]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_sigma_dut.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Clear sae_pwe at the end of sigma_dut test cases
[thirdparty/hostap.git] / tests / hwsim / test_sigma_dut.py
1 # Test cases for sigma_dut
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import binascii
9 import hashlib
10 import logging
11 logger = logging.getLogger()
12 import os
13 import socket
14 import struct
15 import subprocess
16 import threading
17 import time
18
19 import hostapd
20 from utils import HwsimSkip
21 from hwsim import HWSimRadio
22 import hwsim_utils
23 from test_dpp import check_dpp_capab, update_hapd_config, wait_auth_success
24 from test_suite_b import check_suite_b_192_capa, suite_b_as_params, suite_b_192_rsa_ap_params
25 from test_ap_eap import check_eap_capa, int_eap_server_params
26 from test_ap_hs20 import hs20_ap_params
27
28 def check_sigma_dut():
29 if not os.path.exists("./sigma_dut"):
30 raise HwsimSkip("sigma_dut not available")
31
32 def to_hex(s):
33 return binascii.hexlify(s.encode()).decode()
34
35 def from_hex(s):
36 return binascii.unhexlify(s).decode()
37
38 def sigma_dut_cmd(cmd, port=9000, timeout=2):
39 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
40 socket.IPPROTO_TCP)
41 sock.settimeout(timeout)
42 addr = ('127.0.0.1', port)
43 sock.connect(addr)
44 sock.send(cmd.encode() + b"\r\n")
45 try:
46 res = sock.recv(1000).decode()
47 running = False
48 done = False
49 for line in res.splitlines():
50 if line.startswith("status,RUNNING"):
51 running = True
52 elif line.startswith("status,INVALID"):
53 done = True
54 elif line.startswith("status,ERROR"):
55 done = True
56 elif line.startswith("status,COMPLETE"):
57 done = True
58 if running and not done:
59 # Read the actual response
60 res = sock.recv(1000).decode()
61 except:
62 res = ''
63 pass
64 sock.close()
65 res = res.rstrip()
66 logger.debug("sigma_dut: '%s' --> '%s'" % (cmd, res))
67 return res
68
69 def sigma_dut_cmd_check(cmd, port=9000, timeout=2):
70 res = sigma_dut_cmd(cmd, port=port, timeout=timeout)
71 if "COMPLETE" not in res:
72 raise Exception("sigma_dut command failed: " + cmd)
73 return res
74
75 def start_sigma_dut(ifname, debug=False, hostapd_logdir=None, cert_path=None,
76 bridge=None, sae_h2e=False):
77 check_sigma_dut()
78 cmd = ['./sigma_dut',
79 '-M', ifname,
80 '-S', ifname,
81 '-F', '../../hostapd/hostapd',
82 '-G',
83 '-w', '/var/run/wpa_supplicant/',
84 '-j', ifname]
85 if debug:
86 cmd += ['-d']
87 if hostapd_logdir:
88 cmd += ['-H', hostapd_logdir]
89 if cert_path:
90 cmd += ['-C', cert_path]
91 if bridge:
92 cmd += ['-b', bridge]
93 if sae_h2e:
94 cmd += ['-2']
95 sigma = subprocess.Popen(cmd, stdout=subprocess.PIPE,
96 stderr=subprocess.PIPE)
97 for i in range(20):
98 try:
99 res = sigma_dut_cmd("HELLO")
100 break
101 except:
102 time.sleep(0.05)
103 return sigma
104
105 def stop_sigma_dut(sigma):
106 sigma.terminate()
107 sigma.wait()
108 out, err = sigma.communicate()
109 logger.debug("sigma_dut stdout: " + str(out.decode()))
110 logger.debug("sigma_dut stderr: " + str(err.decode()))
111
112 def sigma_dut_wait_connected(ifname):
113 for i in range(50):
114 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
115 if "connected,1" in res:
116 break
117 time.sleep(0.2)
118 if i == 49:
119 raise Exception("Connection did not complete")
120
121 def test_sigma_dut_basic(dev, apdev):
122 """sigma_dut basic functionality"""
123 sigma = start_sigma_dut(dev[0].ifname)
124
125 res = sigma_dut_cmd("UNKNOWN")
126 if "status,INVALID,errorCode,Unknown command" not in res:
127 raise Exception("Unexpected sigma_dut response to unknown command")
128
129 tests = [("ca_get_version", "status,COMPLETE,version,1.0"),
130 ("device_get_info", "status,COMPLETE,vendor"),
131 ("device_list_interfaces,interfaceType,foo", "status,ERROR"),
132 ("device_list_interfaces,interfaceType,802.11",
133 "status,COMPLETE,interfaceType,802.11,interfaceID," + dev[0].ifname)]
134 for cmd, response in tests:
135 res = sigma_dut_cmd(cmd)
136 if response not in res:
137 raise Exception("Unexpected %s response: %s" % (cmd, res))
138
139 stop_sigma_dut(sigma)
140
141 def test_sigma_dut_open(dev, apdev):
142 """sigma_dut controlled open network association"""
143 try:
144 run_sigma_dut_open(dev, apdev)
145 finally:
146 dev[0].set("ignore_old_scan_res", "0")
147
148 def run_sigma_dut_open(dev, apdev):
149 ifname = dev[0].ifname
150 sigma = start_sigma_dut(ifname)
151
152 hapd = hostapd.add_ap(apdev[0], {"ssid": "open"})
153
154 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
155 sigma_dut_cmd_check("sta_set_encryption,interface,%s,ssid,%s,encpType,none" % (ifname, "open"))
156 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "open"))
157 sigma_dut_wait_connected(ifname)
158 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
159 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
160 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
161
162 stop_sigma_dut(sigma)
163
164 def test_sigma_dut_psk_pmf(dev, apdev):
165 """sigma_dut controlled PSK+PMF association"""
166 try:
167 run_sigma_dut_psk_pmf(dev, apdev)
168 finally:
169 dev[0].set("ignore_old_scan_res", "0")
170
171 def run_sigma_dut_psk_pmf(dev, apdev):
172 ifname = dev[0].ifname
173 sigma = start_sigma_dut(ifname)
174
175 ssid = "test-pmf-required"
176 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
177 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
178 params["ieee80211w"] = "2"
179 hapd = hostapd.add_ap(apdev[0], params)
180
181 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
182 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
183 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "test-pmf-required", "12345678"))
184 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
185 sigma_dut_wait_connected(ifname)
186 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
187 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
188 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
189
190 stop_sigma_dut(sigma)
191
192 def test_sigma_dut_psk_pmf_bip_cmac_128(dev, apdev):
193 """sigma_dut controlled PSK+PMF association with BIP-CMAC-128"""
194 try:
195 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-128", "AES-128-CMAC")
196 finally:
197 dev[0].set("ignore_old_scan_res", "0")
198
199 def test_sigma_dut_psk_pmf_bip_cmac_256(dev, apdev):
200 """sigma_dut controlled PSK+PMF association with BIP-CMAC-256"""
201 try:
202 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-CMAC-256", "BIP-CMAC-256")
203 finally:
204 dev[0].set("ignore_old_scan_res", "0")
205
206 def test_sigma_dut_psk_pmf_bip_gmac_128(dev, apdev):
207 """sigma_dut controlled PSK+PMF association with BIP-GMAC-128"""
208 try:
209 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-128", "BIP-GMAC-128")
210 finally:
211 dev[0].set("ignore_old_scan_res", "0")
212
213 def test_sigma_dut_psk_pmf_bip_gmac_256(dev, apdev):
214 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256"""
215 try:
216 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "BIP-GMAC-256")
217 finally:
218 dev[0].set("ignore_old_scan_res", "0")
219
220 def test_sigma_dut_psk_pmf_bip_gmac_256_mismatch(dev, apdev):
221 """sigma_dut controlled PSK+PMF association with BIP-GMAC-256 mismatch"""
222 try:
223 run_sigma_dut_psk_pmf_cipher(dev, apdev, "BIP-GMAC-256", "AES-128-CMAC",
224 failure=True)
225 finally:
226 dev[0].set("ignore_old_scan_res", "0")
227
228 def run_sigma_dut_psk_pmf_cipher(dev, apdev, sigma_cipher, hostapd_cipher,
229 failure=False):
230 ifname = dev[0].ifname
231 sigma = start_sigma_dut(ifname)
232
233 ssid = "test-pmf-required"
234 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
235 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
236 params["ieee80211w"] = "2"
237 params["group_mgmt_cipher"] = hostapd_cipher
238 hapd = hostapd.add_ap(apdev[0], params)
239
240 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
241 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
242 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required,GroupMgntCipher,%s" % (ifname, "test-pmf-required", "12345678", sigma_cipher))
243 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-pmf-required"))
244 if failure:
245 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND",
246 "CTRL-EVENT-CONNECTED"], timeout=10)
247 if ev is None:
248 raise Exception("Network selection result not indicated")
249 if "CTRL-EVENT-CONNECTED" in ev:
250 raise Exception("Unexpected connection")
251 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
252 if "connected,1" in res:
253 raise Exception("Connection reported")
254 else:
255 sigma_dut_wait_connected(ifname)
256 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
257
258 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
259 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
260
261 stop_sigma_dut(sigma)
262
263 def test_sigma_dut_sae(dev, apdev):
264 """sigma_dut controlled SAE association"""
265 if "SAE" not in dev[0].get_capability("auth_alg"):
266 raise HwsimSkip("SAE not supported")
267
268 ifname = dev[0].ifname
269 sigma = start_sigma_dut(ifname)
270
271 ssid = "test-sae"
272 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
273 params['wpa_key_mgmt'] = 'SAE'
274 params["ieee80211w"] = "2"
275 params['sae_groups'] = '19 20 21'
276 hapd = hostapd.add_ap(apdev[0], params)
277
278 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
279 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
280 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678"))
281 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
282 sigma_dut_wait_connected(ifname)
283 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
284 if dev[0].get_status_field('sae_group') != '19':
285 raise Exception("Expected default SAE group not used")
286 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
287
288 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
289
290 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
291 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,ECGroupID,20" % (ifname, "test-sae", "12345678"))
292 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
293 sigma_dut_wait_connected(ifname)
294 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
295 if dev[0].get_status_field('sae_group') != '20':
296 raise Exception("Expected SAE group not used")
297 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
298 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
299
300 stop_sigma_dut(sigma)
301
302 def test_sigma_dut_sae_pmkid_include(dev, apdev):
303 """sigma_dut controlled SAE association with PMKID"""
304 if "SAE" not in dev[0].get_capability("auth_alg"):
305 raise HwsimSkip("SAE not supported")
306
307 ifname = dev[0].ifname
308 sigma = start_sigma_dut(ifname)
309
310 ssid = "test-sae"
311 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
312 params['wpa_key_mgmt'] = 'SAE'
313 params["ieee80211w"] = "2"
314 params["sae_confirm_immediate"] = "1"
315 hapd = hostapd.add_ap(apdev[0], params)
316
317 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
318 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
319 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,PMKID_Include,enable" % (ifname, "test-sae", "12345678"))
320 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
321 sigma_dut_wait_connected(ifname)
322 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
323 stop_sigma_dut(sigma)
324
325 def test_sigma_dut_sae_password(dev, apdev):
326 """sigma_dut controlled SAE association and long password"""
327 if "SAE" not in dev[0].get_capability("auth_alg"):
328 raise HwsimSkip("SAE not supported")
329
330 ifname = dev[0].ifname
331 sigma = start_sigma_dut(ifname)
332
333 try:
334 ssid = "test-sae"
335 params = hostapd.wpa2_params(ssid=ssid)
336 params['sae_password'] = 100*'B'
337 params['wpa_key_mgmt'] = 'SAE'
338 params["ieee80211w"] = "2"
339 hapd = hostapd.add_ap(apdev[0], params)
340
341 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
342 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
343 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", 100*'B'))
344 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
345 sigma_dut_wait_connected(ifname)
346 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
347 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
348 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
349 finally:
350 stop_sigma_dut(sigma)
351
352 def test_sigma_dut_sae_pw_id(dev, apdev):
353 """sigma_dut controlled SAE association with Password Identifier"""
354 if "SAE" not in dev[0].get_capability("auth_alg"):
355 raise HwsimSkip("SAE not supported")
356
357 ifname = dev[0].ifname
358 sigma = start_sigma_dut(ifname, debug=True)
359
360 ssid = "test-sae"
361 params = hostapd.wpa2_params(ssid=ssid)
362 params['wpa_key_mgmt'] = 'SAE'
363 params["ieee80211w"] = "2"
364 params['sae_password'] = 'secret|id=pw id'
365 params['sae_groups'] = '19'
366 hapd = hostapd.add_ap(apdev[0], params)
367
368 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
369 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
370 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,pw id" % (ifname, "test-sae", "secret"))
371 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
372 sigma_dut_wait_connected(ifname)
373 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
374 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
375
376 stop_sigma_dut(sigma)
377
378 def test_sigma_dut_sae_pw_id_ft(dev, apdev):
379 """sigma_dut controlled SAE association with Password Identifier and FT"""
380 run_sigma_dut_sae_pw_id_ft(dev, apdev)
381
382 def test_sigma_dut_sae_pw_id_ft_over_ds(dev, apdev):
383 """sigma_dut controlled SAE association with Password Identifier and FT-over-DS"""
384 run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=True)
385
386 def run_sigma_dut_sae_pw_id_ft(dev, apdev, over_ds=False):
387 if "SAE" not in dev[0].get_capability("auth_alg"):
388 raise HwsimSkip("SAE not supported")
389
390 ifname = dev[0].ifname
391 sigma = start_sigma_dut(ifname, debug=True)
392
393 ssid = "test-sae"
394 params = hostapd.wpa2_params(ssid=ssid)
395 params['wpa_key_mgmt'] = 'SAE FT-SAE'
396 params["ieee80211w"] = "2"
397 params['sae_password'] = ['pw1|id=id1', 'pw2|id=id2', 'pw3', 'pw4|id=id4']
398 params['mobility_domain'] = 'aabb'
399 params['ft_over_ds'] = '1' if over_ds else '0'
400 bssid = apdev[0]['bssid'].replace(':', '')
401 params['nas_identifier'] = bssid + '.nas.example.com'
402 params['r1_key_holder'] = bssid
403 params['pmk_r1_push'] = '0'
404 params['r0kh'] = 'ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
405 params['r1kh'] = '00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff'
406 hapd = hostapd.add_ap(apdev[0], params)
407
408 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
409 if over_ds:
410 sigma_dut_cmd_check("sta_preset_testparameters,interface,%s,FT_DS,Enable" % ifname)
411 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
412 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,AKMSuiteType,8;9,PasswordID,id2" % (ifname, "test-sae", "pw2"))
413 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
414 sigma_dut_wait_connected(ifname)
415
416 bssid = apdev[1]['bssid'].replace(':', '')
417 params['nas_identifier'] = bssid + '.nas.example.com'
418 params['r1_key_holder'] = bssid
419 hapd2 = hostapd.add_ap(apdev[1], params)
420 bssid = hapd2.own_addr()
421 sigma_dut_cmd_check("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
422 dev[0].wait_connected()
423
424 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
425 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
426
427 stop_sigma_dut(sigma)
428
429 def test_sigma_dut_sta_override_rsne(dev, apdev):
430 """sigma_dut and RSNE override on STA"""
431 try:
432 run_sigma_dut_sta_override_rsne(dev, apdev)
433 finally:
434 dev[0].set("ignore_old_scan_res", "0")
435
436 def run_sigma_dut_sta_override_rsne(dev, apdev):
437 ifname = dev[0].ifname
438 sigma = start_sigma_dut(ifname)
439
440 ssid = "test-psk"
441 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
442 hapd = hostapd.add_ap(apdev[0], params)
443
444 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
445
446 tests = ["30120100000fac040100000fac040100000fac02",
447 "30140100000fac040100000fac040100000fac02ffff"]
448 for test in tests:
449 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
450 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,%s" % (ifname, test))
451 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
452 sigma_dut_wait_connected(ifname)
453 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
454 dev[0].dump_monitor()
455
456 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,%s,type,PSK,passphrase,%s,EncpType,aes-ccmp,KeyMgmtType,wpa2" % (ifname, "test-psk", "12345678"))
457 sigma_dut_cmd_check("dev_configure_ie,interface,%s,IE_Name,RSNE,Contents,300101" % ifname)
458 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-psk"))
459
460 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"])
461 if ev is None:
462 raise Exception("Association rejection not reported")
463 if "status_code=40" not in ev:
464 raise Exception("Unexpected status code: " + ev)
465
466 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
467
468 stop_sigma_dut(sigma)
469
470 def test_sigma_dut_ap_psk(dev, apdev):
471 """sigma_dut controlled AP"""
472 with HWSimRadio() as (radio, iface):
473 sigma = start_sigma_dut(iface)
474 try:
475 sigma_dut_cmd_check("ap_reset_default")
476 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
477 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
478 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
479
480 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
481
482 sigma_dut_cmd_check("ap_reset_default")
483 finally:
484 stop_sigma_dut(sigma)
485
486 def test_sigma_dut_ap_pskhex(dev, apdev, params):
487 """sigma_dut controlled AP and PSKHEX"""
488 logdir = os.path.join(params['logdir'],
489 "sigma_dut_ap_pskhex.sigma-hostapd")
490 with HWSimRadio() as (radio, iface):
491 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
492 try:
493 psk = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
494 sigma_dut_cmd_check("ap_reset_default")
495 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
496 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSKHEX," + psk)
497 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
498
499 dev[0].connect("test-psk", raw_psk=psk, scan_freq="2412")
500
501 sigma_dut_cmd_check("ap_reset_default")
502 finally:
503 stop_sigma_dut(sigma)
504
505 def test_sigma_dut_ap_psk_sha256(dev, apdev, params):
506 """sigma_dut controlled AP PSK SHA256"""
507 logdir = os.path.join(params['logdir'],
508 "sigma_dut_ap_psk_sha256.sigma-hostapd")
509 with HWSimRadio() as (radio, iface):
510 sigma = start_sigma_dut(iface)
511 try:
512 sigma_dut_cmd_check("ap_reset_default")
513 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
514 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-256,PSK,12345678")
515 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
516
517 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
518 psk="12345678", scan_freq="2412")
519
520 sigma_dut_cmd_check("ap_reset_default")
521 finally:
522 stop_sigma_dut(sigma)
523
524 def test_sigma_dut_ap_psk_deauth(dev, apdev, params):
525 """sigma_dut controlled AP and deauth commands"""
526 logdir = os.path.join(params['logdir'],
527 "sigma_dut_ap_psk_deauth.sigma-hostapd")
528 with HWSimRadio() as (radio, iface):
529 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
530 try:
531 sigma_dut_cmd_check("ap_reset_default")
532 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
533 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678,PMF,Required")
534 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
535
536 dev[0].connect("test-psk", key_mgmt="WPA-PSK-SHA256",
537 psk="12345678", ieee80211w="2", scan_freq="2412")
538 addr = dev[0].own_addr()
539 dev[0].dump_monitor()
540
541 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr)
542 ev = dev[0].wait_disconnected()
543 dev[0].dump_monitor()
544 if "locally_generated=1" in ev:
545 raise Exception("Unexpected disconnection reason")
546 dev[0].wait_connected()
547 dev[0].dump_monitor()
548
549 sigma_dut_cmd_check("ap_deauth_sta,NAME,AP,sta_mac_address," + addr + ",disconnect,silent")
550 ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"], timeout=5)
551 if ev and "locally_generated=1" not in ev:
552 raise Exception("Unexpected disconnection")
553
554 sigma_dut_cmd_check("ap_reset_default")
555 finally:
556 stop_sigma_dut(sigma)
557
558 def test_sigma_dut_eap_ttls(dev, apdev, params):
559 """sigma_dut controlled STA and EAP-TTLS parameters"""
560 logdir = params['logdir']
561
562 with open("auth_serv/ca.pem", "r") as f:
563 with open(os.path.join(logdir, "sigma_dut_eap_ttls.ca.pem"), "w") as f2:
564 f2.write(f.read())
565
566 src = "auth_serv/server.pem"
567 dst = os.path.join(logdir, "sigma_dut_eap_ttls.server.der")
568 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls.server.pem.sha256")
569 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
570 "-outform", "DER"],
571 stderr=open('/dev/null', 'w'))
572 with open(dst, "rb") as f:
573 der = f.read()
574 hash = hashlib.sha256(der).digest()
575 with open(hashdst, "w") as f:
576 f.write(binascii.hexlify(hash).decode())
577
578 dst = os.path.join(logdir, "sigma_dut_eap_ttls.incorrect.pem.sha256")
579 with open(dst, "w") as f:
580 f.write(32*"00")
581
582 ssid = "test-wpa2-eap"
583 params = hostapd.wpa2_eap_params(ssid=ssid)
584 hapd = hostapd.add_ap(apdev[0], params)
585
586 ifname = dev[0].ifname
587 sigma = start_sigma_dut(ifname, cert_path=logdir)
588
589 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls.ca.pem,username,DOMAIN\mschapv2 user,password,password" % (ifname, ssid)
590
591 tests = ["",
592 ",Domain,server.w1.fi",
593 ",DomainSuffix,w1.fi",
594 ",DomainSuffix,server.w1.fi",
595 ",ServerCert,sigma_dut_eap_ttls.server.pem"]
596 for extra in tests:
597 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
598 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
599 sigma_dut_cmd_check(cmd + extra)
600 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
601 sigma_dut_wait_connected(ifname)
602 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
603 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
604 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
605 dev[0].dump_monitor()
606
607 tests = [",Domain,w1.fi",
608 ",DomainSuffix,example.com",
609 ",ServerCert,sigma_dut_eap_ttls.incorrect.pem"]
610 for extra in tests:
611 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
612 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
613 sigma_dut_cmd_check(cmd + extra)
614 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
615 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
616 if ev is None:
617 raise Exception("Server certificate error not reported")
618 res = sigma_dut_cmd("sta_is_connected,interface," + ifname)
619 if "connected,1" in res:
620 raise Exception("Unexpected connection reported")
621 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
622 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
623 dev[0].dump_monitor()
624
625 stop_sigma_dut(sigma)
626
627 def test_sigma_dut_suite_b(dev, apdev, params):
628 """sigma_dut controlled STA Suite B"""
629 check_suite_b_192_capa(dev)
630 logdir = params['logdir']
631
632 with open("auth_serv/ec2-ca.pem", "r") as f:
633 with open(os.path.join(logdir, "suite_b_ca.pem"), "w") as f2:
634 f2.write(f.read())
635
636 with open("auth_serv/ec2-user.pem", "r") as f:
637 with open("auth_serv/ec2-user.key", "r") as f2:
638 with open(os.path.join(logdir, "suite_b.pem"), "w") as f3:
639 f3.write(f.read())
640 f3.write(f2.read())
641
642 dev[0].flush_scan_cache()
643 params = suite_b_as_params()
644 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
645 params['server_cert'] = 'auth_serv/ec2-server.pem'
646 params['private_key'] = 'auth_serv/ec2-server.key'
647 params['openssl_ciphers'] = 'SUITEB192'
648 hostapd.add_ap(apdev[1], params)
649
650 params = {"ssid": "test-suite-b",
651 "wpa": "2",
652 "wpa_key_mgmt": "WPA-EAP-SUITE-B-192",
653 "rsn_pairwise": "GCMP-256",
654 "group_mgmt_cipher": "BIP-GMAC-256",
655 "ieee80211w": "2",
656 "ieee8021x": "1",
657 'auth_server_addr': "127.0.0.1",
658 'auth_server_port': "18129",
659 'auth_server_shared_secret': "radius",
660 'nas_identifier': "nas.w1.fi"}
661 hapd = hostapd.add_ap(apdev[0], params)
662
663 ifname = dev[0].ifname
664 sigma = start_sigma_dut(ifname, cert_path=logdir)
665
666 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
667 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
668 sigma_dut_cmd_check("sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b.pem,trustedRootCA,suite_b_ca.pem,CertType,ECC" % (ifname, "test-suite-b"))
669 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
670 sigma_dut_wait_connected(ifname)
671 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
672 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
673 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
674
675 stop_sigma_dut(sigma)
676
677 def test_sigma_dut_suite_b_rsa(dev, apdev, params):
678 """sigma_dut controlled STA Suite B (RSA)"""
679 check_suite_b_192_capa(dev)
680 logdir = params['logdir']
681
682 with open("auth_serv/rsa3072-ca.pem", "r") as f:
683 with open(os.path.join(logdir, "suite_b_ca_rsa.pem"), "w") as f2:
684 f2.write(f.read())
685
686 with open("auth_serv/rsa3072-user.pem", "r") as f:
687 with open("auth_serv/rsa3072-user.key", "r") as f2:
688 with open(os.path.join(logdir, "suite_b_rsa.pem"), "w") as f3:
689 f3.write(f.read())
690 f3.write(f2.read())
691
692 dev[0].flush_scan_cache()
693 params = suite_b_192_rsa_ap_params()
694 hapd = hostapd.add_ap(apdev[0], params)
695
696 ifname = dev[0].ifname
697 sigma = start_sigma_dut(ifname, cert_path=logdir)
698
699 cmd = "sta_set_security,type,eaptls,interface,%s,ssid,%s,PairwiseCipher,AES-GCMP-256,GroupCipher,AES-GCMP-256,GroupMgntCipher,BIP-GMAC-256,keymgmttype,SuiteB,clientCertificate,suite_b_rsa.pem,trustedRootCA,suite_b_ca_rsa.pem,CertType,RSA" % (ifname, "test-suite-b")
700
701 tests = ["",
702 ",TLSCipher,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
703 ",TLSCipher,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"]
704 for extra in tests:
705 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
706 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
707 sigma_dut_cmd_check(cmd + extra)
708 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-suite-b"))
709 sigma_dut_wait_connected(ifname)
710 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
711 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
712 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
713
714 stop_sigma_dut(sigma)
715
716 def test_sigma_dut_ap_suite_b(dev, apdev, params):
717 """sigma_dut controlled AP Suite B"""
718 check_suite_b_192_capa(dev)
719 logdir = os.path.join(params['logdir'],
720 "sigma_dut_ap_suite_b.sigma-hostapd")
721 params = suite_b_as_params()
722 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
723 params['server_cert'] = 'auth_serv/ec2-server.pem'
724 params['private_key'] = 'auth_serv/ec2-server.key'
725 params['openssl_ciphers'] = 'SUITEB192'
726 hostapd.add_ap(apdev[1], params)
727 with HWSimRadio() as (radio, iface):
728 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
729 try:
730 sigma_dut_cmd_check("ap_reset_default")
731 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
732 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
733 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,SuiteB")
734 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
735
736 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
737 ieee80211w="2",
738 openssl_ciphers="SUITEB192",
739 eap="TLS", identity="tls user",
740 ca_cert="auth_serv/ec2-ca.pem",
741 client_cert="auth_serv/ec2-user.pem",
742 private_key="auth_serv/ec2-user.key",
743 pairwise="GCMP-256", group="GCMP-256",
744 scan_freq="2412")
745
746 sigma_dut_cmd_check("ap_reset_default")
747 finally:
748 stop_sigma_dut(sigma)
749
750 def test_sigma_dut_ap_cipher_gcmp_128(dev, apdev, params):
751 """sigma_dut controlled AP with GCMP-128/BIP-GMAC-128 cipher"""
752 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-128", "BIP-GMAC-128",
753 "GCMP")
754
755 def test_sigma_dut_ap_cipher_gcmp_256(dev, apdev, params):
756 """sigma_dut controlled AP with GCMP-256/BIP-GMAC-256 cipher"""
757 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
758 "GCMP-256")
759
760 def test_sigma_dut_ap_cipher_ccmp_128(dev, apdev, params):
761 """sigma_dut controlled AP with CCMP-128/BIP-CMAC-128 cipher"""
762 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128", "BIP-CMAC-128",
763 "CCMP")
764
765 def test_sigma_dut_ap_cipher_ccmp_256(dev, apdev, params):
766 """sigma_dut controlled AP with CCMP-256/BIP-CMAC-256 cipher"""
767 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-256", "BIP-CMAC-256",
768 "CCMP-256")
769
770 def test_sigma_dut_ap_cipher_ccmp_gcmp_1(dev, apdev, params):
771 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (1)"""
772 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
773 "BIP-GMAC-256", "CCMP")
774
775 def test_sigma_dut_ap_cipher_ccmp_gcmp_2(dev, apdev, params):
776 """sigma_dut controlled AP with CCMP-128+GCMP-256 ciphers (2)"""
777 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-CCMP-128 AES-GCMP-256",
778 "BIP-GMAC-256", "GCMP-256", "CCMP")
779
780 def test_sigma_dut_ap_cipher_gcmp_256_group_ccmp(dev, apdev, params):
781 """sigma_dut controlled AP with GCMP-256/CCMP/BIP-GMAC-256 cipher"""
782 run_sigma_dut_ap_cipher(dev, apdev, params, "AES-GCMP-256", "BIP-GMAC-256",
783 "GCMP-256", "CCMP", "AES-CCMP-128")
784
785 def run_sigma_dut_ap_cipher(dev, apdev, params, ap_pairwise, ap_group_mgmt,
786 sta_cipher, sta_cipher_group=None, ap_group=None):
787 check_suite_b_192_capa(dev)
788 logdir = os.path.join(params['logdir'],
789 "sigma_dut_ap_cipher.sigma-hostapd")
790 params = suite_b_as_params()
791 params['ca_cert'] = 'auth_serv/ec2-ca.pem'
792 params['server_cert'] = 'auth_serv/ec2-server.pem'
793 params['private_key'] = 'auth_serv/ec2-server.key'
794 params['openssl_ciphers'] = 'SUITEB192'
795 hostapd.add_ap(apdev[1], params)
796 with HWSimRadio() as (radio, iface):
797 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
798 try:
799 sigma_dut_cmd_check("ap_reset_default")
800 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-suite-b,MODE,11ng")
801 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,18129,PASSWORD,radius")
802 cmd = "ap_set_security,NAME,AP,KEYMGNT,SuiteB,PMF,Required,PairwiseCipher,%s,GroupMgntCipher,%s" % (ap_pairwise, ap_group_mgmt)
803 if ap_group:
804 cmd += ",GroupCipher,%s" % ap_group
805 sigma_dut_cmd_check(cmd)
806 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
807
808 if sta_cipher_group is None:
809 sta_cipher_group = sta_cipher
810 dev[0].connect("test-suite-b", key_mgmt="WPA-EAP-SUITE-B-192",
811 ieee80211w="2",
812 openssl_ciphers="SUITEB192",
813 eap="TLS", identity="tls user",
814 ca_cert="auth_serv/ec2-ca.pem",
815 client_cert="auth_serv/ec2-user.pem",
816 private_key="auth_serv/ec2-user.key",
817 pairwise=sta_cipher, group=sta_cipher_group,
818 scan_freq="2412")
819
820 sigma_dut_cmd_check("ap_reset_default")
821 finally:
822 stop_sigma_dut(sigma)
823
824 def test_sigma_dut_ap_override_rsne(dev, apdev):
825 """sigma_dut controlled AP overriding RSNE"""
826 with HWSimRadio() as (radio, iface):
827 sigma = start_sigma_dut(iface)
828 try:
829 sigma_dut_cmd_check("ap_reset_default")
830 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-psk,MODE,11ng")
831 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK,PSK,12345678")
832 sigma_dut_cmd_check("dev_configure_ie,NAME,AP,interface,%s,IE_Name,RSNE,Contents,30180100000fac040200ffffffff000fac040100000fac020c00" % iface)
833 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
834
835 dev[0].connect("test-psk", psk="12345678", scan_freq="2412")
836
837 sigma_dut_cmd_check("ap_reset_default")
838 finally:
839 stop_sigma_dut(sigma)
840
841 def test_sigma_dut_ap_sae(dev, apdev, params):
842 """sigma_dut controlled AP with SAE"""
843 logdir = os.path.join(params['logdir'],
844 "sigma_dut_ap_sae.sigma-hostapd")
845 if "SAE" not in dev[0].get_capability("auth_alg"):
846 raise HwsimSkip("SAE not supported")
847 with HWSimRadio() as (radio, iface):
848 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
849 try:
850 sigma_dut_cmd_check("ap_reset_default")
851 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
852 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
853 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
854
855 dev[0].request("SET sae_groups ")
856 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
857 ieee80211w="2", scan_freq="2412")
858 if dev[0].get_status_field('sae_group') != '19':
859 raise Exception("Expected default SAE group not used")
860
861 sigma_dut_cmd_check("ap_reset_default")
862 finally:
863 stop_sigma_dut(sigma)
864
865 def test_sigma_dut_ap_sae_confirm_immediate(dev, apdev, params):
866 """sigma_dut controlled AP with SAE Confirm immediate"""
867 logdir = os.path.join(params['logdir'],
868 "sigma_dut_ap_sae_confirm_immediate.sigma-hostapd")
869 if "SAE" not in dev[0].get_capability("auth_alg"):
870 raise HwsimSkip("SAE not supported")
871 with HWSimRadio() as (radio, iface):
872 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
873 try:
874 sigma_dut_cmd_check("ap_reset_default")
875 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
876 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,SAE_Confirm_Immediate,enable")
877 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
878
879 dev[0].request("SET sae_groups ")
880 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
881 ieee80211w="2", scan_freq="2412")
882 if dev[0].get_status_field('sae_group') != '19':
883 raise Exception("Expected default SAE group not used")
884
885 sigma_dut_cmd_check("ap_reset_default")
886 finally:
887 stop_sigma_dut(sigma)
888
889 def test_sigma_dut_ap_sae_password(dev, apdev, params):
890 """sigma_dut controlled AP with SAE and long password"""
891 logdir = os.path.join(params['logdir'],
892 "sigma_dut_ap_sae_password.sigma-hostapd")
893 if "SAE" not in dev[0].get_capability("auth_alg"):
894 raise HwsimSkip("SAE not supported")
895 with HWSimRadio() as (radio, iface):
896 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
897 try:
898 sigma_dut_cmd_check("ap_reset_default")
899 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
900 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK," + 100*'C')
901 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
902
903 dev[0].request("SET sae_groups ")
904 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=100*'C',
905 ieee80211w="2", scan_freq="2412")
906 if dev[0].get_status_field('sae_group') != '19':
907 raise Exception("Expected default SAE group not used")
908
909 sigma_dut_cmd_check("ap_reset_default")
910 finally:
911 stop_sigma_dut(sigma)
912
913 def test_sigma_dut_ap_sae_pw_id(dev, apdev, params):
914 """sigma_dut controlled AP with SAE Password Identifier"""
915 logdir = os.path.join(params['logdir'],
916 "sigma_dut_ap_sae_pw_id.sigma-hostapd")
917 conffile = os.path.join(params['logdir'],
918 "sigma_dut_ap_sae_pw_id.sigma-conf")
919 if "SAE" not in dev[0].get_capability("auth_alg"):
920 raise HwsimSkip("SAE not supported")
921 with HWSimRadio() as (radio, iface):
922 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
923 try:
924 sigma_dut_cmd_check("ap_reset_default")
925 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
926 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
927 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
928
929 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
930 with open(conffile, "wb") as f2:
931 f2.write(f.read())
932
933 dev[0].request("SET sae_groups ")
934 tests = [("pw1", "id1"),
935 ("pw2", "id2"),
936 ("pw3", None),
937 ("pw4", "id4")]
938 for pw, pw_id in tests:
939 dev[0].connect("test-sae", key_mgmt="SAE", sae_password=pw,
940 sae_password_id=pw_id,
941 ieee80211w="2", scan_freq="2412")
942 dev[0].request("REMOVE_NETWORK all")
943 dev[0].wait_disconnected()
944
945 sigma_dut_cmd_check("ap_reset_default")
946 finally:
947 stop_sigma_dut(sigma)
948
949 def test_sigma_dut_ap_sae_pw_id_ft(dev, apdev, params):
950 """sigma_dut controlled AP with SAE Password Identifier and FT"""
951 logdir = os.path.join(params['logdir'],
952 "sigma_dut_ap_sae_pw_id_ft.sigma-hostapd")
953 conffile = os.path.join(params['logdir'],
954 "sigma_dut_ap_sae_pw_id_ft.sigma-conf")
955 if "SAE" not in dev[0].get_capability("auth_alg"):
956 raise HwsimSkip("SAE not supported")
957 with HWSimRadio() as (radio, iface):
958 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
959 try:
960 sigma_dut_cmd_check("ap_reset_default")
961 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng,DOMAIN,aabb")
962 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,8;9,SAEPasswords,pw1:id1;pw2:id2;pw3;pw4:id4,PMF,Required")
963 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
964
965 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
966 with open(conffile, "wb") as f2:
967 f2.write(f.read())
968
969 dev[0].request("SET sae_groups ")
970 tests = [("pw1", "id1", "SAE"),
971 ("pw2", "id2", "FT-SAE"),
972 ("pw3", None, "FT-SAE"),
973 ("pw4", "id4", "SAE")]
974 for pw, pw_id, key_mgmt in tests:
975 dev[0].connect("test-sae", key_mgmt=key_mgmt, sae_password=pw,
976 sae_password_id=pw_id,
977 ieee80211w="2", scan_freq="2412")
978 dev[0].request("REMOVE_NETWORK all")
979 dev[0].wait_disconnected()
980
981 sigma_dut_cmd_check("ap_reset_default")
982 finally:
983 stop_sigma_dut(sigma)
984
985 def test_sigma_dut_ap_sae_group(dev, apdev, params):
986 """sigma_dut controlled AP with SAE and specific group"""
987 logdir = os.path.join(params['logdir'],
988 "sigma_dut_ap_sae_group.sigma-hostapd")
989 if "SAE" not in dev[0].get_capability("auth_alg"):
990 raise HwsimSkip("SAE not supported")
991 with HWSimRadio() as (radio, iface):
992 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
993 try:
994 sigma_dut_cmd_check("ap_reset_default")
995 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
996 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,ECGroupID,20")
997 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
998
999 dev[0].request("SET sae_groups ")
1000 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1001 ieee80211w="2", scan_freq="2412")
1002 if dev[0].get_status_field('sae_group') != '20':
1003 raise Exception("Expected SAE group not used")
1004
1005 sigma_dut_cmd_check("ap_reset_default")
1006 finally:
1007 stop_sigma_dut(sigma)
1008
1009 def test_sigma_dut_ap_psk_sae(dev, apdev, params):
1010 """sigma_dut controlled AP with PSK+SAE"""
1011 if "SAE" not in dev[0].get_capability("auth_alg"):
1012 raise HwsimSkip("SAE not supported")
1013 logdir = os.path.join(params['logdir'],
1014 "sigma_dut_ap_psk_sae.sigma-hostapd")
1015 with HWSimRadio() as (radio, iface):
1016 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1017 try:
1018 sigma_dut_cmd_check("ap_reset_default")
1019 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
1020 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-PSK-SAE,PSK,12345678")
1021 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1022
1023 dev[2].request("SET sae_groups ")
1024 dev[2].connect("test-sae", key_mgmt="SAE", psk="12345678",
1025 scan_freq="2412", ieee80211w="0", wait_connect=False)
1026 dev[0].request("SET sae_groups ")
1027 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
1028 scan_freq="2412", ieee80211w="2")
1029 dev[1].connect("test-sae", psk="12345678", scan_freq="2412")
1030
1031 ev = dev[2].wait_event(["CTRL-EVENT-CONNECTED"], timeout=0.1)
1032 dev[2].request("DISCONNECT")
1033 if ev is not None:
1034 raise Exception("Unexpected connection without PMF")
1035
1036 sigma_dut_cmd_check("ap_reset_default")
1037 finally:
1038 stop_sigma_dut(sigma)
1039
1040 def test_sigma_dut_ap_psk_sae_ft(dev, apdev, params):
1041 """sigma_dut controlled AP with PSK, SAE, FT"""
1042 logdir = os.path.join(params['logdir'],
1043 "sigma_dut_ap_psk_sae_ft.sigma-hostapd")
1044 conffile = os.path.join(params['logdir'],
1045 "sigma_dut_ap_psk_sae_ft.sigma-conf")
1046 if "SAE" not in dev[0].get_capability("auth_alg"):
1047 raise HwsimSkip("SAE not supported")
1048 with HWSimRadio() as (radio, iface):
1049 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
1050 try:
1051 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1052 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae-psk,MODE,11ng,DOMAIN,aabb")
1053 sigma_dut_cmd_check("ap_set_security,NAME,AP,AKMSuiteType,2;4;6;8;9,PSK,12345678,PairwiseCipher,AES-CCMP-128,GroupCipher,AES-CCMP-128")
1054 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,DOMAIN,0101,FT_OA,Enable")
1055 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,FT_BSS_LIST," + apdev[1]['bssid'])
1056 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1057
1058 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
1059 with open(conffile, "wb") as f2:
1060 f2.write(f.read())
1061
1062 dev[0].request("SET sae_groups ")
1063 dev[0].connect("test-sae-psk", key_mgmt="SAE FT-SAE",
1064 sae_password="12345678", scan_freq="2412")
1065 dev[1].connect("test-sae-psk", key_mgmt="WPA-PSK FT-PSK",
1066 psk="12345678", scan_freq="2412")
1067 dev[2].connect("test-sae-psk", key_mgmt="WPA-PSK",
1068 psk="12345678", scan_freq="2412")
1069
1070 sigma_dut_cmd_check("ap_reset_default")
1071 finally:
1072 stop_sigma_dut(sigma)
1073
1074 def test_sigma_dut_owe(dev, apdev):
1075 """sigma_dut controlled OWE station"""
1076 try:
1077 run_sigma_dut_owe(dev, apdev)
1078 finally:
1079 dev[0].set("ignore_old_scan_res", "0")
1080
1081 def run_sigma_dut_owe(dev, apdev):
1082 if "OWE" not in dev[0].get_capability("key_mgmt"):
1083 raise HwsimSkip("OWE not supported")
1084
1085 ifname = dev[0].ifname
1086 sigma = start_sigma_dut(ifname)
1087
1088 try:
1089 params = {"ssid": "owe",
1090 "wpa": "2",
1091 "wpa_key_mgmt": "OWE",
1092 "ieee80211w": "2",
1093 "rsn_pairwise": "CCMP"}
1094 hapd = hostapd.add_ap(apdev[0], params)
1095 bssid = hapd.own_addr()
1096
1097 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1098 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1099 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE" % ifname)
1100 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1101 sigma_dut_wait_connected(ifname)
1102 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1103
1104 dev[0].dump_monitor()
1105 sigma_dut_cmd("sta_reassoc,interface,%s,Channel,1,bssid,%s" % (ifname, bssid))
1106 dev[0].wait_connected()
1107 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1108 dev[0].wait_disconnected()
1109 dev[0].dump_monitor()
1110
1111 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1112 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1113 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,20" % ifname)
1114 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1115 sigma_dut_wait_connected(ifname)
1116 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
1117 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1118 dev[0].wait_disconnected()
1119 dev[0].dump_monitor()
1120
1121 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
1122 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
1123 sigma_dut_cmd_check("sta_set_security,interface,%s,ssid,owe,Type,OWE,ECGroupID,0" % ifname)
1124 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,owe,channel,1" % ifname)
1125 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1126 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
1127 if ev is None:
1128 raise Exception("Association not rejected")
1129 if "status_code=77" not in ev:
1130 raise Exception("Unexpected rejection reason: " + ev)
1131
1132 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
1133 finally:
1134 stop_sigma_dut(sigma)
1135
1136 def test_sigma_dut_ap_owe(dev, apdev, params):
1137 """sigma_dut controlled AP with OWE"""
1138 logdir = os.path.join(params['logdir'],
1139 "sigma_dut_ap_owe.sigma-hostapd")
1140 if "OWE" not in dev[0].get_capability("key_mgmt"):
1141 raise HwsimSkip("OWE not supported")
1142 with HWSimRadio() as (radio, iface):
1143 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1144 try:
1145 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1146 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1147 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE")
1148 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1149
1150 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1151 scan_freq="2412")
1152
1153 sigma_dut_cmd_check("ap_reset_default")
1154 finally:
1155 stop_sigma_dut(sigma)
1156
1157 def test_sigma_dut_ap_owe_ecgroupid(dev, apdev):
1158 """sigma_dut controlled AP with OWE and ECGroupID"""
1159 if "OWE" not in dev[0].get_capability("key_mgmt"):
1160 raise HwsimSkip("OWE not supported")
1161 with HWSimRadio() as (radio, iface):
1162 sigma = start_sigma_dut(iface)
1163 try:
1164 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1165 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,owe,MODE,11ng")
1166 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OWE,ECGroupID,20 21,PMF,Required")
1167 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1168
1169 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1170 owe_group="20", scan_freq="2412")
1171 dev[0].request("REMOVE_NETWORK all")
1172 dev[0].wait_disconnected()
1173
1174 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1175 owe_group="21", scan_freq="2412")
1176 dev[0].request("REMOVE_NETWORK all")
1177 dev[0].wait_disconnected()
1178
1179 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1180 owe_group="19", scan_freq="2412", wait_connect=False)
1181 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=10)
1182 dev[0].request("DISCONNECT")
1183 if ev is None:
1184 raise Exception("Association not rejected")
1185 if "status_code=77" not in ev:
1186 raise Exception("Unexpected rejection reason: " + ev)
1187 dev[0].dump_monitor()
1188
1189 sigma_dut_cmd_check("ap_reset_default")
1190 finally:
1191 stop_sigma_dut(sigma)
1192
1193 def test_sigma_dut_ap_owe_transition_mode(dev, apdev, params):
1194 """sigma_dut controlled AP with OWE and transition mode"""
1195 if "OWE" not in dev[0].get_capability("key_mgmt"):
1196 raise HwsimSkip("OWE not supported")
1197 logdir = os.path.join(params['logdir'],
1198 "sigma_dut_ap_owe_transition_mode.sigma-hostapd")
1199 with HWSimRadio() as (radio, iface):
1200 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1201 try:
1202 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1203 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1204 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,OWE")
1205 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,owe,MODE,11ng")
1206 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
1207 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1208
1209 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1210 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1211
1212 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1213 scan_freq="2412")
1214 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1215 if dev[0].get_status_field('bssid') not in res1:
1216 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res1)
1217 if dev[1].get_status_field('bssid') not in res2:
1218 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res2)
1219
1220 sigma_dut_cmd_check("ap_reset_default")
1221 finally:
1222 stop_sigma_dut(sigma)
1223
1224 def test_sigma_dut_ap_owe_transition_mode_2(dev, apdev, params):
1225 """sigma_dut controlled AP with OWE and transition mode (2)"""
1226 if "OWE" not in dev[0].get_capability("key_mgmt"):
1227 raise HwsimSkip("OWE not supported")
1228 logdir = os.path.join(params['logdir'],
1229 "sigma_dut_ap_owe_transition_mode_2.sigma-hostapd")
1230 with HWSimRadio() as (radio, iface):
1231 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1232 try:
1233 sigma_dut_cmd_check("ap_reset_default,NAME,AP,Program,WPA3")
1234 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,owe,MODE,11ng")
1235 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,NONE")
1236 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,MODE,11ng")
1237 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,OWE")
1238 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
1239
1240 res1 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,1,Interface,24G")
1241 res2 = sigma_dut_cmd_check("ap_get_mac_address,NAME,AP,WLAN_TAG,2,Interface,24G")
1242
1243 dev[0].connect("owe", key_mgmt="OWE", ieee80211w="2",
1244 scan_freq="2412")
1245 dev[1].connect("owe", key_mgmt="NONE", scan_freq="2412")
1246 if dev[0].get_status_field('bssid') not in res2:
1247 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,2: " + res1)
1248 if dev[1].get_status_field('bssid') not in res1:
1249 raise Exception("Unexpected ap_get_mac_address WLAN_TAG,1: " + res2)
1250
1251 sigma_dut_cmd_check("ap_reset_default")
1252 finally:
1253 stop_sigma_dut(sigma)
1254
1255 def dpp_init_enrollee(dev, id1):
1256 logger.info("Starting DPP initiator/enrollee in a thread")
1257 time.sleep(1)
1258 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
1259 if "OK" not in dev.request(cmd):
1260 raise Exception("Failed to initiate DPP Authentication")
1261 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1262 if ev is None:
1263 raise Exception("DPP configuration not completed (Enrollee)")
1264 logger.info("DPP initiator/enrollee done")
1265
1266 def test_sigma_dut_dpp_qr_resp_1(dev, apdev):
1267 """sigma_dut DPP/QR responder (conf index 1)"""
1268 run_sigma_dut_dpp_qr_resp(dev, apdev, 1)
1269
1270 def test_sigma_dut_dpp_qr_resp_2(dev, apdev):
1271 """sigma_dut DPP/QR responder (conf index 2)"""
1272 run_sigma_dut_dpp_qr_resp(dev, apdev, 2)
1273
1274 def test_sigma_dut_dpp_qr_resp_3(dev, apdev):
1275 """sigma_dut DPP/QR responder (conf index 3)"""
1276 run_sigma_dut_dpp_qr_resp(dev, apdev, 3)
1277
1278 def test_sigma_dut_dpp_qr_resp_4(dev, apdev):
1279 """sigma_dut DPP/QR responder (conf index 4)"""
1280 run_sigma_dut_dpp_qr_resp(dev, apdev, 4)
1281
1282 def test_sigma_dut_dpp_qr_resp_5(dev, apdev):
1283 """sigma_dut DPP/QR responder (conf index 5)"""
1284 run_sigma_dut_dpp_qr_resp(dev, apdev, 5)
1285
1286 def test_sigma_dut_dpp_qr_resp_6(dev, apdev):
1287 """sigma_dut DPP/QR responder (conf index 6)"""
1288 run_sigma_dut_dpp_qr_resp(dev, apdev, 6)
1289
1290 def test_sigma_dut_dpp_qr_resp_7(dev, apdev):
1291 """sigma_dut DPP/QR responder (conf index 7)"""
1292 run_sigma_dut_dpp_qr_resp(dev, apdev, 7)
1293
1294 def test_sigma_dut_dpp_qr_resp_8(dev, apdev):
1295 """sigma_dut DPP/QR responder (conf index 8)"""
1296 run_sigma_dut_dpp_qr_resp(dev, apdev, 8)
1297
1298 def test_sigma_dut_dpp_qr_resp_9(dev, apdev):
1299 """sigma_dut DPP/QR responder (conf index 9)"""
1300 run_sigma_dut_dpp_qr_resp(dev, apdev, 9)
1301
1302 def test_sigma_dut_dpp_qr_resp_10(dev, apdev):
1303 """sigma_dut DPP/QR responder (conf index 10)"""
1304 run_sigma_dut_dpp_qr_resp(dev, apdev, 10)
1305
1306 def test_sigma_dut_dpp_qr_resp_chan_list(dev, apdev):
1307 """sigma_dut DPP/QR responder (channel list override)"""
1308 run_sigma_dut_dpp_qr_resp(dev, apdev, 1, chan_list='81/2 81/6 81/1',
1309 listen_chan=2)
1310
1311 def test_sigma_dut_dpp_qr_resp_status_query(dev, apdev):
1312 """sigma_dut DPP/QR responder status query"""
1313 params = hostapd.wpa2_params(ssid="DPPNET01",
1314 passphrase="ThisIsDppPassphrase")
1315 hapd = hostapd.add_ap(apdev[0], params)
1316
1317 try:
1318 dev[1].set("dpp_config_processing", "2")
1319 run_sigma_dut_dpp_qr_resp(dev, apdev, 3, status_query=True)
1320 finally:
1321 dev[1].set("dpp_config_processing", "0")
1322
1323 def run_sigma_dut_dpp_qr_resp(dev, apdev, conf_idx, chan_list=None,
1324 listen_chan=None, status_query=False):
1325 check_dpp_capab(dev[0])
1326 check_dpp_capab(dev[1])
1327 sigma = start_sigma_dut(dev[0].ifname)
1328 try:
1329 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1330 if chan_list:
1331 cmd += ",DPPChannelList," + chan_list
1332 res = sigma_dut_cmd(cmd)
1333 if "status,COMPLETE" not in res:
1334 raise Exception("dev_exec_action did not succeed: " + res)
1335 hex = res.split(',')[3]
1336 uri = from_hex(hex)
1337 logger.info("URI from sigma_dut: " + uri)
1338
1339 id1 = dev[1].dpp_qr_code(uri)
1340
1341 t = threading.Thread(target=dpp_init_enrollee, args=(dev[1], id1))
1342 t.start()
1343 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,%d,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPTimeout,6" % conf_idx
1344 if listen_chan:
1345 cmd += ",DPPListenChannel," + str(listen_chan)
1346 if status_query:
1347 cmd += ",DPPStatusQuery,Yes"
1348 res = sigma_dut_cmd(cmd, timeout=10)
1349 t.join()
1350 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1351 raise Exception("Unexpected result: " + res)
1352 if status_query and "StatusResult,0" not in res:
1353 raise Exception("Status query did not succeed: " + res)
1354 finally:
1355 stop_sigma_dut(sigma)
1356
1357 def test_sigma_dut_dpp_qr_init_enrollee(dev, apdev):
1358 """sigma_dut DPP/QR initiator as Enrollee"""
1359 check_dpp_capab(dev[0])
1360 check_dpp_capab(dev[1])
1361
1362 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1363 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1364 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1365 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1366
1367 params = {"ssid": "DPPNET01",
1368 "wpa": "2",
1369 "ieee80211w": "2",
1370 "wpa_key_mgmt": "DPP",
1371 "rsn_pairwise": "CCMP",
1372 "dpp_connector": ap_connector,
1373 "dpp_csign": csign_pub,
1374 "dpp_netaccesskey": ap_netaccesskey}
1375 try:
1376 hapd = hostapd.add_ap(apdev[0], params)
1377 except:
1378 raise HwsimSkip("DPP not supported")
1379
1380 sigma = start_sigma_dut(dev[0].ifname)
1381 try:
1382 dev[0].set("dpp_config_processing", "2")
1383
1384 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1385 res = dev[1].request(cmd)
1386 if "FAIL" in res:
1387 raise Exception("Failed to add configurator")
1388 conf_id = int(res)
1389
1390 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1391 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1392
1393 dev[1].set("dpp_configurator_params",
1394 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1395 cmd = "DPP_LISTEN 2437 role=configurator"
1396 if "OK" not in dev[1].request(cmd):
1397 raise Exception("Failed to start listen operation")
1398
1399 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1400 if "status,COMPLETE" not in res:
1401 raise Exception("dev_exec_action did not succeed: " + res)
1402
1403 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1404 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1405 raise Exception("Unexpected result: " + res)
1406 finally:
1407 dev[0].set("dpp_config_processing", "0")
1408 stop_sigma_dut(sigma)
1409
1410 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1411 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1412 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev)
1413
1414 def test_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev):
1415 """sigma_dut DPP/QR (mutual) initiator as Enrollee (extra check)"""
1416 run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev,
1417 extra="DPPAuthDirection,Mutual,")
1418
1419 def run_sigma_dut_dpp_qr_mutual_init_enrollee_check(dev, apdev, extra=''):
1420 check_dpp_capab(dev[0])
1421 check_dpp_capab(dev[1])
1422
1423 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1424 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1425 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1426 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1427
1428 params = {"ssid": "DPPNET01",
1429 "wpa": "2",
1430 "ieee80211w": "2",
1431 "wpa_key_mgmt": "DPP",
1432 "rsn_pairwise": "CCMP",
1433 "dpp_connector": ap_connector,
1434 "dpp_csign": csign_pub,
1435 "dpp_netaccesskey": ap_netaccesskey}
1436 try:
1437 hapd = hostapd.add_ap(apdev[0], params)
1438 except:
1439 raise HwsimSkip("DPP not supported")
1440
1441 sigma = start_sigma_dut(dev[0].ifname)
1442 try:
1443 dev[0].set("dpp_config_processing", "2")
1444
1445 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1446 res = dev[1].request(cmd)
1447 if "FAIL" in res:
1448 raise Exception("Failed to add configurator")
1449 conf_id = int(res)
1450
1451 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1452 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1453
1454 dev[1].set("dpp_configurator_params",
1455 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"), conf_id))
1456 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1457 if "OK" not in dev[1].request(cmd):
1458 raise Exception("Failed to start listen operation")
1459
1460 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1461 if "status,COMPLETE" not in res:
1462 raise Exception("dev_exec_action did not succeed: " + res)
1463 hex = res.split(',')[3]
1464 uri = from_hex(hex)
1465 logger.info("URI from sigma_dut: " + uri)
1466
1467 id1 = dev[1].dpp_qr_code(uri)
1468
1469 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1470 if "status,COMPLETE" not in res:
1471 raise Exception("dev_exec_action did not succeed: " + res)
1472
1473 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,%sDPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes" % extra, timeout=10)
1474 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1475 raise Exception("Unexpected result: " + res)
1476 finally:
1477 dev[0].set("dpp_config_processing", "0")
1478 stop_sigma_dut(sigma)
1479
1480 def dpp_init_conf_mutual(dev, id1, conf_id, own_id=None):
1481 time.sleep(1)
1482 logger.info("Starting DPP initiator/configurator in a thread")
1483 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp ssid=%s configurator=%d" % (id1, to_hex("DPPNET01"), conf_id)
1484 if own_id is not None:
1485 cmd += " own=%d" % own_id
1486 if "OK" not in dev.request(cmd):
1487 raise Exception("Failed to initiate DPP Authentication")
1488 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1489 if ev is None:
1490 raise Exception("DPP configuration not completed (Configurator)")
1491 logger.info("DPP initiator/configurator done")
1492
1493 def test_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev):
1494 """sigma_dut DPP/QR (mutual) responder as Enrollee"""
1495 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev)
1496
1497 def test_sigma_dut_dpp_qr_mutual_resp_enrollee_pending(dev, apdev):
1498 """sigma_dut DPP/QR (mutual) responder as Enrollee (response pending)"""
1499 run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, ',DPPDelayQRResponse,1')
1500
1501 def run_sigma_dut_dpp_qr_mutual_resp_enrollee(dev, apdev, extra=None):
1502 check_dpp_capab(dev[0])
1503 check_dpp_capab(dev[1])
1504
1505 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1506 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1507 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1508 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1509
1510 params = {"ssid": "DPPNET01",
1511 "wpa": "2",
1512 "ieee80211w": "2",
1513 "wpa_key_mgmt": "DPP",
1514 "rsn_pairwise": "CCMP",
1515 "dpp_connector": ap_connector,
1516 "dpp_csign": csign_pub,
1517 "dpp_netaccesskey": ap_netaccesskey}
1518 try:
1519 hapd = hostapd.add_ap(apdev[0], params)
1520 except:
1521 raise HwsimSkip("DPP not supported")
1522
1523 sigma = start_sigma_dut(dev[0].ifname)
1524 try:
1525 dev[0].set("dpp_config_processing", "2")
1526
1527 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1528 res = dev[1].request(cmd)
1529 if "FAIL" in res:
1530 raise Exception("Failed to add configurator")
1531 conf_id = int(res)
1532
1533 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1534 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1535
1536 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1537 if "status,COMPLETE" not in res:
1538 raise Exception("dev_exec_action did not succeed: " + res)
1539 hex = res.split(',')[3]
1540 uri = from_hex(hex)
1541 logger.info("URI from sigma_dut: " + uri)
1542
1543 id1 = dev[1].dpp_qr_code(uri)
1544
1545 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1546 if "status,COMPLETE" not in res:
1547 raise Exception("dev_exec_action did not succeed: " + res)
1548
1549 t = threading.Thread(target=dpp_init_conf_mutual,
1550 args=(dev[1], id1, conf_id, id0))
1551 t.start()
1552
1553 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,20,DPPWaitForConnect,Yes"
1554 if extra:
1555 cmd += extra
1556 res = sigma_dut_cmd(cmd, timeout=25)
1557 t.join()
1558 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1559 raise Exception("Unexpected result: " + res)
1560 finally:
1561 dev[0].set("dpp_config_processing", "0")
1562 stop_sigma_dut(sigma)
1563
1564 def dpp_resp_conf_mutual(dev, conf_id, uri):
1565 logger.info("Starting DPP responder/configurator in a thread")
1566 dev.set("dpp_configurator_params",
1567 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
1568 conf_id))
1569 cmd = "DPP_LISTEN 2437 role=configurator qr=mutual"
1570 if "OK" not in dev.request(cmd):
1571 raise Exception("Failed to initiate DPP listen")
1572 if uri:
1573 ev = dev.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=10)
1574 if ev is None:
1575 raise Exception("QR Code scan for mutual authentication not requested")
1576 dev.dpp_qr_code(uri)
1577 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=10)
1578 if ev is None:
1579 raise Exception("DPP configuration not completed (Configurator)")
1580 logger.info("DPP responder/configurator done")
1581
1582 def test_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev):
1583 """sigma_dut DPP/QR (mutual) initiator as Enrollee"""
1584 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, False)
1585
1586 def test_sigma_dut_dpp_qr_mutual_init_enrollee_pending(dev, apdev):
1587 """sigma_dut DPP/QR (mutual) initiator as Enrollee (response pending)"""
1588 run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, True)
1589
1590 def run_sigma_dut_dpp_qr_mutual_init_enrollee(dev, apdev, resp_pending):
1591 check_dpp_capab(dev[0])
1592 check_dpp_capab(dev[1])
1593
1594 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1595 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1596 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1597 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1598
1599 params = {"ssid": "DPPNET01",
1600 "wpa": "2",
1601 "ieee80211w": "2",
1602 "wpa_key_mgmt": "DPP",
1603 "rsn_pairwise": "CCMP",
1604 "dpp_connector": ap_connector,
1605 "dpp_csign": csign_pub,
1606 "dpp_netaccesskey": ap_netaccesskey}
1607 try:
1608 hapd = hostapd.add_ap(apdev[0], params)
1609 except:
1610 raise HwsimSkip("DPP not supported")
1611
1612 sigma = start_sigma_dut(dev[0].ifname)
1613 try:
1614 dev[0].set("dpp_config_processing", "2")
1615
1616 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1617 res = dev[1].request(cmd)
1618 if "FAIL" in res:
1619 raise Exception("Failed to add configurator")
1620 conf_id = int(res)
1621
1622 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1623 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1624
1625 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1626 if "status,COMPLETE" not in res:
1627 raise Exception("dev_exec_action did not succeed: " + res)
1628 hex = res.split(',')[3]
1629 uri = from_hex(hex)
1630 logger.info("URI from sigma_dut: " + uri)
1631
1632 if not resp_pending:
1633 dev[1].dpp_qr_code(uri)
1634 uri = None
1635
1636 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1637 if "status,COMPLETE" not in res:
1638 raise Exception("dev_exec_action did not succeed: " + res)
1639
1640 t = threading.Thread(target=dpp_resp_conf_mutual,
1641 args=(dev[1], conf_id, uri))
1642 t.start()
1643
1644 time.sleep(1)
1645 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,10,DPPWaitForConnect,Yes"
1646 res = sigma_dut_cmd(cmd, timeout=15)
1647 t.join()
1648 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
1649 raise Exception("Unexpected result: " + res)
1650 finally:
1651 dev[0].set("dpp_config_processing", "0")
1652 stop_sigma_dut(sigma)
1653
1654 def test_sigma_dut_dpp_qr_init_enrollee_psk(dev, apdev):
1655 """sigma_dut DPP/QR initiator as Enrollee (PSK)"""
1656 check_dpp_capab(dev[0])
1657 check_dpp_capab(dev[1])
1658
1659 params = hostapd.wpa2_params(ssid="DPPNET01",
1660 passphrase="ThisIsDppPassphrase")
1661 hapd = hostapd.add_ap(apdev[0], params)
1662
1663 sigma = start_sigma_dut(dev[0].ifname)
1664 try:
1665 dev[0].set("dpp_config_processing", "2")
1666
1667 cmd = "DPP_CONFIGURATOR_ADD"
1668 res = dev[1].request(cmd)
1669 if "FAIL" in res:
1670 raise Exception("Failed to add configurator")
1671 conf_id = int(res)
1672
1673 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1674 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1675
1676 dev[1].set("dpp_configurator_params",
1677 " conf=sta-psk ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1678 cmd = "DPP_LISTEN 2437 role=configurator"
1679 if "OK" not in dev[1].request(cmd):
1680 raise Exception("Failed to start listen operation")
1681
1682 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1683 if "status,COMPLETE" not in res:
1684 raise Exception("dev_exec_action did not succeed: " + res)
1685
1686 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1687 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1688 raise Exception("Unexpected result: " + res)
1689 finally:
1690 dev[0].set("dpp_config_processing", "0")
1691 stop_sigma_dut(sigma)
1692
1693 def test_sigma_dut_dpp_qr_init_enrollee_sae(dev, apdev):
1694 """sigma_dut DPP/QR initiator as Enrollee (SAE)"""
1695 check_dpp_capab(dev[0])
1696 check_dpp_capab(dev[1])
1697 if "SAE" not in dev[0].get_capability("auth_alg"):
1698 raise HwsimSkip("SAE not supported")
1699
1700 params = hostapd.wpa2_params(ssid="DPPNET01",
1701 passphrase="ThisIsDppPassphrase")
1702 params['wpa_key_mgmt'] = 'SAE'
1703 params["ieee80211w"] = "2"
1704 hapd = hostapd.add_ap(apdev[0], params)
1705
1706 sigma = start_sigma_dut(dev[0].ifname)
1707 try:
1708 dev[0].set("dpp_config_processing", "2")
1709 dev[0].set("sae_groups", "")
1710
1711 cmd = "DPP_CONFIGURATOR_ADD"
1712 res = dev[1].request(cmd)
1713 if "FAIL" in res:
1714 raise Exception("Failed to add configurator")
1715 conf_id = int(res)
1716
1717 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1718 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1719
1720 dev[1].set("dpp_configurator_params",
1721 " conf=sta-sae ssid=%s pass=%s configurator=%d" % (to_hex("DPPNET01"), to_hex("ThisIsDppPassphrase"), conf_id))
1722 cmd = "DPP_LISTEN 2437 role=configurator"
1723 if "OK" not in dev[1].request(cmd):
1724 raise Exception("Failed to start listen operation")
1725
1726 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1727 if "status,COMPLETE" not in res:
1728 raise Exception("dev_exec_action did not succeed: " + res)
1729
1730 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes", timeout=10)
1731 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkConnectResult,OK" not in res:
1732 raise Exception("Unexpected result: " + res)
1733 finally:
1734 dev[0].set("dpp_config_processing", "0")
1735 stop_sigma_dut(sigma)
1736
1737 def test_sigma_dut_dpp_qr_init_configurator_1(dev, apdev):
1738 """sigma_dut DPP/QR initiator as Configurator (conf index 1)"""
1739 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1)
1740
1741 def test_sigma_dut_dpp_qr_init_configurator_2(dev, apdev):
1742 """sigma_dut DPP/QR initiator as Configurator (conf index 2)"""
1743 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 2)
1744
1745 def test_sigma_dut_dpp_qr_init_configurator_3(dev, apdev):
1746 """sigma_dut DPP/QR initiator as Configurator (conf index 3)"""
1747 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 3)
1748
1749 def test_sigma_dut_dpp_qr_init_configurator_4(dev, apdev):
1750 """sigma_dut DPP/QR initiator as Configurator (conf index 4)"""
1751 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 4)
1752
1753 def test_sigma_dut_dpp_qr_init_configurator_5(dev, apdev):
1754 """sigma_dut DPP/QR initiator as Configurator (conf index 5)"""
1755 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 5)
1756
1757 def test_sigma_dut_dpp_qr_init_configurator_6(dev, apdev):
1758 """sigma_dut DPP/QR initiator as Configurator (conf index 6)"""
1759 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 6)
1760
1761 def test_sigma_dut_dpp_qr_init_configurator_7(dev, apdev):
1762 """sigma_dut DPP/QR initiator as Configurator (conf index 7)"""
1763 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 7)
1764
1765 def test_sigma_dut_dpp_qr_init_configurator_both(dev, apdev):
1766 """sigma_dut DPP/QR initiator as Configurator or Enrollee (conf index 1)"""
1767 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, "Both")
1768
1769 def test_sigma_dut_dpp_qr_init_configurator_neg_freq(dev, apdev):
1770 """sigma_dut DPP/QR initiator as Configurator (neg_freq)"""
1771 run_sigma_dut_dpp_qr_init_configurator(dev, apdev, 1, extra='DPPSubsequentChannel,81/11')
1772
1773 def run_sigma_dut_dpp_qr_init_configurator(dev, apdev, conf_idx,
1774 prov_role="Configurator",
1775 extra=None):
1776 check_dpp_capab(dev[0])
1777 check_dpp_capab(dev[1])
1778 sigma = start_sigma_dut(dev[0].ifname)
1779 try:
1780 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1781 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1782
1783 cmd = "DPP_LISTEN 2437 role=enrollee"
1784 if "OK" not in dev[1].request(cmd):
1785 raise Exception("Failed to start listen operation")
1786
1787 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1788 if "status,COMPLETE" not in res:
1789 raise Exception("dev_exec_action did not succeed: " + res)
1790
1791 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,%s,DPPConfIndex,%d,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6" % (prov_role, conf_idx)
1792 if extra:
1793 cmd += "," + extra
1794 res = sigma_dut_cmd(cmd)
1795 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1796 raise Exception("Unexpected result: " + res)
1797 finally:
1798 stop_sigma_dut(sigma)
1799
1800 def test_sigma_dut_dpp_incompatible_roles_init(dev, apdev):
1801 """sigma_dut DPP roles incompatible (Initiator)"""
1802 check_dpp_capab(dev[0])
1803 check_dpp_capab(dev[1])
1804 sigma = start_sigma_dut(dev[0].ifname)
1805 try:
1806 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1807 if "status,COMPLETE" not in res:
1808 raise Exception("dev_exec_action did not succeed: " + res)
1809 hex = res.split(',')[3]
1810 uri = from_hex(hex)
1811 logger.info("URI from sigma_dut: " + uri)
1812
1813 id1 = dev[1].dpp_qr_code(uri)
1814
1815 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1816 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1817
1818 cmd = "DPP_LISTEN 2437 role=enrollee"
1819 if "OK" not in dev[1].request(cmd):
1820 raise Exception("Failed to start listen operation")
1821
1822 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1823 if "status,COMPLETE" not in res:
1824 raise Exception("dev_exec_action did not succeed: " + res)
1825
1826 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1827 res = sigma_dut_cmd(cmd)
1828 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1829 raise Exception("Unexpected result: " + res)
1830 finally:
1831 stop_sigma_dut(sigma)
1832
1833 def dpp_init_enrollee_mutual(dev, id1, own_id):
1834 logger.info("Starting DPP initiator/enrollee in a thread")
1835 time.sleep(1)
1836 cmd = "DPP_AUTH_INIT peer=%d own=%d role=enrollee" % (id1, own_id)
1837 if "OK" not in dev.request(cmd):
1838 raise Exception("Failed to initiate DPP Authentication")
1839 ev = dev.wait_event(["DPP-CONF-RECEIVED",
1840 "DPP-NOT-COMPATIBLE"], timeout=5)
1841 if ev is None:
1842 raise Exception("DPP configuration not completed (Enrollee)")
1843 logger.info("DPP initiator/enrollee done")
1844
1845 def test_sigma_dut_dpp_incompatible_roles_resp(dev, apdev):
1846 """sigma_dut DPP roles incompatible (Responder)"""
1847 check_dpp_capab(dev[0])
1848 check_dpp_capab(dev[1])
1849 sigma = start_sigma_dut(dev[0].ifname)
1850 try:
1851 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
1852 res = sigma_dut_cmd(cmd)
1853 if "status,COMPLETE" not in res:
1854 raise Exception("dev_exec_action did not succeed: " + res)
1855 hex = res.split(',')[3]
1856 uri = from_hex(hex)
1857 logger.info("URI from sigma_dut: " + uri)
1858
1859 id1 = dev[1].dpp_qr_code(uri)
1860
1861 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
1862 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1863
1864 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
1865 if "status,COMPLETE" not in res:
1866 raise Exception("dev_exec_action did not succeed: " + res)
1867
1868 t = threading.Thread(target=dpp_init_enrollee_mutual, args=(dev[1], id1, id0))
1869 t.start()
1870 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6"
1871 res = sigma_dut_cmd(cmd, timeout=10)
1872 t.join()
1873 if "BootstrapResult,OK,AuthResult,ROLES_NOT_COMPATIBLE" not in res:
1874 raise Exception("Unexpected result: " + res)
1875 finally:
1876 stop_sigma_dut(sigma)
1877
1878 def test_sigma_dut_dpp_pkex_init_configurator(dev, apdev):
1879 """sigma_dut DPP/PKEX initiator as Configurator"""
1880 check_dpp_capab(dev[0])
1881 check_dpp_capab(dev[1])
1882 sigma = start_sigma_dut(dev[0].ifname)
1883 try:
1884 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
1885 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
1886 res = dev[1].request(cmd)
1887 if "FAIL" in res:
1888 raise Exception("Failed to set PKEX data (responder)")
1889 cmd = "DPP_LISTEN 2437 role=enrollee"
1890 if "OK" not in dev[1].request(cmd):
1891 raise Exception("Failed to start listen operation")
1892
1893 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCodeIdentifier,test,DPPPKEXCode,secret,DPPTimeout,6")
1894 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
1895 raise Exception("Unexpected result: " + res)
1896 finally:
1897 stop_sigma_dut(sigma)
1898
1899 def dpp_init_conf(dev, id1, conf, conf_id, extra):
1900 logger.info("Starting DPP initiator/configurator in a thread")
1901 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id1, conf, extra, conf_id)
1902 if "OK" not in dev.request(cmd):
1903 raise Exception("Failed to initiate DPP Authentication")
1904 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1905 if ev is None:
1906 raise Exception("DPP configuration not completed (Configurator)")
1907 logger.info("DPP initiator/configurator done")
1908
1909 def test_sigma_dut_ap_dpp_qr(dev, apdev, params):
1910 """sigma_dut controlled AP (DPP)"""
1911 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-dpp", "sta-dpp")
1912
1913 def test_sigma_dut_ap_dpp_qr_legacy(dev, apdev, params):
1914 """sigma_dut controlled AP (legacy)"""
1915 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1916 extra="pass=%s" % to_hex("qwertyuiop"))
1917
1918 def test_sigma_dut_ap_dpp_qr_legacy_psk(dev, apdev, params):
1919 """sigma_dut controlled AP (legacy)"""
1920 run_sigma_dut_ap_dpp_qr(dev, apdev, params, "ap-psk", "sta-psk",
1921 extra="psk=%s" % (32*"12"))
1922
1923 def run_sigma_dut_ap_dpp_qr(dev, apdev, params, ap_conf, sta_conf, extra=""):
1924 check_dpp_capab(dev[0])
1925 logdir = os.path.join(params['logdir'], "sigma_dut_ap_dpp_qr.sigma-hostapd")
1926 with HWSimRadio() as (radio, iface):
1927 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1928 try:
1929 sigma_dut_cmd_check("ap_reset_default,program,DPP")
1930 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
1931 if "status,COMPLETE" not in res:
1932 raise Exception("dev_exec_action did not succeed: " + res)
1933 hex = res.split(',')[3]
1934 uri = from_hex(hex)
1935 logger.info("URI from sigma_dut: " + uri)
1936
1937 cmd = "DPP_CONFIGURATOR_ADD"
1938 res = dev[0].request(cmd)
1939 if "FAIL" in res:
1940 raise Exception("Failed to add configurator")
1941 conf_id = int(res)
1942
1943 id1 = dev[0].dpp_qr_code(uri)
1944
1945 t = threading.Thread(target=dpp_init_conf,
1946 args=(dev[0], id1, ap_conf, conf_id, extra))
1947 t.start()
1948 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6")
1949 t.join()
1950 if "ConfResult,OK" not in res:
1951 raise Exception("Unexpected result: " + res)
1952
1953 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
1954 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1955
1956 id0b = dev[0].dpp_qr_code(uri1)
1957
1958 dev[1].set("dpp_config_processing", "2")
1959 cmd = "DPP_LISTEN 2412"
1960 if "OK" not in dev[1].request(cmd):
1961 raise Exception("Failed to start listen operation")
1962 cmd = "DPP_AUTH_INIT peer=%d conf=%s %s configurator=%d" % (id0b, sta_conf, extra, conf_id)
1963 if "OK" not in dev[0].request(cmd):
1964 raise Exception("Failed to initiate DPP Authentication")
1965 dev[1].wait_connected()
1966
1967 sigma_dut_cmd_check("ap_reset_default")
1968 finally:
1969 dev[1].set("dpp_config_processing", "0")
1970 stop_sigma_dut(sigma)
1971
1972 def test_sigma_dut_ap_dpp_pkex_responder(dev, apdev, params):
1973 """sigma_dut controlled AP as DPP PKEX responder"""
1974 check_dpp_capab(dev[0])
1975 logdir = os.path.join(params['logdir'],
1976 "sigma_dut_ap_dpp_pkex_responder.sigma-hostapd")
1977 with HWSimRadio() as (radio, iface):
1978 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
1979 try:
1980 run_sigma_dut_ap_dpp_pkex_responder(dev, apdev)
1981 finally:
1982 stop_sigma_dut(sigma)
1983
1984 def dpp_init_conf_pkex(dev, conf_id, check_config=True):
1985 logger.info("Starting DPP PKEX initiator/configurator in a thread")
1986 time.sleep(1.5)
1987 id = dev.dpp_bootstrap_gen(type="pkex")
1988 cmd = "DPP_PKEX_ADD own=%d init=1 conf=ap-dpp configurator=%d code=password" % (id, conf_id)
1989 res = dev.request(cmd)
1990 if "FAIL" in res:
1991 raise Exception("Failed to initiate DPP PKEX")
1992 if not check_config:
1993 return
1994 ev = dev.wait_event(["DPP-CONF-SENT"], timeout=5)
1995 if ev is None:
1996 raise Exception("DPP configuration not completed (Configurator)")
1997 logger.info("DPP initiator/configurator done")
1998
1999 def run_sigma_dut_ap_dpp_pkex_responder(dev, apdev):
2000 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2001
2002 cmd = "DPP_CONFIGURATOR_ADD"
2003 res = dev[0].request(cmd)
2004 if "FAIL" in res:
2005 raise Exception("Failed to add configurator")
2006 conf_id = int(res)
2007
2008 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[0], conf_id))
2009 t.start()
2010 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Mutual,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6,DPPWaitForConnect,No", timeout=10)
2011 t.join()
2012 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2013 raise Exception("Unexpected result: " + res)
2014
2015 sigma_dut_cmd_check("ap_reset_default")
2016
2017 def test_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2018 """sigma_dut controlled STA as DPP PKEX responder and error case"""
2019 check_dpp_capab(dev[0])
2020 sigma = start_sigma_dut(dev[0].ifname)
2021 try:
2022 run_sigma_dut_dpp_pkex_responder_proto(dev, apdev)
2023 finally:
2024 stop_sigma_dut(sigma)
2025
2026 def run_sigma_dut_dpp_pkex_responder_proto(dev, apdev):
2027 cmd = "DPP_CONFIGURATOR_ADD"
2028 res = dev[1].request(cmd)
2029 if "FAIL" in res:
2030 raise Exception("Failed to add configurator")
2031 conf_id = int(res)
2032
2033 dev[1].set("dpp_test", "44")
2034
2035 t = threading.Thread(target=dpp_init_conf_pkex, args=(dev[1], conf_id,
2036 False))
2037 t.start()
2038 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPProvisioningRole,Enrollee,DPPBS,PKEX,DPPPKEXCode,password,DPPTimeout,6", timeout=10)
2039 t.join()
2040 if "BootstrapResult,Timeout" not in res:
2041 raise Exception("Unexpected result: " + res)
2042
2043 def dpp_proto_init(dev, id1):
2044 time.sleep(1)
2045 logger.info("Starting DPP initiator/configurator in a thread")
2046 cmd = "DPP_CONFIGURATOR_ADD"
2047 res = dev.request(cmd)
2048 if "FAIL" in res:
2049 raise Exception("Failed to add configurator")
2050 conf_id = int(res)
2051
2052 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
2053 if "OK" not in dev.request(cmd):
2054 raise Exception("Failed to initiate DPP Authentication")
2055
2056 def test_sigma_dut_dpp_proto_initiator(dev, apdev):
2057 """sigma_dut DPP protocol testing - Initiator"""
2058 check_dpp_capab(dev[0])
2059 check_dpp_capab(dev[1])
2060 tests = [("InvalidValue", "AuthenticationRequest", "WrappedData",
2061 "BootstrapResult,OK,AuthResult,Errorsent",
2062 None),
2063 ("InvalidValue", "AuthenticationConfirm", "WrappedData",
2064 "BootstrapResult,OK,AuthResult,Errorsent",
2065 None),
2066 ("MissingAttribute", "AuthenticationRequest", "InitCapabilities",
2067 "BootstrapResult,OK,AuthResult,Errorsent",
2068 "Missing or invalid I-capabilities"),
2069 ("InvalidValue", "AuthenticationConfirm", "InitAuthTag",
2070 "BootstrapResult,OK,AuthResult,Errorsent",
2071 "Mismatching Initiator Authenticating Tag"),
2072 ("MissingAttribute", "ConfigurationResponse", "EnrolleeNonce",
2073 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2074 "Missing or invalid Enrollee Nonce attribute")]
2075 for step, frame, attr, result, fail in tests:
2076 dev[0].request("FLUSH")
2077 dev[1].request("FLUSH")
2078 sigma = start_sigma_dut(dev[0].ifname)
2079 try:
2080 run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result,
2081 fail)
2082 finally:
2083 stop_sigma_dut(sigma)
2084
2085 def run_sigma_dut_dpp_proto_initiator(dev, step, frame, attr, result, fail):
2086 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2087 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2088
2089 cmd = "DPP_LISTEN 2437 role=enrollee"
2090 if "OK" not in dev[1].request(cmd):
2091 raise Exception("Failed to start listen operation")
2092
2093 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2094 if "status,COMPLETE" not in res:
2095 raise Exception("dev_exec_action did not succeed: " + res)
2096
2097 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr),
2098 timeout=10)
2099 if result not in res:
2100 raise Exception("Unexpected result: " + res)
2101 if fail:
2102 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2103 if ev is None or fail not in ev:
2104 raise Exception("Failure not reported correctly: " + str(ev))
2105
2106 dev[1].request("DPP_STOP_LISTEN")
2107 dev[0].dump_monitor()
2108 dev[1].dump_monitor()
2109
2110 def test_sigma_dut_dpp_proto_responder(dev, apdev):
2111 """sigma_dut DPP protocol testing - Responder"""
2112 check_dpp_capab(dev[0])
2113 check_dpp_capab(dev[1])
2114 tests = [("MissingAttribute", "AuthenticationResponse", "DPPStatus",
2115 "BootstrapResult,OK,AuthResult,Errorsent",
2116 "Missing or invalid required DPP Status attribute"),
2117 ("MissingAttribute", "ConfigurationRequest", "EnrolleeNonce",
2118 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2119 "Missing or invalid Enrollee Nonce attribute")]
2120 for step, frame, attr, result, fail in tests:
2121 dev[0].request("FLUSH")
2122 dev[1].request("FLUSH")
2123 sigma = start_sigma_dut(dev[0].ifname)
2124 try:
2125 run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result,
2126 fail)
2127 finally:
2128 stop_sigma_dut(sigma)
2129
2130 def run_sigma_dut_dpp_proto_responder(dev, step, frame, attr, result, fail):
2131 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2132 if "status,COMPLETE" not in res:
2133 raise Exception("dev_exec_action did not succeed: " + res)
2134 hex = res.split(',')[3]
2135 uri = from_hex(hex)
2136 logger.info("URI from sigma_dut: " + uri)
2137
2138 id1 = dev[1].dpp_qr_code(uri)
2139
2140 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2141 t.start()
2142 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2143 t.join()
2144 if result not in res:
2145 raise Exception("Unexpected result: " + res)
2146 if fail:
2147 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2148 if ev is None or fail not in ev:
2149 raise Exception("Failure not reported correctly:" + str(ev))
2150
2151 dev[1].request("DPP_STOP_LISTEN")
2152 dev[0].dump_monitor()
2153 dev[1].dump_monitor()
2154
2155 def test_sigma_dut_dpp_proto_stop_at_initiator(dev, apdev):
2156 """sigma_dut DPP protocol testing - Stop at RX on Initiator"""
2157 check_dpp_capab(dev[0])
2158 check_dpp_capab(dev[1])
2159 tests = [("AuthenticationResponse",
2160 "BootstrapResult,OK,AuthResult,Errorsent",
2161 None),
2162 ("ConfigurationRequest",
2163 "BootstrapResult,OK,AuthResult,OK,ConfResult,Errorsent",
2164 None)]
2165 for frame, result, fail in tests:
2166 dev[0].request("FLUSH")
2167 dev[1].request("FLUSH")
2168 sigma = start_sigma_dut(dev[0].ifname)
2169 try:
2170 run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail)
2171 finally:
2172 stop_sigma_dut(sigma)
2173
2174 def run_sigma_dut_dpp_proto_stop_at_initiator(dev, frame, result, fail):
2175 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2176 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2177
2178 cmd = "DPP_LISTEN 2437 role=enrollee"
2179 if "OK" not in dev[1].request(cmd):
2180 raise Exception("Failed to start listen operation")
2181
2182 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2183 if "status,COMPLETE" not in res:
2184 raise Exception("dev_exec_action did not succeed: " + res)
2185
2186 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame))
2187 if result not in res:
2188 raise Exception("Unexpected result: " + res)
2189 if fail:
2190 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2191 if ev is None or fail not in ev:
2192 raise Exception("Failure not reported correctly: " + str(ev))
2193
2194 dev[1].request("DPP_STOP_LISTEN")
2195 dev[0].dump_monitor()
2196 dev[1].dump_monitor()
2197
2198 def test_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, apdev):
2199 """sigma_dut DPP protocol testing - Stop at TX on Initiator/Enrollee"""
2200 check_dpp_capab(dev[0])
2201 check_dpp_capab(dev[1])
2202 tests = [("AuthenticationConfirm",
2203 "BootstrapResult,OK,AuthResult,Errorsent,LastFrameReceived,AuthenticationResponse",
2204 None)]
2205 for frame, result, fail in tests:
2206 dev[0].request("FLUSH")
2207 dev[1].request("FLUSH")
2208 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2209 try:
2210 run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame,
2211 result, fail)
2212 finally:
2213 stop_sigma_dut(sigma)
2214
2215 def run_sigma_dut_dpp_proto_stop_at_initiator_enrollee(dev, frame, result,
2216 fail):
2217 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2218 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2219
2220 cmd = "DPP_LISTEN 2437 role=configurator"
2221 if "OK" not in dev[1].request(cmd):
2222 raise Exception("Failed to start listen operation")
2223
2224 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2225 if "status,COMPLETE" not in res:
2226 raise Exception("dev_exec_action did not succeed: " + res)
2227
2228 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2229 if result not in res:
2230 raise Exception("Unexpected result: " + res)
2231 if fail:
2232 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2233 if ev is None or fail not in ev:
2234 raise Exception("Failure not reported correctly: " + str(ev))
2235
2236 dev[1].request("DPP_STOP_LISTEN")
2237 dev[0].dump_monitor()
2238 dev[1].dump_monitor()
2239
2240 def test_sigma_dut_dpp_proto_stop_at_responder(dev, apdev):
2241 """sigma_dut DPP protocol testing - Stop at RX on Responder"""
2242 check_dpp_capab(dev[0])
2243 check_dpp_capab(dev[1])
2244 tests = [("AuthenticationRequest",
2245 "BootstrapResult,OK,AuthResult,Errorsent",
2246 None),
2247 ("AuthenticationConfirm",
2248 "BootstrapResult,OK,AuthResult,Errorsent",
2249 None)]
2250 for frame, result, fail in tests:
2251 dev[0].request("FLUSH")
2252 dev[1].request("FLUSH")
2253 sigma = start_sigma_dut(dev[0].ifname)
2254 try:
2255 run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail)
2256 finally:
2257 stop_sigma_dut(sigma)
2258
2259 def run_sigma_dut_dpp_proto_stop_at_responder(dev, frame, result, fail):
2260 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2261 if "status,COMPLETE" not in res:
2262 raise Exception("dev_exec_action did not succeed: " + res)
2263 hex = res.split(',')[3]
2264 uri = from_hex(hex)
2265 logger.info("URI from sigma_dut: " + uri)
2266
2267 id1 = dev[1].dpp_qr_code(uri)
2268
2269 t = threading.Thread(target=dpp_proto_init, args=(dev[1], id1))
2270 t.start()
2271 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6,DPPStep,Timeout,DPPFrameType,%s" % (frame), timeout=10)
2272 t.join()
2273 if result not in res:
2274 raise Exception("Unexpected result: " + res)
2275 if fail:
2276 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2277 if ev is None or fail not in ev:
2278 raise Exception("Failure not reported correctly:" + str(ev))
2279
2280 dev[1].request("DPP_STOP_LISTEN")
2281 dev[0].dump_monitor()
2282 dev[1].dump_monitor()
2283
2284 def dpp_proto_init_pkex(dev):
2285 time.sleep(1)
2286 logger.info("Starting DPP PKEX initiator/configurator in a thread")
2287 cmd = "DPP_CONFIGURATOR_ADD"
2288 res = dev.request(cmd)
2289 if "FAIL" in res:
2290 raise Exception("Failed to add configurator")
2291 conf_id = int(res)
2292
2293 id = dev.dpp_bootstrap_gen(type="pkex")
2294
2295 cmd = "DPP_PKEX_ADD own=%d init=1 conf=sta-dpp configurator=%d code=secret" % (id, conf_id)
2296 if "FAIL" in dev.request(cmd):
2297 raise Exception("Failed to initiate DPP PKEX")
2298
2299 def test_sigma_dut_dpp_proto_initiator_pkex(dev, apdev):
2300 """sigma_dut DPP protocol testing - Initiator (PKEX)"""
2301 check_dpp_capab(dev[0])
2302 check_dpp_capab(dev[1])
2303 tests = [("InvalidValue", "PKEXCRRequest", "WrappedData",
2304 "BootstrapResult,Errorsent",
2305 None),
2306 ("MissingAttribute", "PKEXExchangeRequest", "FiniteCyclicGroup",
2307 "BootstrapResult,Errorsent",
2308 "Missing or invalid Finite Cyclic Group attribute"),
2309 ("MissingAttribute", "PKEXCRRequest", "BSKey",
2310 "BootstrapResult,Errorsent",
2311 "No valid peer bootstrapping key found")]
2312 for step, frame, attr, result, fail in tests:
2313 dev[0].request("FLUSH")
2314 dev[1].request("FLUSH")
2315 sigma = start_sigma_dut(dev[0].ifname)
2316 try:
2317 run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr,
2318 result, fail)
2319 finally:
2320 stop_sigma_dut(sigma)
2321
2322 def run_sigma_dut_dpp_proto_initiator_pkex(dev, step, frame, attr, result, fail):
2323 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2324
2325 cmd = "DPP_PKEX_ADD own=%d code=secret" % (id1)
2326 res = dev[1].request(cmd)
2327 if "FAIL" in res:
2328 raise Exception("Failed to set PKEX data (responder)")
2329
2330 cmd = "DPP_LISTEN 2437 role=enrollee"
2331 if "OK" not in dev[1].request(cmd):
2332 raise Exception("Failed to start listen operation")
2333
2334 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr))
2335 if result not in res:
2336 raise Exception("Unexpected result: " + res)
2337 if fail:
2338 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2339 if ev is None or fail not in ev:
2340 raise Exception("Failure not reported correctly: " + str(ev))
2341
2342 dev[1].request("DPP_STOP_LISTEN")
2343 dev[0].dump_monitor()
2344 dev[1].dump_monitor()
2345
2346 def test_sigma_dut_dpp_proto_responder_pkex(dev, apdev):
2347 """sigma_dut DPP protocol testing - Responder (PKEX)"""
2348 check_dpp_capab(dev[0])
2349 check_dpp_capab(dev[1])
2350 tests = [("InvalidValue", "PKEXCRResponse", "WrappedData",
2351 "BootstrapResult,Errorsent",
2352 None),
2353 ("MissingAttribute", "PKEXExchangeResponse", "DPPStatus",
2354 "BootstrapResult,Errorsent",
2355 "No DPP Status attribute"),
2356 ("MissingAttribute", "PKEXCRResponse", "BSKey",
2357 "BootstrapResult,Errorsent",
2358 "No valid peer bootstrapping key found")]
2359 for step, frame, attr, result, fail in tests:
2360 dev[0].request("FLUSH")
2361 dev[1].request("FLUSH")
2362 sigma = start_sigma_dut(dev[0].ifname)
2363 try:
2364 run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr,
2365 result, fail)
2366 finally:
2367 stop_sigma_dut(sigma)
2368
2369 def run_sigma_dut_dpp_proto_responder_pkex(dev, step, frame, attr, result, fail):
2370 t = threading.Thread(target=dpp_proto_init_pkex, args=(dev[1],))
2371 t.start()
2372 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,PKEX,DPPPKEXCode,secret,DPPTimeout,6,DPPStep,%s,DPPFrameType,%s,DPPIEAttribute,%s" % (step, frame, attr), timeout=10)
2373 t.join()
2374 if result not in res:
2375 raise Exception("Unexpected result: " + res)
2376 if fail:
2377 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2378 if ev is None or fail not in ev:
2379 raise Exception("Failure not reported correctly:" + str(ev))
2380
2381 dev[1].request("DPP_STOP_LISTEN")
2382 dev[0].dump_monitor()
2383 dev[1].dump_monitor()
2384
2385 def init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2386 check_dpp_capab(dev[0])
2387 check_dpp_capab(dev[1])
2388
2389 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2390 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2391 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2392 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2393
2394 params = {"ssid": "DPPNET01",
2395 "wpa": "2",
2396 "ieee80211w": "2",
2397 "wpa_key_mgmt": "DPP",
2398 "rsn_pairwise": "CCMP",
2399 "dpp_connector": ap_connector,
2400 "dpp_csign": csign_pub,
2401 "dpp_netaccesskey": ap_netaccesskey}
2402 try:
2403 hapd = hostapd.add_ap(apdev[0], params)
2404 except:
2405 raise HwsimSkip("DPP not supported")
2406
2407 dev[0].set("dpp_config_processing", "2")
2408
2409 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2410 res = dev[1].request(cmd)
2411 if "FAIL" in res:
2412 raise Exception("Failed to add configurator")
2413 conf_id = int(res)
2414
2415 id0 = dev[1].dpp_bootstrap_gen(chan="81/6", mac=True)
2416 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2417
2418 dev[1].set("dpp_configurator_params",
2419 " conf=sta-dpp ssid=%s configurator=%d" % (to_hex("DPPNET01"),
2420 conf_id))
2421 cmd = "DPP_LISTEN 2437 role=configurator"
2422 if "OK" not in dev[1].request(cmd):
2423 raise Exception("Failed to start listen operation")
2424
2425 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri0))
2426 if "status,COMPLETE" not in res:
2427 raise Exception("dev_exec_action did not succeed: " + res)
2428
2429 def test_sigma_dut_dpp_proto_peer_disc_req(dev, apdev):
2430 """sigma_dut DPP protocol testing - Peer Discovery Request"""
2431 sigma = start_sigma_dut(dev[0].ifname)
2432 try:
2433 init_sigma_dut_dpp_proto_peer_disc_req(dev, apdev)
2434
2435 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPBS,QR,DPPTimeout,6,DPPWaitForConnect,Yes,DPPStep,MissingAttribute,DPPFrameType,PeerDiscoveryRequest,DPPIEAttribute,TransactionID", timeout=10)
2436 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,Errorsent" not in res:
2437 raise Exception("Unexpected result: " + res)
2438 finally:
2439 dev[0].set("dpp_config_processing", "0")
2440 stop_sigma_dut(sigma)
2441
2442 def test_sigma_dut_dpp_self_config(dev, apdev):
2443 """sigma_dut DPP Configurator enrolling an AP and using self-configuration"""
2444 check_dpp_capab(dev[0])
2445
2446 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2447 check_dpp_capab(hapd)
2448
2449 sigma = start_sigma_dut(dev[0].ifname)
2450 try:
2451 dev[0].set("dpp_config_processing", "2")
2452 id = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2453 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id)
2454
2455 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2456 if "status,COMPLETE" not in res:
2457 raise Exception("dev_exec_action did not succeed: " + res)
2458
2459 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPTimeout,6")
2460 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2461 raise Exception("Unexpected result: " + res)
2462 update_hapd_config(hapd)
2463
2464 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPCryptoIdentifier,P-256,DPPBS,QR,DPPAuthRole,Initiator,DPPProvisioningRole,Configurator,DPPAuthDirection,Single,DPPConfIndex,1,DPPTimeout,6,DPPWaitForConnect,Yes,DPPSelfConfigure,Yes"
2465 res = sigma_dut_cmd(cmd, timeout=10)
2466 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK,NetworkIntroResult,OK,NetworkConnectResult,OK" not in res:
2467 raise Exception("Unexpected result: " + res)
2468 finally:
2469 stop_sigma_dut(sigma)
2470 dev[0].set("dpp_config_processing", "0")
2471
2472 def test_sigma_dut_ap_dpp_self_config(dev, apdev, params):
2473 """sigma_dut DPP AP Configurator using self-configuration"""
2474 logdir = os.path.join(params['logdir'],
2475 "sigma_dut_ap_dpp_self_config.sigma-hostapd")
2476 with HWSimRadio() as (radio, iface):
2477 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2478 try:
2479 run_sigma_dut_ap_dpp_self_config(dev, apdev)
2480 finally:
2481 stop_sigma_dut(sigma)
2482 dev[0].set("dpp_config_processing", "0")
2483
2484 def run_sigma_dut_ap_dpp_self_config(dev, apdev):
2485 check_dpp_capab(dev[0])
2486
2487 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2488
2489 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,AP,DPPBS,QR,DPPConfIndex,1,DPPSelfConfigure,Yes,DPPTimeout,6", timeout=10)
2490 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2491 raise Exception("Unexpected result: " + res)
2492
2493 dev[0].set("dpp_config_processing", "2")
2494
2495 id = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True)
2496 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2497 cmd = "DPP_LISTEN 2462 role=enrollee"
2498 if "OK" not in dev[0].request(cmd):
2499 raise Exception("Failed to start listen operation")
2500
2501 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri))
2502 if "status,COMPLETE" not in res:
2503 raise Exception("dev_exec_action did not succeed: " + res)
2504 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfIndex,1,DPPSigningKeyECC,P-256,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPTimeout,6"
2505 res = sigma_dut_cmd(cmd)
2506 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2507 raise Exception("Unexpected result: " + res)
2508 dev[0].wait_connected()
2509 dev[0].request("DISCONNECT")
2510 dev[0].wait_disconnected()
2511 sigma_dut_cmd_check("ap_reset_default")
2512
2513
2514 def test_sigma_dut_ap_dpp_relay(dev, apdev, params):
2515 """sigma_dut DPP AP as Relay to Controller"""
2516 logdir = os.path.join(params['logdir'],
2517 "sigma_dut_ap_dpp_relay.sigma-hostapd")
2518 with HWSimRadio() as (radio, iface):
2519 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2520 try:
2521 run_sigma_dut_ap_dpp_relay(dev, apdev)
2522 finally:
2523 stop_sigma_dut(sigma)
2524 dev[1].request("DPP_CONTROLLER_STOP")
2525
2526 def run_sigma_dut_ap_dpp_relay(dev, apdev):
2527 check_dpp_capab(dev[0])
2528 check_dpp_capab(dev[1])
2529
2530 # Controller
2531 conf_id = dev[1].dpp_configurator_add()
2532 dev[1].set("dpp_configurator_params",
2533 " conf=sta-dpp configurator=%d" % conf_id)
2534 id_c = dev[1].dpp_bootstrap_gen()
2535 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2536 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
2537 pkhash = None
2538 for line in res.splitlines():
2539 name, value = line.split('=')
2540 if name == "pkhash":
2541 pkhash = value
2542 break
2543 if not pkhash:
2544 raise Exception("Could not fetch public key hash from Controller")
2545 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2546 raise Exception("Failed to start Controller")
2547
2548 sigma_dut_cmd_check("ap_reset_default,program,DPP")
2549 sigma_dut_cmd_check("ap_preset_testparameters,program,DPP,DPPConfiguratorAddress,127.0.0.1,DPPConfiguratorPKHash," + pkhash)
2550 res = sigma_dut_cmd_check("dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR")
2551
2552 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
2553 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0])
2554
2555 sigma_dut_cmd_check("ap_reset_default")
2556
2557 def dpp_init_tcp_enrollee(dev, id1):
2558 logger.info("Starting DPP initiator/enrollee (TCP) in a thread")
2559 time.sleep(1)
2560 cmd = "DPP_AUTH_INIT peer=%d role=enrollee tcp_addr=127.0.0.1" % id1
2561 if "OK" not in dev.request(cmd):
2562 raise Exception("Failed to initiate DPP Authentication")
2563 ev = dev.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2564 if ev is None:
2565 raise Exception("DPP configuration not completed (Enrollee)")
2566 logger.info("DPP initiator/enrollee done")
2567
2568 def test_sigma_dut_dpp_tcp_conf_resp(dev, apdev):
2569 """sigma_dut DPP TCP Configurator (Controller) as responder"""
2570 run_sigma_dut_dpp_tcp_conf_resp(dev)
2571
2572 def run_sigma_dut_dpp_tcp_conf_resp(dev, status_query=False):
2573 check_dpp_capab(dev[0])
2574 check_dpp_capab(dev[1])
2575 sigma = start_sigma_dut(dev[0].ifname)
2576 try:
2577 cmd = "dev_exec_action,program,DPP,DPPActionType,GetLocalBootstrap,DPPCryptoIdentifier,P-256,DPPBS,QR"
2578 res = sigma_dut_cmd(cmd)
2579 if "status,COMPLETE" not in res:
2580 raise Exception("dev_exec_action did not succeed: " + res)
2581 hex = res.split(',')[3]
2582 uri = from_hex(hex)
2583 logger.info("URI from sigma_dut: " + uri)
2584
2585 id1 = dev[1].dpp_qr_code(uri)
2586
2587 t = threading.Thread(target=dpp_init_tcp_enrollee, args=(dev[1], id1))
2588 t.start()
2589 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Responder,DPPConfIndex,1,DPPAuthDirection,Single,DPPProvisioningRole,Configurator,DPPConfEnrolleeRole,STA,DPPSigningKeyECC,P-256,DPPBS,QR,DPPOverTCP,yes,DPPTimeout,6"
2590 if status_query:
2591 cmd += ",DPPStatusQuery,Yes"
2592 res = sigma_dut_cmd(cmd, timeout=10)
2593 t.join()
2594 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2595 raise Exception("Unexpected result: " + res)
2596 if status_query and "StatusResult,0" not in res:
2597 raise Exception("Status query did not succeed: " + res)
2598 finally:
2599 stop_sigma_dut(sigma)
2600
2601 def test_sigma_dut_dpp_tcp_enrollee_init(dev, apdev):
2602 """sigma_dut DPP TCP Enrollee as initiator"""
2603 check_dpp_capab(dev[0])
2604 check_dpp_capab(dev[1])
2605 sigma = start_sigma_dut(dev[0].ifname)
2606 try:
2607 # Controller
2608 conf_id = dev[1].dpp_configurator_add()
2609 dev[1].set("dpp_configurator_params",
2610 " conf=sta-dpp configurator=%d" % conf_id)
2611 id_c = dev[1].dpp_bootstrap_gen()
2612 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
2613 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
2614 raise Exception("Failed to start Controller")
2615
2616 res = sigma_dut_cmd("dev_exec_action,program,DPP,DPPActionType,SetPeerBootstrap,DPPBootstrappingdata,%s,DPPBS,QR" % to_hex(uri_c))
2617 if "status,COMPLETE" not in res:
2618 raise Exception("dev_exec_action did not succeed: " + res)
2619
2620 cmd = "dev_exec_action,program,DPP,DPPActionType,AutomaticDPP,DPPAuthRole,Initiator,DPPAuthDirection,Single,DPPProvisioningRole,Enrollee,DPPConfEnrolleeRole,STA,DPPBS,QR,DPPOverTCP,127.0.0.1,DPPTimeout,6"
2621 res = sigma_dut_cmd(cmd, timeout=10)
2622 if "BootstrapResult,OK,AuthResult,OK,ConfResult,OK" not in res:
2623 raise Exception("Unexpected result: " + res)
2624 finally:
2625 stop_sigma_dut(sigma)
2626 dev[1].request("DPP_CONTROLLER_STOP")
2627
2628 def test_sigma_dut_preconfigured_profile(dev, apdev):
2629 """sigma_dut controlled connection using preconfigured profile"""
2630 try:
2631 run_sigma_dut_preconfigured_profile(dev, apdev)
2632 finally:
2633 dev[0].set("ignore_old_scan_res", "0")
2634
2635 def run_sigma_dut_preconfigured_profile(dev, apdev):
2636 ifname = dev[0].ifname
2637 sigma = start_sigma_dut(ifname)
2638
2639 params = hostapd.wpa2_params(ssid="test-psk", passphrase="12345678")
2640 hapd = hostapd.add_ap(apdev[0], params)
2641 dev[0].connect("test-psk", psk="12345678", scan_freq="2412",
2642 only_add_network=True)
2643
2644 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2645 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s" % (ifname, "test-psk"))
2646 sigma_dut_wait_connected(ifname)
2647 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2648 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2649 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2650
2651 stop_sigma_dut(sigma)
2652
2653 def test_sigma_dut_wps_pbc(dev, apdev):
2654 """sigma_dut and WPS PBC Enrollee"""
2655 try:
2656 run_sigma_dut_wps_pbc(dev, apdev)
2657 finally:
2658 dev[0].set("ignore_old_scan_res", "0")
2659
2660 def run_sigma_dut_wps_pbc(dev, apdev):
2661 ssid = "test-wps-conf"
2662 hapd = hostapd.add_ap(apdev[0],
2663 {"ssid": "wps", "eap_server": "1", "wps_state": "2",
2664 "wpa_passphrase": "12345678", "wpa": "2",
2665 "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"})
2666 hapd.request("WPS_PBC")
2667
2668 ifname = dev[0].ifname
2669 sigma = start_sigma_dut(ifname)
2670
2671 cmd = "start_wps_registration,interface,%s" % ifname
2672 cmd += ",WpsRole,Enrollee"
2673 cmd += ",WpsConfigMethod,PBC"
2674 sigma_dut_cmd_check(cmd, timeout=15)
2675
2676 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2677 hapd.disable()
2678 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2679 stop_sigma_dut(sigma)
2680 dev[0].flush_scan_cache()
2681
2682 def test_sigma_dut_sta_scan_bss(dev, apdev):
2683 """sigma_dut sta_scan_bss"""
2684 hapd = hostapd.add_ap(apdev[0], {"ssid": "test"})
2685 sigma = start_sigma_dut(dev[0].ifname)
2686 try:
2687 cmd = "sta_scan_bss,Interface,%s,BSSID,%s" % (dev[0].ifname, \
2688 hapd.own_addr())
2689 res = sigma_dut_cmd(cmd, timeout=10)
2690 if "ssid,test,bsschannel,1" not in res:
2691 raise Exception("Unexpected result: " + res)
2692 finally:
2693 stop_sigma_dut(sigma)
2694
2695 def test_sigma_dut_sta_scan_ssid_bssid(dev, apdev):
2696 """sigma_dut sta_scan GetParameter,SSID_BSSID"""
2697 hostapd.add_ap(apdev[0], {"ssid": "abcdef"})
2698 hostapd.add_ap(apdev[1], {"ssid": "qwerty"})
2699 sigma = start_sigma_dut(dev[0].ifname, debug=True)
2700 try:
2701 cmd = "sta_scan,Interface,%s,GetParameter,SSID_BSSID" % dev[0].ifname
2702 res = sigma_dut_cmd(cmd, timeout=10)
2703 if "abcdef" not in res or "qwerty" not in res:
2704 raise Exception("Unexpected result: " + res)
2705 finally:
2706 stop_sigma_dut(sigma)
2707
2708 def test_sigma_dut_ap_osen(dev, apdev, params):
2709 """sigma_dut controlled AP with OSEN"""
2710 logdir = os.path.join(params['logdir'],
2711 "sigma_dut_ap_osen.sigma-hostapd")
2712 with HWSimRadio() as (radio, iface):
2713 sigma = start_sigma_dut(iface, hostapd_logdir=logdir)
2714 try:
2715 sigma_dut_cmd_check("ap_reset_default")
2716 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2717 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2718 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,OSEN,PMF,Optional")
2719 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2720
2721 # RSN-OSEN (for OSU)
2722 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2723 pairwise="CCMP", group="GTK_NOT_USED",
2724 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2725 ca_cert="auth_serv/ca.pem", scan_freq="2412")
2726
2727 sigma_dut_cmd_check("ap_reset_default")
2728 finally:
2729 stop_sigma_dut(sigma)
2730
2731 def test_sigma_dut_ap_eap_osen(dev, apdev, params):
2732 """sigma_dut controlled AP with EAP+OSEN"""
2733 logdir = os.path.join(params['logdir'],
2734 "sigma_dut_ap_eap_osen.sigma-hostapd")
2735 with HWSimRadio() as (radio, iface):
2736 sigma = start_sigma_dut(iface, bridge="ap-br0", hostapd_logdir=logdir)
2737 try:
2738 sigma_dut_cmd_check("ap_reset_default")
2739 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-hs20,MODE,11ng")
2740 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2741 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-OSEN,PMF,Optional")
2742 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2743
2744 subprocess.call(['brctl', 'setfd', 'ap-br0', '0'])
2745 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'up'])
2746
2747 # RSN-OSEN (for OSU)
2748 dev[0].connect("test-hs20", proto="OSEN", key_mgmt="OSEN",
2749 pairwise="CCMP",
2750 eap="WFA-UNAUTH-TLS", identity="osen@example.com",
2751 ca_cert="auth_serv/ca.pem", ieee80211w='2',
2752 scan_freq="2412")
2753 # RSN-EAP (for data connection)
2754 dev[1].connect("test-hs20", key_mgmt="WPA-EAP", eap="TTLS",
2755 identity="hs20-test", password="password",
2756 ca_cert="auth_serv/ca.pem", phase2="auth=MSCHAPV2",
2757 ieee80211w='2', scan_freq="2412")
2758
2759 hwsim_utils.test_connectivity(dev[0], dev[1], broadcast=False,
2760 success_expected=False, timeout=1)
2761
2762 sigma_dut_cmd_check("ap_reset_default")
2763 finally:
2764 stop_sigma_dut(sigma)
2765 subprocess.call(['ip', 'link', 'set', 'dev', 'ap-br0', 'down'],
2766 stderr=open('/dev/null', 'w'))
2767 subprocess.call(['brctl', 'delbr', 'ap-br0'],
2768 stderr=open('/dev/null', 'w'))
2769
2770 def test_sigma_dut_ap_eap(dev, apdev, params):
2771 """sigma_dut controlled AP WPA2-Enterprise"""
2772 logdir = os.path.join(params['logdir'], "sigma_dut_ap_eap.sigma-hostapd")
2773 with HWSimRadio() as (radio, iface):
2774 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2775 try:
2776 sigma_dut_cmd_check("ap_reset_default")
2777 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2778 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2779 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT")
2780 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2781
2782 dev[0].connect("test-eap", key_mgmt="WPA-EAP", eap="GPSK",
2783 identity="gpsk user",
2784 password="abcdefghijklmnop0123456789abcdef",
2785 scan_freq="2412")
2786
2787 sigma_dut_cmd_check("ap_reset_default")
2788 finally:
2789 stop_sigma_dut(sigma)
2790
2791 def test_sigma_dut_ap_eap_sha256(dev, apdev, params):
2792 """sigma_dut controlled AP WPA2-Enterprise SHA256"""
2793 logdir = os.path.join(params['logdir'],
2794 "sigma_dut_ap_eap_sha256.sigma-hostapd")
2795 with HWSimRadio() as (radio, iface):
2796 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2797 try:
2798 sigma_dut_cmd_check("ap_reset_default")
2799 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-eap,MODE,11ng")
2800 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2801 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-256")
2802 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2803
2804 dev[0].connect("test-eap", key_mgmt="WPA-EAP-SHA256", eap="GPSK",
2805 identity="gpsk user",
2806 password="abcdefghijklmnop0123456789abcdef",
2807 scan_freq="2412")
2808
2809 sigma_dut_cmd_check("ap_reset_default")
2810 finally:
2811 stop_sigma_dut(sigma)
2812
2813 def test_sigma_dut_ap_ft_eap(dev, apdev, params):
2814 """sigma_dut controlled AP FT-EAP"""
2815 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_eap.sigma-hostapd")
2816 with HWSimRadio() as (radio, iface):
2817 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2818 try:
2819 sigma_dut_cmd_check("ap_reset_default")
2820 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2821 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2822 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-EAP")
2823 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2824
2825 dev[0].connect("test-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2826 identity="gpsk user",
2827 password="abcdefghijklmnop0123456789abcdef",
2828 scan_freq="2412")
2829
2830 sigma_dut_cmd_check("ap_reset_default")
2831 finally:
2832 stop_sigma_dut(sigma)
2833
2834 def test_sigma_dut_ap_ft_psk(dev, apdev, params):
2835 """sigma_dut controlled AP FT-PSK"""
2836 logdir = os.path.join(params['logdir'], "sigma_dut_ap_ft_psk.sigma-hostapd")
2837 with HWSimRadio() as (radio, iface):
2838 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2839 try:
2840 sigma_dut_cmd_check("ap_reset_default")
2841 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2842 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2843 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2844
2845 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2846 scan_freq="2412")
2847
2848 sigma_dut_cmd_check("ap_reset_default")
2849 finally:
2850 stop_sigma_dut(sigma)
2851
2852 def test_sigma_dut_ap_ft_over_ds_psk(dev, apdev, params):
2853 """sigma_dut controlled AP FT-PSK (over-DS)"""
2854 logdir = os.path.join(params['logdir'],
2855 "sigma_dut_ap_ft_over_ds_psk.sigma-hostapd")
2856 conffile = os.path.join(params['logdir'],
2857 "sigma_dut_ap_ft_over_ds_psk.sigma-conf")
2858 with HWSimRadio() as (radio, iface):
2859 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2860 try:
2861 sigma_dut_cmd_check("ap_reset_default")
2862 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ft-psk,MODE,11ng,DOMAIN,0101,FT_DS,Enable")
2863 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,FT-PSK,PSK,12345678")
2864 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2865
2866 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
2867 with open(conffile, "wb") as f2:
2868 f2.write(f.read())
2869
2870 dev[0].connect("test-ft-psk", key_mgmt="FT-PSK", psk="12345678",
2871 scan_freq="2412")
2872
2873 sigma_dut_cmd_check("ap_reset_default")
2874 finally:
2875 stop_sigma_dut(sigma)
2876
2877 def test_sigma_dut_ap_ent_ft_eap(dev, apdev, params):
2878 """sigma_dut controlled AP WPA-EAP and FT-EAP"""
2879 logdir = os.path.join(params['logdir'],
2880 "sigma_dut_ap_ent_ft_eap.sigma-hostapd")
2881 with HWSimRadio() as (radio, iface):
2882 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
2883 try:
2884 sigma_dut_cmd_check("ap_reset_default")
2885 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-ent-ft-eap,MODE,11ng,DOMAIN,0101,FT_OA,Enable")
2886 sigma_dut_cmd_check("ap_set_radius,NAME,AP,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
2887 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-ENT-FT-EAP")
2888 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
2889
2890 dev[0].connect("test-ent-ft-eap", key_mgmt="FT-EAP", eap="GPSK",
2891 identity="gpsk user",
2892 password="abcdefghijklmnop0123456789abcdef",
2893 scan_freq="2412")
2894 dev[1].connect("test-ent-ft-eap", key_mgmt="WPA-EAP", eap="GPSK",
2895 identity="gpsk user",
2896 password="abcdefghijklmnop0123456789abcdef",
2897 scan_freq="2412")
2898
2899 sigma_dut_cmd_check("ap_reset_default")
2900 finally:
2901 stop_sigma_dut(sigma)
2902
2903 def test_sigma_dut_venue_url(dev, apdev):
2904 """sigma_dut controlled Venue URL fetch"""
2905 try:
2906 run_sigma_dut_venue_url(dev, apdev)
2907 finally:
2908 dev[0].set("ignore_old_scan_res", "0")
2909
2910 def run_sigma_dut_venue_url(dev, apdev):
2911 ifname = dev[0].ifname
2912 sigma = start_sigma_dut(ifname, debug=True)
2913
2914 ssid = "venue"
2915 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
2916 params["wpa_key_mgmt"] = "WPA-PSK-SHA256"
2917 params["ieee80211w"] = "2"
2918
2919 venue_group = 1
2920 venue_type = 13
2921 venue_info = struct.pack('BB', venue_group, venue_type)
2922 lang1 = "eng"
2923 name1 = "Example venue"
2924 lang2 = "fin"
2925 name2 = "Esimerkkipaikka"
2926 venue1 = struct.pack('B', len(lang1 + name1)) + lang1.encode() + name1.encode()
2927 venue2 = struct.pack('B', len(lang2 + name2)) + lang2.encode() + name2.encode()
2928 venue_name = binascii.hexlify(venue_info + venue1 + venue2)
2929
2930 url1 = "http://example.com/venue"
2931 url2 = "https://example.org/venue-info/"
2932 params["venue_group"] = str(venue_group)
2933 params["venue_type"] = str(venue_type)
2934 params["venue_name"] = [lang1 + ":" + name1, lang2 + ":" + name2]
2935 params["venue_url"] = ["1:" + url1, "2:" + url2]
2936
2937 hapd = hostapd.add_ap(apdev[0], params)
2938
2939 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,PMF" % ifname)
2940 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2941 sigma_dut_cmd_check("sta_set_psk,interface,%s,ssid,%s,passphrase,%s,encpType,aes-ccmp,keymgmttype,wpa2,PMF,Required" % (ifname, "venue", "12345678"))
2942 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "venue"))
2943 sigma_dut_wait_connected(ifname)
2944 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
2945 sigma_dut_cmd_check("sta_hs2_venue_info,interface," + ifname + ",Display,Yes")
2946 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
2947 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
2948
2949 stop_sigma_dut(sigma)
2950
2951 def test_sigma_dut_hs20_assoc_24(dev, apdev):
2952 """sigma_dut controlled Hotspot 2.0 connection (2.4 GHz)"""
2953 run_sigma_dut_hs20_assoc(dev, apdev, True)
2954
2955 def test_sigma_dut_hs20_assoc_5(dev, apdev):
2956 """sigma_dut controlled Hotspot 2.0 connection (5 GHz)"""
2957 run_sigma_dut_hs20_assoc(dev, apdev, False)
2958
2959 def run_sigma_dut_hs20_assoc(dev, apdev, band24):
2960 hapd0 = None
2961 hapd1 = None
2962 try:
2963 bssid0 = apdev[0]['bssid']
2964 params = hs20_ap_params()
2965 params['hessid'] = bssid0
2966 hapd0 = hostapd.add_ap(apdev[0], params)
2967
2968 bssid1 = apdev[1]['bssid']
2969 params = hs20_ap_params()
2970 params['hessid'] = bssid0
2971 params["hw_mode"] = "a"
2972 params["channel"] = "36"
2973 params["country_code"] = "US"
2974 hapd1 = hostapd.add_ap(apdev[1], params)
2975
2976 band = "2.4" if band24 else "5"
2977 exp_bssid = bssid0 if band24 else bssid1
2978 run_sigma_dut_hs20_assoc_2(dev, apdev, band, exp_bssid)
2979 finally:
2980 dev[0].request("DISCONNECT")
2981 if hapd0:
2982 hapd0.request("DISABLE")
2983 if hapd1:
2984 hapd1.request("DISABLE")
2985 subprocess.call(['iw', 'reg', 'set', '00'])
2986 dev[0].flush_scan_cache()
2987
2988 def run_sigma_dut_hs20_assoc_2(dev, apdev, band, expect_bssid):
2989 check_eap_capa(dev[0], "MSCHAPV2")
2990 dev[0].flush_scan_cache()
2991
2992 ifname = dev[0].ifname
2993 sigma = start_sigma_dut(ifname, debug=True)
2994
2995 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,HS2-R3" % ifname)
2996 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
2997 sigma_dut_cmd_check("sta_add_credential,interface,%s,type,uname_pwd,realm,example.com,username,hs20-test,password,password" % ifname)
2998 res = sigma_dut_cmd_check("sta_hs2_associate,interface,%s,band,%s" % (ifname, band),
2999 timeout=15)
3000 sigma_dut_wait_connected(ifname)
3001 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3002 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3003 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3004
3005 stop_sigma_dut(sigma)
3006
3007 if "BSSID," + expect_bssid not in res:
3008 raise Exception("Unexpected BSSID: " + res)
3009
3010 def test_sigma_dut_ap_hs20(dev, apdev, params):
3011 """sigma_dut controlled AP with Hotspot 2.0 parameters"""
3012 logdir = os.path.join(params['logdir'],
3013 "sigma_dut_ap_hs20.sigma-hostapd")
3014 conffile = os.path.join(params['logdir'],
3015 "sigma_dut_ap_hs20.sigma-conf")
3016 with HWSimRadio() as (radio, iface):
3017 sigma = start_sigma_dut(iface, hostapd_logdir=logdir, debug=True)
3018 try:
3019 sigma_dut_cmd_check("ap_reset_default,NAME,AP,program,HS2-R3")
3020 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,1,CHANNEL,1,SSID,test-hs20,MODE,11ng")
3021 sigma_dut_cmd_check("ap_set_radius,NAME,AP,WLAN_TAG,1,IPADDR,127.0.0.1,PORT,1812,PASSWORD,radius")
3022 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,1,KEYMGNT,WPA2-ENT")
3023 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,HESSID,02:12:34:56:78:9a,NAI_REALM_LIST,1,OPER_NAME,1")
3024 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OSU_SERVER_URI,https://example.com/ https://example.org/,OSU_SSID,test-osu,OSU_METHOD,SOAP SOAP,OSU_PROVIDER_LIST,10,OSU_PROVIDER_NAI_LIST,4")
3025 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,NET_AUTH_TYPE,2")
3026 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,VENUE_NAME,1")
3027 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,DOMAIN_LIST,example.com")
3028 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,1,OPERATOR_ICON_METADATA,1")
3029 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,WLAN_TAG,2,CHANNEL,1,SSID,test-osu,MODE,11ng")
3030 sigma_dut_cmd_check("ap_set_security,NAME,AP,WLAN_TAG,2,KEYMGNT,NONE")
3031 sigma_dut_cmd_check("ap_set_hs2,NAME,AP,WLAN_TAG,2,OSU,1")
3032 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3033
3034 with open("/tmp/sigma_dut-ap.conf", "rb") as f:
3035 with open(conffile, "wb") as f2:
3036 f2.write(f.read())
3037
3038 sigma_dut_cmd_check("ap_reset_default")
3039 finally:
3040 stop_sigma_dut(sigma)
3041
3042 def test_sigma_dut_eap_ttls_uosc(dev, apdev, params):
3043 """sigma_dut controlled STA and EAP-TTLS with UOSC"""
3044 logdir = params['logdir']
3045
3046 with open("auth_serv/ca.pem", "r") as f:
3047 with open(os.path.join(logdir, "sigma_dut_eap_ttls_uosc.ca.pem"),
3048 "w") as f2:
3049 f2.write(f.read())
3050
3051 src = "auth_serv/server.pem"
3052 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.der")
3053 hashdst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.server.pem.sha256")
3054 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3055 "-outform", "DER"],
3056 stderr=open('/dev/null', 'w'))
3057 with open(dst, "rb") as f:
3058 der = f.read()
3059 hash = hashlib.sha256(der).digest()
3060 with open(hashdst, "w") as f:
3061 f.write(binascii.hexlify(hash).decode())
3062
3063 dst = os.path.join(logdir, "sigma_dut_eap_ttls_uosc.incorrect.pem.sha256")
3064 with open(dst, "w") as f:
3065 f.write(32*"00")
3066
3067 ssid = "test-wpa2-eap"
3068 params = hostapd.wpa2_eap_params(ssid=ssid)
3069 hapd = hostapd.add_ap(apdev[0], params)
3070
3071 ifname = dev[0].ifname
3072 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3073
3074 try:
3075 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,username,DOMAIN\mschapv2 user,password,password,ServerCert,sigma_dut_eap_ttls_uosc.incorrect.pem" % (ifname, ssid)
3076
3077 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3078 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3079 sigma_dut_cmd_check(cmd)
3080 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3081 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3082 if ev is None:
3083 raise Exception("Server certificate error not reported")
3084
3085 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3086 if "ServerCertTrustResult,Accepted" not in res:
3087 raise Exception("Server certificate trust was not accepted")
3088 sigma_dut_wait_connected(ifname)
3089 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3090 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3091 dev[0].dump_monitor()
3092 finally:
3093 stop_sigma_dut(sigma)
3094
3095 def test_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params):
3096 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-STRICT"""
3097 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, False)
3098
3099 def test_sigma_dut_eap_ttls_uosc_tod_tofu(dev, apdev, params):
3100 """sigma_dut controlled STA and EAP-TTLS with UOSC/TOD-TOFU"""
3101 run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, True)
3102
3103 def run_sigma_dut_eap_ttls_uosc_tod(dev, apdev, params, tofu):
3104 logdir = params['logdir']
3105
3106 name = "sigma_dut_eap_ttls_uosc_tod"
3107 if tofu:
3108 name += "_tofu"
3109 with open("auth_serv/ca.pem", "r") as f:
3110 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3111 f2.write(f.read())
3112
3113 if tofu:
3114 src = "auth_serv/server-certpol2.pem"
3115 else:
3116 src = "auth_serv/server-certpol.pem"
3117 dst = os.path.join(logdir, name + ".server.der")
3118 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3119 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3120 "-outform", "DER"],
3121 stderr=open('/dev/null', 'w'))
3122 with open(dst, "rb") as f:
3123 der = f.read()
3124 hash = hashlib.sha256(der).digest()
3125 with open(hashdst, "w") as f:
3126 f.write(binascii.hexlify(hash).decode())
3127
3128 ssid = "test-wpa2-eap"
3129 params = int_eap_server_params()
3130 params["ssid"] = ssid
3131 if tofu:
3132 params["server_cert"] = "auth_serv/server-certpol2.pem"
3133 params["private_key"] = "auth_serv/server-certpol2.key"
3134 else:
3135 params["server_cert"] = "auth_serv/server-certpol.pem"
3136 params["private_key"] = "auth_serv/server-certpol.key"
3137 hapd = hostapd.add_ap(apdev[0], params)
3138
3139 ifname = dev[0].ifname
3140 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3141
3142 try:
3143 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password,ServerCert," + name + ".server.pem") % (ifname, ssid)
3144 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3145 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3146 sigma_dut_cmd_check(cmd)
3147 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3148 sigma_dut_wait_connected(ifname)
3149 sigma_dut_cmd_check("sta_get_ip_config,interface," + ifname)
3150 sigma_dut_cmd_check("sta_disconnect,interface," + ifname + ",maintain_profile,1")
3151 dev[0].wait_disconnected()
3152 dev[0].dump_monitor()
3153
3154 hapd.disable()
3155 params = hostapd.wpa2_eap_params(ssid=ssid)
3156 hapd = hostapd.add_ap(apdev[0], params)
3157
3158 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3159 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3160 if ev is None:
3161 raise Exception("Server certificate error not reported")
3162
3163 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3164 if "ServerCertTrustResult,Accepted" in res:
3165 raise Exception("Server certificate trust override was accepted unexpectedly")
3166 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3167 dev[0].dump_monitor()
3168 finally:
3169 stop_sigma_dut(sigma)
3170
3171 def test_sigma_dut_eap_ttls_uosc_initial_tod_strict(dev, apdev, params):
3172 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-STRICT"""
3173 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, False)
3174
3175 def test_sigma_dut_eap_ttls_uosc_initial_tod_tofu(dev, apdev, params):
3176 """sigma_dut controlled STA and EAP-TTLS with initial UOSC/TOD-TOFU"""
3177 run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, True)
3178
3179 def run_sigma_dut_eap_ttls_uosc_initial_tod(dev, apdev, params, tofu):
3180 logdir = params['logdir']
3181
3182 name = "sigma_dut_eap_ttls_uosc_initial_tod"
3183 if tofu:
3184 name += "_tofu"
3185 with open("auth_serv/rsa3072-ca.pem", "r") as f:
3186 with open(os.path.join(logdir, name + ".ca.pem"), "w") as f2:
3187 f2.write(f.read())
3188
3189 if tofu:
3190 src = "auth_serv/server-certpol2.pem"
3191 else:
3192 src = "auth_serv/server-certpol.pem"
3193 dst = os.path.join(logdir, name + ".server.der")
3194 hashdst = os.path.join(logdir, name + ".server.pem.sha256")
3195 subprocess.check_call(["openssl", "x509", "-in", src, "-out", dst,
3196 "-outform", "DER"],
3197 stderr=open('/dev/null', 'w'))
3198 with open(dst, "rb") as f:
3199 der = f.read()
3200 hash = hashlib.sha256(der).digest()
3201 with open(hashdst, "w") as f:
3202 f.write(binascii.hexlify(hash).decode())
3203
3204 ssid = "test-wpa2-eap"
3205 params = int_eap_server_params()
3206 params["ssid"] = ssid
3207 if tofu:
3208 params["server_cert"] = "auth_serv/server-certpol2.pem"
3209 params["private_key"] = "auth_serv/server-certpol2.key"
3210 else:
3211 params["server_cert"] = "auth_serv/server-certpol.pem"
3212 params["private_key"] = "auth_serv/server-certpol.key"
3213 hapd = hostapd.add_ap(apdev[0], params)
3214
3215 ifname = dev[0].ifname
3216 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3217
3218 try:
3219 cmd = ("sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA," + name + ".ca.pem,username,DOMAIN\mschapv2 user,password,password") % (ifname, ssid)
3220 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3221 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3222 sigma_dut_cmd_check(cmd)
3223 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3224 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=15)
3225 if ev is None:
3226 raise Exception("Server certificate validation failure not reported")
3227
3228 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3229 if not tofu and "ServerCertTrustResult,Accepted" in res:
3230 raise Exception("Server certificate trust override was accepted unexpectedly")
3231 if tofu and "ServerCertTrustResult,Accepted" not in res:
3232 raise Exception("Server certificate trust override was not accepted")
3233 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3234 dev[0].dump_monitor()
3235 finally:
3236 stop_sigma_dut(sigma)
3237
3238 def test_sigma_dut_eap_ttls_uosc_ca_mistrust(dev, apdev, params):
3239 """sigma_dut controlled STA and EAP-TTLS with UOSC when CA is not trusted"""
3240 logdir = params['logdir']
3241
3242 with open("auth_serv/ca.pem", "r") as f:
3243 with open(os.path.join(logdir,
3244 "sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem"),
3245 "w") as f2:
3246 f2.write(f.read())
3247
3248 ssid = "test-wpa2-eap"
3249 params = int_eap_server_params()
3250 params["ssid"] = ssid
3251 params["ca_cert"] = "auth_serv/rsa3072-ca.pem"
3252 params["server_cert"] = "auth_serv/rsa3072-server.pem"
3253 params["private_key"] = "auth_serv/rsa3072-server.key"
3254 hapd = hostapd.add_ap(apdev[0], params)
3255
3256 ifname = dev[0].ifname
3257 sigma = start_sigma_dut(ifname, cert_path=logdir, debug=True)
3258
3259 try:
3260 cmd = "sta_set_security,type,eapttls,interface,%s,ssid,%s,keymgmttype,wpa2,encType,AES-CCMP,PairwiseCipher,AES-CCMP-128,trustedRootCA,sigma_dut_eap_ttls_uosc_ca_mistrust.ca.pem,username,DOMAIN\mschapv2 user,password,password,domainSuffix,w1.fi" % (ifname, ssid)
3261 sigma_dut_cmd_check("sta_reset_default,interface,%s,prog,WPA3" % ifname)
3262 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3263 sigma_dut_cmd_check(cmd)
3264 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, ssid))
3265 ev = dev[0].wait_event(["CTRL-EVENT-EAP-TLS-CERT-ERROR"], timeout=10)
3266 if ev is None:
3267 raise Exception("Server certificate error not reported")
3268
3269 res = sigma_dut_cmd_check("dev_exec_action,program,WPA3,interface,%s,ServerCertTrust,Accept" % ifname)
3270 if "ServerCertTrustResult,Accepted" not in res:
3271 raise Exception("Server certificate trust was not accepted")
3272 sigma_dut_wait_connected(ifname)
3273 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3274 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3275 dev[0].dump_monitor()
3276 finally:
3277 stop_sigma_dut(sigma)
3278
3279 def start_sae_pwe_ap(apdev, sae_pwe):
3280 ssid = "test-sae"
3281 params = hostapd.wpa2_params(ssid=ssid, passphrase="12345678")
3282 params['wpa_key_mgmt'] = 'SAE'
3283 params["ieee80211w"] = "2"
3284 params['sae_groups'] = '19'
3285 params['sae_pwe'] = str(sae_pwe)
3286 return hostapd.add_ap(apdev, params)
3287
3288 def connect_sae_pwe_sta(dev, ifname, extra=None):
3289 dev.dump_monitor()
3290 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3291 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3292 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3293 if extra:
3294 cmd += "," + extra
3295 sigma_dut_cmd_check(cmd)
3296 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
3297 sigma_dut_wait_connected(ifname)
3298 sigma_dut_cmd_check("sta_disconnect,interface," + ifname)
3299 dev.wait_disconnected()
3300 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3301 dev.dump_monitor()
3302
3303 def no_connect_sae_pwe_sta(dev, ifname, extra=None):
3304 dev.dump_monitor()
3305 sigma_dut_cmd_check("sta_reset_default,interface,%s" % ifname)
3306 sigma_dut_cmd_check("sta_set_ip_config,interface,%s,dhcp,0,ip,127.0.0.11,mask,255.255.255.0" % ifname)
3307 cmd = "sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2" % (ifname, "test-sae", "12345678")
3308 if extra:
3309 cmd += "," + extra
3310 sigma_dut_cmd_check(cmd)
3311 sigma_dut_cmd_check("sta_associate,interface,%s,ssid,%s,channel,1" % (ifname, "test-sae"))
3312 ev = dev.wait_event(["CTRL-EVENT-CONNECTED",
3313 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3314 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3315 raise Exception("Unexpected connection result")
3316 sigma_dut_cmd_check("sta_reset_default,interface," + ifname)
3317 dev.dump_monitor()
3318
3319 def test_sigma_dut_sae_h2e(dev, apdev):
3320 """sigma_dut controlled SAE H2E association (AP using loop+H2E)"""
3321 if "SAE" not in dev[0].get_capability("auth_alg"):
3322 raise HwsimSkip("SAE not supported")
3323
3324 start_sae_pwe_ap(apdev[0], 2)
3325
3326 ifname = dev[0].ifname
3327 sigma = start_sigma_dut(ifname, sae_h2e=True, debug=True)
3328 try:
3329 connect_sae_pwe_sta(dev[0], ifname)
3330 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3331 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3332 res = sigma_dut_cmd("sta_set_security,interface,%s,ssid,%s,passphrase,%s,type,SAE,encpType,aes-ccmp,keymgmttype,wpa2,sae_pwe,unknown" % (ifname, "test-sae", "12345678"))
3333 if res != "status,ERROR,errorCode,Unsupported sae_pwe value":
3334 raise Exception("Unexpected error result: " + res)
3335 finally:
3336 stop_sigma_dut(sigma)
3337 dev[0].set("sae_pwe", "0")
3338
3339 def test_sigma_dut_sae_h2e_ap_loop(dev, apdev):
3340 """sigma_dut controlled SAE H2E association (AP using loop-only)"""
3341 if "SAE" not in dev[0].get_capability("auth_alg"):
3342 raise HwsimSkip("SAE not supported")
3343
3344 start_sae_pwe_ap(apdev[0], 0)
3345
3346 ifname = dev[0].ifname
3347 sigma = start_sigma_dut(ifname, sae_h2e=True, debug=True)
3348 try:
3349 connect_sae_pwe_sta(dev[0], ifname)
3350 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3351 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3352 finally:
3353 stop_sigma_dut(sigma)
3354 dev[0].set("sae_pwe", "0")
3355
3356 def test_sigma_dut_sae_h2e_ap_h2e(dev, apdev):
3357 """sigma_dut controlled SAE H2E association (AP using H2E-only)"""
3358 if "SAE" not in dev[0].get_capability("auth_alg"):
3359 raise HwsimSkip("SAE not supported")
3360
3361 start_sae_pwe_ap(apdev[0], 1)
3362
3363 ifname = dev[0].ifname
3364 sigma = start_sigma_dut(ifname, sae_h2e=True, debug=True)
3365 try:
3366 connect_sae_pwe_sta(dev[0], ifname)
3367 no_connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,loop")
3368 connect_sae_pwe_sta(dev[0], ifname, extra="sae_pwe,h2e")
3369 finally:
3370 stop_sigma_dut(sigma)
3371 dev[0].set("sae_pwe", "0")
3372
3373 def test_sigma_dut_ap_sae_h2e(dev, apdev, params):
3374 """sigma_dut controlled AP with SAE H2E"""
3375 logdir = os.path.join(params['logdir'],
3376 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3377 if "SAE" not in dev[0].get_capability("auth_alg"):
3378 raise HwsimSkip("SAE not supported")
3379 with HWSimRadio() as (radio, iface):
3380 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir,
3381 debug=True)
3382 try:
3383 sigma_dut_cmd_check("ap_reset_default")
3384 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3385 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678")
3386 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3387
3388 for sae_pwe in [0, 1, 2]:
3389 dev[0].request("SET sae_groups ")
3390 dev[0].set("sae_pwe", str(sae_pwe))
3391 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3392 ieee80211w="2", scan_freq="2412")
3393 dev[0].request("REMOVE_NETWORK all")
3394 dev[0].wait_disconnected()
3395 dev[0].dump_monitor()
3396
3397 sigma_dut_cmd_check("ap_reset_default")
3398 finally:
3399 stop_sigma_dut(sigma)
3400 dev[0].set("sae_pwe", "0")
3401
3402 def test_sigma_dut_ap_sae_h2e_only(dev, apdev, params):
3403 """sigma_dut controlled AP with SAE H2E-only"""
3404 logdir = os.path.join(params['logdir'],
3405 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3406 if "SAE" not in dev[0].get_capability("auth_alg"):
3407 raise HwsimSkip("SAE not supported")
3408 with HWSimRadio() as (radio, iface):
3409 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir,
3410 debug=True)
3411 try:
3412 sigma_dut_cmd_check("ap_reset_default")
3413 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3414 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,h2e")
3415 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3416
3417 dev[0].request("SET sae_groups ")
3418 dev[0].set("sae_pwe", "1")
3419 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3420 ieee80211w="2", scan_freq="2412")
3421 dev[0].request("REMOVE_NETWORK all")
3422 dev[0].wait_disconnected()
3423 dev[0].dump_monitor()
3424
3425 dev[0].set("sae_pwe", "0")
3426 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3427 ieee80211w="2", scan_freq="2412", wait_connect=False)
3428 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3429 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3430 dev[0].request("DISCONNECT")
3431 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3432 raise Exception("Unexpected connection result")
3433
3434 sigma_dut_cmd_check("ap_reset_default")
3435 finally:
3436 stop_sigma_dut(sigma)
3437 dev[0].set("sae_pwe", "0")
3438
3439 def test_sigma_dut_ap_sae_loop_only(dev, apdev, params):
3440 """sigma_dut controlled AP with SAE looping-only"""
3441 logdir = os.path.join(params['logdir'],
3442 "sigma_dut_ap_sae_h2e.sigma-hostapd")
3443 if "SAE" not in dev[0].get_capability("auth_alg"):
3444 raise HwsimSkip("SAE not supported")
3445 with HWSimRadio() as (radio, iface):
3446 sigma = start_sigma_dut(iface, sae_h2e=True, hostapd_logdir=logdir,
3447 debug=True)
3448 try:
3449 sigma_dut_cmd_check("ap_reset_default")
3450 sigma_dut_cmd_check("ap_set_wireless,NAME,AP,CHANNEL,1,SSID,test-sae,MODE,11ng")
3451 sigma_dut_cmd_check("ap_set_security,NAME,AP,KEYMGNT,WPA2-SAE,PSK,12345678,sae_pwe,loop")
3452 sigma_dut_cmd_check("ap_config_commit,NAME,AP")
3453
3454 dev[0].request("SET sae_groups ")
3455 dev[0].set("sae_pwe", "0")
3456 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3457 ieee80211w="2", scan_freq="2412")
3458 dev[0].request("REMOVE_NETWORK all")
3459 dev[0].wait_disconnected()
3460 dev[0].dump_monitor()
3461
3462 dev[0].set("sae_pwe", "1")
3463 dev[0].connect("test-sae", key_mgmt="SAE", psk="12345678",
3464 ieee80211w="2", scan_freq="2412", wait_connect=False)
3465 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED",
3466 "CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=10)
3467 dev[0].request("DISCONNECT")
3468 if ev is None or "CTRL-EVENT-CONNECTED" in ev:
3469 raise Exception("Unexpected connection result")
3470
3471 sigma_dut_cmd_check("ap_reset_default")
3472 finally:
3473 stop_sigma_dut(sigma)
3474 dev[0].set("sae_pwe", "0")
Unnamed repository; edit this file 'description' to name the repository.