]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: sigma_dut controlled AP with PSK, SAE, FT
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 #
4 # This software may be distributed under the terms of the BSD license.
5 # See README for more details.
6
7 import binascii
8 import logging
9 logger = logging.getLogger()
10 import os
11 import socket
12 import struct
13 import subprocess
14 import threading
15 import time
16
17 import hostapd
18 from utils import HwsimSkip
19 from hwsim import HWSimRadio
20 import hwsim_utils
21 from test_dpp import check_dpp_capab, update_hapd_config
22 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
23 from test_ap_eap import check_eap_capa
24 from test_ap_hs20 import hs20_ap_params
25
26 def check_sigma_dut():
27 if not os.path.exists("./sigma_dut"):
28 raise HwsimSkip("sigma_dut not available")
29
30 def to_hex(s):
31 return binascii.hexlify(s.encode()).decode()
32
33 def from_hex(s):
34 return binascii.unhexlify(s).decode()
35
36 def sigma_dut_cmd(cmd, port=9000, timeout=2):
37 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
38 socket.IPPROTO_TCP)
39 sock.settimeout(timeout)
40 addr = ('127.0.0.1', port)
41 sock.connect(addr)
42 sock.send(cmd.encode() + b"\r\n")
43 try:
44 res = sock.recv(1000).decode()
45 running = False
46 done = False
47 for line in res.splitlines():
48 if line.startswith("status,RUNNING"):
49 running = True
50 elif line.startswith("status,INVALID"):
51 done = True
52 elif line.startswith("status,ERROR"):
53 done = True
54 elif line.startswith("status,COMPLETE"):
55 done = True
56 if running and not done:
57 # Read the actual response
58 res = sock.recv(1000).decode()
59 except:
60 res = ''
61 pass
62 sock.close()
63 res = res.rstrip()
64 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
65 return res
66
67 def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
68 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
69 if "COMPLETE" not in res:
70 raise Exception("sigma_dut command failed: " + cmd)
71 return res
72
73 def start_sigma_dut(ifname, debug=False, hostapd_logdir=None, cert_path=None,
74 bridge=None):
75 check_sigma_dut()
76 cmd = ['./sigma_dut',
77 '-M', ifname,
78 '-S', ifname,
79 '-F', '../../hostapd/hostapd',
80 '-G',
81 '-w', '/var/run/wpa_supplicant/',
82 '-j', ifname]
83 if debug:
84 cmd += ['-d']
85 if hostapd_logdir:
86 cmd += ['-H', hostapd_logdir]
87 if cert_path:
88 cmd += ['-C', cert_path]
89 if bridge:
90 cmd += ['-b', bridge]
91 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
92 stderr=subprocess.PIPE)
93 for i in range(20):
94 try:
95 res = sigma_dut_cmd("HELLO")
96 break
97 except:
98 time.sleep(0.05)
99 return sigma
100
101 def stop_sigma_dut(sigma):
102 sigma.terminate()
103 sigma.wait()
104 out, err = sigma.communicate()
105 logger.debug("sigma_dut stdout: " + str(out.decode()))
106 logger.debug("sigma_dut stderr: " + str(err.decode()))
107
108 def sigma_dut_wait_connected(ifname):
109 for i in range(50):
110 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
111 if "connected,1" in res:
112 break
113 time.sleep(0.2)
114 if i == 49:
115 raise Exception("Connection did not complete")
116
117 def test_sigma_dut_basic(dev, apdev):
118 """sigma_dut basic functionality"""
119 sigma = start_sigma_dut(dev[0].ifname)
120
121 res = sigma_dut_cmd("UNKNOWN")
122 if "status,INVALID,errorCode,Unknown command" not in res:
123 raise Exception("Unexpected sigma_dut response to unknown command")
124
125 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
126 ("device_get_info", "status,COMPLETE,vendor"),
127 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
128 ("device_list_interfaces,interfaceType,802.11",
129 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
130 for cmd, response in tests:
131 res = sigma_dut_cmd(cmd)
132 if response not in res:
133 raise Exception("Unexpected %s response: %s" % (cmd, res))
134
135 stop_sigma_dut(sigma)
136
137 def test_sigma_dut_open(dev, apdev):
138 """sigma_dut controlled open network association"""
139 try:
140 run_sigma_dut_open(dev, apdev)
141 finally:
142 dev[0].set("ignore_old_scan_res", "0")
143
144 def run_sigma_dut_open(dev, apdev):
145 ifname = dev[0].ifname
146 sigma = start_sigma_dut(ifname)
147
148 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
149
150 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
151 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
152 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"))
153 sigma_dut_wait_connected(ifname)
154 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
155 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
156 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
157
158 stop_sigma_dut(sigma)
159
160 def test_sigma_dut_psk_pmf(dev, apdev):
161 """sigma_dut controlled PSK+PMF association"""
162 try:
163 run_sigma_dut_psk_pmf(dev, apdev)
164 finally:
165 dev[0].set("ignore_old_scan_res", "0")
166
167 def run_sigma_dut_psk_pmf(dev, apdev):
168 ifname = dev[0].ifname
169 sigma = start_sigma_dut(ifname)
170
171 ssid = "test-pmf-required"
172 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
173 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
174 params["ieee80211w"] = "2"
175 hapd = hostapd.add_ap(apdev[0], params)
176
177 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
178 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
179 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
180 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
181 sigma_dut_wait_connected(ifname)
182 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
183 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
184 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
185
186 stop_sigma_dut(sigma)
187
188 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
189 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
190 try:
191 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
192 finally:
193 dev[0].set("ignore_old_scan_res", "0")
194
195 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
196 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
197 try:
198 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
199 finally:
200 dev[0].set("ignore_old_scan_res", "0")
201
202 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
203 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
204 try:
205 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
206 finally:
207 dev[0].set("ignore_old_scan_res", "0")
208
209 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
210 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
211 try:
212 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
213 finally:
214 dev[0].set("ignore_old_scan_res", "0")
215
216 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
217 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
218 try:
219 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
220 failure=True)
221 finally:
222 dev[0].set("ignore_old_scan_res", "0")
223
224 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
225 failure=False):
226 ifname = dev[0].ifname
227 sigma = start_sigma_dut(ifname)
228
229 ssid = "test-pmf-required"
230 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
231 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
232 params["ieee80211w"] = "2"
233 params["group_mgmt_cipher"] = hostapd_cipher
234 hapd = hostapd.add_ap(apdev[0], params)
235
236 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
237 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
238 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
239 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
240 if failure:
241 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
242 "CTRL-EVENT-CONNECTED"], timeout=10)
243 if ev is None:
244 raise Exception("Network selection result not indicated")
245 if "CTRL-EVENT-CONNECTED" in ev:
246 raise Exception("Unexpected connection")
247 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
248 if "connected,1" in res:
249 raise Exception("Connection reported")
250 else:
251 sigma_dut_wait_connected(ifname)
252 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
253
254 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
255 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
256
257 stop_sigma_dut(sigma)
258
259 def test_sigma_dut_sae(dev, apdev):
260 """sigma_dut controlled SAE association"""
261 if "SAE" not in dev[0].get_capability("auth_alg"):
262 raise HwsimSkip("SAE not supported")
263
264 ifname = dev[0].ifname
265 sigma = start_sigma_dut(ifname)
266
267 ssid = "test-sae"
268 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
269 params['wpa_key_mgmt'] = 'SAE'
270 params["ieee80211w"] = "2"
271 params['sae_groups'] = '19 20 21'
272 hapd = hostapd.add_ap(apdev[0], params)
273
274 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
275 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
276 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
277 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
278 sigma_dut_wait_connected(ifname)
279 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
280 if dev[0].get_status_field('sae_group') != '19':
281 raise Exception("Expected default SAE group not used")
282 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
283
284 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
285
286 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
287 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
288 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
289 sigma_dut_wait_connected(ifname)
290 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
291 if dev[0].get_status_field('sae_group') != '20':
292 raise Exception("Expected SAE group not used")
293 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
294 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
295
296 stop_sigma_dut(sigma)
297
298 def test_sigma_dut_sae_password(dev, apdev):
299 """sigma_dut controlled SAE association and long password"""
300 if "SAE" not in dev[0].get_capability("auth_alg"):
301 raise HwsimSkip("SAE not supported")
302
303 ifname = dev[0].ifname
304 sigma = start_sigma_dut(ifname)
305
306 try:
307 ssid = "test-sae"
308 params = hostapd.wpa2_params(ssid=ssid)
309 params['sae_password'] = 100*'B'
310 params['wpa_key_mgmt'] = 'SAE'
311 params["ieee80211w"] = "2"
312 hapd = hostapd.add_ap(apdev[0], params)
313
314 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
315 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
316 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
317 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
318 sigma_dut_wait_connected(ifname)
319 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
320 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
321 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
322 finally:
323 stop_sigma_dut(sigma)
324
325 def test_sigma_dut_sae_pw_id(dev, apdev):
326 """sigma_dut controlled SAE association with Password Identifier"""
327 if "SAE" not in dev[0].get_capability("auth_alg"):
328 raise HwsimSkip("SAE not supported")
329
330 ifname = dev[0].ifname
331 sigma = start_sigma_dut(ifname, debug=True)
332
333 ssid = "test-sae"
334 params = hostapd.wpa2_params(ssid=ssid)
335 params['wpa_key_mgmt'] = 'SAE'
336 params["ieee80211w"] = "2"
337 params['sae_password'] = 'secret|id=pw id'
338 params['sae_groups'] = '19'
339 hapd = hostapd.add_ap(apdev[0], params)
340
341 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
342 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
343 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
344 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
345 sigma_dut_wait_connected(ifname)
346 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
347 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
348
349 stop_sigma_dut(sigma)
350
351 def test_sigma_dut_sae_pw_id_ft(dev, apdev):
352 """sigma_dut controlled SAE association with Password Identifier and FT"""
353 if "SAE" not in dev[0].get_capability("auth_alg"):
354 raise HwsimSkip("SAE not supported")
355
356 ifname = dev[0].ifname
357 sigma = start_sigma_dut(ifname, debug=True)
358
359 ssid = "test-sae"
360 params = hostapd.wpa2_params(ssid=ssid)
361 params['wpa_key_mgmt'] = 'SAE FT-SAE'
362 params["ieee80211w"] = "2"
363 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
364 params['mobility_domain'] = 'aabb'
365 params['ft_over_ds'] = '0'
366 bssid = apdev[0]['bssid'].replace(':', '')
367 params['nas_identifier'] = bssid + '.nas.example.com'
368 params['r1_key_holder'] = bssid
369 params['pmk_r1_push'] = '0'
370 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
371 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
372 hapd = hostapd.add_ap(apdev[0], params)
373
374 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
375 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
376 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
377 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
378 sigma_dut_wait_connected(ifname)
379
380 bssid = apdev[1]['bssid'].replace(':', '')
381 params['nas_identifier'] = bssid + '.nas.example.com'
382 params['r1_key_holder'] = bssid
383 hapd2 = hostapd.add_ap(apdev[1], params)
384 bssid = hapd2.own_addr()
385 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
386 dev[0].wait_connected()
387
388 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
389 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
390
391 stop_sigma_dut(sigma)
392
393 def test_sigma_dut_sta_override_rsne(dev, apdev):
394 """sigma_dut and RSNE override on STA"""
395 try:
396 run_sigma_dut_sta_override_rsne(dev, apdev)
397 finally:
398 dev[0].set("ignore_old_scan_res", "0")
399
400 def run_sigma_dut_sta_override_rsne(dev, apdev):
401 ifname = dev[0].ifname
402 sigma = start_sigma_dut(ifname)
403
404 ssid = "test-psk"
405 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
406 hapd = hostapd.add_ap(apdev[0], params)
407
408 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
409
410 tests = ["30120100000fac040100000fac040100000fac02",
411 "30140100000fac040100000fac040100000fac02ffff"]
412 for test in tests:
413 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
414 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
415 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
416 sigma_dut_wait_connected(ifname)
417 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
418 dev[0].dump_monitor()
419
420 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
421 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
422 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
423
424 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
425 if ev is None:
426 raise Exception("Association rejection not reported")
427 if "status_code=40" not in ev:
428 raise Exception("Unexpected status code: " + ev)
429
430 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
431
432 stop_sigma_dut(sigma)
433
434 def test_sigma_dut_ap_psk(dev, apdev):
435 """sigma_dut controlled AP"""
436 with HWSimRadio() as (radio, iface):
437 sigma = start_sigma_dut(iface)
438 try:
439 sigma_dut_cmd_check("ap_reset_default")
440 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
441 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
442 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
443
444 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
445
446 sigma_dut_cmd_check("ap_reset_default")
447 finally:
448 stop_sigma_dut(sigma)
449
450 def test_sigma_dut_ap_pskhex(dev, apdev, params):
451 """sigma_dut controlled AP and PSKHEX"""
452 logdir = os.path.join(params['logdir'],
453 "sigma_dut_ap_pskhex.sigma-hostapd")
454 with HWSimRadio() as (radio, iface):
455 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
456 try:
457 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
458 sigma_dut_cmd_check("ap_reset_default")
459 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
460 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
461 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
462
463 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
464
465 sigma_dut_cmd_check("ap_reset_default")
466 finally:
467 stop_sigma_dut(sigma)
468
469 def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
470 """sigma_dut controlled AP PSK SHA256"""
471 logdir = os.path.join(params['logdir'],
472 "sigma_dut_ap_psk_sha256.sigma-hostapd")
473 with HWSimRadio() as (radio, iface):
474 sigma = start_sigma_dut(iface)
475 try:
476 sigma_dut_cmd_check("ap_reset_default")
477 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
478 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
479 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
480
481 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
482 psk="12345678", scan_freq="2412")
483
484 sigma_dut_cmd_check("ap_reset_default")
485 finally:
486 stop_sigma_dut(sigma)
487
488 def test_sigma_dut_suite_b(dev, apdev, params):
489 """sigma_dut controlled STA Suite B"""
490 check_suite_b_192_capa(dev)
491 logdir = params['logdir']
492
493 with open("auth_serv/ec2-ca.pem", "r") as f:
494 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
495 f2.write(f.read())
496
497 with open("auth_serv/ec2-user.pem", "r") as f:
498 with open("auth_serv/ec2-user.key", "r") as f2:
499 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
500 f3.write(f.read())
501 f3.write(f2.read())
502
503 dev[0].flush_scan_cache()
504 params = suite_b_as_params()
505 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
506 params['server_cert'] = 'auth_serv/ec2-server.pem'
507 params['private_key'] = 'auth_serv/ec2-server.key'
508 params['openssl_ciphers'] = 'SUITEB192'
509 hostapd.add_ap(apdev[1], params)
510
511 params = {"ssid": "test-suite-b",
512 "wpa": "2",
513 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
514 "rsn_pairwise": "GCMP-256",
515 "group_mgmt_cipher": "BIP-GMAC-256",
516 "ieee80211w": "2",
517 "ieee8021x": "1",
518 'auth_server_addr': "127.0.0.1",
519 'auth_server_port': "18129",
520 'auth_server_shared_secret': "radius",
521 'nas_identifier': "nas.w1.fi"}
522 hapd = hostapd.add_ap(apdev[0], params)
523
524 ifname = dev[0].ifname
525 sigma = start_sigma_dut(ifname, cert_path=logdir)
526
527 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
528 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
529 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
530 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
531 sigma_dut_wait_connected(ifname)
532 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
533 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
534 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
535
536 stop_sigma_dut(sigma)
537
538 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
539 """sigma_dut controlled STA Suite B (RSA)"""
540 check_suite_b_192_capa(dev)
541 logdir = params['logdir']
542
543 with open("auth_serv/rsa3072-ca.pem", "r") as f:
544 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
545 f2.write(f.read())
546
547 with open("auth_serv/rsa3072-user.pem", "r") as f:
548 with open("auth_serv/rsa3072-user.key", "r") as f2:
549 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
550 f3.write(f.read())
551 f3.write(f2.read())
552
553 dev[0].flush_scan_cache()
554 params = suite_b_192_rsa_ap_params()
555 hapd = hostapd.add_ap(apdev[0], params)
556
557 ifname = dev[0].ifname
558 sigma = start_sigma_dut(ifname, cert_path=logdir)
559
560 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
561
562 tests = ["",
563 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
564 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
565 for extra in tests:
566 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
567 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
568 sigma_dut_cmd_check(cmd + extra)
569 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
570 sigma_dut_wait_connected(ifname)
571 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
572 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
573 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
574
575 stop_sigma_dut(sigma)
576
577 def test_sigma_dut_ap_suite_b(dev, apdev, params):
578 """sigma_dut controlled AP Suite B"""
579 check_suite_b_192_capa(dev)
580 logdir = os.path.join(params['logdir'],
581 "sigma_dut_ap_suite_b.sigma-hostapd")
582 params = suite_b_as_params()
583 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
584 params['server_cert'] = 'auth_serv/ec2-server.pem'
585 params['private_key'] = 'auth_serv/ec2-server.key'
586 params['openssl_ciphers'] = 'SUITEB192'
587 hostapd.add_ap(apdev[1], params)
588 with HWSimRadio() as (radio, iface):
589 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
590 try:
591 sigma_dut_cmd_check("ap_reset_default")
592 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
593 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
594 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
595 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
596
597 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
598 ieee80211w="2",
599 openssl_ciphers="SUITEB192",
600 eap="TLS", identity="tls user",
601 ca_cert="auth_serv/ec2-ca.pem",
602 client_cert="auth_serv/ec2-user.pem",
603 private_key="auth_serv/ec2-user.key",
604 pairwise="GCMP-256", group="GCMP-256",
605 scan_freq="2412")
606
607 sigma_dut_cmd_check("ap_reset_default")
608 finally:
609 stop_sigma_dut(sigma)
610
611 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
612 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
613 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
614 "GCMP")
615
616 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
617 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
618 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
619 "GCMP-256")
620
621 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
622 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
623 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
624 "CCMP")
625
626 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
627 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
628 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
629 "CCMP-256")
630
631 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
632 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
633 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
634 "BIP-GMAC-256", "CCMP")
635
636 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
637 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
638 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
639 "BIP-GMAC-256", "GCMP-256", "CCMP")
640
641 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
642 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
643 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
644 "GCMP-256", "CCMP", "AES-CCMP-128")
645
646 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
647 sta_cipher, sta_cipher_group=None, ap_group=None):
648 check_suite_b_192_capa(dev)
649 logdir = os.path.join(params['logdir'],
650 "sigma_dut_ap_cipher.sigma-hostapd")
651 params = suite_b_as_params()
652 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
653 params['server_cert'] = 'auth_serv/ec2-server.pem'
654 params['private_key'] = 'auth_serv/ec2-server.key'
655 params['openssl_ciphers'] = 'SUITEB192'
656 hostapd.add_ap(apdev[1], params)
657 with HWSimRadio() as (radio, iface):
658 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
659 try:
660 sigma_dut_cmd_check("ap_reset_default")
661 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
662 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
663 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
664 if ap_group:
665 cmd += ",GroupCipher,%s" % ap_group
666 sigma_dut_cmd_check(cmd)
667 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
668
669 if sta_cipher_group is None:
670 sta_cipher_group = sta_cipher
671 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
672 ieee80211w="2",
673 openssl_ciphers="SUITEB192",
674 eap="TLS", identity="tls user",
675 ca_cert="auth_serv/ec2-ca.pem",
676 client_cert="auth_serv/ec2-user.pem",
677 private_key="auth_serv/ec2-user.key",
678 pairwise=sta_cipher, group=sta_cipher_group,
679 scan_freq="2412")
680
681 sigma_dut_cmd_check("ap_reset_default")
682 finally:
683 stop_sigma_dut(sigma)
684
685 def test_sigma_dut_ap_override_rsne(dev, apdev):
686 """sigma_dut controlled AP overriding RSNE"""
687 with HWSimRadio() as (radio, iface):
688 sigma = start_sigma_dut(iface)
689 try:
690 sigma_dut_cmd_check("ap_reset_default")
691 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
692 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
693 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
694 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
695
696 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
697
698 sigma_dut_cmd_check("ap_reset_default")
699 finally:
700 stop_sigma_dut(sigma)
701
702 def test_sigma_dut_ap_sae(dev, apdev, params):
703 """sigma_dut controlled AP with SAE"""
704 logdir = os.path.join(params['logdir'],
705 "sigma_dut_ap_sae.sigma-hostapd")
706 if "SAE" not in dev[0].get_capability("auth_alg"):
707 raise HwsimSkip("SAE not supported")
708 with HWSimRadio() as (radio, iface):
709 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
710 try:
711 sigma_dut_cmd_check("ap_reset_default")
712 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
713 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
714 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
715
716 dev[0].request("SET sae_groups ")
717 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
718 ieee80211w="2", scan_freq="2412")
719 if dev[0].get_status_field('sae_group') != '19':
720 raise Exception("Expected default SAE group not used")
721
722 sigma_dut_cmd_check("ap_reset_default")
723 finally:
724 stop_sigma_dut(sigma)
725
726 def test_sigma_dut_ap_sae_password(dev, apdev, params):
727 """sigma_dut controlled AP with SAE and long password"""
728 logdir = os.path.join(params['logdir'],
729 "sigma_dut_ap_sae_password.sigma-hostapd")
730 if "SAE" not in dev[0].get_capability("auth_alg"):
731 raise HwsimSkip("SAE not supported")
732 with HWSimRadio() as (radio, iface):
733 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
734 try:
735 sigma_dut_cmd_check("ap_reset_default")
736 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
737 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
738 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
739
740 dev[0].request("SET sae_groups ")
741 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
742 ieee80211w="2", scan_freq="2412")
743 if dev[0].get_status_field('sae_group') != '19':
744 raise Exception("Expected default SAE group not used")
745
746 sigma_dut_cmd_check("ap_reset_default")
747 finally:
748 stop_sigma_dut(sigma)
749
750 def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
751 """sigma_dut controlled AP with SAE Password Identifier"""
752 logdir = os.path.join(params['logdir'],
753 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
754 conffile = os.path.join(params['logdir'],
755 "sigma_dut_ap_sae_pw_id.sigma-conf")
756 if "SAE" not in dev[0].get_capability("auth_alg"):
757 raise HwsimSkip("SAE not supported")
758 with HWSimRadio() as (radio, iface):
759 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
760 try:
761 sigma_dut_cmd_check("ap_reset_default")
762 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
763 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
764 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
765
766 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
767 with open(conffile, "wb") as f2:
768 f2.write(f.read())
769
770 dev[0].request("SET sae_groups ")
771 tests = [("pw1", "id1"),
772 ("pw2", "id2"),
773 ("pw3", None),
774 ("pw4", "id4")]
775 for pw, pw_id in tests:
776 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
777 sae_password_id=pw_id,
778 ieee80211w="2", scan_freq="2412")
779 dev[0].request("REMOVE_NETWORK all")
780 dev[0].wait_disconnected()
781
782 sigma_dut_cmd_check("ap_reset_default")
783 finally:
784 stop_sigma_dut(sigma)
785
786 def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
787 """sigma_dut controlled AP with SAE Password Identifier and FT"""
788 logdir = os.path.join(params['logdir'],
789 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
790 conffile = os.path.join(params['logdir'],
791 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
792 if "SAE" not in dev[0].get_capability("auth_alg"):
793 raise HwsimSkip("SAE not supported")
794 with HWSimRadio() as (radio, iface):
795 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
796 try:
797 sigma_dut_cmd_check("ap_reset_default")
798 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
799 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
800 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
801
802 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
803 with open(conffile, "wb") as f2:
804 f2.write(f.read())
805
806 dev[0].request("SET sae_groups ")
807 tests = [("pw1", "id1", "SAE"),
808 ("pw2", "id2", "FT-SAE"),
809 ("pw3", None, "FT-SAE"),
810 ("pw4", "id4", "SAE")]
811 for pw, pw_id, key_mgmt in tests:
812 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
813 sae_password_id=pw_id,
814 ieee80211w="2", scan_freq="2412")
815 dev[0].request("REMOVE_NETWORK all")
816 dev[0].wait_disconnected()
817
818 sigma_dut_cmd_check("ap_reset_default")
819 finally:
820 stop_sigma_dut(sigma)
821
822 def test_sigma_dut_ap_sae_group(dev, apdev, params):
823 """sigma_dut controlled AP with SAE and specific group"""
824 logdir = os.path.join(params['logdir'],
825 "sigma_dut_ap_sae_group.sigma-hostapd")
826 if "SAE" not in dev[0].get_capability("auth_alg"):
827 raise HwsimSkip("SAE not supported")
828 with HWSimRadio() as (radio, iface):
829 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
830 try:
831 sigma_dut_cmd_check("ap_reset_default")
832 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
833 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
834 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
835
836 dev[0].request("SET sae_groups ")
837 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
838 ieee80211w="2", scan_freq="2412")
839 if dev[0].get_status_field('sae_group') != '20':
840 raise Exception("Expected SAE group not used")
841
842 sigma_dut_cmd_check("ap_reset_default")
843 finally:
844 stop_sigma_dut(sigma)
845
846 def test_sigma_dut_ap_psk_sae(dev, apdev, params):
847 """sigma_dut controlled AP with PSK+SAE"""
848 if "SAE" not in dev[0].get_capability("auth_alg"):
849 raise HwsimSkip("SAE not supported")
850 logdir = os.path.join(params['logdir'],
851 "sigma_dut_ap_psk_sae.sigma-hostapd")
852 with HWSimRadio() as (radio, iface):
853 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
854 try:
855 sigma_dut_cmd_check("ap_reset_default")
856 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
857 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
858 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
859
860 dev[2].request("SET sae_groups ")
861 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
862 scan_freq="2412", ieee80211w="0", wait_connect=False)
863 dev[0].request("SET sae_groups ")
864 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
865 scan_freq="2412", ieee80211w="2")
866 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
867
868 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
869 dev[2].request("DISCONNECT")
870 if ev is not None:
871 raise Exception("Unexpected connection without PMF")
872
873 sigma_dut_cmd_check("ap_reset_default")
874 finally:
875 stop_sigma_dut(sigma)
876
877 def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
878 """sigma_dut controlled AP with PSK, SAE, FT"""
879 logdir = os.path.join(params['logdir'],
880 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
881 conffile = os.path.join(params['logdir'],
882 "sigma_dut_ap_psk_sae_ft.sigma-conf")
883 if "SAE" not in dev[0].get_capability("auth_alg"):
884 raise HwsimSkip("SAE not supported")
885 with HWSimRadio() as (radio, iface):
886 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
887 try:
888 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
889 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
890 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
891 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
892 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
893 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
894
895 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
896 with open(conffile, "wb") as f2:
897 f2.write(f.read())
898
899 dev[0].request("SET sae_groups ")
900 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
901 sae_password="12345678", scan_freq="2412")
902 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
903 psk="12345678", scan_freq="2412")
904 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
905 psk="12345678", scan_freq="2412")
906
907 sigma_dut_cmd_check("ap_reset_default")
908 finally:
909 stop_sigma_dut(sigma)
910
911 def test_sigma_dut_owe(dev, apdev):
912 """sigma_dut controlled OWE station"""
913 try:
914 run_sigma_dut_owe(dev, apdev)
915 finally:
916 dev[0].set("ignore_old_scan_res", "0")
917
918 def run_sigma_dut_owe(dev, apdev):
919 if "OWE" not in dev[0].get_capability("key_mgmt"):
920 raise HwsimSkip("OWE not supported")
921
922 ifname = dev[0].ifname
923 sigma = start_sigma_dut(ifname)
924
925 try:
926 params = {"ssid": "owe",
927 "wpa": "2",
928 "wpa_key_mgmt": "OWE",
929 "ieee80211w": "2",
930 "rsn_pairwise": "CCMP"}
931 hapd = hostapd.add_ap(apdev[0], params)
932 bssid = hapd.own_addr()
933
934 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
935 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
936 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
937 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
938 sigma_dut_wait_connected(ifname)
939 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
940
941 dev[0].dump_monitor()
942 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
943 dev[0].wait_connected()
944 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
945 dev[0].wait_disconnected()
946 dev[0].dump_monitor()
947
948 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
949 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
950 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
951 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
952 sigma_dut_wait_connected(ifname)
953 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
954 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
955 dev[0].wait_disconnected()
956 dev[0].dump_monitor()
957
958 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
959 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
960 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
961 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
962 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
963 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
964 if ev is None:
965 raise Exception("Association not rejected")
966 if "status_code=77" not in ev:
967 raise Exception("Unexpected rejection reason: " + ev)
968
969 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
970 finally:
971 stop_sigma_dut(sigma)
972
973 def test_sigma_dut_ap_owe(dev, apdev, params):
974 """sigma_dut controlled AP with OWE"""
975 logdir = os.path.join(params['logdir'],
976 "sigma_dut_ap_owe.sigma-hostapd")
977 if "OWE" not in dev[0].get_capability("key_mgmt"):
978 raise HwsimSkip("OWE not supported")
979 with HWSimRadio() as (radio, iface):
980 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
981 try:
982 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
983 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
984 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
985 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
986
987 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
988 scan_freq="2412")
989
990 sigma_dut_cmd_check("ap_reset_default")
991 finally:
992 stop_sigma_dut(sigma)
993
994 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
995 """sigma_dut controlled AP with OWE and ECGroupID"""
996 if "OWE" not in dev[0].get_capability("key_mgmt"):
997 raise HwsimSkip("OWE not supported")
998 with HWSimRadio() as (radio, iface):
999 sigma = start_sigma_dut(iface)
1000 try:
1001 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1002 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1003 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1004 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1005
1006 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1007 owe_group="20", scan_freq="2412")
1008 dev[0].request("REMOVE_NETWORK all")
1009 dev[0].wait_disconnected()
1010
1011 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1012 owe_group="21", scan_freq="2412")
1013 dev[0].request("REMOVE_NETWORK all")
1014 dev[0].wait_disconnected()
1015
1016 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1017 owe_group="19", scan_freq="2412", wait_connect=False)
1018 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1019 dev[0].request("DISCONNECT")
1020 if ev is None:
1021 raise Exception("Association not rejected")
1022 if "status_code=77" not in ev:
1023 raise Exception("Unexpected rejection reason: " + ev)
1024 dev[0].dump_monitor()
1025
1026 sigma_dut_cmd_check("ap_reset_default")
1027 finally:
1028 stop_sigma_dut(sigma)
1029
1030 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1031 """sigma_dut controlled AP with OWE and transition mode"""
1032 if "OWE" not in dev[0].get_capability("key_mgmt"):
1033 raise HwsimSkip("OWE not supported")
1034 logdir = os.path.join(params['logdir'],
1035 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1036 with HWSimRadio() as (radio, iface):
1037 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1038 try:
1039 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1040 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1041 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1042 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1043 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1044 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1045
1046 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1047 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1048
1049 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1050 scan_freq="2412")
1051 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1052 if dev[0].get_status_field('bssid') not in res1:
1053 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1054 if dev[1].get_status_field('bssid') not in res2:
1055 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
1056
1057 sigma_dut_cmd_check("ap_reset_default")
1058 finally:
1059 stop_sigma_dut(sigma)
1060
1061 def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1062 """sigma_dut controlled AP with OWE and transition mode (2)"""
1063 if "OWE" not in dev[0].get_capability("key_mgmt"):
1064 raise HwsimSkip("OWE not supported")
1065 logdir = os.path.join(params['logdir'],
1066 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1067 with HWSimRadio() as (radio, iface):
1068 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1069 try:
1070 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1071 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1072 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1073 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1074 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1075 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1076
1077 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1078 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1079
1080 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1081 scan_freq="2412")
1082 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1083 if dev[0].get_status_field('bssid') not in res2:
1084 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1085 if dev[1].get_status_field('bssid') not in res1:
1086 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1087
1088 sigma_dut_cmd_check("ap_reset_default")
1089 finally:
1090 stop_sigma_dut(sigma)
1091
1092 def dpp_init_enrollee(dev, id1):
1093 logger.info("Starting DPP initiator/enrollee in a thread")
1094 time.sleep(1)
1095 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1096 if "OK" not in dev.request(cmd):
1097 raise Exception("Failed to initiate DPP Authentication")
1098 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1099 if ev is None:
1100 raise Exception("DPP configuration not completed (Enrollee)")
1101 logger.info("DPP initiator/enrollee done")
1102
1103 def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1104 """sigma_dut DPP/QR responder (conf index 1)"""
1105 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1106
1107 def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1108 """sigma_dut DPP/QR responder (conf index 2)"""
1109 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1110
1111 def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1112 """sigma_dut DPP/QR responder (conf index 3)"""
1113 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1114
1115 def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1116 """sigma_dut DPP/QR responder (conf index 4)"""
1117 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1118
1119 def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1120 """sigma_dut DPP/QR responder (conf index 5)"""
1121 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1122
1123 def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1124 """sigma_dut DPP/QR responder (conf index 6)"""
1125 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1126
1127 def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1128 """sigma_dut DPP/QR responder (conf index 7)"""
1129 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1130
1131 def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1132 """sigma_dut DPP/QR responder (channel list override)"""
1133 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1134 listen_chan=2)
1135
1136 def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1137 listen_chan=None):
1138 check_dpp_capab(dev[0])
1139 check_dpp_capab(dev[1])
1140 sigma = start_sigma_dut(dev[0].ifname)
1141 try:
1142 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1143 if chan_list:
1144 cmd += ",DPPChannelList," + chan_list
1145 res = sigma_dut_cmd(cmd)
1146 if "status,COMPLETE" not in res:
1147 raise Exception("dev_exec_action did not succeed: " + res)
1148 hex = res.split(',')[3]
1149 uri = from_hex(hex)
1150 logger.info("URI from sigma_dut: " + uri)
1151
1152 id1 = dev[1].dpp_qr_code(uri)
1153
1154 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1))
1155 t.start()
1156 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1157 if listen_chan:
1158 cmd += ",DPPListenChannel," + str(listen_chan)
1159 res = sigma_dut_cmd(cmd, timeout=10)
1160 t.join()
1161 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1162 raise Exception("Unexpected result: " + res)
1163 finally:
1164 stop_sigma_dut(sigma)
1165
1166 def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1167 """sigma_dut DPP/QR initiator as Enrollee"""
1168 check_dpp_capab(dev[0])
1169 check_dpp_capab(dev[1])
1170
1171 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1172 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1173 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1174 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1175
1176 params = {"ssid": "DPPNET01",
1177 "wpa": "2",
1178 "ieee80211w": "2",
1179 "wpa_key_mgmt": "DPP",
1180 "rsn_pairwise": "CCMP",
1181 "dpp_connector": ap_connector,
1182 "dpp_csign": csign_pub,
1183 "dpp_netaccesskey": ap_netaccesskey}
1184 try:
1185 hapd = hostapd.add_ap(apdev[0], params)
1186 except:
1187 raise HwsimSkip("DPP not supported")
1188
1189 sigma = start_sigma_dut(dev[0].ifname)
1190 try:
1191 dev[0].set("dpp_config_processing", "2")
1192
1193 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1194 res = dev[1].request(cmd)
1195 if "FAIL" in res:
1196 raise Exception("Failed to add configurator")
1197 conf_id = int(res)
1198
1199 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1200 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1201
1202 dev[1].set("dpp_configurator_params",
1203 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1204 cmd = "DPP_LISTEN 2437 role=configurator"
1205 if "OK" not in dev[1].request(cmd):
1206 raise Exception("Failed to start listen operation")
1207
1208 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1209 if "status,COMPLETE" not in res:
1210 raise Exception("dev_exec_action did not succeed: " + res)
1211
1212 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1213 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1214 raise Exception("Unexpected result: " + res)
1215 finally:
1216 dev[0].set("dpp_config_processing", "0")
1217 stop_sigma_dut(sigma)
1218
1219 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1220 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1221 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1222
1223 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1224 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1225 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1226 extra="DPPAuthDirection,Mutual,")
1227
1228 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
1229 check_dpp_capab(dev[0])
1230 check_dpp_capab(dev[1])
1231
1232 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1233 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1234 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1235 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1236
1237 params = {"ssid": "DPPNET01",
1238 "wpa": "2",
1239 "ieee80211w": "2",
1240 "wpa_key_mgmt": "DPP",
1241 "rsn_pairwise": "CCMP",
1242 "dpp_connector": ap_connector,
1243 "dpp_csign": csign_pub,
1244 "dpp_netaccesskey": ap_netaccesskey}
1245 try:
1246 hapd = hostapd.add_ap(apdev[0], params)
1247 except:
1248 raise HwsimSkip("DPP not supported")
1249
1250 sigma = start_sigma_dut(dev[0].ifname)
1251 try:
1252 dev[0].set("dpp_config_processing", "2")
1253
1254 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1255 res = dev[1].request(cmd)
1256 if "FAIL" in res:
1257 raise Exception("Failed to add configurator")
1258 conf_id = int(res)
1259
1260 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1261 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1262
1263 dev[1].set("dpp_configurator_params",
1264 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1265 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1266 if "OK" not in dev[1].request(cmd):
1267 raise Exception("Failed to start listen operation")
1268
1269 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1270 if "status,COMPLETE" not in res:
1271 raise Exception("dev_exec_action did not succeed: " + res)
1272 hex = res.split(',')[3]
1273 uri = from_hex(hex)
1274 logger.info("URI from sigma_dut: " + uri)
1275
1276 id1 = dev[1].dpp_qr_code(uri)
1277
1278 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1279 if "status,COMPLETE" not in res:
1280 raise Exception("dev_exec_action did not succeed: " + res)
1281
1282 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
1283 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1284 raise Exception("Unexpected result: " + res)
1285 finally:
1286 dev[0].set("dpp_config_processing", "0")
1287 stop_sigma_dut(sigma)
1288
1289 def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1290 time.sleep(1)
1291 logger.info("Starting DPP initiator/configurator in a thread")
1292 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
1293 if own_id is not None:
1294 cmd += " own=%d" % own_id
1295 if "OK" not in dev.request(cmd):
1296 raise Exception("Failed to initiate DPP Authentication")
1297 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1298 if ev is None:
1299 raise Exception("DPP configuration not completed (Configurator)")
1300 logger.info("DPP initiator/configurator done")
1301
1302 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1303 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1304 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1305
1306 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1307 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1308 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1309
1310 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
1311 check_dpp_capab(dev[0])
1312 check_dpp_capab(dev[1])
1313
1314 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1315 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1316 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1317 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1318
1319 params = {"ssid": "DPPNET01",
1320 "wpa": "2",
1321 "ieee80211w": "2",
1322 "wpa_key_mgmt": "DPP",
1323 "rsn_pairwise": "CCMP",
1324 "dpp_connector": ap_connector,
1325 "dpp_csign": csign_pub,
1326 "dpp_netaccesskey": ap_netaccesskey}
1327 try:
1328 hapd = hostapd.add_ap(apdev[0], params)
1329 except:
1330 raise HwsimSkip("DPP not supported")
1331
1332 sigma = start_sigma_dut(dev[0].ifname)
1333 try:
1334 dev[0].set("dpp_config_processing", "2")
1335
1336 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1337 res = dev[1].request(cmd)
1338 if "FAIL" in res:
1339 raise Exception("Failed to add configurator")
1340 conf_id = int(res)
1341
1342 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1343 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1344
1345 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1346 if "status,COMPLETE" not in res:
1347 raise Exception("dev_exec_action did not succeed: " + res)
1348 hex = res.split(',')[3]
1349 uri = from_hex(hex)
1350 logger.info("URI from sigma_dut: " + uri)
1351
1352 id1 = dev[1].dpp_qr_code(uri)
1353
1354 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1355 if "status,COMPLETE" not in res:
1356 raise Exception("dev_exec_action did not succeed: " + res)
1357
1358 t = threading.Thread(target=dpp_init_conf_mutual,
1359 args=(dev[1], id1, conf_id, id0))
1360 t.start()
1361
1362 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1363 if extra:
1364 cmd += extra
1365 res = sigma_dut_cmd(cmd, timeout=25)
1366 t.join()
1367 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1368 raise Exception("Unexpected result: " + res)
1369 finally:
1370 dev[0].set("dpp_config_processing", "0")
1371 stop_sigma_dut(sigma)
1372
1373 def dpp_resp_conf_mutual(dev, conf_id, uri):
1374 logger.info("Starting DPP responder/configurator in a thread")
1375 dev.set("dpp_configurator_params",
1376 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1377 conf_id))
1378 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1379 if "OK" not in dev.request(cmd):
1380 raise Exception("Failed to initiate DPP listen")
1381 if uri:
1382 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1383 if ev is None:
1384 raise Exception("QR Code scan for mutual authentication not requested")
1385 dev.dpp_qr_code(uri)
1386 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1387 if ev is None:
1388 raise Exception("DPP configuration not completed (Configurator)")
1389 logger.info("DPP responder/configurator done")
1390
1391 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1392 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1393 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1394
1395 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1396 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1397 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1398
1399 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1400 check_dpp_capab(dev[0])
1401 check_dpp_capab(dev[1])
1402
1403 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1404 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1405 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1406 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1407
1408 params = {"ssid": "DPPNET01",
1409 "wpa": "2",
1410 "ieee80211w": "2",
1411 "wpa_key_mgmt": "DPP",
1412 "rsn_pairwise": "CCMP",
1413 "dpp_connector": ap_connector,
1414 "dpp_csign": csign_pub,
1415 "dpp_netaccesskey": ap_netaccesskey}
1416 try:
1417 hapd = hostapd.add_ap(apdev[0], params)
1418 except:
1419 raise HwsimSkip("DPP not supported")
1420
1421 sigma = start_sigma_dut(dev[0].ifname)
1422 try:
1423 dev[0].set("dpp_config_processing", "2")
1424
1425 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1426 res = dev[1].request(cmd)
1427 if "FAIL" in res:
1428 raise Exception("Failed to add configurator")
1429 conf_id = int(res)
1430
1431 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1432 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1433
1434 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1435 if "status,COMPLETE" not in res:
1436 raise Exception("dev_exec_action did not succeed: " + res)
1437 hex = res.split(',')[3]
1438 uri = from_hex(hex)
1439 logger.info("URI from sigma_dut: " + uri)
1440
1441 if not resp_pending:
1442 dev[1].dpp_qr_code(uri)
1443 uri = None
1444
1445 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1446 if "status,COMPLETE" not in res:
1447 raise Exception("dev_exec_action did not succeed: " + res)
1448
1449 t = threading.Thread(target=dpp_resp_conf_mutual,
1450 args=(dev[1], conf_id, uri))
1451 t.start()
1452
1453 time.sleep(1)
1454 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1455 res = sigma_dut_cmd(cmd, timeout=15)
1456 t.join()
1457 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1458 raise Exception("Unexpected result: " + res)
1459 finally:
1460 dev[0].set("dpp_config_processing", "0")
1461 stop_sigma_dut(sigma)
1462
1463 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1464 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1465 check_dpp_capab(dev[0])
1466 check_dpp_capab(dev[1])
1467
1468 params = hostapd.wpa2_params(ssid="DPPNET01",
1469 passphrase="ThisIsDppPassphrase")
1470 hapd = hostapd.add_ap(apdev[0], params)
1471
1472 sigma = start_sigma_dut(dev[0].ifname)
1473 try:
1474 dev[0].set("dpp_config_processing", "2")
1475
1476 cmd = "DPP_CONFIGURATOR_ADD"
1477 res = dev[1].request(cmd)
1478 if "FAIL" in res:
1479 raise Exception("Failed to add configurator")
1480 conf_id = int(res)
1481
1482 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1483 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1484
1485 dev[1].set("dpp_configurator_params",
1486 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1487 cmd = "DPP_LISTEN 2437 role=configurator"
1488 if "OK" not in dev[1].request(cmd):
1489 raise Exception("Failed to start listen operation")
1490
1491 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1492 if "status,COMPLETE" not in res:
1493 raise Exception("dev_exec_action did not succeed: " + res)
1494
1495 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1496 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1497 raise Exception("Unexpected result: " + res)
1498 finally:
1499 dev[0].set("dpp_config_processing", "0")
1500 stop_sigma_dut(sigma)
1501
1502 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1503 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1504 check_dpp_capab(dev[0])
1505 check_dpp_capab(dev[1])
1506 if "SAE" not in dev[0].get_capability("auth_alg"):
1507 raise HwsimSkip("SAE not supported")
1508
1509 params = hostapd.wpa2_params(ssid="DPPNET01",
1510 passphrase="ThisIsDppPassphrase")
1511 params['wpa_key_mgmt'] = 'SAE'
1512 params["ieee80211w"] = "2"
1513 hapd = hostapd.add_ap(apdev[0], params)
1514
1515 sigma = start_sigma_dut(dev[0].ifname)
1516 try:
1517 dev[0].set("dpp_config_processing", "2")
1518 dev[0].set("sae_groups", "")
1519
1520 cmd = "DPP_CONFIGURATOR_ADD"
1521 res = dev[1].request(cmd)
1522 if "FAIL" in res:
1523 raise Exception("Failed to add configurator")
1524 conf_id = int(res)
1525
1526 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1527 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1528
1529 dev[1].set("dpp_configurator_params",
1530 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1531 cmd = "DPP_LISTEN 2437 role=configurator"
1532 if "OK" not in dev[1].request(cmd):
1533 raise Exception("Failed to start listen operation")
1534
1535 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1536 if "status,COMPLETE" not in res:
1537 raise Exception("dev_exec_action did not succeed: " + res)
1538
1539 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1540 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1541 raise Exception("Unexpected result: " + res)
1542 finally:
1543 dev[0].set("dpp_config_processing", "0")
1544 stop_sigma_dut(sigma)
1545
1546 def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
1547 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1548 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
1549
1550 def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
1551 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1552 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
1553
1554 def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
1555 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1556 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
1557
1558 def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
1559 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1560 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
1561
1562 def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
1563 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1564 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
1565
1566 def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
1567 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1568 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
1569
1570 def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
1571 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1572 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
1573
1574 def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
1575 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1576 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
1577
1578 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
1579 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1580 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
1581
1582 def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
1583 prov_role="Configurator",
1584 extra=None):
1585 check_dpp_capab(dev[0])
1586 check_dpp_capab(dev[1])
1587 sigma = start_sigma_dut(dev[0].ifname)
1588 try:
1589 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1590 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1591
1592 cmd = "DPP_LISTEN 2437 role=enrollee"
1593 if "OK" not in dev[1].request(cmd):
1594 raise Exception("Failed to start listen operation")
1595
1596 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1597 if "status,COMPLETE" not in res:
1598 raise Exception("dev_exec_action did not succeed: " + res)
1599
1600 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
1601 if extra:
1602 cmd += "," + extra
1603 res = sigma_dut_cmd(cmd)
1604 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1605 raise Exception("Unexpected result: " + res)
1606 finally:
1607 stop_sigma_dut(sigma)
1608
1609 def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
1610 """sigma_dut DPP roles incompatible (Initiator)"""
1611 check_dpp_capab(dev[0])
1612 check_dpp_capab(dev[1])
1613 sigma = start_sigma_dut(dev[0].ifname)
1614 try:
1615 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1616 if "status,COMPLETE" not in res:
1617 raise Exception("dev_exec_action did not succeed: " + res)
1618 hex = res.split(',')[3]
1619 uri = from_hex(hex)
1620 logger.info("URI from sigma_dut: " + uri)
1621
1622 id1 = dev[1].dpp_qr_code(uri)
1623
1624 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1625 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1626
1627 cmd = "DPP_LISTEN 2437 role=enrollee"
1628 if "OK" not in dev[1].request(cmd):
1629 raise Exception("Failed to start listen operation")
1630
1631 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1632 if "status,COMPLETE" not in res:
1633 raise Exception("dev_exec_action did not succeed: " + res)
1634
1635 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1636 res = sigma_dut_cmd(cmd)
1637 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1638 raise Exception("Unexpected result: " + res)
1639 finally:
1640 stop_sigma_dut(sigma)
1641
1642 def dpp_init_enrollee_mutual(dev, id1, own_id):
1643 logger.info("Starting DPP initiator/enrollee in a thread")
1644 time.sleep(1)
1645 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
1646 if "OK" not in dev.request(cmd):
1647 raise Exception("Failed to initiate DPP Authentication")
1648 ev = dev.wait_event(["DPP-CONF-RECEIVED",
1649 "DPP-NOT-COMPATIBLE"], timeout=5)
1650 if ev is None:
1651 raise Exception("DPP configuration not completed (Enrollee)")
1652 logger.info("DPP initiator/enrollee done")
1653
1654 def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
1655 """sigma_dut DPP roles incompatible (Responder)"""
1656 check_dpp_capab(dev[0])
1657 check_dpp_capab(dev[1])
1658 sigma = start_sigma_dut(dev[0].ifname)
1659 try:
1660 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1661 res = sigma_dut_cmd(cmd)
1662 if "status,COMPLETE" not in res:
1663 raise Exception("dev_exec_action did not succeed: " + res)
1664 hex = res.split(',')[3]
1665 uri = from_hex(hex)
1666 logger.info("URI from sigma_dut: " + uri)
1667
1668 id1 = dev[1].dpp_qr_code(uri)
1669
1670 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1671 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1672
1673 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1674 if "status,COMPLETE" not in res:
1675 raise Exception("dev_exec_action did not succeed: " + res)
1676
1677 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
1678 t.start()
1679 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1680 res = sigma_dut_cmd(cmd, timeout=10)
1681 t.join()
1682 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1683 raise Exception("Unexpected result: " + res)
1684 finally:
1685 stop_sigma_dut(sigma)
1686
1687 def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
1688 """sigma_dut DPP/PKEX initiator as Configurator"""
1689 check_dpp_capab(dev[0])
1690 check_dpp_capab(dev[1])
1691 sigma = start_sigma_dut(dev[0].ifname)
1692 try:
1693 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
1694 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
1695 res = dev[1].request(cmd)
1696 if "FAIL" in res:
1697 raise Exception("Failed to set PKEX data (responder)")
1698 cmd = "DPP_LISTEN 2437 role=enrollee"
1699 if "OK" not in dev[1].request(cmd):
1700 raise Exception("Failed to start listen operation")
1701
1702 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1703 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1704 raise Exception("Unexpected result: " + res)
1705 finally:
1706 stop_sigma_dut(sigma)
1707
1708 def dpp_init_conf(dev, id1, conf, conf_id, extra):
1709 logger.info("Starting DPP initiator/configurator in a thread")
1710 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
1711 if "OK" not in dev.request(cmd):
1712 raise Exception("Failed to initiate DPP Authentication")
1713 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1714 if ev is None:
1715 raise Exception("DPP configuration not completed (Configurator)")
1716 logger.info("DPP initiator/configurator done")
1717
1718 def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
1719 """sigma_dut controlled AP (DPP)"""
1720 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
1721
1722 def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
1723 """sigma_dut controlled AP (legacy)"""
1724 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1725 extra="pass=%s" % to_hex("qwertyuiop"))
1726
1727 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
1728 """sigma_dut controlled AP (legacy)"""
1729 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1730 extra="psk=%s" % (32*"12"))
1731
1732 def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
1733 check_dpp_capab(dev[0])
1734 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
1735 with HWSimRadio() as (radio, iface):
1736 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1737 try:
1738 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1739 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1740 if "status,COMPLETE" not in res:
1741 raise Exception("dev_exec_action did not succeed: " + res)
1742 hex = res.split(',')[3]
1743 uri = from_hex(hex)
1744 logger.info("URI from sigma_dut: " + uri)
1745
1746 cmd = "DPP_CONFIGURATOR_ADD"
1747 res = dev[0].request(cmd)
1748 if "FAIL" in res:
1749 raise Exception("Failed to add configurator")
1750 conf_id = int(res)
1751
1752 id1 = dev[0].dpp_qr_code(uri)
1753
1754 t = threading.Thread(target=dpp_init_conf,
1755 args=(dev[0], id1, ap_conf, conf_id, extra))
1756 t.start()
1757 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
1758 t.join()
1759 if "ConfResult,OK" not in res:
1760 raise Exception("Unexpected result: " + res)
1761
1762 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
1763 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1764
1765 id0b = dev[0].dpp_qr_code(uri1)
1766
1767 dev[1].set("dpp_config_processing", "2")
1768 cmd = "DPP_LISTEN 2412"
1769 if "OK" not in dev[1].request(cmd):
1770 raise Exception("Failed to start listen operation")
1771 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
1772 if "OK" not in dev[0].request(cmd):
1773 raise Exception("Failed to initiate DPP Authentication")
1774 dev[1].wait_connected()
1775
1776 sigma_dut_cmd_check("ap_reset_default")
1777 finally:
1778 dev[1].set("dpp_config_processing", "0")
1779 stop_sigma_dut(sigma)
1780
1781 def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
1782 """sigma_dut controlled AP as DPP PKEX responder"""
1783 check_dpp_capab(dev[0])
1784 logdir = os.path.join(params['logdir'],
1785 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
1786 with HWSimRadio() as (radio, iface):
1787 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1788 try:
1789 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
1790 finally:
1791 stop_sigma_dut(sigma)
1792
1793 def dpp_init_conf_pkex(dev, conf_id, check_config=True):
1794 logger.info("Starting DPP PKEX initiator/configurator in a thread")
1795 time.sleep(1.5)
1796 id = dev.dpp_bootstrap_gen(type="pkex")
1797 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
1798 res = dev.request(cmd)
1799 if "FAIL" in res:
1800 raise Exception("Failed to initiate DPP PKEX")
1801 if not check_config:
1802 return
1803 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1804 if ev is None:
1805 raise Exception("DPP configuration not completed (Configurator)")
1806 logger.info("DPP initiator/configurator done")
1807
1808 def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
1809 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1810
1811 cmd = "DPP_CONFIGURATOR_ADD"
1812 res = dev[0].request(cmd)
1813 if "FAIL" in res:
1814 raise Exception("Failed to add configurator")
1815 conf_id = int(res)
1816
1817 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
1818 t.start()
1819 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
1820 t.join()
1821 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1822 raise Exception("Unexpected result: " + res)
1823
1824 sigma_dut_cmd_check("ap_reset_default")
1825
1826 def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
1827 """sigma_dut controlled STA as DPP PKEX responder and error case"""
1828 check_dpp_capab(dev[0])
1829 sigma = start_sigma_dut(dev[0].ifname)
1830 try:
1831 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
1832 finally:
1833 stop_sigma_dut(sigma)
1834
1835 def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
1836 cmd = "DPP_CONFIGURATOR_ADD"
1837 res = dev[1].request(cmd)
1838 if "FAIL" in res:
1839 raise Exception("Failed to add configurator")
1840 conf_id = int(res)
1841
1842 dev[1].set("dpp_test", "44")
1843
1844 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
1845 False))
1846 t.start()
1847 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
1848 t.join()
1849 if "BootstrapResult,Timeout" not in res:
1850 raise Exception("Unexpected result: " + res)
1851
1852 def dpp_proto_init(dev, id1):
1853 time.sleep(1)
1854 logger.info("Starting DPP initiator/configurator in a thread")
1855 cmd = "DPP_CONFIGURATOR_ADD"
1856 res = dev.request(cmd)
1857 if "FAIL" in res:
1858 raise Exception("Failed to add configurator")
1859 conf_id = int(res)
1860
1861 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
1862 if "OK" not in dev.request(cmd):
1863 raise Exception("Failed to initiate DPP Authentication")
1864
1865 def test_sigma_dut_dpp_proto_initiator(dev, apdev):
1866 """sigma_dut DPP protocol testing - Initiator"""
1867 check_dpp_capab(dev[0])
1868 check_dpp_capab(dev[1])
1869 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
1870 "BootstrapResult,OK,AuthResult,Errorsent",
1871 None),
1872 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
1873 "BootstrapResult,OK,AuthResult,Errorsent",
1874 None),
1875 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
1876 "BootstrapResult,OK,AuthResult,Errorsent",
1877 "Missing or invalid I-capabilities"),
1878 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
1879 "BootstrapResult,OK,AuthResult,Errorsent",
1880 "Mismatching Initiator Authenticating Tag"),
1881 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
1882 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
1883 "Missing or invalid Enrollee Nonce attribute")]
1884 for step, frame, attr, result, fail in tests:
1885 dev[0].request("FLUSH")
1886 dev[1].request("FLUSH")
1887 sigma = start_sigma_dut(dev[0].ifname)
1888 try:
1889 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
1890 fail)
1891 finally:
1892 stop_sigma_dut(sigma)
1893
1894 def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
1895 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1896 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1897
1898 cmd = "DPP_LISTEN 2437 role=enrollee"
1899 if "OK" not in dev[1].request(cmd):
1900 raise Exception("Failed to start listen operation")
1901
1902 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1903 if "status,COMPLETE" not in res:
1904 raise Exception("dev_exec_action did not succeed: " + res)
1905
1906 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
1907 timeout=10)
1908 if result not in res:
1909 raise Exception("Unexpected result: " + res)
1910 if fail:
1911 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
1912 if ev is None or fail not in ev:
1913 raise Exception("Failure not reported correctly: " + str(ev))
1914
1915 dev[1].request("DPP_STOP_LISTEN")
1916 dev[0].dump_monitor()
1917 dev[1].dump_monitor()
1918
1919 def test_sigma_dut_dpp_proto_responder(dev, apdev):
1920 """sigma_dut DPP protocol testing - Responder"""
1921 check_dpp_capab(dev[0])
1922 check_dpp_capab(dev[1])
1923 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
1924 "BootstrapResult,OK,AuthResult,Errorsent",
1925 "Missing or invalid required DPP Status attribute"),
1926 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
1927 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
1928 "Missing or invalid Enrollee Nonce attribute")]
1929 for step, frame, attr, result, fail in tests:
1930 dev[0].request("FLUSH")
1931 dev[1].request("FLUSH")
1932 sigma = start_sigma_dut(dev[0].ifname)
1933 try:
1934 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
1935 fail)
1936 finally:
1937 stop_sigma_dut(sigma)
1938
1939 def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
1940 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1941 if "status,COMPLETE" not in res:
1942 raise Exception("dev_exec_action did not succeed: " + res)
1943 hex = res.split(',')[3]
1944 uri = from_hex(hex)
1945 logger.info("URI from sigma_dut: " + uri)
1946
1947 id1 = dev[1].dpp_qr_code(uri)
1948
1949 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
1950 t.start()
1951 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
1952 t.join()
1953 if result not in res:
1954 raise Exception("Unexpected result: " + res)
1955 if fail:
1956 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
1957 if ev is None or fail not in ev:
1958 raise Exception("Failure not reported correctly:" + str(ev))
1959
1960 dev[1].request("DPP_STOP_LISTEN")
1961 dev[0].dump_monitor()
1962 dev[1].dump_monitor()
1963
1964 def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
1965 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
1966 check_dpp_capab(dev[0])
1967 check_dpp_capab(dev[1])
1968 tests = [("AuthenticationResponse",
1969 "BootstrapResult,OK,AuthResult,Errorsent",
1970 None),
1971 ("ConfigurationRequest",
1972 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
1973 None)]
1974 for frame, result, fail in tests:
1975 dev[0].request("FLUSH")
1976 dev[1].request("FLUSH")
1977 sigma = start_sigma_dut(dev[0].ifname)
1978 try:
1979 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
1980 finally:
1981 stop_sigma_dut(sigma)
1982
1983 def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
1984 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1985 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1986
1987 cmd = "DPP_LISTEN 2437 role=enrollee"
1988 if "OK" not in dev[1].request(cmd):
1989 raise Exception("Failed to start listen operation")
1990
1991 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1992 if "status,COMPLETE" not in res:
1993 raise Exception("dev_exec_action did not succeed: " + res)
1994
1995 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
1996 if result not in res:
1997 raise Exception("Unexpected result: " + res)
1998 if fail:
1999 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2000 if ev is None or fail not in ev:
2001 raise Exception("Failure not reported correctly: " + str(ev))
2002
2003 dev[1].request("DPP_STOP_LISTEN")
2004 dev[0].dump_monitor()
2005 dev[1].dump_monitor()
2006
2007 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2008 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2009 check_dpp_capab(dev[0])
2010 check_dpp_capab(dev[1])
2011 tests = [("AuthenticationConfirm",
2012 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2013 None)]
2014 for frame, result, fail in tests:
2015 dev[0].request("FLUSH")
2016 dev[1].request("FLUSH")
2017 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2018 try:
2019 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2020 result, fail)
2021 finally:
2022 stop_sigma_dut(sigma)
2023
2024 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2025 fail):
2026 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2027 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2028
2029 cmd = "DPP_LISTEN 2437 role=configurator"
2030 if "OK" not in dev[1].request(cmd):
2031 raise Exception("Failed to start listen operation")
2032
2033 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2034 if "status,COMPLETE" not in res:
2035 raise Exception("dev_exec_action did not succeed: " + res)
2036
2037 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2038 if result not in res:
2039 raise Exception("Unexpected result: " + res)
2040 if fail:
2041 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2042 if ev is None or fail not in ev:
2043 raise Exception("Failure not reported correctly: " + str(ev))
2044
2045 dev[1].request("DPP_STOP_LISTEN")
2046 dev[0].dump_monitor()
2047 dev[1].dump_monitor()
2048
2049 def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2050 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2051 check_dpp_capab(dev[0])
2052 check_dpp_capab(dev[1])
2053 tests = [("AuthenticationRequest",
2054 "BootstrapResult,OK,AuthResult,Errorsent",
2055 None),
2056 ("AuthenticationConfirm",
2057 "BootstrapResult,OK,AuthResult,Errorsent",
2058 None)]
2059 for frame, result, fail in tests:
2060 dev[0].request("FLUSH")
2061 dev[1].request("FLUSH")
2062 sigma = start_sigma_dut(dev[0].ifname)
2063 try:
2064 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2065 finally:
2066 stop_sigma_dut(sigma)
2067
2068 def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2069 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2070 if "status,COMPLETE" not in res:
2071 raise Exception("dev_exec_action did not succeed: " + res)
2072 hex = res.split(',')[3]
2073 uri = from_hex(hex)
2074 logger.info("URI from sigma_dut: " + uri)
2075
2076 id1 = dev[1].dpp_qr_code(uri)
2077
2078 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2079 t.start()
2080 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2081 t.join()
2082 if result not in res:
2083 raise Exception("Unexpected result: " + res)
2084 if fail:
2085 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2086 if ev is None or fail not in ev:
2087 raise Exception("Failure not reported correctly:" + str(ev))
2088
2089 dev[1].request("DPP_STOP_LISTEN")
2090 dev[0].dump_monitor()
2091 dev[1].dump_monitor()
2092
2093 def dpp_proto_init_pkex(dev):
2094 time.sleep(1)
2095 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2096 cmd = "DPP_CONFIGURATOR_ADD"
2097 res = dev.request(cmd)
2098 if "FAIL" in res:
2099 raise Exception("Failed to add configurator")
2100 conf_id = int(res)
2101
2102 id = dev.dpp_bootstrap_gen(type="pkex")
2103
2104 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2105 if "FAIL" in dev.request(cmd):
2106 raise Exception("Failed to initiate DPP PKEX")
2107
2108 def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2109 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2110 check_dpp_capab(dev[0])
2111 check_dpp_capab(dev[1])
2112 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2113 "BootstrapResult,Errorsent",
2114 None),
2115 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2116 "BootstrapResult,Errorsent",
2117 "Missing or invalid Finite Cyclic Group attribute"),
2118 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2119 "BootstrapResult,Errorsent",
2120 "No valid peer bootstrapping key found")]
2121 for step, frame, attr, result, fail in tests:
2122 dev[0].request("FLUSH")
2123 dev[1].request("FLUSH")
2124 sigma = start_sigma_dut(dev[0].ifname)
2125 try:
2126 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2127 result, fail)
2128 finally:
2129 stop_sigma_dut(sigma)
2130
2131 def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
2132 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2133
2134 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2135 res = dev[1].request(cmd)
2136 if "FAIL" in res:
2137 raise Exception("Failed to set PKEX data (responder)")
2138
2139 cmd = "DPP_LISTEN 2437 role=enrollee"
2140 if "OK" not in dev[1].request(cmd):
2141 raise Exception("Failed to start listen operation")
2142
2143 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
2144 if result not in res:
2145 raise Exception("Unexpected result: " + res)
2146 if fail:
2147 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2148 if ev is None or fail not in ev:
2149 raise Exception("Failure not reported correctly: " + str(ev))
2150
2151 dev[1].request("DPP_STOP_LISTEN")
2152 dev[0].dump_monitor()
2153 dev[1].dump_monitor()
2154
2155 def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2156 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2157 check_dpp_capab(dev[0])
2158 check_dpp_capab(dev[1])
2159 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2160 "BootstrapResult,Errorsent",
2161 None),
2162 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2163 "BootstrapResult,Errorsent",
2164 "No DPP Status attribute"),
2165 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2166 "BootstrapResult,Errorsent",
2167 "No valid peer bootstrapping key found")]
2168 for step, frame, attr, result, fail in tests:
2169 dev[0].request("FLUSH")
2170 dev[1].request("FLUSH")
2171 sigma = start_sigma_dut(dev[0].ifname)
2172 try:
2173 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2174 result, fail)
2175 finally:
2176 stop_sigma_dut(sigma)
2177
2178 def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2179 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2180 t.start()
2181 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2182 t.join()
2183 if result not in res:
2184 raise Exception("Unexpected result: " + res)
2185 if fail:
2186 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2187 if ev is None or fail not in ev:
2188 raise Exception("Failure not reported correctly:" + str(ev))
2189
2190 dev[1].request("DPP_STOP_LISTEN")
2191 dev[0].dump_monitor()
2192 dev[1].dump_monitor()
2193
2194 def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2195 check_dpp_capab(dev[0])
2196 check_dpp_capab(dev[1])
2197
2198 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2199 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2200 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2201 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2202
2203 params = {"ssid": "DPPNET01",
2204 "wpa": "2",
2205 "ieee80211w": "2",
2206 "wpa_key_mgmt": "DPP",
2207 "rsn_pairwise": "CCMP",
2208 "dpp_connector": ap_connector,
2209 "dpp_csign": csign_pub,
2210 "dpp_netaccesskey": ap_netaccesskey}
2211 try:
2212 hapd = hostapd.add_ap(apdev[0], params)
2213 except:
2214 raise HwsimSkip("DPP not supported")
2215
2216 dev[0].set("dpp_config_processing", "2")
2217
2218 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2219 res = dev[1].request(cmd)
2220 if "FAIL" in res:
2221 raise Exception("Failed to add configurator")
2222 conf_id = int(res)
2223
2224 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2225 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2226
2227 dev[1].set("dpp_configurator_params",
2228 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2229 conf_id))
2230 cmd = "DPP_LISTEN 2437 role=configurator"
2231 if "OK" not in dev[1].request(cmd):
2232 raise Exception("Failed to start listen operation")
2233
2234 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2235 if "status,COMPLETE" not in res:
2236 raise Exception("dev_exec_action did not succeed: " + res)
2237
2238 def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2239 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2240 sigma = start_sigma_dut(dev[0].ifname)
2241 try:
2242 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2243
2244 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2245 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2246 raise Exception("Unexpected result: " + res)
2247 finally:
2248 dev[0].set("dpp_config_processing", "0")
2249 stop_sigma_dut(sigma)
2250
2251 def test_sigma_dut_dpp_self_config(dev, apdev):
2252 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2253 check_dpp_capab(dev[0])
2254
2255 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2256 check_dpp_capab(hapd)
2257
2258 sigma = start_sigma_dut(dev[0].ifname)
2259 try:
2260 dev[0].set("dpp_config_processing", "2")
2261 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2262 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2263
2264 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2265 if "status,COMPLETE" not in res:
2266 raise Exception("dev_exec_action did not succeed: " + res)
2267
2268 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2269 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2270 raise Exception("Unexpected result: " + res)
2271 update_hapd_config(hapd)
2272
2273 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2274 res = sigma_dut_cmd(cmd, timeout=10)
2275 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2276 raise Exception("Unexpected result: " + res)
2277 finally:
2278 stop_sigma_dut(sigma)
2279 dev[0].set("dpp_config_processing", "0")
2280
2281 def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2282 """sigma_dut DPP AP Configurator using self-configuration"""
2283 logdir = os.path.join(params['logdir'],
2284 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2285 with HWSimRadio() as (radio, iface):
2286 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2287 try:
2288 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2289 finally:
2290 stop_sigma_dut(sigma)
2291 dev[0].set("dpp_config_processing", "0")
2292
2293 def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2294 check_dpp_capab(dev[0])
2295
2296 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2297
2298 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2299 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2300 raise Exception("Unexpected result: " + res)
2301
2302 dev[0].set("dpp_config_processing", "2")
2303
2304 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
2305 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2306 cmd = "DPP_LISTEN 2462 role=enrollee"
2307 if "OK" not in dev[0].request(cmd):
2308 raise Exception("Failed to start listen operation")
2309
2310 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2311 if "status,COMPLETE" not in res:
2312 raise Exception("dev_exec_action did not succeed: " + res)
2313 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2314 res = sigma_dut_cmd(cmd)
2315 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2316 raise Exception("Unexpected result: " + res)
2317 dev[0].wait_connected()
2318 dev[0].request("DISCONNECT")
2319 dev[0].wait_disconnected()
2320 sigma_dut_cmd_check("ap_reset_default")
2321
2322 def test_sigma_dut_preconfigured_profile(dev, apdev):
2323 """sigma_dut controlled connection using preconfigured profile"""
2324 try:
2325 run_sigma_dut_preconfigured_profile(dev, apdev)
2326 finally:
2327 dev[0].set("ignore_old_scan_res", "0")
2328
2329 def run_sigma_dut_preconfigured_profile(dev, apdev):
2330 ifname = dev[0].ifname
2331 sigma = start_sigma_dut(ifname)
2332
2333 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2334 hapd = hostapd.add_ap(apdev[0], params)
2335 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2336 only_add_network=True)
2337
2338 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2339 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"))
2340 sigma_dut_wait_connected(ifname)
2341 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2342 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2343 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2344
2345 stop_sigma_dut(sigma)
2346
2347 def test_sigma_dut_wps_pbc(dev, apdev):
2348 """sigma_dut and WPS PBC Enrollee"""
2349 try:
2350 run_sigma_dut_wps_pbc(dev, apdev)
2351 finally:
2352 dev[0].set("ignore_old_scan_res", "0")
2353
2354 def run_sigma_dut_wps_pbc(dev, apdev):
2355 ssid = "test-wps-conf"
2356 hapd = hostapd.add_ap(apdev[0],
2357 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2358 "wpa_passphrase": "12345678", "wpa": "2",
2359 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2360 hapd.request("WPS_PBC")
2361
2362 ifname = dev[0].ifname
2363 sigma = start_sigma_dut(ifname)
2364
2365 cmd = "start_wps_registration,interface,%s" % ifname
2366 cmd += ",WpsRole,Enrollee"
2367 cmd += ",WpsConfigMethod,PBC"
2368 sigma_dut_cmd_check(cmd, timeout=15)
2369
2370 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2371 hapd.disable()
2372 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2373 stop_sigma_dut(sigma)
2374 dev[0].flush_scan_cache()
2375
2376 def test_sigma_dut_sta_scan_bss(dev, apdev):
2377 """sigma_dut sta_scan_bss"""
2378 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
2379 sigma = start_sigma_dut(dev[0].ifname)
2380 try:
2381 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2382 hapd.own_addr())
2383 res = sigma_dut_cmd(cmd, timeout=10)
2384 if "ssid,test,bsschannel,1" not in res:
2385 raise Exception("Unexpected result: " + res)
2386 finally:
2387 stop_sigma_dut(sigma)
2388
2389 def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2390 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2391 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2392 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2393 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2394 try:
2395 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
2396 res = sigma_dut_cmd(cmd, timeout=10)
2397 if "abcdef" not in res or "qwerty" not in res:
2398 raise Exception("Unexpected result: " + res)
2399 finally:
2400 stop_sigma_dut(sigma)
2401
2402 def test_sigma_dut_ap_osen(dev, apdev, params):
2403 """sigma_dut controlled AP with OSEN"""
2404 logdir = os.path.join(params['logdir'],
2405 "sigma_dut_ap_osen.sigma-hostapd")
2406 with HWSimRadio() as (radio, iface):
2407 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2408 try:
2409 sigma_dut_cmd_check("ap_reset_default")
2410 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2411 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2412 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2413 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2414
2415 # RSN-OSEN (for OSU)
2416 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2417 pairwise="CCMP", group="GTK_NOT_USED",
2418 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2419 ca_cert="auth_serv/ca.pem", scan_freq="2412")
2420
2421 sigma_dut_cmd_check("ap_reset_default")
2422 finally:
2423 stop_sigma_dut(sigma)
2424
2425 def test_sigma_dut_ap_eap_osen(dev, apdev, params):
2426 """sigma_dut controlled AP with EAP+OSEN"""
2427 logdir = os.path.join(params['logdir'],
2428 "sigma_dut_ap_eap_osen.sigma-hostapd")
2429 with HWSimRadio() as (radio, iface):
2430 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
2431 try:
2432 sigma_dut_cmd_check("ap_reset_default")
2433 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2434 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2435 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2436 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2437
2438 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2439 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2440
2441 # RSN-OSEN (for OSU)
2442 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2443 pairwise="CCMP",
2444 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2445 ca_cert="auth_serv/ca.pem", ieee80211w='2',
2446 scan_freq="2412")
2447 # RSN-EAP (for data connection)
2448 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2449 identity="hs20-test", password="password",
2450 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2451 ieee80211w='2', scan_freq="2412")
2452
2453 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
2454 success_expected=False, timeout=1)
2455
2456 sigma_dut_cmd_check("ap_reset_default")
2457 finally:
2458 stop_sigma_dut(sigma)
2459 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2460 stderr=open('/dev/null', 'w'))
2461 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2462 stderr=open('/dev/null', 'w'))
2463
2464 def test_sigma_dut_ap_eap(dev, apdev, params):
2465 """sigma_dut controlled AP WPA2-Enterprise"""
2466 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2467 with HWSimRadio() as (radio, iface):
2468 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2469 try:
2470 sigma_dut_cmd_check("ap_reset_default")
2471 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2472 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2473 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2474 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2475
2476 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
2477 identity="gpsk user",
2478 password="abcdefghijklmnop0123456789abcdef",
2479 scan_freq="2412")
2480
2481 sigma_dut_cmd_check("ap_reset_default")
2482 finally:
2483 stop_sigma_dut(sigma)
2484
2485 def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
2486 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2487 logdir = os.path.join(params['logdir'],
2488 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2489 with HWSimRadio() as (radio, iface):
2490 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2491 try:
2492 sigma_dut_cmd_check("ap_reset_default")
2493 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2494 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2495 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2496 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2497
2498 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
2499 identity="gpsk user",
2500 password="abcdefghijklmnop0123456789abcdef",
2501 scan_freq="2412")
2502
2503 sigma_dut_cmd_check("ap_reset_default")
2504 finally:
2505 stop_sigma_dut(sigma)
2506
2507 def test_sigma_dut_ap_ft_eap(dev, apdev, params):
2508 """sigma_dut controlled AP FT-EAP"""
2509 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2510 with HWSimRadio() as (radio, iface):
2511 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2512 try:
2513 sigma_dut_cmd_check("ap_reset_default")
2514 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2515 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2516 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2517 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2518
2519 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2520 identity="gpsk user",
2521 password="abcdefghijklmnop0123456789abcdef",
2522 scan_freq="2412")
2523
2524 sigma_dut_cmd_check("ap_reset_default")
2525 finally:
2526 stop_sigma_dut(sigma)
2527
2528 def test_sigma_dut_ap_ft_psk(dev, apdev, params):
2529 """sigma_dut controlled AP FT-PSK"""
2530 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2531 with HWSimRadio() as (radio, iface):
2532 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2533 try:
2534 sigma_dut_cmd_check("ap_reset_default")
2535 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2536 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2537 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2538
2539 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2540 scan_freq="2412")
2541
2542 sigma_dut_cmd_check("ap_reset_default")
2543 finally:
2544 stop_sigma_dut(sigma)
2545
2546 def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
2547 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2548 logdir = os.path.join(params['logdir'],
2549 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2550 with HWSimRadio() as (radio, iface):
2551 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2552 try:
2553 sigma_dut_cmd_check("ap_reset_default")
2554 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2555 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2556 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2557 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2558
2559 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2560 identity="gpsk user",
2561 password="abcdefghijklmnop0123456789abcdef",
2562 scan_freq="2412")
2563 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
2564 identity="gpsk user",
2565 password="abcdefghijklmnop0123456789abcdef",
2566 scan_freq="2412")
2567
2568 sigma_dut_cmd_check("ap_reset_default")
2569 finally:
2570 stop_sigma_dut(sigma)
2571
2572 def test_sigma_dut_venue_url(dev, apdev):
2573 """sigma_dut controlled Venue URL fetch"""
2574 try:
2575 run_sigma_dut_venue_url(dev, apdev)
2576 finally:
2577 dev[0].set("ignore_old_scan_res", "0")
2578
2579 def run_sigma_dut_venue_url(dev, apdev):
2580 ifname = dev[0].ifname
2581 sigma = start_sigma_dut(ifname, debug=True)
2582
2583 ssid = "venue"
2584 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
2585 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
2586 params["ieee80211w"] = "2"
2587
2588 venue_group = 1
2589 venue_type = 13
2590 venue_info = struct.pack('BB', venue_group, venue_type)
2591 lang1 = "eng"
2592 name1 = "Example venue"
2593 lang2 = "fin"
2594 name2 = "Esimerkkipaikka"
2595 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
2596 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
2597 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
2598
2599 url1 = "http://example.com/venue"
2600 url2 = "https://example.org/venue-info/"
2601 params["venue_group"] = str(venue_group)
2602 params["venue_type"] = str(venue_type)
2603 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
2604 params["venue_url"] = ["1:" + url1, "2:" + url2]
2605
2606 hapd = hostapd.add_ap(apdev[0], params)
2607
2608 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
2609 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2610 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
2611 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"))
2612 sigma_dut_wait_connected(ifname)
2613 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2614 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
2615 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2616 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2617
2618 stop_sigma_dut(sigma)
2619
2620 def test_sigma_dut_hs20_assoc_24(dev, apdev):
2621 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
2622 run_sigma_dut_hs20_assoc(dev, apdev, True)
2623
2624 def test_sigma_dut_hs20_assoc_5(dev, apdev):
2625 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
2626 run_sigma_dut_hs20_assoc(dev, apdev, False)
2627
2628 def run_sigma_dut_hs20_assoc(dev, apdev, band24):
2629 hapd0 = None
2630 hapd1 = None
2631 try:
2632 bssid0 = apdev[0]['bssid']
2633 params = hs20_ap_params()
2634 params['hessid'] = bssid0
2635 hapd0 = hostapd.add_ap(apdev[0], params)
2636
2637 bssid1 = apdev[1]['bssid']
2638 params = hs20_ap_params()
2639 params['hessid'] = bssid0
2640 params["hw_mode"] = "a"
2641 params["channel"] = "36"
2642 params["country_code"] = "US"
2643 hapd1 = hostapd.add_ap(apdev[1], params)
2644
2645 band = "2.4" if band24 else "5"
2646 exp_bssid = bssid0 if band24 else bssid1
2647 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
2648 finally:
2649 dev[0].request("DISCONNECT")
2650 if hapd0:
2651 hapd0.request("DISABLE")
2652 if hapd1:
2653 hapd1.request("DISABLE")
2654 subprocess.call(['iw', 'reg', 'set', '00'])
2655 dev[0].flush_scan_cache()
2656
2657 def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
2658 check_eap_capa(dev[0], "MSCHAPV2")
2659 dev[0].flush_scan_cache()
2660
2661 ifname = dev[0].ifname
2662 sigma = start_sigma_dut(ifname, debug=True)
2663
2664 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
2665 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2666 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
2667 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
2668 timeout=15)
2669 sigma_dut_wait_connected(ifname)
2670 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2671 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2672 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2673
2674 stop_sigma_dut(sigma)
2675
2676 if "BSSID," + expect_bssid not in res:
2677 raise Exception("Unexpected BSSID: " + res)
2678
2679 def test_sigma_dut_ap_hs20(dev, apdev, params):
2680 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
2681 logdir = os.path.join(params['logdir'],
2682 "sigma_dut_ap_hs20.sigma-hostapd")
2683 conffile = os.path.join(params['logdir'],
2684 "sigma_dut_ap_hs20.sigma-conf")
2685 with HWSimRadio() as (radio, iface):
2686 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2687 try:
2688 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
2689 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2690 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2691 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
2692 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
2693 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
2694 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
2695 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
2696 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
2697 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
2698 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
2699 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
2700 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
2701 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2702
2703 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
2704 with open(conffile, "wb") as f2:
2705 f2.write(f.read())
2706
2707 sigma_dut_cmd_check("ap_reset_default")
2708 finally:
2709 stop_sigma_dut(sigma)
Unnamed repository; edit this file 'description' to name the repository.