789abcdef",
3193 dev
[1].connect("test-ent-ft-eap", key_mgmt
="WPA-EAP", eap
="GPSK",
3194 identity
="gpsk user",
3195 password
="abcdefghijklmnop0123456789abcdef",
3198 sigma_dut_cmd_check("ap_reset_default")
3200 stop_sigma_dut(sigma
)
3202 def test_sigma_dut_venue_url(dev
, apdev
):
3203 """sigma_dut controlled Venue URL fetch"""
3205 run_sigma_dut_venue_url(dev
, apdev
)
3207 dev
[0].set("ignore_old_scan_res", "0")
3209 def run_sigma_dut_venue_url(dev
, apdev
):
3210 ifname
= dev
[0].ifname
3211 sigma
= start_sigma_dut(ifname
)
3215 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3216 params
["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3217 params
["ieee80211w"] = "2"
3221 venue_info
= struct
.pack('BB', venue_group
, venue_type
)
3223 name1
= "Example venue"
3225 name2
= "Esimerkkipaikka"
3226 venue1
= struct
.pack('B', len(lang1
+ name1
)) + lang1
.encode() + name1
.encode()
3227 venue2
= struct
.pack('B', len(lang2
+ name2
)) + lang2
.encode() + name2
.encode()
3228 venue_name
= binascii
.hexlify(venue_info
+ venue1
+ venue2
)
3230 url1
= "http://example.com/venue"
3231 url2
= "https://example.org/venue-info/"
3232 params
["venue_group"] = str(venue_group
)
3233 params
["venue_type"] = str(venue_type
)
3234 params
["venue_name"] = [lang1
+ ":" + name1
, lang2
+ ":" + name2
]
3235 params
["venue_url"] = ["1:" + url1
, "2:" + url2
]
3237 hapd
= hostapd
.add_ap(apdev
[0], params
)
3239 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname
)
3240 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3241 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname
, "venue", "12345678"))
3242 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "venue"),
3244 sigma_dut_wait_connected(ifname
)
3245 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3246 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname
+ ",Display,Yes")
3247 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3248 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3250 stop_sigma_dut(sigma
)
3252 def test_sigma_dut_hs20_assoc_24(dev
, apdev
):
3253 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3254 run_sigma_dut_hs20_assoc(dev
, apdev
, True)
3256 def test_sigma_dut_hs20_assoc_5(dev
, apdev
):
3257 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3258 run_sigma_dut_hs20_assoc(dev
, apdev
, False)
3260 def run_sigma_dut_hs20_assoc(dev
, apdev
, band24
):
3264 bssid0
= apdev
[0]['bssid']
3265 params
= hs20_ap_params()
3266 params
['hessid'] = bssid0
3267 hapd0
= hostapd
.add_ap(apdev
[0], params
)
3269 bssid1
= apdev
[1]['bssid']
3270 params
= hs20_ap_params()
3271 params
['hessid'] = bssid0
3272 params
["hw_mode"] = "a"
3273 params
["channel"] = "36"
3274 params
["country_code"] = "US"
3275 hapd1
= hostapd
.add_ap(apdev
[1], params
)
3277 band
= "2.4" if band24
else "5"
3278 exp_bssid
= bssid0
if band24
else bssid1
3279 run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, exp_bssid
)
3281 dev
[0].request("DISCONNECT")
3283 hapd0
.request("DISABLE")
3285 hapd1
.request("DISABLE")
3286 subprocess
.call(['iw', 'reg', 'set', '00'])
3287 dev
[0].flush_scan_cache()
3289 def run_sigma_dut_hs20_assoc_2(dev
, apdev
, band
, expect_bssid
):
3290 check_eap_capa(dev
[0], "MSCHAPV2")
3291 dev
[0].flush_scan_cache()
3293 ifname
= dev
[0].ifname
3294 sigma
= start_sigma_dut(ifname
)
3297 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname
)
3298 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3299 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname
)
3300 res
= sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname
, band
),
3302 sigma_dut_wait_connected(ifname
)
3303 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3304 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3305 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3307 stop_sigma_dut(sigma
)
3309 if "BSSID," + expect_bssid
not in res
:
3310 raise Exception("Unexpected BSSID: " + res
)
3312 def test_sigma_dut_ap_hs20(dev
, apdev
, params
):
3313 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3314 logdir
= os
.path
.join(params
['logdir'],
3315 "sigma_dut_ap_hs20.sigma-hostapd")
3316 conffile
= os
.path
.join(params
['logdir'],
3317 "sigma_dut_ap_hs20.sigma-conf")
3318 with
HWSimRadio() as (radio
, iface
):
3319 sigma
= start_sigma_dut(iface
, hostapd_logdir
=logdir
)
3321 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3322 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3323 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3324 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3325 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3326 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3327 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3328 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3329 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3330 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3331 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3332 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3333 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3334 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3336 with
open("/tmp/sigma_dut-ap.conf", "rb") as f
:
3337 with
open(conffile
, "wb") as f2
:
3340 sigma_dut_cmd_check("ap_reset_default")
3342 stop_sigma_dut(sigma
)
3344 def test_sigma_dut_eap_ttls_uosc(dev
, apdev
, params
):
3345 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3346 logdir
= params
['logdir']
3348 with
open("auth_serv/ca.pem", "r") as f
:
3349 with
open(os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.ca.pem"),
3353 src
= "auth_serv/server.pem"
3354 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.der")
3355 hashdst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3356 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3358 stderr
=open('/dev/null', 'w'))
3359 with
open(dst
, "rb") as f
:
3361 hash = hashlib
.sha256(der
).digest()
3362 with
open(hashdst
, "w") as f
:
3363 f
.write(binascii
.hexlify(hash).decode())
3365 dst
= os
.path
.join(logdir
, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3366 with
open(dst
, "w") as f
:
3369 ssid
= "test-wpa2-eap"
3370 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3371 hapd
= hostapd
.add_ap(apdev
[0], params
)
3373 ifname
= dev
[0].ifname
3374 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3377 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname
, ssid
)
3379 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3380 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3381 sigma_dut_cmd_check(cmd
)
3382 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3384 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3386 raise Exception("Server certificate error not reported")
3388 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3389 if "ServerCertTrustResult,Accepted" not in res
:
3390 raise Exception("Server certificate trust was not accepted")
3391 sigma_dut_wait_connected(ifname
)
3392 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3393 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3394 dev
[0].dump_monitor()
3396 stop_sigma_dut(sigma
)
3398 def test_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
):
3399 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3400 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, False)
3402 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev
, apdev
, params
):
3403 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3404 run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, True)
3406 def run_sigma_dut_eap_ttls_uosc_tod(dev
, apdev
, params
, tofu
):
3407 logdir
= params
['logdir']
3409 name
= "sigma_dut_eap_ttls_uosc_tod"
3412 with
open("auth_serv/ca.pem", "r") as f
:
3413 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3417 src
= "auth_serv/server-certpol2.pem"
3419 src
= "auth_serv/server-certpol.pem"
3420 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3421 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3422 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3424 stderr
=open('/dev/null', 'w'))
3425 with
open(dst
, "rb") as f
:
3427 hash = hashlib
.sha256(der
).digest()
3428 with
open(hashdst
, "w") as f
:
3429 f
.write(binascii
.hexlify(hash).decode())
3431 ssid
= "test-wpa2-eap"
3432 params
= int_eap_server_params()
3433 params
["ssid"] = ssid
3435 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3436 params
["private_key"] = "auth_serv/server-certpol2.key"
3438 params
["server_cert"] = "auth_serv/server-certpol.pem"
3439 params
["private_key"] = "auth_serv/server-certpol.key"
3440 hapd
= hostapd
.add_ap(apdev
[0], params
)
3442 ifname
= dev
[0].ifname
3443 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3446 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name
+ ".server.pem") % (ifname
, ssid
)
3447 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3448 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3449 sigma_dut_cmd_check(cmd
)
3450 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3452 sigma_dut_wait_connected(ifname
)
3453 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname
)
3454 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
+ ",maintain_profile,1")
3455 dev
[0].wait_disconnected()
3456 dev
[0].dump_monitor()
3459 params
= hostapd
.wpa2_eap_params(ssid
=ssid
)
3460 hapd
= hostapd
.add_ap(apdev
[0], params
)
3462 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3464 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3466 raise Exception("Server certificate error not reported")
3468 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3469 if "ServerCertTrustResult,Accepted" in res
:
3470 raise Exception("Server certificate trust override was accepted unexpectedly")
3471 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3472 dev
[0].dump_monitor()
3474 stop_sigma_dut(sigma
)
3476 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev
, apdev
, params
):
3477 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3478 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, False)
3480 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev
, apdev
, params
):
3481 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3482 run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, True)
3484 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev
, apdev
, params
, tofu
):
3485 logdir
= params
['logdir']
3487 name
= "sigma_dut_eap_ttls_uosc_initial_tod"
3490 with
open("auth_serv/rsa3072-ca.pem", "r") as f
:
3491 with
open(os
.path
.join(logdir
, name
+ ".ca.pem"), "w") as f2
:
3495 src
= "auth_serv/server-certpol2.pem"
3497 src
= "auth_serv/server-certpol.pem"
3498 dst
= os
.path
.join(logdir
, name
+ ".server.der")
3499 hashdst
= os
.path
.join(logdir
, name
+ ".server.pem.sha256")
3500 subprocess
.check_call(["openssl", "x509", "-in", src
, "-out", dst
,
3502 stderr
=open('/dev/null', 'w'))
3503 with
open(dst
, "rb") as f
:
3505 hash = hashlib
.sha256(der
).digest()
3506 with
open(hashdst
, "w") as f
:
3507 f
.write(binascii
.hexlify(hash).decode())
3509 ssid
= "test-wpa2-eap"
3510 params
= int_eap_server_params()
3511 params
["ssid"] = ssid
3513 params
["server_cert"] = "auth_serv/server-certpol2.pem"
3514 params
["private_key"] = "auth_serv/server-certpol2.key"
3516 params
["server_cert"] = "auth_serv/server-certpol.pem"
3517 params
["private_key"] = "auth_serv/server-certpol.key"
3518 hapd
= hostapd
.add_ap(apdev
[0], params
)
3520 ifname
= dev
[0].ifname
3521 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3524 cmd
= ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name
+ ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname
, ssid
)
3525 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3526 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3527 sigma_dut_cmd_check(cmd
)
3528 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3530 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=15)
3532 raise Exception("Server certificate validation failure not reported")
3534 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3535 if not tofu
and "ServerCertTrustResult,Accepted" in res
:
3536 raise Exception("Server certificate trust override was accepted unexpectedly")
3537 if tofu
and "ServerCertTrustResult,Accepted" not in res
:
3538 raise Exception("Server certificate trust override was not accepted")
3539 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3540 dev
[0].dump_monitor()
3542 stop_sigma_dut(sigma
)
3544 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev
, apdev
, params
):
3545 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3546 check_domain_suffix_match(dev
[0])
3547 logdir
= params
['logdir']
3549 with
open("auth_serv/ca.pem", "r") as f
:
3550 with
open(os
.path
.join(logdir
,
3551 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3555 ssid
= "test-wpa2-eap"
3556 params
= int_eap_server_params()
3557 params
["ssid"] = ssid
3558 params
["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3559 params
["server_cert"] = "auth_serv/rsa3072-server.pem"
3560 params
["private_key"] = "auth_serv/rsa3072-server.key"
3561 hapd
= hostapd
.add_ap(apdev
[0], params
)
3563 ifname
= dev
[0].ifname
3564 sigma
= start_sigma_dut(ifname
, cert_path
=logdir
)
3567 cmd
= "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname
, ssid
)
3568 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname
)
3569 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3570 sigma_dut_cmd_check(cmd
)
3571 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, ssid
),
3573 ev
= dev
[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout
=10)
3575 raise Exception("Server certificate error not reported")
3577 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname
)
3578 if "ServerCertTrustResult,Accepted" not in res
:
3579 raise Exception("Server certificate trust was not accepted")
3580 sigma_dut_wait_connected(ifname
)
3581 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3582 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3583 dev
[0].dump_monitor()
3585 stop_sigma_dut(sigma
)
3587 def start_sae_pwe_ap(apdev
, sae_pwe
):
3589 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3590 params
['wpa_key_mgmt'] = 'SAE'
3591 params
["ieee80211w"] = "2"
3592 params
['sae_groups'] = '19'
3593 params
['sae_pwe'] = str(sae_pwe
)
3594 return hostapd
.add_ap(apdev
, params
)
3596 def connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3598 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3599 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3600 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3603 sigma_dut_cmd_check(cmd
)
3604 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3606 sigma_dut_wait_connected(ifname
)
3607 sigma_dut_cmd_check("sta_disconnect,interface," + ifname
)
3608 dev
.wait_disconnected()
3609 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3612 def no_connect_sae_pwe_sta(dev
, ifname
, extra
=None):
3614 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3615 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3616 cmd
= "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname
, "test-sae", "12345678")
3619 sigma_dut_cmd_check(cmd
)
3620 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3622 ev
= dev
.wait_event(["CTRL-EVENT-CONNECTED",
3623 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3624 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3625 raise Exception("Unexpected connection result")
3626 sigma_dut_cmd_check("sta_reset_default,interface," + ifname
)
3629 def test_sigma_dut_sae_h2e(dev
, apdev
):
3630 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3631 if "SAE" not in dev
[0].get_capability("auth_alg"):
3632 raise HwsimSkip("SAE not supported")
3634 start_sae_pwe_ap(apdev
[0], 2)
3636 ifname
= dev
[0].ifname
3637 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3639 connect_sae_pwe_sta(dev
[0], ifname
)
3640 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3641 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3642 res
= sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname
, "test-sae", "12345678"))
3643 if res
!= "status,ERROR,errorCode,Unsupported sae_pwe value":
3644 raise Exception("Unexpected error result: " + res
)
3646 stop_sigma_dut(sigma
)
3647 dev
[0].set("sae_pwe", "0")
3649 def test_sigma_dut_sae_h2e_ap_loop(dev
, apdev
):
3650 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3651 if "SAE" not in dev
[0].get_capability("auth_alg"):
3652 raise HwsimSkip("SAE not supported")
3654 start_sae_pwe_ap(apdev
[0], 0)
3656 ifname
= dev
[0].ifname
3657 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3659 connect_sae_pwe_sta(dev
[0], ifname
)
3660 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3661 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3663 stop_sigma_dut(sigma
)
3664 dev
[0].set("sae_pwe", "0")
3666 def test_sigma_dut_sae_h2e_ap_h2e(dev
, apdev
):
3667 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3668 if "SAE" not in dev
[0].get_capability("auth_alg"):
3669 raise HwsimSkip("SAE not supported")
3671 start_sae_pwe_ap(apdev
[0], 1)
3673 ifname
= dev
[0].ifname
3674 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3676 connect_sae_pwe_sta(dev
[0], ifname
)
3677 no_connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,loop")
3678 connect_sae_pwe_sta(dev
[0], ifname
, extra
="sae_pwe,h2e")
3680 stop_sigma_dut(sigma
)
3681 dev
[0].set("sae_pwe", "0")
3683 def test_sigma_dut_ap_sae_h2e(dev
, apdev
, params
):
3684 """sigma_dut controlled AP with SAE H2E"""
3685 logdir
= os
.path
.join(params
['logdir'],
3686 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3687 if "SAE" not in dev
[0].get_capability("auth_alg"):
3688 raise HwsimSkip("SAE not supported")
3689 with
HWSimRadio() as (radio
, iface
):
3690 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3692 sigma_dut_cmd_check("ap_reset_default")
3693 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3694 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3695 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3697 for sae_pwe
in [0, 1, 2]:
3698 dev
[0].request("SET sae_groups ")
3699 dev
[0].set("sae_pwe", str(sae_pwe
))
3700 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3701 ieee80211w
="2", scan_freq
="2412")
3702 dev
[0].request("REMOVE_NETWORK all")
3703 dev
[0].wait_disconnected()
3704 dev
[0].dump_monitor()
3706 sigma_dut_cmd_check("ap_reset_default")
3708 stop_sigma_dut(sigma
)
3709 dev
[0].set("sae_pwe", "0")
3711 def test_sigma_dut_ap_sae_h2e_only(dev
, apdev
, params
):
3712 """sigma_dut controlled AP with SAE H2E-only"""
3713 logdir
= os
.path
.join(params
['logdir'],
3714 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3715 if "SAE" not in dev
[0].get_capability("auth_alg"):
3716 raise HwsimSkip("SAE not supported")
3717 with
HWSimRadio() as (radio
, iface
):
3718 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3720 sigma_dut_cmd_check("ap_reset_default")
3721 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3722 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3723 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3725 dev
[0].request("SET sae_groups ")
3726 dev
[0].set("sae_pwe", "1")
3727 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3728 ieee80211w
="2", scan_freq
="2412")
3729 dev
[0].request("REMOVE_NETWORK all")
3730 dev
[0].wait_disconnected()
3731 dev
[0].dump_monitor()
3733 dev
[0].set("sae_pwe", "0")
3734 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3735 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3736 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3737 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3738 dev
[0].request("DISCONNECT")
3739 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3740 raise Exception("Unexpected connection result")
3742 sigma_dut_cmd_check("ap_reset_default")
3744 stop_sigma_dut(sigma
)
3745 dev
[0].set("sae_pwe", "0")
3747 def test_sigma_dut_ap_sae_loop_only(dev
, apdev
, params
):
3748 """sigma_dut controlled AP with SAE looping-only"""
3749 logdir
= os
.path
.join(params
['logdir'],
3750 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3751 if "SAE" not in dev
[0].get_capability("auth_alg"):
3752 raise HwsimSkip("SAE not supported")
3753 with
HWSimRadio() as (radio
, iface
):
3754 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3756 sigma_dut_cmd_check("ap_reset_default")
3757 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3758 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3759 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3761 dev
[0].request("SET sae_groups ")
3762 dev
[0].set("sae_pwe", "0")
3763 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3764 ieee80211w
="2", scan_freq
="2412")
3765 dev
[0].request("REMOVE_NETWORK all")
3766 dev
[0].wait_disconnected()
3767 dev
[0].dump_monitor()
3769 dev
[0].set("sae_pwe", "1")
3770 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3771 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3772 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3773 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=10)
3774 dev
[0].request("DISCONNECT")
3775 if ev
is None or "CTRL-EVENT-CONNECTED" in ev
:
3776 raise Exception("Unexpected connection result")
3778 sigma_dut_cmd_check("ap_reset_default")
3780 stop_sigma_dut(sigma
)
3781 dev
[0].set("sae_pwe", "0")
3783 def test_sigma_dut_sae_h2e_loop_forcing(dev
, apdev
):
3784 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3785 if "SAE" not in dev
[0].get_capability("auth_alg"):
3786 raise HwsimSkip("SAE not supported")
3789 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3790 params
['wpa_key_mgmt'] = 'SAE'
3791 params
["ieee80211w"] = "2"
3792 params
['sae_pwe'] = '1'
3793 hapd
= hostapd
.add_ap(apdev
[0], params
)
3795 ifname
= dev
[0].ifname
3796 sigma
= start_sigma_dut(ifname
)
3798 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3799 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3800 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname
, "test-sae", "12345678"))
3801 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3803 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3805 raise Exception("No authentication attempt reported")
3806 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3808 raise Exception("Unexpected connection reported")
3810 stop_sigma_dut(sigma
)
3812 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev
, apdev
):
3813 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3814 if "SAE" not in dev
[0].get_capability("auth_alg"):
3815 raise HwsimSkip("SAE not supported")
3818 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3819 params
['wpa_key_mgmt'] = 'SAE'
3820 params
["ieee80211w"] = "2"
3821 params
['sae_groups'] = "19 20"
3822 params
['sae_pwe'] = '1'
3823 hapd
= hostapd
.add_ap(apdev
[0], params
)
3825 ifname
= dev
[0].ifname
3826 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3828 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3829 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3830 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname
, "test-sae", "12345678"))
3831 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3833 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3835 raise Exception("No authentication attempt reported")
3836 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3838 raise Exception("Unexpected connection reported")
3840 stop_sigma_dut(sigma
)
3842 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev
, apdev
):
3843 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3844 if "SAE" not in dev
[0].get_capability("auth_alg"):
3845 raise HwsimSkip("SAE not supported")
3848 params
= hostapd
.wpa2_params(ssid
=ssid
, passphrase
="12345678")
3849 params
['wpa_key_mgmt'] = 'SAE'
3850 params
["ieee80211w"] = "2"
3851 params
['sae_groups'] = "19"
3852 params
['sae_pwe'] = '1'
3853 hapd
= hostapd
.add_ap(apdev
[0], params
)
3855 ifname
= dev
[0].ifname
3856 sigma
= start_sigma_dut(ifname
, sae_h2e
=True)
3858 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname
)
3859 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname
)
3860 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname
, "test-sae", "12345678"))
3861 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname
, "test-sae"),
3863 ev
= dev
[0].wait_event(["SME: Trying to authenticate with"], timeout
=10)
3865 raise Exception("No authentication attempt reported")
3866 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=0.5)
3868 raise Exception("Unexpected connection reported")
3870 stop_sigma_dut(sigma
)
3871 dev
[0].set("sae_pwe", "0")
3873 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev
, apdev
, params
):
3874 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3875 logdir
= os
.path
.join(params
['logdir'],
3876 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3877 if "SAE" not in dev
[0].get_capability("auth_alg"):
3878 raise HwsimSkip("SAE not supported")
3879 with
HWSimRadio() as (radio
, iface
):
3880 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3882 sigma_dut_cmd_check("ap_reset_default")
3883 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3884 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3885 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3887 dev
[0].request("SET sae_groups ")
3888 dev
[0].set("sae_pwe", "1")
3889 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3890 ieee80211w
="2", scan_freq
="2412", wait_connect
=False)
3891 ev
= dev
[0].wait_event(["Associated with"], timeout
=10)
3893 raise Exception("No indication of association seen")
3894 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED",
3895 "CTRL-EVENT-DISCONNECTED"], timeout
=10)
3896 dev
[0].request("DISCONNECT")
3898 raise Exception("No disconnection seen")
3899 if "CTRL-EVENT-DISCONNECTED" not in ev
:
3900 raise Exception("Unexpected connection")
3902 sigma_dut_cmd_check("ap_reset_default")
3904 stop_sigma_dut(sigma
)
3905 dev
[0].set("sae_pwe", "0")
3907 def test_sigma_dut_ap_sae_h2e_group_rejection(dev
, apdev
, params
):
3908 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3909 logdir
= os
.path
.join(params
['logdir'],
3910 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3911 if "SAE" not in dev
[0].get_capability("auth_alg"):
3912 raise HwsimSkip("SAE not supported")
3913 with
HWSimRadio() as (radio
, iface
):
3914 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3916 sigma_dut_cmd_check("ap_reset_default")
3917 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3918 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3919 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3921 dev
[0].request("SET sae_groups 21 20 19")
3922 dev
[0].set("sae_pwe", "1")
3923 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3924 ieee80211w
="2", scan_freq
="2412")
3925 addr
= dev
[0].own_addr()
3926 res
= sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr
)
3927 if "DHGroupVerResult,21 20" not in res
:
3928 raise Exception("Unexpected dev_exec_action response: " + res
)
3930 sigma_dut_cmd_check("ap_reset_default")
3932 stop_sigma_dut(sigma
)
3933 dev
[0].set("sae_pwe", "0")
3935 def test_sigma_dut_ap_sae_h2e_anti_clogging(dev
, apdev
, params
):
3936 """sigma_dut controlled AP with SAE H2E and anti-clogging token"""
3937 logdir
= os
.path
.join(params
['logdir'],
3938 "sigma_dut_ap_sae_h2e_anti_clogging.sigma-hostapd")
3939 if "SAE" not in dev
[0].get_capability("auth_alg"):
3940 raise HwsimSkip("SAE not supported")
3941 with
HWSimRadio() as (radio
, iface
):
3942 sigma
= start_sigma_dut(iface
, sae_h2e
=True, hostapd_logdir
=logdir
)
3944 sigma_dut_cmd_check("ap_reset_default")
3945 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3946 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SAE,PSK,12345678,AntiCloggingThreshold,0")
3947 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3949 dev
[0].set("sae_groups", "")
3950 dev
[0].set("sae_pwe", "2")
3951 dev
[0].connect("test-sae", key_mgmt
="SAE", psk
="12345678",
3952 ieee80211w
="2", scan_freq
="2412")
3954 sigma_dut_cmd_check("ap_reset_default")
3956 stop_sigma_dut(sigma
)
3957 dev
[0].set("sae_pwe", "0")