]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: sigma_dut with OWE PTK workaround
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import binascii
9 import errno
10 import fcntl
11 import hashlib
12 import logging
13 logger = logging.getLogger()
14 import os
15 import socket
16 import struct
17 import subprocess
18 import threading
19 import time
20
21 import hostapd
22 from utils import HwsimSkip
23 from hwsim import HWSimRadio
24 import hwsim_utils
25 from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
26 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
27 from test_ap_eap import check_eap_capa, int_eap_server_params, check_domain_match, check_domain_suffix_match
28 from test_ap_hs20 import hs20_ap_params
29
30 def check_sigma_dut():
31 if not os.path.exists("./sigma_dut"):
32 raise HwsimSkip("sigma_dut not available")
33
34 def to_hex(s):
35 return binascii.hexlify(s.encode()).decode()
36
37 def from_hex(s):
38 return binascii.unhexlify(s).decode()
39
40 def sigma_log_output(cmd):
41 try:
42 out = cmd.stdout.read()
43 if out:
44 logger.debug("sigma_dut stdout: " + str(out.decode()))
45 except IOError as e:
46 if e.errno != errno.EAGAIN:
47 raise
48 try:
49 out = cmd.stderr.read()
50 if out:
51 logger.debug("sigma_dut stderr: " + str(out.decode()))
52 except IOError as e:
53 if e.errno != errno.EAGAIN:
54 raise
55
56 sigma_prog = None
57
58 def sigma_dut_cmd(cmd, port=9000, timeout=2):
59 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
60 socket.IPPROTO_TCP)
61 sock.settimeout(timeout)
62 addr = ('127.0.0.1', port)
63 sock.connect(addr)
64 sock.send(cmd.encode() + b"\r\n")
65 try:
66 res = sock.recv(1000).decode()
67 running = False
68 done = False
69 for line in res.splitlines():
70 if line.startswith("status,RUNNING"):
71 running = True
72 elif line.startswith("status,INVALID"):
73 done = True
74 elif line.startswith("status,ERROR"):
75 done = True
76 elif line.startswith("status,COMPLETE"):
77 done = True
78 if running and not done:
79 # Read the actual response
80 res = sock.recv(1000).decode()
81 except:
82 res = ''
83 pass
84 sock.close()
85 res = res.rstrip()
86 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
87 global sigma_prog
88 if sigma_prog:
89 sigma_log_output(sigma_prog)
90 return res
91
92 def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
93 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
94 if "COMPLETE" not in res:
95 raise Exception("sigma_dut command failed: " + cmd)
96 return res
97
98 def start_sigma_dut(ifname, hostapd_logdir=None, cert_path=None,
99 bridge=None, sae_h2e=False, owe_ptk_workaround=False):
100 check_sigma_dut()
101 cmd = ['./sigma_dut',
102 '-d',
103 '-M', ifname,
104 '-S', ifname,
105 '-F', '../../hostapd/hostapd',
106 '-G',
107 '-w', '/var/run/wpa_supplicant/',
108 '-j', ifname]
109 if hostapd_logdir:
110 cmd += ['-H', hostapd_logdir]
111 if cert_path:
112 cmd += ['-C', cert_path]
113 if bridge:
114 cmd += ['-b', bridge]
115 if sae_h2e:
116 cmd += ['-2']
117 if owe_ptk_workaround:
118 cmd += ['-3']
119 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
120 stderr=subprocess.PIPE)
121 for stream in [sigma.stdout, sigma.stderr]:
122 fd = stream.fileno()
123 fl = fcntl.fcntl(fd, fcntl.F_GETFL)
124 fcntl.fcntl(fd, fcntl.F_SETFL, fl | os.O_NONBLOCK)
125
126 global sigma_prog
127 sigma_prog = sigma
128 res = None
129 for i in range(20):
130 try:
131 res = sigma_dut_cmd("HELLO")
132 break
133 except:
134 time.sleep(0.05)
135 if res is None or "errorCode,Unknown command" not in res:
136 raise Exception("Failed to start sigma_dut")
137 return {'cmd': sigma, 'ifname': ifname}
138
139 def stop_sigma_dut(sigma):
140 global sigma_prog
141 sigma_prog = None
142 cmd = sigma['cmd']
143 sigma_log_output(cmd)
144 logger.debug("Terminating sigma_dut process")
145 cmd.terminate()
146 cmd.wait()
147 out, err = cmd.communicate()
148 logger.debug("sigma_dut stdout: " + str(out.decode()))
149 logger.debug("sigma_dut stderr: " + str(err.decode()))
150 subprocess.call(["ip", "addr", "del", "dev", sigma['ifname'],
151 "127.0.0.11/24"],
152 stderr=open('/dev/null', 'w'))
153
154 def sigma_dut_wait_connected(ifname):
155 for i in range(50):
156 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
157 if "connected,1" in res:
158 break
159 time.sleep(0.2)
160 if i == 49:
161 raise Exception("Connection did not complete")
162
163 def test_sigma_dut_basic(dev, apdev):
164 """sigma_dut basic functionality"""
165 sigma = start_sigma_dut(dev[0].ifname)
166
167 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
168 ("device_get_info", "status,COMPLETE,vendor"),
169 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
170 ("device_list_interfaces,interfaceType,802.11",
171 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
172 try:
173 res = sigma_dut_cmd("UNKNOWN")
174 if "status,INVALID,errorCode,Unknown command" not in res:
175 raise Exception("Unexpected sigma_dut response to unknown command")
176
177 for cmd, response in tests:
178 res = sigma_dut_cmd(cmd)
179 if response not in res:
180 raise Exception("Unexpected %s response: %s" % (cmd, res))
181 finally:
182 stop_sigma_dut(sigma)
183
184 def test_sigma_dut_open(dev, apdev):
185 """sigma_dut controlled open network association"""
186 try:
187 run_sigma_dut_open(dev, apdev)
188 finally:
189 dev[0].set("ignore_old_scan_res", "0")
190
191 def run_sigma_dut_open(dev, apdev):
192 ifname = dev[0].ifname
193 sigma = start_sigma_dut(ifname)
194
195 try:
196 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
197
198 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
199 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
200 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"),
201 timeout=10)
202 sigma_dut_wait_connected(ifname)
203 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
204 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
205 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
206 finally:
207 stop_sigma_dut(sigma)
208
209 def test_sigma_dut_psk_pmf(dev, apdev):
210 """sigma_dut controlled PSK+PMF association"""
211 try:
212 run_sigma_dut_psk_pmf(dev, apdev)
213 finally:
214 dev[0].set("ignore_old_scan_res", "0")
215
216 def run_sigma_dut_psk_pmf(dev, apdev):
217 ifname = dev[0].ifname
218 sigma = start_sigma_dut(ifname)
219
220 try:
221 ssid = "test-pmf-required"
222 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
223 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
224 params["ieee80211w"] = "2"
225 hapd = hostapd.add_ap(apdev[0], params)
226
227 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
228 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
229 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
230 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
231 timeout=10)
232 sigma_dut_wait_connected(ifname)
233 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
234 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
235 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
236 finally:
237 stop_sigma_dut(sigma)
238
239 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
240 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
241 try:
242 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
243 finally:
244 dev[0].set("ignore_old_scan_res", "0")
245
246 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
247 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
248 try:
249 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
250 finally:
251 dev[0].set("ignore_old_scan_res", "0")
252
253 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
254 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
255 try:
256 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
257 finally:
258 dev[0].set("ignore_old_scan_res", "0")
259
260 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
261 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
262 try:
263 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
264 finally:
265 dev[0].set("ignore_old_scan_res", "0")
266
267 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
268 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
269 try:
270 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
271 failure=True)
272 finally:
273 dev[0].set("ignore_old_scan_res", "0")
274
275 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
276 failure=False):
277 ifname = dev[0].ifname
278 sigma = start_sigma_dut(ifname)
279
280 try:
281 ssid = "test-pmf-required"
282 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
283 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
284 params["ieee80211w"] = "2"
285 params["group_mgmt_cipher"] = hostapd_cipher
286 hapd = hostapd.add_ap(apdev[0], params)
287
288 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
289 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
290 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
291 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"),
292 timeout=2 if failure else 10)
293 if failure:
294 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
295 "CTRL-EVENT-CONNECTED"], timeout=10)
296 if ev is None:
297 raise Exception("Network selection result not indicated")
298 if "CTRL-EVENT-CONNECTED" in ev:
299 raise Exception("Unexpected connection")
300 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
301 if "connected,1" in res:
302 raise Exception("Connection reported")
303 else:
304 sigma_dut_wait_connected(ifname)
305 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
306
307 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
308 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
309 finally:
310 stop_sigma_dut(sigma)
311
312 def test_sigma_dut_sae(dev, apdev):
313 """sigma_dut controlled SAE association"""
314 if "SAE" not in dev[0].get_capability("auth_alg"):
315 raise HwsimSkip("SAE not supported")
316
317 ifname = dev[0].ifname
318 sigma = start_sigma_dut(ifname)
319
320 try:
321 ssid = "test-sae"
322 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
323 params['wpa_key_mgmt'] = 'SAE'
324 params["ieee80211w"] = "2"
325 params['sae_groups'] = '19 20 21'
326 hapd = hostapd.add_ap(apdev[0], params)
327
328 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
329 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
330 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
331 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
332 timeout=10)
333 sigma_dut_wait_connected(ifname)
334 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
335 if dev[0].get_status_field('sae_group') != '19':
336 raise Exception("Expected default SAE group not used")
337 res = sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname)
338 logger.info("Reported PMK: " + res)
339 if ",PMK," not in res:
340 raise Exception("PMK not reported");
341 if hapd.request("GET_PMK " + dev[0].own_addr()) != res.split(',')[3]:
342 raise Exception("Mismatch in reported PMK")
343 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
344
345 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
346
347 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
348 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
349 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
350 timeout=10)
351 sigma_dut_wait_connected(ifname)
352 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
353 if dev[0].get_status_field('sae_group') != '20':
354 raise Exception("Expected SAE group not used")
355 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
356 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
357 finally:
358 stop_sigma_dut(sigma)
359
360 def test_sigma_dut_sae_groups(dev, apdev):
361 """sigma_dut controlled SAE association with group negotiation"""
362 if "SAE" not in dev[0].get_capability("auth_alg"):
363 raise HwsimSkip("SAE not supported")
364
365 ifname = dev[0].ifname
366 sigma = start_sigma_dut(ifname)
367
368 try:
369 ssid = "test-sae"
370 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
371 params['wpa_key_mgmt'] = 'SAE'
372 params["ieee80211w"] = "2"
373 params['sae_groups'] = '19'
374 hapd = hostapd.add_ap(apdev[0], params)
375
376 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
377 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
378 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,21 20 19" % (ifname, "test-sae", "12345678"))
379 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
380 timeout=10)
381 sigma_dut_wait_connected(ifname)
382 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
383 if dev[0].get_status_field('sae_group') != '19':
384 raise Exception("Expected default SAE group not used")
385 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
386
387 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
388 finally:
389 stop_sigma_dut(sigma)
390
391 def test_sigma_dut_sae_pmkid_include(dev, apdev):
392 """sigma_dut controlled SAE association with PMKID"""
393 if "SAE" not in dev[0].get_capability("auth_alg"):
394 raise HwsimSkip("SAE not supported")
395
396 ifname = dev[0].ifname
397 sigma = start_sigma_dut(ifname)
398
399 try:
400 ssid = "test-sae"
401 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
402 params['wpa_key_mgmt'] = 'SAE'
403 params["ieee80211w"] = "2"
404 params["sae_confirm_immediate"] = "1"
405 hapd = hostapd.add_ap(apdev[0], params)
406
407 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
408 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
409 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname, "test-sae", "12345678"))
410 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
411 timeout=10)
412 sigma_dut_wait_connected(ifname)
413 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
414 finally:
415 stop_sigma_dut(sigma)
416
417 def test_sigma_dut_sae_password(dev, apdev):
418 """sigma_dut controlled SAE association and long password"""
419 if "SAE" not in dev[0].get_capability("auth_alg"):
420 raise HwsimSkip("SAE not supported")
421
422 ifname = dev[0].ifname
423 sigma = start_sigma_dut(ifname)
424
425 try:
426 ssid = "test-sae"
427 params = hostapd.wpa2_params(ssid=ssid)
428 params['sae_password'] = 100*'B'
429 params['wpa_key_mgmt'] = 'SAE'
430 params["ieee80211w"] = "2"
431 hapd = hostapd.add_ap(apdev[0], params)
432
433 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
434 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
435 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
436 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
437 timeout=10)
438 sigma_dut_wait_connected(ifname)
439 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
440 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
441 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
442 finally:
443 stop_sigma_dut(sigma)
444
445 def test_sigma_dut_sae_pw_id(dev, apdev):
446 """sigma_dut controlled SAE association with Password Identifier"""
447 if "SAE" not in dev[0].get_capability("auth_alg"):
448 raise HwsimSkip("SAE not supported")
449
450 ifname = dev[0].ifname
451 sigma = start_sigma_dut(ifname)
452
453 try:
454 ssid = "test-sae"
455 params = hostapd.wpa2_params(ssid=ssid)
456 params['wpa_key_mgmt'] = 'SAE'
457 params["ieee80211w"] = "2"
458 params['sae_password'] = 'secret|id=pw id'
459 params['sae_groups'] = '19'
460 hapd = hostapd.add_ap(apdev[0], params)
461
462 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
463 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
464 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
465 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
466 timeout=10)
467 sigma_dut_wait_connected(ifname)
468 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
469 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
470 finally:
471 stop_sigma_dut(sigma)
472
473 def test_sigma_dut_sae_pw_id_pwe_loop(dev, apdev):
474 """sigma_dut controlled SAE association with Password Identifier and forced PWE looping"""
475 if "SAE" not in dev[0].get_capability("auth_alg"):
476 raise HwsimSkip("SAE not supported")
477
478 ifname = dev[0].ifname
479 sigma = start_sigma_dut(ifname)
480
481 try:
482 ssid = "test-sae"
483 params = hostapd.wpa2_params(ssid=ssid)
484 params['wpa_key_mgmt'] = 'SAE'
485 params["ieee80211w"] = "2"
486 params['sae_password'] = 'secret|id=pw id'
487 params['sae_groups'] = '19'
488 hapd = hostapd.add_ap(apdev[0], params)
489
490 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
491 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
492 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id,sae_pwe,looping" % (ifname, "test-sae", "secret"))
493 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
494 timeout=10)
495 for i in range(3):
496 ev = dev[0].wait_event(["SME: Trying to authenticate",
497 "CTRL-EVENT-CONNECTED"], timeout=10)
498 if ev is None:
499 raise Exception("Network selection result not indicated")
500 if "CTRL-EVENT-CONNECTED" in ev:
501 raise Exception("Unexpected connection")
502 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
503 if "connected,1" in res:
504 raise Exception("Connection reported")
505 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
506 finally:
507 stop_sigma_dut(sigma)
508
509 def test_sigma_dut_sae_pw_id_ft(dev, apdev):
510 """sigma_dut controlled SAE association with Password Identifier and FT"""
511 run_sigma_dut_sae_pw_id_ft(dev, apdev)
512
513 def test_sigma_dut_sae_pw_id_ft_over_ds(dev, apdev):
514 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
515 run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=True)
516
517 def run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=False):
518 if "SAE" not in dev[0].get_capability("auth_alg"):
519 raise HwsimSkip("SAE not supported")
520
521 ifname = dev[0].ifname
522 sigma = start_sigma_dut(ifname)
523
524 try:
525 ssid = "test-sae"
526 params = hostapd.wpa2_params(ssid=ssid)
527 params['wpa_key_mgmt'] = 'SAE FT-SAE'
528 params["ieee80211w"] = "2"
529 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
530 params['mobility_domain'] = 'aabb'
531 params['ft_over_ds'] = '1' if over_ds else '0'
532 bssid = apdev[0]['bssid'].replace(':', '')
533 params['nas_identifier'] = bssid + '.nas.example.com'
534 params['r1_key_holder'] = bssid
535 params['pmk_r1_push'] = '0'
536 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
537 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
538 hapd = hostapd.add_ap(apdev[0], params)
539
540 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
541 if over_ds:
542 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname)
543 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
544 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
545 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
546 timeout=10)
547 sigma_dut_wait_connected(ifname)
548
549 bssid = apdev[1]['bssid'].replace(':', '')
550 params['nas_identifier'] = bssid + '.nas.example.com'
551 params['r1_key_holder'] = bssid
552 hapd2 = hostapd.add_ap(apdev[1], params)
553 bssid = hapd2.own_addr()
554 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
555 dev[0].wait_connected()
556
557 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
558 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
559 finally:
560 stop_sigma_dut(sigma)
561
562 def test_sigma_dut_sta_override_rsne(dev, apdev):
563 """sigma_dut and RSNE override on STA"""
564 try:
565 run_sigma_dut_sta_override_rsne(dev, apdev)
566 finally:
567 dev[0].set("ignore_old_scan_res", "0")
568
569 def run_sigma_dut_sta_override_rsne(dev, apdev):
570 ifname = dev[0].ifname
571 sigma = start_sigma_dut(ifname)
572
573 try:
574 ssid = "test-psk"
575 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
576 hapd = hostapd.add_ap(apdev[0], params)
577
578 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
579
580 tests = ["30120100000fac040100000fac040100000fac02",
581 "30140100000fac040100000fac040100000fac02ffff"]
582 for test in tests:
583 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
584 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
585 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
586 timeout=10)
587 sigma_dut_wait_connected(ifname)
588 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
589 dev[0].dump_monitor()
590
591 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
592 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
593 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"),
594 timeout=10)
595
596 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
597 if ev is None:
598 raise Exception("Association rejection not reported")
599 if "status_code=40" not in ev:
600 raise Exception("Unexpected status code: " + ev)
601
602 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
603 finally:
604 stop_sigma_dut(sigma)
605
606 def test_sigma_dut_ap_psk(dev, apdev):
607 """sigma_dut controlled AP"""
608 with HWSimRadio() as (radio, iface):
609 sigma = start_sigma_dut(iface)
610 try:
611 sigma_dut_cmd_check("ap_reset_default")
612 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
613 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
614 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
615
616 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
617
618 sigma_dut_cmd_check("ap_reset_default")
619 finally:
620 stop_sigma_dut(sigma)
621
622 def test_sigma_dut_ap_pskhex(dev, apdev, params):
623 """sigma_dut controlled AP and PSKHEX"""
624 logdir = os.path.join(params['logdir'],
625 "sigma_dut_ap_pskhex.sigma-hostapd")
626 with HWSimRadio() as (radio, iface):
627 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
628 try:
629 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
630 sigma_dut_cmd_check("ap_reset_default")
631 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
632 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
633 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
634
635 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
636
637 sigma_dut_cmd_check("ap_reset_default")
638 finally:
639 stop_sigma_dut(sigma)
640
641 def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
642 """sigma_dut controlled AP PSK SHA256"""
643 logdir = os.path.join(params['logdir'],
644 "sigma_dut_ap_psk_sha256.sigma-hostapd")
645 with HWSimRadio() as (radio, iface):
646 sigma = start_sigma_dut(iface)
647 try:
648 sigma_dut_cmd_check("ap_reset_default")
649 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
650 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
651 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
652
653 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
654 psk="12345678", scan_freq="2412")
655
656 sigma_dut_cmd_check("ap_reset_default")
657 finally:
658 stop_sigma_dut(sigma)
659
660 def test_sigma_dut_ap_psk_deauth(dev, apdev, params):
661 """sigma_dut controlled AP and deauth commands"""
662 logdir = os.path.join(params['logdir'],
663 "sigma_dut_ap_psk_deauth.sigma-hostapd")
664 with HWSimRadio() as (radio, iface):
665 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
666 try:
667 sigma_dut_cmd_check("ap_reset_default")
668 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
669 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
670 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
671
672 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
673 psk="12345678", ieee80211w="2", scan_freq="2412")
674 addr = dev[0].own_addr()
675 dev[0].dump_monitor()
676
677 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr)
678 ev = dev[0].wait_disconnected()
679 dev[0].dump_monitor()
680 if "locally_generated=1" in ev:
681 raise Exception("Unexpected disconnection reason")
682 dev[0].wait_connected()
683 dev[0].dump_monitor()
684
685 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr + ",disconnect,silent")
686 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
687 if ev and "locally_generated=1" not in ev:
688 raise Exception("Unexpected disconnection")
689
690 sigma_dut_cmd_check("ap_reset_default")
691 finally:
692 stop_sigma_dut(sigma)
693
694 def test_sigma_dut_eap_ttls(dev, apdev, params):
695 """sigma_dut controlled STA and EAP-TTLS parameters"""
696 check_domain_match(dev[0])
697 logdir = params['logdir']
698
699 with open("auth_serv/ca.pem", "r") as f:
700 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
701 f2.write(f.read())
702
703 src = "auth_serv/server.pem"
704 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
705 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
706 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
707 "-outform", "DER"],
708 stderr=open('/dev/null', 'w'))
709 with open(dst, "rb") as f:
710 der = f.read()
711 hash = hashlib.sha256(der).digest()
712 with open(hashdst, "w") as f:
713 f.write(binascii.hexlify(hash).decode())
714
715 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
716 with open(dst, "w") as f:
717 f.write(32*"00")
718
719 ssid = "test-wpa2-eap"
720 params = hostapd.wpa2_eap_params(ssid=ssid)
721 hapd = hostapd.add_ap(apdev[0], params)
722
723 ifname = dev[0].ifname
724 sigma = start_sigma_dut(ifname, cert_path=logdir)
725
726 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
727
728 try:
729 tests = ["",
730 ",Domain,server.w1.fi",
731 ",DomainSuffix,w1.fi",
732 ",DomainSuffix,server.w1.fi",
733 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
734 for extra in tests:
735 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
736 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
737 sigma_dut_cmd_check(cmd + extra)
738 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
739 timeout=10)
740 sigma_dut_wait_connected(ifname)
741 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
742 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
743 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
744 dev[0].dump_monitor()
745
746 tests = [",Domain,w1.fi",
747 ",DomainSuffix,example.com",
748 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
749 for extra in tests:
750 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
751 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
752 sigma_dut_cmd_check(cmd + extra)
753 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
754 timeout=10)
755 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
756 if ev is None:
757 raise Exception("Server certificate error not reported")
758 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
759 if "connected,1" in res:
760 raise Exception("Unexpected connection reported")
761 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
762 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
763 dev[0].dump_monitor()
764 finally:
765 stop_sigma_dut(sigma)
766
767 def test_sigma_dut_suite_b(dev, apdev, params):
768 """sigma_dut controlled STA Suite B"""
769 check_suite_b_192_capa(dev)
770 logdir = params['logdir']
771
772 with open("auth_serv/ec2-ca.pem", "r") as f:
773 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
774 f2.write(f.read())
775
776 with open("auth_serv/ec2-user.pem", "r") as f:
777 with open("auth_serv/ec2-user.key", "r") as f2:
778 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
779 f3.write(f.read())
780 f3.write(f2.read())
781
782 dev[0].flush_scan_cache()
783 params = suite_b_as_params()
784 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
785 params['server_cert'] = 'auth_serv/ec2-server.pem'
786 params['private_key'] = 'auth_serv/ec2-server.key'
787 params['openssl_ciphers'] = 'SUITEB192'
788 hostapd.add_ap(apdev[1], params)
789
790 params = {"ssid": "test-suite-b",
791 "wpa": "2",
792 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
793 "rsn_pairwise": "GCMP-256",
794 "group_mgmt_cipher": "BIP-GMAC-256",
795 "ieee80211w": "2",
796 "ieee8021x": "1",
797 'auth_server_addr': "127.0.0.1",
798 'auth_server_port': "18129",
799 'auth_server_shared_secret': "radius",
800 'nas_identifier': "nas.w1.fi"}
801 hapd = hostapd.add_ap(apdev[0], params)
802
803 ifname = dev[0].ifname
804 sigma = start_sigma_dut(ifname, cert_path=logdir)
805
806 try:
807 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
808 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
809 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
810 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
811 timeout=10)
812 sigma_dut_wait_connected(ifname)
813 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
814 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
815 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
816 finally:
817 stop_sigma_dut(sigma)
818
819 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
820 """sigma_dut controlled STA Suite B (RSA)"""
821 check_suite_b_192_capa(dev)
822 logdir = params['logdir']
823
824 with open("auth_serv/rsa3072-ca.pem", "r") as f:
825 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
826 f2.write(f.read())
827
828 with open("auth_serv/rsa3072-user.pem", "r") as f:
829 with open("auth_serv/rsa3072-user.key", "r") as f2:
830 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
831 f3.write(f.read())
832 f3.write(f2.read())
833
834 dev[0].flush_scan_cache()
835 params = suite_b_192_rsa_ap_params()
836 hapd = hostapd.add_ap(apdev[0], params)
837
838 ifname = dev[0].ifname
839 sigma = start_sigma_dut(ifname, cert_path=logdir)
840
841 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
842
843 try:
844 tests = ["",
845 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
846 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
847 for extra in tests:
848 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
849 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
850 sigma_dut_cmd_check(cmd + extra)
851 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"),
852 timeout=10)
853 sigma_dut_wait_connected(ifname)
854 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
855 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
856 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
857 finally:
858 stop_sigma_dut(sigma)
859
860 def test_sigma_dut_ap_suite_b(dev, apdev, params):
861 """sigma_dut controlled AP Suite B"""
862 check_suite_b_192_capa(dev)
863 logdir = os.path.join(params['logdir'],
864 "sigma_dut_ap_suite_b.sigma-hostapd")
865 params = suite_b_as_params()
866 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
867 params['server_cert'] = 'auth_serv/ec2-server.pem'
868 params['private_key'] = 'auth_serv/ec2-server.key'
869 params['openssl_ciphers'] = 'SUITEB192'
870 hostapd.add_ap(apdev[1], params)
871 with HWSimRadio() as (radio, iface):
872 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
873 try:
874 sigma_dut_cmd_check("ap_reset_default")
875 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
876 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
877 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
878 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
879
880 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
881 ieee80211w="2",
882 openssl_ciphers="SUITEB192",
883 eap="TLS", identity="tls user",
884 ca_cert="auth_serv/ec2-ca.pem",
885 client_cert="auth_serv/ec2-user.pem",
886 private_key="auth_serv/ec2-user.key",
887 pairwise="GCMP-256", group="GCMP-256",
888 scan_freq="2412")
889
890 sigma_dut_cmd_check("ap_reset_default")
891 finally:
892 stop_sigma_dut(sigma)
893
894 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
895 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
896 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
897 "GCMP")
898
899 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
900 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
901 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
902 "GCMP-256")
903
904 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
905 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
906 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
907 "CCMP")
908
909 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
910 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
911 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
912 "CCMP-256")
913
914 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
915 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
916 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
917 "BIP-GMAC-256", "CCMP")
918
919 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
920 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
921 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
922 "BIP-GMAC-256", "GCMP-256", "CCMP")
923
924 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
925 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
926 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
927 "GCMP-256", "CCMP", "AES-CCMP-128")
928
929 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
930 sta_cipher, sta_cipher_group=None, ap_group=None):
931 check_suite_b_192_capa(dev)
932 logdir = os.path.join(params['logdir'],
933 "sigma_dut_ap_cipher.sigma-hostapd")
934 params = suite_b_as_params()
935 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
936 params['server_cert'] = 'auth_serv/ec2-server.pem'
937 params['private_key'] = 'auth_serv/ec2-server.key'
938 params['openssl_ciphers'] = 'SUITEB192'
939 hostapd.add_ap(apdev[1], params)
940 with HWSimRadio() as (radio, iface):
941 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
942 try:
943 sigma_dut_cmd_check("ap_reset_default")
944 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
945 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
946 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
947 if ap_group:
948 cmd += ",GroupCipher,%s" % ap_group
949 sigma_dut_cmd_check(cmd)
950 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
951
952 if sta_cipher_group is None:
953 sta_cipher_group = sta_cipher
954 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
955 ieee80211w="2",
956 openssl_ciphers="SUITEB192",
957 eap="TLS", identity="tls user",
958 ca_cert="auth_serv/ec2-ca.pem",
959 client_cert="auth_serv/ec2-user.pem",
960 private_key="auth_serv/ec2-user.key",
961 pairwise=sta_cipher, group=sta_cipher_group,
962 scan_freq="2412")
963
964 sigma_dut_cmd_check("ap_reset_default")
965 finally:
966 stop_sigma_dut(sigma)
967
968 def test_sigma_dut_ap_override_rsne(dev, apdev):
969 """sigma_dut controlled AP overriding RSNE"""
970 with HWSimRadio() as (radio, iface):
971 sigma = start_sigma_dut(iface)
972 try:
973 sigma_dut_cmd_check("ap_reset_default")
974 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
975 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
976 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
977 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
978
979 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
980
981 sigma_dut_cmd_check("ap_reset_default")
982 finally:
983 stop_sigma_dut(sigma)
984
985 def test_sigma_dut_ap_sae(dev, apdev, params):
986 """sigma_dut controlled AP with SAE"""
987 logdir = os.path.join(params['logdir'],
988 "sigma_dut_ap_sae.sigma-hostapd")
989 if "SAE" not in dev[0].get_capability("auth_alg"):
990 raise HwsimSkip("SAE not supported")
991 with HWSimRadio() as (radio, iface):
992 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
993 try:
994 sigma_dut_cmd_check("ap_reset_default")
995 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
996 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
997 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
998
999 dev[0].request("SET sae_groups ")
1000 id = dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1001 ieee80211w="2", scan_freq="2412")
1002 if dev[0].get_status_field('sae_group') != '19':
1003 raise Exception("Expected default SAE group not used")
1004
1005 res = sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev[0].own_addr())
1006 logger.info("Reported PMK: " + res)
1007 if ",PMK," not in res:
1008 raise Exception("PMK not reported");
1009 if dev[0].get_pmk(id) != res.split(',')[3]:
1010 raise Exception("Mismatch in reported PMK")
1011
1012 sigma_dut_cmd_check("ap_reset_default")
1013 finally:
1014 stop_sigma_dut(sigma)
1015
1016 def test_sigma_dut_ap_sae_confirm_immediate(dev, apdev, params):
1017 """sigma_dut controlled AP with SAE Confirm immediate"""
1018 logdir = os.path.join(params['logdir'],
1019 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
1020 if "SAE" not in dev[0].get_capability("auth_alg"):
1021 raise HwsimSkip("SAE not supported")
1022 with HWSimRadio() as (radio, iface):
1023 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1024 try:
1025 sigma_dut_cmd_check("ap_reset_default")
1026 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1027 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
1028 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1029
1030 dev[0].request("SET sae_groups ")
1031 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1032 ieee80211w="2", scan_freq="2412")
1033 if dev[0].get_status_field('sae_group') != '19':
1034 raise Exception("Expected default SAE group not used")
1035
1036 sigma_dut_cmd_check("ap_reset_default")
1037 finally:
1038 stop_sigma_dut(sigma)
1039
1040 def test_sigma_dut_ap_sae_password(dev, apdev, params):
1041 """sigma_dut controlled AP with SAE and long password"""
1042 logdir = os.path.join(params['logdir'],
1043 "sigma_dut_ap_sae_password.sigma-hostapd")
1044 if "SAE" not in dev[0].get_capability("auth_alg"):
1045 raise HwsimSkip("SAE not supported")
1046 with HWSimRadio() as (radio, iface):
1047 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1048 try:
1049 sigma_dut_cmd_check("ap_reset_default")
1050 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1051 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
1052 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1053
1054 dev[0].request("SET sae_groups ")
1055 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
1056 ieee80211w="2", scan_freq="2412")
1057 if dev[0].get_status_field('sae_group') != '19':
1058 raise Exception("Expected default SAE group not used")
1059
1060 sigma_dut_cmd_check("ap_reset_default")
1061 finally:
1062 stop_sigma_dut(sigma)
1063
1064 def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
1065 """sigma_dut controlled AP with SAE Password Identifier"""
1066 logdir = os.path.join(params['logdir'],
1067 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
1068 conffile = os.path.join(params['logdir'],
1069 "sigma_dut_ap_sae_pw_id.sigma-conf")
1070 if "SAE" not in dev[0].get_capability("auth_alg"):
1071 raise HwsimSkip("SAE not supported")
1072 with HWSimRadio() as (radio, iface):
1073 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1074 try:
1075 sigma_dut_cmd_check("ap_reset_default")
1076 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1077 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1078 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1079
1080 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1081 with open(conffile, "wb") as f2:
1082 f2.write(f.read())
1083
1084 dev[0].request("SET sae_groups ")
1085 tests = [("pw1", "id1"),
1086 ("pw2", "id2"),
1087 ("pw3", None),
1088 ("pw4", "id4")]
1089 for pw, pw_id in tests:
1090 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
1091 sae_password_id=pw_id,
1092 ieee80211w="2", scan_freq="2412")
1093 dev[0].request("REMOVE_NETWORK all")
1094 dev[0].wait_disconnected()
1095
1096 sigma_dut_cmd_check("ap_reset_default")
1097 finally:
1098 stop_sigma_dut(sigma)
1099
1100 def test_sigma_dut_ap_sae_pw_id_pwe_loop(dev, apdev, params):
1101 """sigma_dut controlled AP with SAE Password Identifier and forced PWE looping"""
1102 logdir = os.path.join(params['logdir'],
1103 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-hostapd")
1104 conffile = os.path.join(params['logdir'],
1105 "sigma_dut_ap_sae_pw_id_pwe_loop.sigma-conf")
1106 if "SAE" not in dev[0].get_capability("auth_alg"):
1107 raise HwsimSkip("SAE not supported")
1108 with HWSimRadio() as (radio, iface):
1109 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1110 try:
1111 sigma_dut_cmd_check("ap_reset_default")
1112 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1113 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,12345678:pwid,PMF,Required,sae_pwe,looping")
1114 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1115
1116 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1117 with open(conffile, "wb") as f2:
1118 f2.write(f.read())
1119
1120 dev[0].set("sae_groups", "")
1121 dev[0].connect("test-sae", key_mgmt="SAE", sae_password="12345678",
1122 sae_password_id="pwid",
1123 ieee80211w="2", scan_freq="2412", wait_connect=False)
1124 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
1125 "CTRL-EVENT-CONNECTED"], timeout=10)
1126 if ev is None:
1127 raise Exception("Network selection result not indicated")
1128 if "CTRL-EVENT-CONNECTED" in ev:
1129 raise Exception("Unexpected connection")
1130 dev[0].request("REMOVE_NETWORK all")
1131
1132 sigma_dut_cmd_check("ap_reset_default")
1133 finally:
1134 stop_sigma_dut(sigma)
1135
1136 def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
1137 """sigma_dut controlled AP with SAE Password Identifier and FT"""
1138 logdir = os.path.join(params['logdir'],
1139 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
1140 conffile = os.path.join(params['logdir'],
1141 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
1142 if "SAE" not in dev[0].get_capability("auth_alg"):
1143 raise HwsimSkip("SAE not supported")
1144 with HWSimRadio() as (radio, iface):
1145 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1146 try:
1147 sigma_dut_cmd_check("ap_reset_default")
1148 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
1149 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
1150 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1151
1152 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1153 with open(conffile, "wb") as f2:
1154 f2.write(f.read())
1155
1156 dev[0].request("SET sae_groups ")
1157 tests = [("pw1", "id1", "SAE"),
1158 ("pw2", "id2", "FT-SAE"),
1159 ("pw3", None, "FT-SAE"),
1160 ("pw4", "id4", "SAE")]
1161 for pw, pw_id, key_mgmt in tests:
1162 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
1163 sae_password_id=pw_id,
1164 ieee80211w="2", scan_freq="2412")
1165 dev[0].request("REMOVE_NETWORK all")
1166 dev[0].wait_disconnected()
1167
1168 sigma_dut_cmd_check("ap_reset_default")
1169 finally:
1170 stop_sigma_dut(sigma)
1171
1172 def test_sigma_dut_ap_sae_group(dev, apdev, params):
1173 """sigma_dut controlled AP with SAE and specific group"""
1174 logdir = os.path.join(params['logdir'],
1175 "sigma_dut_ap_sae_group.sigma-hostapd")
1176 if "SAE" not in dev[0].get_capability("auth_alg"):
1177 raise HwsimSkip("SAE not supported")
1178 with HWSimRadio() as (radio, iface):
1179 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1180 try:
1181 sigma_dut_cmd_check("ap_reset_default")
1182 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1183 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
1184 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1185
1186 dev[0].request("SET sae_groups ")
1187 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1188 ieee80211w="2", scan_freq="2412")
1189 if dev[0].get_status_field('sae_group') != '20':
1190 raise Exception("Expected SAE group not used")
1191
1192 sigma_dut_cmd_check("ap_reset_default")
1193 finally:
1194 stop_sigma_dut(sigma)
1195
1196 def test_sigma_dut_ap_psk_sae(dev, apdev, params):
1197 """sigma_dut controlled AP with PSK+SAE"""
1198 if "SAE" not in dev[0].get_capability("auth_alg"):
1199 raise HwsimSkip("SAE not supported")
1200 logdir = os.path.join(params['logdir'],
1201 "sigma_dut_ap_psk_sae.sigma-hostapd")
1202 with HWSimRadio() as (radio, iface):
1203 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1204 try:
1205 sigma_dut_cmd_check("ap_reset_default")
1206 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1207 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1208 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1209
1210 dev[2].request("SET sae_groups ")
1211 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
1212 scan_freq="2412", ieee80211w="0", wait_connect=False)
1213 dev[0].request("SET sae_groups ")
1214 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1215 scan_freq="2412", ieee80211w="2")
1216 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
1217
1218 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1219 dev[2].request("DISCONNECT")
1220 if ev is not None:
1221 raise Exception("Unexpected connection without PMF")
1222
1223 sigma_dut_cmd_check("ap_reset_default")
1224 finally:
1225 stop_sigma_dut(sigma)
1226
1227 def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
1228 """sigma_dut controlled AP with PSK, SAE, FT"""
1229 logdir = os.path.join(params['logdir'],
1230 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1231 conffile = os.path.join(params['logdir'],
1232 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1233 if "SAE" not in dev[0].get_capability("auth_alg"):
1234 raise HwsimSkip("SAE not supported")
1235 with HWSimRadio() as (radio, iface):
1236 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1237 try:
1238 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1239 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1240 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1241 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1242 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
1243 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1244
1245 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1246 with open(conffile, "wb") as f2:
1247 f2.write(f.read())
1248
1249 dev[0].request("SET sae_groups ")
1250 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
1251 sae_password="12345678", scan_freq="2412")
1252 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
1253 psk="12345678", scan_freq="2412")
1254 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
1255 psk="12345678", scan_freq="2412")
1256
1257 sigma_dut_cmd_check("ap_reset_default")
1258 finally:
1259 stop_sigma_dut(sigma)
1260
1261 def test_sigma_dut_owe(dev, apdev):
1262 """sigma_dut controlled OWE station"""
1263 try:
1264 run_sigma_dut_owe(dev, apdev)
1265 finally:
1266 dev[0].set("ignore_old_scan_res", "0")
1267
1268 def run_sigma_dut_owe(dev, apdev):
1269 if "OWE" not in dev[0].get_capability("key_mgmt"):
1270 raise HwsimSkip("OWE not supported")
1271
1272 ifname = dev[0].ifname
1273 sigma = start_sigma_dut(ifname)
1274
1275 try:
1276 params = {"ssid": "owe",
1277 "wpa": "2",
1278 "wpa_key_mgmt": "OWE",
1279 "ieee80211w": "2",
1280 "rsn_pairwise": "CCMP"}
1281 hapd = hostapd.add_ap(apdev[0], params)
1282 bssid = hapd.own_addr()
1283
1284 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1285 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1286 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
1287 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1288 timeout=10)
1289 sigma_dut_wait_connected(ifname)
1290 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1291 res = sigma_dut_cmd_check("sta_get_parameter,interface,%s,Parameter,PMK" % ifname)
1292 logger.info("Reported PMK: " + res)
1293 if ",PMK," not in res:
1294 raise Exception("PMK not reported");
1295 if hapd.request("GET_PMK " + dev[0].own_addr()) != res.split(',')[3]:
1296 raise Exception("Mismatch in reported PMK")
1297
1298 dev[0].dump_monitor()
1299 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1300 dev[0].wait_connected()
1301 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1302 dev[0].wait_disconnected()
1303 dev[0].dump_monitor()
1304
1305 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1306 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1307 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1308 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1309 timeout=10)
1310 sigma_dut_wait_connected(ifname)
1311 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1312 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1313 dev[0].wait_disconnected()
1314 dev[0].dump_monitor()
1315
1316 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1317 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1318 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
1319 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1320 timeout=10)
1321 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1322 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1323 if ev is None:
1324 raise Exception("Association not rejected")
1325 if "status_code=77" not in ev:
1326 raise Exception("Unexpected rejection reason: " + ev)
1327
1328 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1329 finally:
1330 stop_sigma_dut(sigma)
1331
1332 def test_sigma_dut_owe_ptk_workaround(dev, apdev):
1333 """sigma_dut controlled OWE station with PTK workaround"""
1334 if "OWE" not in dev[0].get_capability("key_mgmt"):
1335 raise HwsimSkip("OWE not supported")
1336
1337 params = {"ssid": "owe",
1338 "wpa": "2",
1339 "wpa_key_mgmt": "OWE",
1340 "owe_ptk_workaround": "1",
1341 "owe_groups": "20",
1342 "ieee80211w": "2",
1343 "rsn_pairwise": "CCMP"}
1344 hapd = hostapd.add_ap(apdev[0], params)
1345
1346 ifname = dev[0].ifname
1347 sigma = start_sigma_dut(ifname, owe_ptk_workaround=True)
1348
1349 try:
1350 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1351 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1352 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1353 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname,
1354 timeout=10)
1355 sigma_dut_wait_connected(ifname)
1356 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1357 finally:
1358 stop_sigma_dut(sigma)
1359 dev[0].set("ignore_old_scan_res", "0")
1360
1361 def test_sigma_dut_ap_owe(dev, apdev, params):
1362 """sigma_dut controlled AP with OWE"""
1363 logdir = os.path.join(params['logdir'],
1364 "sigma_dut_ap_owe.sigma-hostapd")
1365 if "OWE" not in dev[0].get_capability("key_mgmt"):
1366 raise HwsimSkip("OWE not supported")
1367 with HWSimRadio() as (radio, iface):
1368 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1369 try:
1370 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1371 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1372 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1373 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1374
1375 id = dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1376 scan_freq="2412")
1377
1378 res = sigma_dut_cmd_check("ap_get_parameter,name,AP,STA_MAC_Address,%s,Parameter,PMK" % dev[0].own_addr())
1379 logger.info("Reported PMK: " + res)
1380 if ",PMK," not in res:
1381 raise Exception("PMK not reported");
1382 if dev[0].get_pmk(id) != res.split(',')[3]:
1383 raise Exception("Mismatch in reported PMK")
1384
1385 sigma_dut_cmd_check("ap_reset_default")
1386 finally:
1387 stop_sigma_dut(sigma)
1388
1389 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1390 """sigma_dut controlled AP with OWE and ECGroupID"""
1391 if "OWE" not in dev[0].get_capability("key_mgmt"):
1392 raise HwsimSkip("OWE not supported")
1393 with HWSimRadio() as (radio, iface):
1394 sigma = start_sigma_dut(iface)
1395 try:
1396 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1397 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1398 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1399 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1400
1401 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1402 owe_group="20", scan_freq="2412")
1403 dev[0].request("REMOVE_NETWORK all")
1404 dev[0].wait_disconnected()
1405
1406 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1407 owe_group="21", scan_freq="2412")
1408 dev[0].request("REMOVE_NETWORK all")
1409 dev[0].wait_disconnected()
1410
1411 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1412 owe_group="19", scan_freq="2412", wait_connect=False)
1413 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1414 dev[0].request("DISCONNECT")
1415 if ev is None:
1416 raise Exception("Association not rejected")
1417 if "status_code=77" not in ev:
1418 raise Exception("Unexpected rejection reason: " + ev)
1419 dev[0].dump_monitor()
1420
1421 sigma_dut_cmd_check("ap_reset_default")
1422 finally:
1423 stop_sigma_dut(sigma)
1424
1425 def test_sigma_dut_ap_owe_ptk_workaround(dev, apdev):
1426 """sigma_dut controlled AP with OWE PTK workaround"""
1427 if "OWE" not in dev[0].get_capability("key_mgmt"):
1428 raise HwsimSkip("OWE not supported")
1429 with HWSimRadio() as (radio, iface):
1430 sigma = start_sigma_dut(iface, owe_ptk_workaround=True)
1431 try:
1432 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1433 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1434 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20,PMF,Required")
1435 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1436
1437 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1438 owe_group="20", owe_ptk_workaround="1",
1439 scan_freq="2412")
1440 sigma_dut_cmd_check("ap_reset_default")
1441 finally:
1442 stop_sigma_dut(sigma)
1443
1444 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1445 """sigma_dut controlled AP with OWE and transition mode"""
1446 if "OWE" not in dev[0].get_capability("key_mgmt"):
1447 raise HwsimSkip("OWE not supported")
1448 logdir = os.path.join(params['logdir'],
1449 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1450 with HWSimRadio() as (radio, iface):
1451 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1452 try:
1453 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1454 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1455 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1456 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1457 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1458 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1459
1460 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1461 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1462
1463 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1464 scan_freq="2412")
1465 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1466 if dev[0].get_status_field('bssid') not in res1:
1467 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1468 if dev[1].get_status_field('bssid') not in res2:
1469 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
1470
1471 sigma_dut_cmd_check("ap_reset_default")
1472 finally:
1473 stop_sigma_dut(sigma)
1474
1475 def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1476 """sigma_dut controlled AP with OWE and transition mode (2)"""
1477 if "OWE" not in dev[0].get_capability("key_mgmt"):
1478 raise HwsimSkip("OWE not supported")
1479 logdir = os.path.join(params['logdir'],
1480 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1481 with HWSimRadio() as (radio, iface):
1482 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1483 try:
1484 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1485 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1486 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1487 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1488 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1489 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1490
1491 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1492 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1493
1494 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1495 scan_freq="2412")
1496 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1497 if dev[0].get_status_field('bssid') not in res2:
1498 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1499 if dev[1].get_status_field('bssid') not in res1:
1500 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1501
1502 sigma_dut_cmd_check("ap_reset_default")
1503 finally:
1504 stop_sigma_dut(sigma)
1505
1506 def dpp_init_enrollee(dev, id1, enrollee_role):
1507 logger.info("Starting DPP initiator/enrollee in a thread")
1508 time.sleep(1)
1509 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1510 if enrollee_role == "Configurator":
1511 cmd += " netrole=configurator"
1512 if "OK" not in dev.request(cmd):
1513 raise Exception("Failed to initiate DPP Authentication")
1514 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1515 if ev is None:
1516 raise Exception("DPP configuration not completed (Enrollee)")
1517 logger.info("DPP initiator/enrollee done")
1518
1519 def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1520 """sigma_dut DPP/QR responder (conf index 1)"""
1521 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1522
1523 def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1524 """sigma_dut DPP/QR responder (conf index 2)"""
1525 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1526
1527 def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1528 """sigma_dut DPP/QR responder (conf index 3)"""
1529 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1530
1531 def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1532 """sigma_dut DPP/QR responder (conf index 4)"""
1533 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1534
1535 def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1536 """sigma_dut DPP/QR responder (conf index 5)"""
1537 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1538
1539 def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1540 """sigma_dut DPP/QR responder (conf index 6)"""
1541 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1542
1543 def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1544 """sigma_dut DPP/QR responder (conf index 7)"""
1545 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1546
1547 def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1548 """sigma_dut DPP/QR responder (conf index 8)"""
1549 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1550
1551 def test_sigma_dut_dpp_qr_resp_9(dev, apdev):
1552 """sigma_dut DPP/QR responder (conf index 9)"""
1553 run_sigma_dut_dpp_qr_resp(dev, apdev, 9)
1554
1555 def test_sigma_dut_dpp_qr_resp_10(dev, apdev):
1556 """sigma_dut DPP/QR responder (conf index 10)"""
1557 run_sigma_dut_dpp_qr_resp(dev, apdev, 10)
1558
1559 def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1560 """sigma_dut DPP/QR responder (channel list override)"""
1561 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1562 listen_chan=2)
1563
1564 def test_sigma_dut_dpp_qr_resp_status_query(dev, apdev):
1565 """sigma_dut DPP/QR responder status query"""
1566 check_dpp_capab(dev[1])
1567 params = hostapd.wpa2_params(ssid="DPPNET01",
1568 passphrase="ThisIsDppPassphrase")
1569 hapd = hostapd.add_ap(apdev[0], params)
1570
1571 try:
1572 dev[1].set("dpp_config_processing", "2")
1573 run_sigma_dut_dpp_qr_resp(dev, apdev, 3, status_query=True)
1574 finally:
1575 dev[1].set("dpp_config_processing", "0", allow_fail=True)
1576
1577 def test_sigma_dut_dpp_qr_resp_configurator(dev, apdev):
1578 """sigma_dut DPP/QR responder (configurator provisioning)"""
1579 run_sigma_dut_dpp_qr_resp(dev, apdev, -1, enrollee_role="Configurator")
1580
1581 def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1582 listen_chan=None, status_query=False,
1583 enrollee_role="STA"):
1584 check_dpp_capab(dev[0])
1585 check_dpp_capab(dev[1])
1586 sigma = start_sigma_dut(dev[0].ifname)
1587 try:
1588 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1589 if chan_list:
1590 cmd += ",DPPChannelList," + chan_list
1591 res = sigma_dut_cmd(cmd)
1592 if "status,COMPLETE" not in res:
1593 raise Exception("dev_exec_action did not succeed: " + res)
1594 hex = res.split(',')[3]
1595 uri = from_hex(hex)
1596 logger.info("URI from sigma_dut: " + uri)
1597
1598 id1 = dev[1].dpp_qr_code(uri)
1599
1600 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1,
1601 enrollee_role))
1602 t.start()
1603 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,%s,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % enrollee_role
1604 if conf_idx is not None:
1605 cmd += ",DPPConfIndex,%d" % conf_idx
1606 if listen_chan:
1607 cmd += ",DPPListenChannel," + str(listen_chan)
1608 if status_query:
1609 cmd += ",DPPStatusQuery,Yes"
1610 res = sigma_dut_cmd(cmd, timeout=10)
1611 t.join()
1612 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1613 raise Exception("Unexpected result: " + res)
1614 if status_query and "StatusResult,0" not in res:
1615 raise Exception("Status query did not succeed: " + res)
1616 finally:
1617 stop_sigma_dut(sigma)
1618
1619 def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1620 """sigma_dut DPP/QR initiator as Enrollee"""
1621 check_dpp_capab(dev[0])
1622 check_dpp_capab(dev[1])
1623
1624 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1625 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1626 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1627 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1628
1629 params = {"ssid": "DPPNET01",
1630 "wpa": "2",
1631 "ieee80211w": "2",
1632 "wpa_key_mgmt": "DPP",
1633 "rsn_pairwise": "CCMP",
1634 "dpp_connector": ap_connector,
1635 "dpp_csign": csign_pub,
1636 "dpp_netaccesskey": ap_netaccesskey}
1637 try:
1638 hapd = hostapd.add_ap(apdev[0], params)
1639 except:
1640 raise HwsimSkip("DPP not supported")
1641
1642 sigma = start_sigma_dut(dev[0].ifname)
1643 try:
1644 dev[0].set("dpp_config_processing", "2")
1645
1646 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1647 res = dev[1].request(cmd)
1648 if "FAIL" in res:
1649 raise Exception("Failed to add configurator")
1650 conf_id = int(res)
1651
1652 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1653 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1654
1655 dev[1].set("dpp_configurator_params",
1656 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1657 cmd = "DPP_LISTEN 2437 role=configurator"
1658 if "OK" not in dev[1].request(cmd):
1659 raise Exception("Failed to start listen operation")
1660
1661 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1662 if "status,COMPLETE" not in res:
1663 raise Exception("dev_exec_action did not succeed: " + res)
1664
1665 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1666 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1667 raise Exception("Unexpected result: " + res)
1668 finally:
1669 dev[0].set("dpp_config_processing", "0")
1670 stop_sigma_dut(sigma)
1671
1672 def test_sigma_dut_dpp_qr_init_enrollee_configurator(dev, apdev):
1673 """sigma_dut DPP/QR initiator as Enrollee (to become Configurator)"""
1674 check_dpp_capab(dev[0])
1675 check_dpp_capab(dev[1])
1676
1677 sigma = start_sigma_dut(dev[0].ifname)
1678 try:
1679 cmd = "DPP_CONFIGURATOR_ADD"
1680 res = dev[1].request(cmd)
1681 if "FAIL" in res:
1682 raise Exception("Failed to add configurator")
1683 conf_id = int(res)
1684
1685 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1686 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1687
1688 dev[1].set("dpp_configurator_params",
1689 " conf=configurator ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1690 cmd = "DPP_LISTEN 2437 role=configurator"
1691 if "OK" not in dev[1].request(cmd):
1692 raise Exception("Failed to start listen operation")
1693
1694 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1695 if "status,COMPLETE" not in res:
1696 raise Exception("dev_exec_action did not succeed: " + res)
1697
1698 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPNetworkRole,Configurator,DPPBS,QR,DPPTimeout,6", timeout=10)
1699 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1700 raise Exception("Unexpected result: " + res)
1701 finally:
1702 dev[0].set("dpp_config_processing", "0")
1703 stop_sigma_dut(sigma)
1704
1705 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1706 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1707 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1708
1709 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1710 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1711 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1712 extra="DPPAuthDirection,Mutual,")
1713
1714 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
1715 check_dpp_capab(dev[0])
1716 check_dpp_capab(dev[1])
1717
1718 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1719 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1720 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1721 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1722
1723 params = {"ssid": "DPPNET01",
1724 "wpa": "2",
1725 "ieee80211w": "2",
1726 "wpa_key_mgmt": "DPP",
1727 "rsn_pairwise": "CCMP",
1728 "dpp_connector": ap_connector,
1729 "dpp_csign": csign_pub,
1730 "dpp_netaccesskey": ap_netaccesskey}
1731 try:
1732 hapd = hostapd.add_ap(apdev[0], params)
1733 except:
1734 raise HwsimSkip("DPP not supported")
1735
1736 sigma = start_sigma_dut(dev[0].ifname)
1737 try:
1738 dev[0].set("dpp_config_processing", "2")
1739
1740 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1741 res = dev[1].request(cmd)
1742 if "FAIL" in res:
1743 raise Exception("Failed to add configurator")
1744 conf_id = int(res)
1745
1746 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1747 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1748
1749 dev[1].set("dpp_configurator_params",
1750 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1751 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1752 if "OK" not in dev[1].request(cmd):
1753 raise Exception("Failed to start listen operation")
1754
1755 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1756 if "status,COMPLETE" not in res:
1757 raise Exception("dev_exec_action did not succeed: " + res)
1758 hex = res.split(',')[3]
1759 uri = from_hex(hex)
1760 logger.info("URI from sigma_dut: " + uri)
1761
1762 id1 = dev[1].dpp_qr_code(uri)
1763
1764 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1765 if "status,COMPLETE" not in res:
1766 raise Exception("dev_exec_action did not succeed: " + res)
1767
1768 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
1769 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1770 raise Exception("Unexpected result: " + res)
1771 finally:
1772 dev[0].set("dpp_config_processing", "0")
1773 stop_sigma_dut(sigma)
1774
1775 def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1776 time.sleep(1)
1777 logger.info("Starting DPP initiator/configurator in a thread")
1778 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
1779 if own_id is not None:
1780 cmd += " own=%d" % own_id
1781 if "OK" not in dev.request(cmd):
1782 raise Exception("Failed to initiate DPP Authentication")
1783 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1784 if ev is None:
1785 raise Exception("DPP configuration not completed (Configurator)")
1786 logger.info("DPP initiator/configurator done")
1787
1788 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1789 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1790 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1791
1792 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1793 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1794 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1795
1796 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
1797 check_dpp_capab(dev[0])
1798 check_dpp_capab(dev[1])
1799
1800 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1801 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1802 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1803 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1804
1805 params = {"ssid": "DPPNET01",
1806 "wpa": "2",
1807 "ieee80211w": "2",
1808 "wpa_key_mgmt": "DPP",
1809 "rsn_pairwise": "CCMP",
1810 "dpp_connector": ap_connector,
1811 "dpp_csign": csign_pub,
1812 "dpp_netaccesskey": ap_netaccesskey}
1813 try:
1814 hapd = hostapd.add_ap(apdev[0], params)
1815 except:
1816 raise HwsimSkip("DPP not supported")
1817
1818 sigma = start_sigma_dut(dev[0].ifname)
1819 try:
1820 dev[0].set("dpp_config_processing", "2")
1821
1822 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1823 res = dev[1].request(cmd)
1824 if "FAIL" in res:
1825 raise Exception("Failed to add configurator")
1826 conf_id = int(res)
1827
1828 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1829 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1830
1831 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1832 if "status,COMPLETE" not in res:
1833 raise Exception("dev_exec_action did not succeed: " + res)
1834 hex = res.split(',')[3]
1835 uri = from_hex(hex)
1836 logger.info("URI from sigma_dut: " + uri)
1837
1838 id1 = dev[1].dpp_qr_code(uri)
1839
1840 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1841 if "status,COMPLETE" not in res:
1842 raise Exception("dev_exec_action did not succeed: " + res)
1843
1844 t = threading.Thread(target=dpp_init_conf_mutual,
1845 args=(dev[1], id1, conf_id, id0))
1846 t.start()
1847
1848 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1849 if extra:
1850 cmd += extra
1851 res = sigma_dut_cmd(cmd, timeout=25)
1852 t.join()
1853 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1854 raise Exception("Unexpected result: " + res)
1855 finally:
1856 dev[0].set("dpp_config_processing", "0")
1857 stop_sigma_dut(sigma)
1858
1859 def dpp_resp_conf_mutual(dev, conf_id, uri):
1860 logger.info("Starting DPP responder/configurator in a thread")
1861 dev.set("dpp_configurator_params",
1862 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1863 conf_id))
1864 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1865 if "OK" not in dev.request(cmd):
1866 raise Exception("Failed to initiate DPP listen")
1867 if uri:
1868 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1869 if ev is None:
1870 raise Exception("QR Code scan for mutual authentication not requested")
1871 dev.dpp_qr_code(uri)
1872 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1873 if ev is None:
1874 raise Exception("DPP configuration not completed (Configurator)")
1875 logger.info("DPP responder/configurator done")
1876
1877 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1878 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1879 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1880
1881 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1882 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1883 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1884
1885 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1886 check_dpp_capab(dev[0])
1887 check_dpp_capab(dev[1])
1888
1889 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1890 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1891 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1892 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1893
1894 params = {"ssid": "DPPNET01",
1895 "wpa": "2",
1896 "ieee80211w": "2",
1897 "wpa_key_mgmt": "DPP",
1898 "rsn_pairwise": "CCMP",
1899 "dpp_connector": ap_connector,
1900 "dpp_csign": csign_pub,
1901 "dpp_netaccesskey": ap_netaccesskey}
1902 try:
1903 hapd = hostapd.add_ap(apdev[0], params)
1904 except:
1905 raise HwsimSkip("DPP not supported")
1906
1907 sigma = start_sigma_dut(dev[0].ifname)
1908 try:
1909 dev[0].set("dpp_config_processing", "2")
1910
1911 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1912 res = dev[1].request(cmd)
1913 if "FAIL" in res:
1914 raise Exception("Failed to add configurator")
1915 conf_id = int(res)
1916
1917 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1918 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1919
1920 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1921 if "status,COMPLETE" not in res:
1922 raise Exception("dev_exec_action did not succeed: " + res)
1923 hex = res.split(',')[3]
1924 uri = from_hex(hex)
1925 logger.info("URI from sigma_dut: " + uri)
1926
1927 if not resp_pending:
1928 dev[1].dpp_qr_code(uri)
1929 uri = None
1930
1931 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1932 if "status,COMPLETE" not in res:
1933 raise Exception("dev_exec_action did not succeed: " + res)
1934
1935 t = threading.Thread(target=dpp_resp_conf_mutual,
1936 args=(dev[1], conf_id, uri))
1937 t.start()
1938
1939 time.sleep(1)
1940 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1941 res = sigma_dut_cmd(cmd, timeout=15)
1942 t.join()
1943 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1944 raise Exception("Unexpected result: " + res)
1945 finally:
1946 dev[0].set("dpp_config_processing", "0")
1947 stop_sigma_dut(sigma)
1948
1949 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1950 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1951 check_dpp_capab(dev[0])
1952 check_dpp_capab(dev[1])
1953
1954 params = hostapd.wpa2_params(ssid="DPPNET01",
1955 passphrase="ThisIsDppPassphrase")
1956 hapd = hostapd.add_ap(apdev[0], params)
1957
1958 sigma = start_sigma_dut(dev[0].ifname)
1959 try:
1960 dev[0].set("dpp_config_processing", "2")
1961
1962 cmd = "DPP_CONFIGURATOR_ADD"
1963 res = dev[1].request(cmd)
1964 if "FAIL" in res:
1965 raise Exception("Failed to add configurator")
1966 conf_id = int(res)
1967
1968 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1969 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1970
1971 dev[1].set("dpp_configurator_params",
1972 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1973 cmd = "DPP_LISTEN 2437 role=configurator"
1974 if "OK" not in dev[1].request(cmd):
1975 raise Exception("Failed to start listen operation")
1976
1977 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1978 if "status,COMPLETE" not in res:
1979 raise Exception("dev_exec_action did not succeed: " + res)
1980
1981 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1982 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1983 raise Exception("Unexpected result: " + res)
1984 finally:
1985 dev[0].set("dpp_config_processing", "0")
1986 stop_sigma_dut(sigma)
1987
1988 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1989 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1990 check_dpp_capab(dev[0])
1991 check_dpp_capab(dev[1])
1992 if "SAE" not in dev[0].get_capability("auth_alg"):
1993 raise HwsimSkip("SAE not supported")
1994
1995 params = hostapd.wpa2_params(ssid="DPPNET01",
1996 passphrase="ThisIsDppPassphrase")
1997 params['wpa_key_mgmt'] = 'SAE'
1998 params["ieee80211w"] = "2"
1999 hapd = hostapd.add_ap(apdev[0], params)
2000
2001 sigma = start_sigma_dut(dev[0].ifname)
2002 try:
2003 dev[0].set("dpp_config_processing", "2")
2004 dev[0].set("sae_groups", "")
2005
2006 cmd = "DPP_CONFIGURATOR_ADD"
2007 res = dev[1].request(cmd)
2008 if "FAIL" in res:
2009 raise Exception("Failed to add configurator")
2010 conf_id = int(res)
2011
2012 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2013 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2014
2015 dev[1].set("dpp_configurator_params",
2016 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
2017 cmd = "DPP_LISTEN 2437 role=configurator"
2018 if "OK" not in dev[1].request(cmd):
2019 raise Exception("Failed to start listen operation")
2020
2021 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2022 if "status,COMPLETE" not in res:
2023 raise Exception("dev_exec_action did not succeed: " + res)
2024
2025 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
2026 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
2027 raise Exception("Unexpected result: " + res)
2028 finally:
2029 dev[0].set("dpp_config_processing", "0")
2030 stop_sigma_dut(sigma)
2031
2032 def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
2033 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
2034 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
2035
2036 def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
2037 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
2038 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
2039
2040 def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
2041 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
2042 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
2043
2044 def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
2045 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
2046 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
2047
2048 def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
2049 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
2050 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
2051
2052 def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
2053 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
2054 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
2055
2056 def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
2057 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
2058 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
2059
2060 def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
2061 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
2062 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
2063
2064 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
2065 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
2066 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
2067
2068 def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
2069 prov_role="Configurator",
2070 extra=None):
2071 check_dpp_capab(dev[0])
2072 check_dpp_capab(dev[1])
2073 sigma = start_sigma_dut(dev[0].ifname)
2074 try:
2075 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2076 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2077
2078 cmd = "DPP_LISTEN 2437 role=enrollee"
2079 if "OK" not in dev[1].request(cmd):
2080 raise Exception("Failed to start listen operation")
2081
2082 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2083 if "status,COMPLETE" not in res:
2084 raise Exception("dev_exec_action did not succeed: " + res)
2085
2086 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
2087 if extra:
2088 cmd += "," + extra
2089 res = sigma_dut_cmd(cmd)
2090 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2091 raise Exception("Unexpected result: " + res)
2092 finally:
2093 stop_sigma_dut(sigma)
2094
2095 def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
2096 """sigma_dut DPP roles incompatible (Initiator)"""
2097 check_dpp_capab(dev[0])
2098 check_dpp_capab(dev[1])
2099 sigma = start_sigma_dut(dev[0].ifname)
2100 try:
2101 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2102 if "status,COMPLETE" not in res:
2103 raise Exception("dev_exec_action did not succeed: " + res)
2104 hex = res.split(',')[3]
2105 uri = from_hex(hex)
2106 logger.info("URI from sigma_dut: " + uri)
2107
2108 id1 = dev[1].dpp_qr_code(uri)
2109
2110 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2111 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2112
2113 cmd = "DPP_LISTEN 2437 role=enrollee"
2114 if "OK" not in dev[1].request(cmd):
2115 raise Exception("Failed to start listen operation")
2116
2117 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2118 if "status,COMPLETE" not in res:
2119 raise Exception("dev_exec_action did not succeed: " + res)
2120
2121 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2122 res = sigma_dut_cmd(cmd)
2123 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
2124 raise Exception("Unexpected result: " + res)
2125 finally:
2126 stop_sigma_dut(sigma)
2127
2128 def dpp_init_enrollee_mutual(dev, id1, own_id):
2129 logger.info("Starting DPP initiator/enrollee in a thread")
2130 time.sleep(1)
2131 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
2132 if "OK" not in dev.request(cmd):
2133 raise Exception("Failed to initiate DPP Authentication")
2134 ev = dev.wait_event(["DPP-CONF-RECEIVED",
2135 "DPP-NOT-COMPATIBLE"], timeout=5)
2136 if ev is None:
2137 raise Exception("DPP configuration not completed (Enrollee)")
2138 logger.info("DPP initiator/enrollee done")
2139
2140 def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
2141 """sigma_dut DPP roles incompatible (Responder)"""
2142 check_dpp_capab(dev[0])
2143 check_dpp_capab(dev[1])
2144 sigma = start_sigma_dut(dev[0].ifname)
2145 try:
2146 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2147 res = sigma_dut_cmd(cmd)
2148 if "status,COMPLETE" not in res:
2149 raise Exception("dev_exec_action did not succeed: " + res)
2150 hex = res.split(',')[3]
2151 uri = from_hex(hex)
2152 logger.info("URI from sigma_dut: " + uri)
2153
2154 id1 = dev[1].dpp_qr_code(uri)
2155
2156 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2157 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2158
2159 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2160 if "status,COMPLETE" not in res:
2161 raise Exception("dev_exec_action did not succeed: " + res)
2162
2163 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
2164 t.start()
2165 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
2166 res = sigma_dut_cmd(cmd, timeout=10)
2167 t.join()
2168 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
2169 raise Exception("Unexpected result: " + res)
2170 finally:
2171 stop_sigma_dut(sigma)
2172
2173 def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
2174 """sigma_dut DPP/PKEX initiator as Configurator"""
2175 check_dpp_capab(dev[0])
2176 check_dpp_capab(dev[1])
2177 sigma = start_sigma_dut(dev[0].ifname)
2178 try:
2179 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2180 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
2181 res = dev[1].request(cmd)
2182 if "FAIL" in res:
2183 raise Exception("Failed to set PKEX data (responder)")
2184 cmd = "DPP_LISTEN 2437 role=enrollee"
2185 if "OK" not in dev[1].request(cmd):
2186 raise Exception("Failed to start listen operation")
2187
2188 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
2189 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2190 raise Exception("Unexpected result: " + res)
2191 finally:
2192 stop_sigma_dut(sigma)
2193
2194 def dpp_init_conf(dev, id1, conf, conf_id, extra):
2195 logger.info("Starting DPP initiator/configurator in a thread")
2196 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
2197 if "OK" not in dev.request(cmd):
2198 raise Exception("Failed to initiate DPP Authentication")
2199 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2200 if ev is None:
2201 raise Exception("DPP configuration not completed (Configurator)")
2202 logger.info("DPP initiator/configurator done")
2203
2204 def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
2205 """sigma_dut controlled AP (DPP)"""
2206 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
2207
2208 def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
2209 """sigma_dut controlled AP (legacy)"""
2210 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
2211 extra="pass=%s" % to_hex("qwertyuiop"))
2212
2213 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
2214 """sigma_dut controlled AP (legacy)"""
2215 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
2216 extra="psk=%s" % (32*"12"))
2217
2218 def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
2219 check_dpp_capab(dev[0])
2220 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
2221 with HWSimRadio() as (radio, iface):
2222 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2223 try:
2224 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2225 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2226 if "status,COMPLETE" not in res:
2227 raise Exception("dev_exec_action did not succeed: " + res)
2228 hex = res.split(',')[3]
2229 uri = from_hex(hex)
2230 logger.info("URI from sigma_dut: " + uri)
2231
2232 cmd = "DPP_CONFIGURATOR_ADD"
2233 res = dev[0].request(cmd)
2234 if "FAIL" in res:
2235 raise Exception("Failed to add configurator")
2236 conf_id = int(res)
2237
2238 id1 = dev[0].dpp_qr_code(uri)
2239
2240 t = threading.Thread(target=dpp_init_conf,
2241 args=(dev[0], id1, ap_conf, conf_id, extra))
2242 t.start()
2243 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
2244 t.join()
2245 if "ConfResult,OK" not in res:
2246 raise Exception("Unexpected result: " + res)
2247
2248 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
2249 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2250
2251 id0b = dev[0].dpp_qr_code(uri1)
2252
2253 dev[1].set("dpp_config_processing", "2")
2254 cmd = "DPP_LISTEN 2412"
2255 if "OK" not in dev[1].request(cmd):
2256 raise Exception("Failed to start listen operation")
2257 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
2258 if "OK" not in dev[0].request(cmd):
2259 raise Exception("Failed to initiate DPP Authentication")
2260 dev[1].wait_connected()
2261
2262 sigma_dut_cmd_check("ap_reset_default")
2263 finally:
2264 dev[1].set("dpp_config_processing", "0")
2265 stop_sigma_dut(sigma)
2266
2267 def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
2268 """sigma_dut controlled AP as DPP PKEX responder"""
2269 check_dpp_capab(dev[0])
2270 logdir = os.path.join(params['logdir'],
2271 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
2272 with HWSimRadio() as (radio, iface):
2273 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2274 try:
2275 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
2276 finally:
2277 stop_sigma_dut(sigma)
2278
2279 def dpp_init_conf_pkex(dev, conf_id, check_config=True):
2280 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2281 time.sleep(1.5)
2282 id = dev.dpp_bootstrap_gen(type="pkex")
2283 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
2284 res = dev.request(cmd)
2285 if "FAIL" in res:
2286 raise Exception("Failed to initiate DPP PKEX")
2287 if not check_config:
2288 return
2289 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
2290 if ev is None:
2291 raise Exception("DPP configuration not completed (Configurator)")
2292 logger.info("DPP initiator/configurator done")
2293
2294 def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
2295 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2296
2297 cmd = "DPP_CONFIGURATOR_ADD"
2298 res = dev[0].request(cmd)
2299 if "FAIL" in res:
2300 raise Exception("Failed to add configurator")
2301 conf_id = int(res)
2302
2303 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
2304 t.start()
2305 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
2306 t.join()
2307 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2308 raise Exception("Unexpected result: " + res)
2309
2310 sigma_dut_cmd_check("ap_reset_default")
2311
2312 def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2313 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2314 check_dpp_capab(dev[0])
2315 sigma = start_sigma_dut(dev[0].ifname)
2316 try:
2317 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
2318 finally:
2319 stop_sigma_dut(sigma)
2320
2321 def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2322 cmd = "DPP_CONFIGURATOR_ADD"
2323 res = dev[1].request(cmd)
2324 if "FAIL" in res:
2325 raise Exception("Failed to add configurator")
2326 conf_id = int(res)
2327
2328 dev[1].set("dpp_test", "44")
2329
2330 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
2331 False))
2332 t.start()
2333 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
2334 t.join()
2335 if "BootstrapResult,Timeout" not in res:
2336 raise Exception("Unexpected result: " + res)
2337
2338 def dpp_proto_init(dev, id1):
2339 time.sleep(1)
2340 logger.info("Starting DPP initiator/configurator in a thread")
2341 cmd = "DPP_CONFIGURATOR_ADD"
2342 res = dev.request(cmd)
2343 if "FAIL" in res:
2344 raise Exception("Failed to add configurator")
2345 conf_id = int(res)
2346
2347 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
2348 if "OK" not in dev.request(cmd):
2349 raise Exception("Failed to initiate DPP Authentication")
2350
2351 def test_sigma_dut_dpp_proto_initiator(dev, apdev):
2352 """sigma_dut DPP protocol testing - Initiator"""
2353 check_dpp_capab(dev[0])
2354 check_dpp_capab(dev[1])
2355 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
2356 "BootstrapResult,OK,AuthResult,Errorsent",
2357 None),
2358 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2359 "BootstrapResult,OK,AuthResult,Errorsent",
2360 None),
2361 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2362 "BootstrapResult,OK,AuthResult,Errorsent",
2363 "Missing or invalid I-capabilities"),
2364 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2365 "BootstrapResult,OK,AuthResult,Errorsent",
2366 "Mismatching Initiator Authenticating Tag"),
2367 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2368 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2369 "Missing or invalid Enrollee Nonce attribute")]
2370 for step, frame, attr, result, fail in tests:
2371 dev[0].request("FLUSH")
2372 dev[1].request("FLUSH")
2373 sigma = start_sigma_dut(dev[0].ifname)
2374 try:
2375 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
2376 fail)
2377 finally:
2378 stop_sigma_dut(sigma)
2379
2380 def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
2381 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2382 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2383
2384 cmd = "DPP_LISTEN 2437 role=enrollee"
2385 if "OK" not in dev[1].request(cmd):
2386 raise Exception("Failed to start listen operation")
2387
2388 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2389 if "status,COMPLETE" not in res:
2390 raise Exception("dev_exec_action did not succeed: " + res)
2391
2392 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
2393 timeout=10)
2394 if result not in res:
2395 raise Exception("Unexpected result: " + res)
2396 if fail:
2397 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2398 if ev is None or fail not in ev:
2399 raise Exception("Failure not reported correctly: " + str(ev))
2400
2401 dev[1].request("DPP_STOP_LISTEN")
2402 dev[0].dump_monitor()
2403 dev[1].dump_monitor()
2404
2405 def test_sigma_dut_dpp_proto_responder(dev, apdev):
2406 """sigma_dut DPP protocol testing - Responder"""
2407 check_dpp_capab(dev[0])
2408 check_dpp_capab(dev[1])
2409 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2410 "BootstrapResult,OK,AuthResult,Errorsent",
2411 "Missing or invalid required DPP Status attribute"),
2412 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2413 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2414 "Missing or invalid Enrollee Nonce attribute")]
2415 for step, frame, attr, result, fail in tests:
2416 dev[0].request("FLUSH")
2417 dev[1].request("FLUSH")
2418 sigma = start_sigma_dut(dev[0].ifname)
2419 try:
2420 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2421 fail)
2422 finally:
2423 stop_sigma_dut(sigma)
2424
2425 def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2426 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2427 if "status,COMPLETE" not in res:
2428 raise Exception("dev_exec_action did not succeed: " + res)
2429 hex = res.split(',')[3]
2430 uri = from_hex(hex)
2431 logger.info("URI from sigma_dut: " + uri)
2432
2433 id1 = dev[1].dpp_qr_code(uri)
2434
2435 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2436 t.start()
2437 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2438 t.join()
2439 if result not in res:
2440 raise Exception("Unexpected result: " + res)
2441 if fail:
2442 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2443 if ev is None or fail not in ev:
2444 raise Exception("Failure not reported correctly:" + str(ev))
2445
2446 dev[1].request("DPP_STOP_LISTEN")
2447 dev[0].dump_monitor()
2448 dev[1].dump_monitor()
2449
2450 def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2451 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2452 check_dpp_capab(dev[0])
2453 check_dpp_capab(dev[1])
2454 tests = [("AuthenticationResponse",
2455 "BootstrapResult,OK,AuthResult,Errorsent",
2456 None),
2457 ("ConfigurationRequest",
2458 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2459 None)]
2460 for frame, result, fail in tests:
2461 dev[0].request("FLUSH")
2462 dev[1].request("FLUSH")
2463 sigma = start_sigma_dut(dev[0].ifname)
2464 try:
2465 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2466 finally:
2467 stop_sigma_dut(sigma)
2468
2469 def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
2470 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2471 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2472
2473 cmd = "DPP_LISTEN 2437 role=enrollee"
2474 if "OK" not in dev[1].request(cmd):
2475 raise Exception("Failed to start listen operation")
2476
2477 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2478 if "status,COMPLETE" not in res:
2479 raise Exception("dev_exec_action did not succeed: " + res)
2480
2481 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2482 if result not in res:
2483 raise Exception("Unexpected result: " + res)
2484 if fail:
2485 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2486 if ev is None or fail not in ev:
2487 raise Exception("Failure not reported correctly: " + str(ev))
2488
2489 dev[1].request("DPP_STOP_LISTEN")
2490 dev[0].dump_monitor()
2491 dev[1].dump_monitor()
2492
2493 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2494 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2495 check_dpp_capab(dev[0])
2496 check_dpp_capab(dev[1])
2497 tests = [("AuthenticationConfirm",
2498 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2499 None)]
2500 for frame, result, fail in tests:
2501 dev[0].request("FLUSH")
2502 dev[1].request("FLUSH")
2503 sigma = start_sigma_dut(dev[0].ifname)
2504 try:
2505 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2506 result, fail)
2507 finally:
2508 stop_sigma_dut(sigma)
2509
2510 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2511 fail):
2512 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2513 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2514
2515 cmd = "DPP_LISTEN 2437 role=configurator"
2516 if "OK" not in dev[1].request(cmd):
2517 raise Exception("Failed to start listen operation")
2518
2519 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2520 if "status,COMPLETE" not in res:
2521 raise Exception("dev_exec_action did not succeed: " + res)
2522
2523 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2524 if result not in res:
2525 raise Exception("Unexpected result: " + res)
2526 if fail:
2527 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2528 if ev is None or fail not in ev:
2529 raise Exception("Failure not reported correctly: " + str(ev))
2530
2531 dev[1].request("DPP_STOP_LISTEN")
2532 dev[0].dump_monitor()
2533 dev[1].dump_monitor()
2534
2535 def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2536 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2537 check_dpp_capab(dev[0])
2538 check_dpp_capab(dev[1])
2539 tests = [("AuthenticationRequest",
2540 "BootstrapResult,OK,AuthResult,Errorsent",
2541 None),
2542 ("AuthenticationConfirm",
2543 "BootstrapResult,OK,AuthResult,Errorsent",
2544 None)]
2545 for frame, result, fail in tests:
2546 dev[0].request("FLUSH")
2547 dev[1].request("FLUSH")
2548 sigma = start_sigma_dut(dev[0].ifname)
2549 try:
2550 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2551 finally:
2552 stop_sigma_dut(sigma)
2553
2554 def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2555 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2556 if "status,COMPLETE" not in res:
2557 raise Exception("dev_exec_action did not succeed: " + res)
2558 hex = res.split(',')[3]
2559 uri = from_hex(hex)
2560 logger.info("URI from sigma_dut: " + uri)
2561
2562 id1 = dev[1].dpp_qr_code(uri)
2563
2564 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2565 t.start()
2566 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2567 t.join()
2568 if result not in res:
2569 raise Exception("Unexpected result: " + res)
2570 if fail:
2571 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2572 if ev is None or fail not in ev:
2573 raise Exception("Failure not reported correctly:" + str(ev))
2574
2575 dev[1].request("DPP_STOP_LISTEN")
2576 dev[0].dump_monitor()
2577 dev[1].dump_monitor()
2578
2579 def dpp_proto_init_pkex(dev):
2580 time.sleep(1)
2581 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2582 cmd = "DPP_CONFIGURATOR_ADD"
2583 res = dev.request(cmd)
2584 if "FAIL" in res:
2585 raise Exception("Failed to add configurator")
2586 conf_id = int(res)
2587
2588 id = dev.dpp_bootstrap_gen(type="pkex")
2589
2590 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2591 if "FAIL" in dev.request(cmd):
2592 raise Exception("Failed to initiate DPP PKEX")
2593
2594 def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2595 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2596 check_dpp_capab(dev[0])
2597 check_dpp_capab(dev[1])
2598 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2599 "BootstrapResult,Errorsent",
2600 None),
2601 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2602 "BootstrapResult,Errorsent",
2603 "Missing or invalid Finite Cyclic Group attribute"),
2604 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2605 "BootstrapResult,Errorsent",
2606 "No valid peer bootstrapping key found")]
2607 for step, frame, attr, result, fail in tests:
2608 dev[0].request("FLUSH")
2609 dev[1].request("FLUSH")
2610 sigma = start_sigma_dut(dev[0].ifname)
2611 try:
2612 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2613 result, fail)
2614 finally:
2615 stop_sigma_dut(sigma)
2616
2617 def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
2618 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2619
2620 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2621 res = dev[1].request(cmd)
2622 if "FAIL" in res:
2623 raise Exception("Failed to set PKEX data (responder)")
2624
2625 cmd = "DPP_LISTEN 2437 role=enrollee"
2626 if "OK" not in dev[1].request(cmd):
2627 raise Exception("Failed to start listen operation")
2628
2629 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
2630 if result not in res:
2631 raise Exception("Unexpected result: " + res)
2632 if fail:
2633 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2634 if ev is None or fail not in ev:
2635 raise Exception("Failure not reported correctly: " + str(ev))
2636
2637 dev[1].request("DPP_STOP_LISTEN")
2638 dev[0].dump_monitor()
2639 dev[1].dump_monitor()
2640
2641 def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2642 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2643 check_dpp_capab(dev[0])
2644 check_dpp_capab(dev[1])
2645 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2646 "BootstrapResult,Errorsent",
2647 None),
2648 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2649 "BootstrapResult,Errorsent",
2650 "No DPP Status attribute"),
2651 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2652 "BootstrapResult,Errorsent",
2653 "No valid peer bootstrapping key found")]
2654 for step, frame, attr, result, fail in tests:
2655 dev[0].request("FLUSH")
2656 dev[1].request("FLUSH")
2657 sigma = start_sigma_dut(dev[0].ifname)
2658 try:
2659 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2660 result, fail)
2661 finally:
2662 stop_sigma_dut(sigma)
2663
2664 def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2665 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2666 t.start()
2667 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2668 t.join()
2669 if result not in res:
2670 raise Exception("Unexpected result: " + res)
2671 if fail:
2672 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2673 if ev is None or fail not in ev:
2674 raise Exception("Failure not reported correctly:" + str(ev))
2675
2676 dev[1].request("DPP_STOP_LISTEN")
2677 dev[0].dump_monitor()
2678 dev[1].dump_monitor()
2679
2680 def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2681 check_dpp_capab(dev[0])
2682 check_dpp_capab(dev[1])
2683
2684 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2685 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2686 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2687 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2688
2689 params = {"ssid": "DPPNET01",
2690 "wpa": "2",
2691 "ieee80211w": "2",
2692 "wpa_key_mgmt": "DPP",
2693 "rsn_pairwise": "CCMP",
2694 "dpp_connector": ap_connector,
2695 "dpp_csign": csign_pub,
2696 "dpp_netaccesskey": ap_netaccesskey}
2697 try:
2698 hapd = hostapd.add_ap(apdev[0], params)
2699 except:
2700 raise HwsimSkip("DPP not supported")
2701
2702 dev[0].set("dpp_config_processing", "2")
2703
2704 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2705 res = dev[1].request(cmd)
2706 if "FAIL" in res:
2707 raise Exception("Failed to add configurator")
2708 conf_id = int(res)
2709
2710 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2711 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2712
2713 dev[1].set("dpp_configurator_params",
2714 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2715 conf_id))
2716 cmd = "DPP_LISTEN 2437 role=configurator"
2717 if "OK" not in dev[1].request(cmd):
2718 raise Exception("Failed to start listen operation")
2719
2720 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2721 if "status,COMPLETE" not in res:
2722 raise Exception("dev_exec_action did not succeed: " + res)
2723
2724 def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2725 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2726 sigma = start_sigma_dut(dev[0].ifname)
2727 try:
2728 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2729
2730 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2731 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2732 raise Exception("Unexpected result: " + res)
2733 finally:
2734 dev[0].set("dpp_config_processing", "0", allow_fail=True)
2735 stop_sigma_dut(sigma)
2736
2737 def test_sigma_dut_dpp_self_config(dev, apdev):
2738 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2739 check_dpp_capab(dev[0])
2740
2741 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2742 check_dpp_capab(hapd)
2743
2744 sigma = start_sigma_dut(dev[0].ifname)
2745 try:
2746 dev[0].set("dpp_config_processing", "2")
2747 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2748 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2749
2750 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2751 if "status,COMPLETE" not in res:
2752 raise Exception("dev_exec_action did not succeed: " + res)
2753
2754 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2755 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2756 raise Exception("Unexpected result: " + res)
2757 update_hapd_config(hapd)
2758
2759 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2760 res = sigma_dut_cmd(cmd, timeout=10)
2761 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2762 raise Exception("Unexpected result: " + res)
2763 finally:
2764 stop_sigma_dut(sigma)
2765 dev[0].set("dpp_config_processing", "0")
2766
2767 def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2768 """sigma_dut DPP AP Configurator using self-configuration"""
2769 logdir = os.path.join(params['logdir'],
2770 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2771 with HWSimRadio() as (radio, iface):
2772 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2773 try:
2774 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2775 finally:
2776 stop_sigma_dut(sigma)
2777 dev[0].set("dpp_config_processing", "0", allow_fail=True)
2778
2779 def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2780 check_dpp_capab(dev[0])
2781
2782 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2783
2784 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2785 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2786 raise Exception("Unexpected result: " + res)
2787
2788 dev[0].set("dpp_config_processing", "2")
2789
2790 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
2791 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2792 cmd = "DPP_LISTEN 2462 role=enrollee"
2793 if "OK" not in dev[0].request(cmd):
2794 raise Exception("Failed to start listen operation")
2795
2796 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2797 if "status,COMPLETE" not in res:
2798 raise Exception("dev_exec_action did not succeed: " + res)
2799 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2800 res = sigma_dut_cmd(cmd)
2801 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2802 raise Exception("Unexpected result: " + res)
2803 dev[0].wait_connected()
2804 dev[0].request("DISCONNECT")
2805 dev[0].wait_disconnected()
2806 sigma_dut_cmd_check("ap_reset_default")
2807
2808
2809 def test_sigma_dut_ap_dpp_relay(dev, apdev, params):
2810 """sigma_dut DPP AP as Relay to Controller"""
2811 logdir = os.path.join(params['logdir'],
2812 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2813 with HWSimRadio() as (radio, iface):
2814 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2815 try:
2816 run_sigma_dut_ap_dpp_relay(dev, apdev)
2817 finally:
2818 stop_sigma_dut(sigma)
2819 dev[1].request("DPP_CONTROLLER_STOP")
2820
2821 def run_sigma_dut_ap_dpp_relay(dev, apdev):
2822 check_dpp_capab(dev[0])
2823 check_dpp_capab(dev[1])
2824
2825 # Controller
2826 conf_id = dev[1].dpp_configurator_add()
2827 dev[1].set("dpp_configurator_params",
2828 " conf=sta-dpp configurator=%d" % conf_id)
2829 id_c = dev[1].dpp_bootstrap_gen()
2830 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2831 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
2832 pkhash = None
2833 for line in res.splitlines():
2834 name, value = line.split('=')
2835 if name == "pkhash":
2836 pkhash = value
2837 break
2838 if not pkhash:
2839 raise Exception("Could not fetch public key hash from Controller")
2840 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2841 raise Exception("Failed to start Controller")
2842
2843 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2844 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash)
2845 res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2846
2847 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
2848 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0])
2849
2850 sigma_dut_cmd_check("ap_reset_default")
2851
2852 def dpp_init_tcp_enrollee(dev, id1):
2853 logger.info("Starting DPP initiator/enrollee (TCP) in a thread")
2854 time.sleep(1)
2855 cmd = "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2856 if "OK" not in dev.request(cmd):
2857 raise Exception("Failed to initiate DPP Authentication")
2858 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2859 if ev is None:
2860 raise Exception("DPP configuration not completed (Enrollee)")
2861 logger.info("DPP initiator/enrollee done")
2862
2863 def test_sigma_dut_dpp_tcp_conf_resp(dev, apdev):
2864 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2865 run_sigma_dut_dpp_tcp_conf_resp(dev)
2866
2867 def run_sigma_dut_dpp_tcp_conf_resp(dev, status_query=False):
2868 check_dpp_capab(dev[0])
2869 check_dpp_capab(dev[1])
2870 sigma = start_sigma_dut(dev[0].ifname)
2871 try:
2872 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2873 res = sigma_dut_cmd(cmd)
2874 if "status,COMPLETE" not in res:
2875 raise Exception("dev_exec_action did not succeed: " + res)
2876 hex = res.split(',')[3]
2877 uri = from_hex(hex)
2878 logger.info("URI from sigma_dut: " + uri)
2879
2880 id1 = dev[1].dpp_qr_code(uri)
2881
2882 t = threading.Thread(target=dpp_init_tcp_enrollee, args=(dev[1], id1))
2883 t.start()
2884 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2885 if status_query:
2886 cmd += ",DPPStatusQuery,Yes"
2887 res = sigma_dut_cmd(cmd, timeout=10)
2888 t.join()
2889 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2890 raise Exception("Unexpected result: " + res)
2891 if status_query and "StatusResult,0" not in res:
2892 raise Exception("Status query did not succeed: " + res)
2893 finally:
2894 stop_sigma_dut(sigma)
2895
2896 def test_sigma_dut_dpp_tcp_enrollee_init(dev, apdev):
2897 """sigma_dut DPP TCP Enrollee as initiator"""
2898 check_dpp_capab(dev[0])
2899 check_dpp_capab(dev[1])
2900 sigma = start_sigma_dut(dev[0].ifname)
2901 try:
2902 # Controller
2903 conf_id = dev[1].dpp_configurator_add()
2904 dev[1].set("dpp_configurator_params",
2905 " conf=sta-dpp configurator=%d" % conf_id)
2906 id_c = dev[1].dpp_bootstrap_gen()
2907 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2908 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2909 raise Exception("Failed to start Controller")
2910
2911 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
2912 if "status,COMPLETE" not in res:
2913 raise Exception("dev_exec_action did not succeed: " + res)
2914
2915 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2916 res = sigma_dut_cmd(cmd, timeout=10)
2917 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2918 raise Exception("Unexpected result: " + res)
2919 finally:
2920 stop_sigma_dut(sigma)
2921 dev[1].request("DPP_CONTROLLER_STOP")
2922
2923 def test_sigma_dut_preconfigured_profile(dev, apdev):
2924 """sigma_dut controlled connection using preconfigured profile"""
2925 try:
2926 run_sigma_dut_preconfigured_profile(dev, apdev)
2927 finally:
2928 dev[0].set("ignore_old_scan_res", "0")
2929
2930 def run_sigma_dut_preconfigured_profile(dev, apdev):
2931 ifname = dev[0].ifname
2932 sigma = start_sigma_dut(ifname)
2933
2934 try:
2935 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2936 hapd = hostapd.add_ap(apdev[0], params)
2937 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2938 only_add_network=True)
2939
2940 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2941 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"),
2942 timeout=10)
2943 sigma_dut_wait_connected(ifname)
2944 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2945 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2946 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2947 finally:
2948 stop_sigma_dut(sigma)
2949
2950 def test_sigma_dut_wps_pbc(dev, apdev):
2951 """sigma_dut and WPS PBC Enrollee"""
2952 try:
2953 run_sigma_dut_wps_pbc(dev, apdev)
2954 finally:
2955 dev[0].set("ignore_old_scan_res", "0")
2956
2957 def run_sigma_dut_wps_pbc(dev, apdev):
2958 ssid = "test-wps-conf"
2959 hapd = hostapd.add_ap(apdev[0],
2960 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2961 "wpa_passphrase": "12345678", "wpa": "2",
2962 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2963 hapd.request("WPS_PBC")
2964
2965 ifname = dev[0].ifname
2966 sigma = start_sigma_dut(ifname)
2967
2968 try:
2969 cmd = "start_wps_registration,interface,%s" % ifname
2970 cmd += ",WpsRole,Enrollee"
2971 cmd += ",WpsConfigMethod,PBC"
2972 sigma_dut_cmd_check(cmd, timeout=15)
2973
2974 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2975 hapd.disable()
2976 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2977 finally:
2978 stop_sigma_dut(sigma)
2979 dev[0].flush_scan_cache()
2980
2981 def test_sigma_dut_sta_scan_bss(dev, apdev):
2982 """sigma_dut sta_scan_bss"""
2983 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
2984 sigma = start_sigma_dut(dev[0].ifname)
2985 try:
2986 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2987 hapd.own_addr())
2988 res = sigma_dut_cmd(cmd, timeout=10)
2989 if "ssid,test,bsschannel,1" not in res:
2990 raise Exception("Unexpected result: " + res)
2991 finally:
2992 stop_sigma_dut(sigma)
2993
2994 def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2995 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2996 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2997 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2998 sigma = start_sigma_dut(dev[0].ifname)
2999 try:
3000 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
3001 res = sigma_dut_cmd(cmd, timeout=10)
3002 if "abcdef" not in res or "qwerty" not in res:
3003 raise Exception("Unexpected result: " + res)
3004 finally:
3005 stop_sigma_dut(sigma)
3006
3007 def test_sigma_dut_ap_osen(dev, apdev, params):
3008 """sigma_dut controlled AP with OSEN"""
3009 logdir = os.path.join(params['logdir'],
3010 "sigma_dut_ap_osen.sigma-hostapd")
3011 with HWSimRadio() as (radio, iface):
3012 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3013 try:
3014 sigma_dut_cmd_check("ap_reset_default")
3015 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3016 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3017 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
3018 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3019
3020 # RSN-OSEN (for OSU)
3021 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
3022 pairwise="CCMP", group="GTK_NOT_USED",
3023 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
3024 ca_cert="auth_serv/ca.pem", scan_freq="2412")
3025
3026 sigma_dut_cmd_check("ap_reset_default")
3027 finally:
3028 stop_sigma_dut(sigma)
3029
3030 def test_sigma_dut_ap_eap_osen(dev, apdev, params):
3031 """sigma_dut controlled AP with EAP+OSEN"""
3032 logdir = os.path.join(params['logdir'],
3033 "sigma_dut_ap_eap_osen.sigma-hostapd")
3034 with HWSimRadio() as (radio, iface):
3035 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
3036 try:
3037 sigma_dut_cmd_check("ap_reset_default")
3038 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3039 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3040 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
3041 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3042
3043 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
3044 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
3045
3046 # RSN-OSEN (for OSU)
3047 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
3048 pairwise="CCMP",
3049 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
3050 ca_cert="auth_serv/ca.pem", ieee80211w='2',
3051 scan_freq="2412")
3052 # RSN-EAP (for data connection)
3053 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
3054 identity="hs20-test", password="password",
3055 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
3056 ieee80211w='2', scan_freq="2412")
3057
3058 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
3059 success_expected=False, timeout=1)
3060
3061 sigma_dut_cmd_check("ap_reset_default")
3062 finally:
3063 stop_sigma_dut(sigma)
3064 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
3065 stderr=open('/dev/null', 'w'))
3066 subprocess.call(['brctl', 'delbr', 'ap-br0'],
3067 stderr=open('/dev/null', 'w'))
3068
3069 def test_sigma_dut_ap_eap(dev, apdev, params):
3070 """sigma_dut controlled AP WPA2-Enterprise"""
3071 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
3072 with HWSimRadio() as (radio, iface):
3073 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3074 try:
3075 sigma_dut_cmd_check("ap_reset_default")
3076 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3077 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3078 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
3079 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3080
3081 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
3082 identity="gpsk user",
3083 password="abcdefghijklmnop0123456789abcdef",
3084 scan_freq="2412")
3085
3086 sigma_dut_cmd_check("ap_reset_default")
3087 finally:
3088 stop_sigma_dut(sigma)
3089
3090 def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
3091 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
3092 logdir = os.path.join(params['logdir'],
3093 "sigma_dut_ap_eap_sha256.sigma-hostapd")
3094 with HWSimRadio() as (radio, iface):
3095 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3096 try:
3097 sigma_dut_cmd_check("ap_reset_default")
3098 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
3099 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3100 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
3101 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3102
3103 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
3104 identity="gpsk user",
3105 password="abcdefghijklmnop0123456789abcdef",
3106 scan_freq="2412")
3107
3108 sigma_dut_cmd_check("ap_reset_default")
3109 finally:
3110 stop_sigma_dut(sigma)
3111
3112 def test_sigma_dut_ap_ft_eap(dev, apdev, params):
3113 """sigma_dut controlled AP FT-EAP"""
3114 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
3115 with HWSimRadio() as (radio, iface):
3116 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3117 try:
3118 sigma_dut_cmd_check("ap_reset_default")
3119 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3120 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3121 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
3122 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3123
3124 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
3125 identity="gpsk user",
3126 password="abcdefghijklmnop0123456789abcdef",
3127 scan_freq="2412")
3128
3129 sigma_dut_cmd_check("ap_reset_default")
3130 finally:
3131 stop_sigma_dut(sigma)
3132
3133 def test_sigma_dut_ap_ft_psk(dev, apdev, params):
3134 """sigma_dut controlled AP FT-PSK"""
3135 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
3136 with HWSimRadio() as (radio, iface):
3137 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3138 try:
3139 sigma_dut_cmd_check("ap_reset_default")
3140 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3141 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3142 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3143
3144 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
3145 scan_freq="2412")
3146
3147 sigma_dut_cmd_check("ap_reset_default")
3148 finally:
3149 stop_sigma_dut(sigma)
3150
3151 def test_sigma_dut_ap_ft_over_ds_psk(dev, apdev, params):
3152 """sigma_dut controlled AP FT-PSK (over-DS)"""
3153 logdir = os.path.join(params['logdir'],
3154 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
3155 conffile = os.path.join(params['logdir'],
3156 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
3157 with HWSimRadio() as (radio, iface):
3158 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3159 try:
3160 sigma_dut_cmd_check("ap_reset_default")
3161 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
3162 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
3163 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3164
3165 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3166 with open(conffile, "wb") as f2:
3167 f2.write(f.read())
3168
3169 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
3170 scan_freq="2412")
3171
3172 sigma_dut_cmd_check("ap_reset_default")
3173 finally:
3174 stop_sigma_dut(sigma)
3175
3176 def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
3177 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
3178 logdir = os.path.join(params['logdir'],
3179 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
3180 with HWSimRadio() as (radio, iface):
3181 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3182 try:
3183 sigma_dut_cmd_check("ap_reset_default")
3184 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
3185 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3186 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
3187 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3188
3189 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
3190 identity="gpsk user",
3191 password="abcdefghijklmnop0123456789abcdef",
3192 scan_freq="2412")
3193 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
3194 identity="gpsk user",
3195 password="abcdefghijklmnop0123456789abcdef",
3196 scan_freq="2412")
3197
3198 sigma_dut_cmd_check("ap_reset_default")
3199 finally:
3200 stop_sigma_dut(sigma)
3201
3202 def test_sigma_dut_venue_url(dev, apdev):
3203 """sigma_dut controlled Venue URL fetch"""
3204 try:
3205 run_sigma_dut_venue_url(dev, apdev)
3206 finally:
3207 dev[0].set("ignore_old_scan_res", "0")
3208
3209 def run_sigma_dut_venue_url(dev, apdev):
3210 ifname = dev[0].ifname
3211 sigma = start_sigma_dut(ifname)
3212
3213 try:
3214 ssid = "venue"
3215 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3216 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
3217 params["ieee80211w"] = "2"
3218
3219 venue_group = 1
3220 venue_type = 13
3221 venue_info = struct.pack('BB', venue_group, venue_type)
3222 lang1 = "eng"
3223 name1 = "Example venue"
3224 lang2 = "fin"
3225 name2 = "Esimerkkipaikka"
3226 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
3227 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
3228 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
3229
3230 url1 = "http://example.com/venue"
3231 url2 = "https://example.org/venue-info/"
3232 params["venue_group"] = str(venue_group)
3233 params["venue_type"] = str(venue_type)
3234 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
3235 params["venue_url"] = ["1:" + url1, "2:" + url2]
3236
3237 hapd = hostapd.add_ap(apdev[0], params)
3238
3239 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
3240 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3241 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
3242 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"),
3243 timeout=10)
3244 sigma_dut_wait_connected(ifname)
3245 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3246 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
3247 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3248 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3249 finally:
3250 stop_sigma_dut(sigma)
3251
3252 def test_sigma_dut_hs20_assoc_24(dev, apdev):
3253 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
3254 run_sigma_dut_hs20_assoc(dev, apdev, True)
3255
3256 def test_sigma_dut_hs20_assoc_5(dev, apdev):
3257 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
3258 run_sigma_dut_hs20_assoc(dev, apdev, False)
3259
3260 def run_sigma_dut_hs20_assoc(dev, apdev, band24):
3261 hapd0 = None
3262 hapd1 = None
3263 try:
3264 bssid0 = apdev[0]['bssid']
3265 params = hs20_ap_params()
3266 params['hessid'] = bssid0
3267 hapd0 = hostapd.add_ap(apdev[0], params)
3268
3269 bssid1 = apdev[1]['bssid']
3270 params = hs20_ap_params()
3271 params['hessid'] = bssid0
3272 params["hw_mode"] = "a"
3273 params["channel"] = "36"
3274 params["country_code"] = "US"
3275 hapd1 = hostapd.add_ap(apdev[1], params)
3276
3277 band = "2.4" if band24 else "5"
3278 exp_bssid = bssid0 if band24 else bssid1
3279 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
3280 finally:
3281 dev[0].request("DISCONNECT")
3282 if hapd0:
3283 hapd0.request("DISABLE")
3284 if hapd1:
3285 hapd1.request("DISABLE")
3286 subprocess.call(['iw', 'reg', 'set', '00'])
3287 dev[0].flush_scan_cache()
3288
3289 def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
3290 check_eap_capa(dev[0], "MSCHAPV2")
3291 dev[0].flush_scan_cache()
3292
3293 ifname = dev[0].ifname
3294 sigma = start_sigma_dut(ifname)
3295
3296 try:
3297 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
3298 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3299 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
3300 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
3301 timeout=15)
3302 sigma_dut_wait_connected(ifname)
3303 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3304 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3305 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3306 finally:
3307 stop_sigma_dut(sigma)
3308
3309 if "BSSID," + expect_bssid not in res:
3310 raise Exception("Unexpected BSSID: " + res)
3311
3312 def test_sigma_dut_ap_hs20(dev, apdev, params):
3313 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3314 logdir = os.path.join(params['logdir'],
3315 "sigma_dut_ap_hs20.sigma-hostapd")
3316 conffile = os.path.join(params['logdir'],
3317 "sigma_dut_ap_hs20.sigma-conf")
3318 with HWSimRadio() as (radio, iface):
3319 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
3320 try:
3321 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3322 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3323 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3324 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3325 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3326 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3327 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3328 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3329 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3330 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3331 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3332 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3333 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3334 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3335
3336 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3337 with open(conffile, "wb") as f2:
3338 f2.write(f.read())
3339
3340 sigma_dut_cmd_check("ap_reset_default")
3341 finally:
3342 stop_sigma_dut(sigma)
3343
3344 def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
3345 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3346 logdir = params['logdir']
3347
3348 with open("auth_serv/ca.pem", "r") as f:
3349 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
3350 "w") as f2:
3351 f2.write(f.read())
3352
3353 src = "auth_serv/server.pem"
3354 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
3355 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3356 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3357 "-outform", "DER"],
3358 stderr=open('/dev/null', 'w'))
3359 with open(dst, "rb") as f:
3360 der = f.read()
3361 hash = hashlib.sha256(der).digest()
3362 with open(hashdst, "w") as f:
3363 f.write(binascii.hexlify(hash).decode())
3364
3365 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3366 with open(dst, "w") as f:
3367 f.write(32*"00")
3368
3369 ssid = "test-wpa2-eap"
3370 params = hostapd.wpa2_eap_params(ssid=ssid)
3371 hapd = hostapd.add_ap(apdev[0], params)
3372
3373 ifname = dev[0].ifname
3374 sigma = start_sigma_dut(ifname, cert_path=logdir)
3375
3376 try:
3377 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
3378
3379 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3380 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3381 sigma_dut_cmd_check(cmd)
3382 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3383 timeout=10)
3384 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3385 if ev is None:
3386 raise Exception("Server certificate error not reported")
3387
3388 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3389 if "ServerCertTrustResult,Accepted" not in res:
3390 raise Exception("Server certificate trust was not accepted")
3391 sigma_dut_wait_connected(ifname)
3392 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3393 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3394 dev[0].dump_monitor()
3395 finally:
3396 stop_sigma_dut(sigma)
3397
3398 def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
3399 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3400 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
3401
3402 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
3403 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3404 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
3405
3406 def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
3407 logdir = params['logdir']
3408
3409 name = "sigma_dut_eap_ttls_uosc_tod"
3410 if tofu:
3411 name += "_tofu"
3412 with open("auth_serv/ca.pem", "r") as f:
3413 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3414 f2.write(f.read())
3415
3416 if tofu:
3417 src = "auth_serv/server-certpol2.pem"
3418 else:
3419 src = "auth_serv/server-certpol.pem"
3420 dst = os.path.join(logdir, name + ".server.der")
3421 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3422 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3423 "-outform", "DER"],
3424 stderr=open('/dev/null', 'w'))
3425 with open(dst, "rb") as f:
3426 der = f.read()
3427 hash = hashlib.sha256(der).digest()
3428 with open(hashdst, "w") as f:
3429 f.write(binascii.hexlify(hash).decode())
3430
3431 ssid = "test-wpa2-eap"
3432 params = int_eap_server_params()
3433 params["ssid"] = ssid
3434 if tofu:
3435 params["server_cert"] = "auth_serv/server-certpol2.pem"
3436 params["private_key"] = "auth_serv/server-certpol2.key"
3437 else:
3438 params["server_cert"] = "auth_serv/server-certpol.pem"
3439 params["private_key"] = "auth_serv/server-certpol.key"
3440 hapd = hostapd.add_ap(apdev[0], params)
3441
3442 ifname = dev[0].ifname
3443 sigma = start_sigma_dut(ifname, cert_path=logdir)
3444
3445 try:
3446 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
3447 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3448 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3449 sigma_dut_cmd_check(cmd)
3450 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3451 timeout=10)
3452 sigma_dut_wait_connected(ifname)
3453 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3454 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
3455 dev[0].wait_disconnected()
3456 dev[0].dump_monitor()
3457
3458 hapd.disable()
3459 params = hostapd.wpa2_eap_params(ssid=ssid)
3460 hapd = hostapd.add_ap(apdev[0], params)
3461
3462 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3463 timeout=10)
3464 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3465 if ev is None:
3466 raise Exception("Server certificate error not reported")
3467
3468 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3469 if "ServerCertTrustResult,Accepted" in res:
3470 raise Exception("Server certificate trust override was accepted unexpectedly")
3471 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3472 dev[0].dump_monitor()
3473 finally:
3474 stop_sigma_dut(sigma)
3475
3476 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
3477 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3478 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
3479
3480 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
3481 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3482 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
3483
3484 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
3485 logdir = params['logdir']
3486
3487 name = "sigma_dut_eap_ttls_uosc_initial_tod"
3488 if tofu:
3489 name += "_tofu"
3490 with open("auth_serv/rsa3072-ca.pem", "r") as f:
3491 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3492 f2.write(f.read())
3493
3494 if tofu:
3495 src = "auth_serv/server-certpol2.pem"
3496 else:
3497 src = "auth_serv/server-certpol.pem"
3498 dst = os.path.join(logdir, name + ".server.der")
3499 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3500 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3501 "-outform", "DER"],
3502 stderr=open('/dev/null', 'w'))
3503 with open(dst, "rb") as f:
3504 der = f.read()
3505 hash = hashlib.sha256(der).digest()
3506 with open(hashdst, "w") as f:
3507 f.write(binascii.hexlify(hash).decode())
3508
3509 ssid = "test-wpa2-eap"
3510 params = int_eap_server_params()
3511 params["ssid"] = ssid
3512 if tofu:
3513 params["server_cert"] = "auth_serv/server-certpol2.pem"
3514 params["private_key"] = "auth_serv/server-certpol2.key"
3515 else:
3516 params["server_cert"] = "auth_serv/server-certpol.pem"
3517 params["private_key"] = "auth_serv/server-certpol.key"
3518 hapd = hostapd.add_ap(apdev[0], params)
3519
3520 ifname = dev[0].ifname
3521 sigma = start_sigma_dut(ifname, cert_path=logdir)
3522
3523 try:
3524 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
3525 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3526 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3527 sigma_dut_cmd_check(cmd)
3528 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3529 timeout=10)
3530 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
3531 if ev is None:
3532 raise Exception("Server certificate validation failure not reported")
3533
3534 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3535 if not tofu and "ServerCertTrustResult,Accepted" in res:
3536 raise Exception("Server certificate trust override was accepted unexpectedly")
3537 if tofu and "ServerCertTrustResult,Accepted" not in res:
3538 raise Exception("Server certificate trust override was not accepted")
3539 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3540 dev[0].dump_monitor()
3541 finally:
3542 stop_sigma_dut(sigma)
3543
3544 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
3545 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3546 check_domain_suffix_match(dev[0])
3547 logdir = params['logdir']
3548
3549 with open("auth_serv/ca.pem", "r") as f:
3550 with open(os.path.join(logdir,
3551 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3552 "w") as f2:
3553 f2.write(f.read())
3554
3555 ssid = "test-wpa2-eap"
3556 params = int_eap_server_params()
3557 params["ssid"] = ssid
3558 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3559 params["server_cert"] = "auth_serv/rsa3072-server.pem"
3560 params["private_key"] = "auth_serv/rsa3072-server.key"
3561 hapd = hostapd.add_ap(apdev[0], params)
3562
3563 ifname = dev[0].ifname
3564 sigma = start_sigma_dut(ifname, cert_path=logdir)
3565
3566 try:
3567 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
3568 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3569 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3570 sigma_dut_cmd_check(cmd)
3571 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid),
3572 timeout=10)
3573 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3574 if ev is None:
3575 raise Exception("Server certificate error not reported")
3576
3577 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3578 if "ServerCertTrustResult,Accepted" not in res:
3579 raise Exception("Server certificate trust was not accepted")
3580 sigma_dut_wait_connected(ifname)
3581 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3582 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3583 dev[0].dump_monitor()
3584 finally:
3585 stop_sigma_dut(sigma)
3586
3587 def start_sae_pwe_ap(apdev, sae_pwe):
3588 ssid = "test-sae"
3589 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3590 params['wpa_key_mgmt'] = 'SAE'
3591 params["ieee80211w"] = "2"
3592 params['sae_groups'] = '19'
3593 params['sae_pwe'] = str(sae_pwe)
3594 return hostapd.add_ap(apdev, params)
3595
3596 def connect_sae_pwe_sta(dev, ifname, extra=None):
3597 dev.dump_monitor()
3598 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3599 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3600 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3601 if extra:
3602 cmd += "," + extra
3603 sigma_dut_cmd_check(cmd)
3604 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3605 timeout=10)
3606 sigma_dut_wait_connected(ifname)
3607 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3608 dev.wait_disconnected()
3609 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3610 dev.dump_monitor()
3611
3612 def no_connect_sae_pwe_sta(dev, ifname, extra=None):
3613 dev.dump_monitor()
3614 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3615 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3616 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3617 if extra:
3618 cmd += "," + extra
3619 sigma_dut_cmd_check(cmd)
3620 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3621 timeout=10)
3622 ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
3623 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3624 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3625 raise Exception("Unexpected connection result")
3626 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3627 dev.dump_monitor()
3628
3629 def test_sigma_dut_sae_h2e(dev, apdev):
3630 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3631 if "SAE" not in dev[0].get_capability("auth_alg"):
3632 raise HwsimSkip("SAE not supported")
3633
3634 start_sae_pwe_ap(apdev[0], 2)
3635
3636 ifname = dev[0].ifname
3637 sigma = start_sigma_dut(ifname, sae_h2e=True)
3638 try:
3639 connect_sae_pwe_sta(dev[0], ifname)
3640 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3641 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3642 res = sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname, "test-sae", "12345678"))
3643 if res != "status,ERROR,errorCode,Unsupported sae_pwe value":
3644 raise Exception("Unexpected error result: " + res)
3645 finally:
3646 stop_sigma_dut(sigma)
3647 dev[0].set("sae_pwe", "0")
3648
3649 def test_sigma_dut_sae_h2e_ap_loop(dev, apdev):
3650 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3651 if "SAE" not in dev[0].get_capability("auth_alg"):
3652 raise HwsimSkip("SAE not supported")
3653
3654 start_sae_pwe_ap(apdev[0], 0)
3655
3656 ifname = dev[0].ifname
3657 sigma = start_sigma_dut(ifname, sae_h2e=True)
3658 try:
3659 connect_sae_pwe_sta(dev[0], ifname)
3660 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3661 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3662 finally:
3663 stop_sigma_dut(sigma)
3664 dev[0].set("sae_pwe", "0")
3665
3666 def test_sigma_dut_sae_h2e_ap_h2e(dev, apdev):
3667 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3668 if "SAE" not in dev[0].get_capability("auth_alg"):
3669 raise HwsimSkip("SAE not supported")
3670
3671 start_sae_pwe_ap(apdev[0], 1)
3672
3673 ifname = dev[0].ifname
3674 sigma = start_sigma_dut(ifname, sae_h2e=True)
3675 try:
3676 connect_sae_pwe_sta(dev[0], ifname)
3677 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3678 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3679 finally:
3680 stop_sigma_dut(sigma)
3681 dev[0].set("sae_pwe", "0")
3682
3683 def test_sigma_dut_ap_sae_h2e(dev, apdev, params):
3684 """sigma_dut controlled AP with SAE H2E"""
3685 logdir = os.path.join(params['logdir'],
3686 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3687 if "SAE" not in dev[0].get_capability("auth_alg"):
3688 raise HwsimSkip("SAE not supported")
3689 with HWSimRadio() as (radio, iface):
3690 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3691 try:
3692 sigma_dut_cmd_check("ap_reset_default")
3693 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3694 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3695 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3696
3697 for sae_pwe in [0, 1, 2]:
3698 dev[0].request("SET sae_groups ")
3699 dev[0].set("sae_pwe", str(sae_pwe))
3700 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3701 ieee80211w="2", scan_freq="2412")
3702 dev[0].request("REMOVE_NETWORK all")
3703 dev[0].wait_disconnected()
3704 dev[0].dump_monitor()
3705
3706 sigma_dut_cmd_check("ap_reset_default")
3707 finally:
3708 stop_sigma_dut(sigma)
3709 dev[0].set("sae_pwe", "0")
3710
3711 def test_sigma_dut_ap_sae_h2e_only(dev, apdev, params):
3712 """sigma_dut controlled AP with SAE H2E-only"""
3713 logdir = os.path.join(params['logdir'],
3714 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3715 if "SAE" not in dev[0].get_capability("auth_alg"):
3716 raise HwsimSkip("SAE not supported")
3717 with HWSimRadio() as (radio, iface):
3718 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3719 try:
3720 sigma_dut_cmd_check("ap_reset_default")
3721 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3722 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3723 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3724
3725 dev[0].request("SET sae_groups ")
3726 dev[0].set("sae_pwe", "1")
3727 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3728 ieee80211w="2", scan_freq="2412")
3729 dev[0].request("REMOVE_NETWORK all")
3730 dev[0].wait_disconnected()
3731 dev[0].dump_monitor()
3732
3733 dev[0].set("sae_pwe", "0")
3734 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3735 ieee80211w="2", scan_freq="2412", wait_connect=False)
3736 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3737 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3738 dev[0].request("DISCONNECT")
3739 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3740 raise Exception("Unexpected connection result")
3741
3742 sigma_dut_cmd_check("ap_reset_default")
3743 finally:
3744 stop_sigma_dut(sigma)
3745 dev[0].set("sae_pwe", "0")
3746
3747 def test_sigma_dut_ap_sae_loop_only(dev, apdev, params):
3748 """sigma_dut controlled AP with SAE looping-only"""
3749 logdir = os.path.join(params['logdir'],
3750 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3751 if "SAE" not in dev[0].get_capability("auth_alg"):
3752 raise HwsimSkip("SAE not supported")
3753 with HWSimRadio() as (radio, iface):
3754 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3755 try:
3756 sigma_dut_cmd_check("ap_reset_default")
3757 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3758 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3759 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3760
3761 dev[0].request("SET sae_groups ")
3762 dev[0].set("sae_pwe", "0")
3763 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3764 ieee80211w="2", scan_freq="2412")
3765 dev[0].request("REMOVE_NETWORK all")
3766 dev[0].wait_disconnected()
3767 dev[0].dump_monitor()
3768
3769 dev[0].set("sae_pwe", "1")
3770 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3771 ieee80211w="2", scan_freq="2412", wait_connect=False)
3772 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3773 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3774 dev[0].request("DISCONNECT")
3775 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3776 raise Exception("Unexpected connection result")
3777
3778 sigma_dut_cmd_check("ap_reset_default")
3779 finally:
3780 stop_sigma_dut(sigma)
3781 dev[0].set("sae_pwe", "0")
3782
3783 def test_sigma_dut_sae_h2e_loop_forcing(dev, apdev):
3784 """sigma_dut controlled SAE H2E misbehavior with looping forced"""
3785 if "SAE" not in dev[0].get_capability("auth_alg"):
3786 raise HwsimSkip("SAE not supported")
3787
3788 ssid = "test-sae"
3789 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3790 params['wpa_key_mgmt'] = 'SAE'
3791 params["ieee80211w"] = "2"
3792 params['sae_pwe'] = '1'
3793 hapd = hostapd.add_ap(apdev[0], params)
3794
3795 ifname = dev[0].ifname
3796 sigma = start_sigma_dut(ifname)
3797 try:
3798 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3799 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3800 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,IgnoreH2E_RSNXE_BSSMemSel,1" % (ifname, "test-sae", "12345678"))
3801 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3802 timeout=10)
3803 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3804 if ev is None:
3805 raise Exception("No authentication attempt reported")
3806 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3807 if ev is not None:
3808 raise Exception("Unexpected connection reported")
3809 finally:
3810 stop_sigma_dut(sigma)
3811
3812 def test_sigma_dut_sae_h2e_enabled_group_rejected(dev, apdev):
3813 """sigma_dut controlled SAE H2E misbehavior with rejected groups"""
3814 if "SAE" not in dev[0].get_capability("auth_alg"):
3815 raise HwsimSkip("SAE not supported")
3816
3817 ssid = "test-sae"
3818 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3819 params['wpa_key_mgmt'] = 'SAE'
3820 params["ieee80211w"] = "2"
3821 params['sae_groups'] = "19 20"
3822 params['sae_pwe'] = '1'
3823 hapd = hostapd.add_ap(apdev[0], params)
3824
3825 ifname = dev[0].ifname
3826 sigma = start_sigma_dut(ifname, sae_h2e=True)
3827 try:
3828 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3829 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3830 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID_RGE,19 123" % (ifname, "test-sae", "12345678"))
3831 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3832 timeout=10)
3833 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3834 if ev is None:
3835 raise Exception("No authentication attempt reported")
3836 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3837 if ev is not None:
3838 raise Exception("Unexpected connection reported")
3839 finally:
3840 stop_sigma_dut(sigma)
3841
3842 def test_sigma_dut_sae_h2e_rsnxe_mismatch(dev, apdev):
3843 """sigma_dut controlled SAE H2E misbehavior with RSNXE"""
3844 if "SAE" not in dev[0].get_capability("auth_alg"):
3845 raise HwsimSkip("SAE not supported")
3846
3847 ssid = "test-sae"
3848 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3849 params['wpa_key_mgmt'] = 'SAE'
3850 params["ieee80211w"] = "2"
3851 params['sae_groups'] = "19"
3852 params['sae_pwe'] = '1'
3853 hapd = hostapd.add_ap(apdev[0], params)
3854
3855 ifname = dev[0].ifname
3856 sigma = start_sigma_dut(ifname, sae_h2e=True)
3857 try:
3858 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3859 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3860 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,RSNXE_Content,EapolM2:F40100" % (ifname, "test-sae", "12345678"))
3861 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"),
3862 timeout=10)
3863 ev = dev[0].wait_event(["SME: Trying to authenticate with"], timeout=10)
3864 if ev is None:
3865 raise Exception("No authentication attempt reported")
3866 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.5)
3867 if ev is not None:
3868 raise Exception("Unexpected connection reported")
3869 finally:
3870 stop_sigma_dut(sigma)
3871 dev[0].set("sae_pwe", "0")
3872
3873 def test_sigma_dut_ap_sae_h2e_rsnxe_mismatch(dev, apdev, params):
3874 """sigma_dut controlled SAE H2E AP misbehavior with RSNXE"""
3875 logdir = os.path.join(params['logdir'],
3876 "sigma_dut_ap_sae_h2e_rsnxe_mismatch.sigma-hostapd")
3877 if "SAE" not in dev[0].get_capability("auth_alg"):
3878 raise HwsimSkip("SAE not supported")
3879 with HWSimRadio() as (radio, iface):
3880 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3881 try:
3882 sigma_dut_cmd_check("ap_reset_default")
3883 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3884 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e,RSNXE_Content,EapolM3:F40100")
3885 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3886
3887 dev[0].request("SET sae_groups ")
3888 dev[0].set("sae_pwe", "1")
3889 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3890 ieee80211w="2", scan_freq="2412", wait_connect=False)
3891 ev = dev[0].wait_event(["Associated with"], timeout=10)
3892 if ev is None:
3893 raise Exception("No indication of association seen")
3894 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3895 "CTRL-EVENT-DISCONNECTED"], timeout=10)
3896 dev[0].request("DISCONNECT")
3897 if ev is None:
3898 raise Exception("No disconnection seen")
3899 if "CTRL-EVENT-DISCONNECTED" not in ev:
3900 raise Exception("Unexpected connection")
3901
3902 sigma_dut_cmd_check("ap_reset_default")
3903 finally:
3904 stop_sigma_dut(sigma)
3905 dev[0].set("sae_pwe", "0")
3906
3907 def test_sigma_dut_ap_sae_h2e_group_rejection(dev, apdev, params):
3908 """sigma_dut controlled AP with SAE H2E-only and group rejection"""
3909 logdir = os.path.join(params['logdir'],
3910 "sigma_dut_ap_sae_h2e_group_rejection.sigma-hostapd")
3911 if "SAE" not in dev[0].get_capability("auth_alg"):
3912 raise HwsimSkip("SAE not supported")
3913 with HWSimRadio() as (radio, iface):
3914 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3915 try:
3916 sigma_dut_cmd_check("ap_reset_default")
3917 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3918 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3919 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3920
3921 dev[0].request("SET sae_groups 21 20 19")
3922 dev[0].set("sae_pwe", "1")
3923 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3924 ieee80211w="2", scan_freq="2412")
3925 addr = dev[0].own_addr()
3926 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,Dest_MAC,%s,Rejected_DH_Groups,1" % addr)
3927 if "DHGroupVerResult,21 20" not in res:
3928 raise Exception("Unexpected dev_exec_action response: " + res)
3929
3930 sigma_dut_cmd_check("ap_reset_default")
3931 finally:
3932 stop_sigma_dut(sigma)
3933 dev[0].set("sae_pwe", "0")
3934
3935 def test_sigma_dut_ap_sae_h2e_anti_clogging(dev, apdev, params):
3936 """sigma_dut controlled AP with SAE H2E and anti-clogging token"""
3937 logdir = os.path.join(params['logdir'],
3938 "sigma_dut_ap_sae_h2e_anti_clogging.sigma-hostapd")
3939 if "SAE" not in dev[0].get_capability("auth_alg"):
3940 raise HwsimSkip("SAE not supported")
3941 with HWSimRadio() as (radio, iface):
3942 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir)
3943 try:
3944 sigma_dut_cmd_check("ap_reset_default")
3945 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3946 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SAE,PSK,12345678,AntiCloggingThreshold,0")
3947 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3948
3949 dev[0].set("sae_groups", "")
3950 dev[0].set("sae_pwe", "2")
3951 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3952 ieee80211w="2", scan_freq="2412")
3953
3954 sigma_dut_cmd_check("ap_reset_default")
3955 finally:
3956 stop_sigma_dut(sigma)
3957 dev[0].set("sae_pwe", "0")
Unnamed repository; edit this file 'description' to name the repository.