]>
Commit | Line | Data |
---|---|---|
ea295abc JM |
1 | # WPS+NFC tests |
2 | # Copyright (c) 2013, Jouni Malinen <j@w1.fi> | |
3 | # | |
4 | # This software may be distributed under the terms of the BSD license. | |
5 | # See README for more details. | |
6 | ||
9fd6804d | 7 | from remotehost import remote_compatible |
54c58f29 | 8 | import binascii |
ea295abc JM |
9 | import time |
10 | import subprocess | |
11 | import logging | |
c9aa4308 | 12 | logger = logging.getLogger() |
ea295abc JM |
13 | |
14 | import hwsim_utils | |
15 | import hostapd | |
1ae044f7 | 16 | from utils import alloc_fail, fail_test, clear_regdom |
ea295abc | 17 | |
a8375c94 | 18 | def check_wpa2_connection(sta, ap, hapd, ssid, mixed=False): |
ea295abc JM |
19 | status = sta.get_status() |
20 | if status['wpa_state'] != 'COMPLETED': | |
21 | raise Exception("Not fully connected") | |
22 | if status['bssid'] != ap['bssid']: | |
23 | raise Exception("Unexpected BSSID") | |
24 | if status['ssid'] != ssid: | |
25 | raise Exception("Unexpected SSID") | |
26 | if status['pairwise_cipher'] != 'CCMP': | |
27 | raise Exception("Unexpected encryption configuration") | |
28 | if status['group_cipher'] != 'CCMP' and not mixed: | |
29 | raise Exception("Unexpected encryption configuration") | |
30 | if status['key_mgmt'] != 'WPA2-PSK': | |
31 | raise Exception("Unexpected key_mgmt") | |
a8375c94 | 32 | hwsim_utils.test_connectivity(sta, hapd) |
ea295abc JM |
33 | |
34 | def ap_wps_params(ssid): | |
fab49f61 JM |
35 | return {"ssid": ssid, "eap_server": "1", "wps_state": "2", |
36 | "wpa_passphrase": "12345678", "wpa": "2", | |
37 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"} | |
ea295abc | 38 | |
9fd6804d | 39 | @remote_compatible |
ea295abc JM |
40 | def test_nfc_wps_password_token_sta(dev, apdev): |
41 | """NFC tag with password token on the station/Enrollee""" | |
42 | ssid = "test-wps-nfc-pw-token-conf" | |
43 | params = ap_wps_params(ssid) | |
6f334bf7 | 44 | hapd = hostapd.add_ap(apdev[0], params) |
ea295abc | 45 | logger.info("WPS provisioning step using password token from station") |
1490eff5 JM |
46 | wps = dev[0].request("WPS_NFC_TOKEN WPS").rstrip() |
47 | if "FAIL" in wps: | |
48 | raise Exception("Failed to generate password token (WPS only)") | |
ea295abc JM |
49 | pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip() |
50 | if "FAIL" in pw: | |
51 | raise Exception("Failed to generate password token") | |
52 | res = hapd.request("WPS_NFC_TAG_READ " + pw) | |
53 | if "FAIL" in res: | |
54 | raise Exception("Failed to provide NFC tag contents to hostapd") | |
55 | dev[0].dump_monitor() | |
56 | res = dev[0].request("WPS_NFC") | |
57 | if "FAIL" in res: | |
58 | raise Exception("Failed to start Enrollee using NFC password token") | |
5f35a5e2 | 59 | dev[0].wait_connected(timeout=30) |
a8375c94 | 60 | check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
ea295abc | 61 | |
82358a2a JM |
62 | if "FAIL" not in hapd.request("WPS_NFC_TAG_READ 0"): |
63 | raise Exception("Invalid WPS_NFC_TAG_READ accepted") | |
64 | if "FAIL" not in hapd.request("WPS_NFC_TAG_READ 0q"): | |
65 | raise Exception("Invalid WPS_NFC_TAG_READ accepted") | |
66 | with alloc_fail(hapd, 1, | |
67 | "wpabuf_alloc;hostapd_ctrl_iface_wps_nfc_tag_read"): | |
68 | if "FAIL" not in hapd.request("WPS_NFC_TAG_READ 00"): | |
69 | raise Exception("WPS_NFC_TAG_READ accepted during OOM") | |
70 | ||
ea295abc JM |
71 | def test_nfc_wps_config_token(dev, apdev): |
72 | """NFC tag with configuration token from AP""" | |
73 | ssid = "test-wps-nfc-conf-token" | |
74 | params = ap_wps_params(ssid) | |
6f334bf7 | 75 | hapd = hostapd.add_ap(apdev[0], params) |
ea295abc JM |
76 | logger.info("NFC configuration token from AP to station") |
77 | conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() | |
78 | if "FAIL" in conf: | |
79 | raise Exception("Failed to generate configuration token") | |
82358a2a | 80 | ndef_conf = conf |
ea295abc JM |
81 | dev[0].dump_monitor() |
82 | res = dev[0].request("WPS_NFC_TAG_READ " + conf) | |
83 | if "FAIL" in res: | |
84 | raise Exception("Failed to provide NFC tag contents to wpa_supplicant") | |
5f35a5e2 | 85 | dev[0].wait_connected(timeout=15) |
a8375c94 | 86 | check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
ea295abc | 87 | |
24b7f282 JM |
88 | with alloc_fail(hapd, 1, "wps_get_oob_cred"): |
89 | conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() | |
90 | if "FAIL" not in conf: | |
91 | raise Exception("Unexpected configuration token received during OOM") | |
92 | ||
82358a2a JM |
93 | wps_conf = hapd.request("WPS_NFC_CONFIG_TOKEN WPS").rstrip() |
94 | if "FAIL" in wps_conf: | |
95 | raise Exception("Failed to generate configuration token (WPS)") | |
96 | if wps_conf not in ndef_conf: | |
97 | raise Exception("WPS config token not within NDEF encapsulated one") | |
98 | ||
99 | conf = hapd.request("WPS_NFC_CONFIG_TOKEN FOO").rstrip() | |
100 | if "FAIL" not in conf: | |
101 | raise Exception("Invalid WPS_NFC_CONFIG_TOKEN accepted") | |
102 | ||
590160d5 JM |
103 | def test_nfc_wps_config_token_init(dev, apdev): |
104 | """NFC tag with configuration token from AP with auto configuration""" | |
590160d5 | 105 | ssid = "test-wps-nfc-conf-token-init" |
6f334bf7 | 106 | hapd = hostapd.add_ap(apdev[0], |
fab49f61 | 107 | {"ssid": ssid, "eap_server": "1", "wps_state": "1"}) |
590160d5 JM |
108 | logger.info("NFC configuration token from AP to station") |
109 | conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() | |
110 | if "FAIL" in conf: | |
111 | raise Exception("Failed to generate configuration token") | |
112 | dev[0].dump_monitor() | |
113 | res = dev[0].request("WPS_NFC_TAG_READ " + conf) | |
114 | if "FAIL" in res: | |
115 | raise Exception("Failed to provide NFC tag contents to wpa_supplicant") | |
5f35a5e2 | 116 | dev[0].wait_connected(timeout=15) |
a8375c94 | 117 | check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True) |
590160d5 | 118 | |
9fd6804d | 119 | @remote_compatible |
ea295abc JM |
120 | def test_nfc_wps_password_token_sta_init(dev, apdev): |
121 | """Initial AP configuration with first WPS NFC Enrollee""" | |
122 | ssid = "test-wps-nfc-pw-token-init" | |
6f334bf7 | 123 | hapd = hostapd.add_ap(apdev[0], |
fab49f61 | 124 | {"ssid": ssid, "eap_server": "1", "wps_state": "1"}) |
ea295abc JM |
125 | logger.info("WPS provisioning step using password token from station") |
126 | pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip() | |
127 | if "FAIL" in pw: | |
128 | raise Exception("Failed to generate password token") | |
129 | res = hapd.request("WPS_NFC_TAG_READ " + pw) | |
130 | if "FAIL" in res: | |
131 | raise Exception("Failed to provide NFC tag contents to hostapd") | |
132 | dev[0].dump_monitor() | |
133 | res = dev[0].request("WPS_NFC") | |
134 | if "FAIL" in res: | |
135 | raise Exception("Failed to start Enrollee using NFC password token") | |
5f35a5e2 | 136 | dev[0].wait_connected(timeout=30) |
a8375c94 | 137 | check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True) |
ea295abc | 138 | |
9fd6804d | 139 | @remote_compatible |
ea295abc JM |
140 | def test_nfc_wps_password_token_ap(dev, apdev): |
141 | """WPS registrar configuring an AP using AP password token""" | |
ea295abc | 142 | ssid = "test-wps-nfc-pw-token-init" |
6f334bf7 | 143 | hapd = hostapd.add_ap(apdev[0], |
fab49f61 | 144 | {"ssid": ssid, "eap_server": "1", "wps_state": "1"}) |
ea295abc JM |
145 | logger.info("WPS configuration step") |
146 | pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip() | |
147 | if "FAIL" in pw: | |
148 | raise Exception("Failed to generate password token") | |
149 | res = hapd.request("WPS_NFC_TOKEN enable") | |
63a792a7 | 150 | if "FAIL" in res: |
ea295abc JM |
151 | raise Exception("Failed to enable AP password token") |
152 | res = dev[0].request("WPS_NFC_TAG_READ " + pw) | |
153 | if "FAIL" in res: | |
154 | raise Exception("Failed to provide NFC tag contents to wpa_supplicant") | |
155 | dev[0].dump_monitor() | |
156 | new_ssid = "test-wps-nfc-pw-token-new-ssid" | |
157 | new_passphrase = "1234567890" | |
54c58f29 MH |
158 | res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + |
159 | binascii.hexlify(new_ssid.encode()).decode() + | |
160 | " WPA2PSK CCMP " + | |
161 | binascii.hexlify(new_passphrase.encode()).decode()) | |
ea295abc JM |
162 | if "FAIL" in res: |
163 | raise Exception("Failed to start Registrar using NFC password token") | |
5f35a5e2 | 164 | dev[0].wait_connected(timeout=30) |
a8375c94 | 165 | check_wpa2_connection(dev[0], apdev[0], hapd, new_ssid, mixed=True) |
36a860b4 JM |
166 | if "FAIL" in hapd.request("WPS_NFC_TOKEN disable"): |
167 | raise Exception("Failed to disable AP password token") | |
168 | if "FAIL" in hapd.request("WPS_NFC_TOKEN WPS"): | |
169 | raise Exception("Unexpected WPS_NFC_TOKEN WPS failure") | |
ea295abc | 170 | |
24b7f282 JM |
171 | with fail_test(hapd, 1, "os_get_random;wps_nfc_token_gen"): |
172 | if "FAIL" not in hapd.request("WPS_NFC_TOKEN WPS"): | |
173 | raise Exception("Unexpected WPS_NFC_TOKEN success") | |
174 | with fail_test(hapd, 2, "os_get_random;wps_nfc_token_gen"): | |
175 | if "FAIL" not in hapd.request("WPS_NFC_TOKEN WPS"): | |
176 | raise Exception("Unexpected WPS_NFC_TOKEN success") | |
177 | ||
82358a2a JM |
178 | if "FAIL" not in hapd.request("WPS_NFC_TOKEN foo"): |
179 | raise Exception("Invalid WPS_NFC_TOKEN accepted") | |
180 | ||
63a792a7 JM |
181 | def test_nfc_wps_password_token_ap_preconf(dev, apdev): |
182 | """WPS registrar configuring an AP using preconfigured AP password token""" | |
183 | ssid = "test-wps-nfc-pw-token-init" | |
184 | params = {"ssid": ssid, "eap_server": "1", | |
185 | "wps_state": "1", | |
186 | "wps_nfc_dev_pw_id": "49067", | |
187 | "wps_nfc_dh_pubkey": "991B7F54406226505D56C6C701ED2C725E4F4866611357CA1C4D92219B2E91CFC9E4172EB0899421657534DB396A6A11361663ACDC48417541DB8610428773BC18AAA00387775F14EEE49335B574165EF915D055F818B82F99CEF4C5F176E0C5D9055CBAF055A5B20B73B26D74816BA42C1A911FF0B8EDF77C7CEA76F9F6EABBFBF12742AA3E67BE7597FB7321C3B258C57B9EA045B0A7472558F9AA8E810E2E0462FFD9001A7E21C38006529B9FEDAAF47612D3817922F2335A5D541BAA9B7F", | |
188 | "wps_nfc_dh_privkey": "06F35FDA777F6EFF1F7F008AD68C49572C5F2913B1DC96E0AC3AB67D75329D40EEE850C79D83EEA82CE35FADCCB1F2AF08560268B9E9B67BE66C9B7B3E6F462CF91647830CB0A40184CCF8AA74261E0308AB8973FB799C9EA46011C70215AEA83293E0C89AA4EB6CA753A9E689FA3A0A3FB40D0A8D9AD258F3E4DA1625F63C4B347660D17504B25856DE9D18EB76C239EDFF090A0A1779BE848C0F23C20CF83022C91EA56B0375DED0A62DF0B8B91348F667F5A7EAD23F0F033E071DCE11B786", | |
189 | "wps_nfc_dev_pw": "CB7FE7A25053F8F5BF822660C21E66D8A58D3393BB78494E239031D6AABCB90C"} | |
190 | hapd = hostapd.add_ap(apdev[0], params) | |
191 | logger.info("WPS configuration step") | |
192 | res = hapd.request("WPS_NFC_TOKEN enable") | |
193 | if "FAIL" in res: | |
194 | raise Exception("Failed to enable AP password token") | |
195 | pw = "D217446170706C69636174696F6E2F766E642E7766612E777363102C0036691F6C35AC5FF23180FFBF899BF3E563D047AA68BFABCB7FE7A25053F8F5BF822660C21E66D8A58D3393BB78494E239031D6AABCB90C1049000600372A000120" | |
196 | res = dev[0].request("WPS_NFC_TAG_READ " + pw) | |
197 | if "FAIL" in res: | |
198 | raise Exception("Failed to provide NFC tag contents to wpa_supplicant") | |
199 | dev[0].dump_monitor() | |
200 | new_ssid = "test-wps-nfc-pw-token-new-ssid" | |
201 | new_passphrase = "1234567890" | |
202 | res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + | |
203 | binascii.hexlify(new_ssid.encode()).decode() + | |
204 | " WPA2PSK CCMP " + | |
205 | binascii.hexlify(new_passphrase.encode()).decode()) | |
206 | if "FAIL" in res: | |
207 | raise Exception("Failed to start Registrar using NFC password token") | |
208 | dev[0].wait_connected(timeout=30) | |
209 | check_wpa2_connection(dev[0], apdev[0], hapd, new_ssid, mixed=True) | |
210 | ||
2108ae1e JM |
211 | def test_nfc_wps_handover_init(dev, apdev): |
212 | """Connect to WPS AP with NFC connection handover and move to configured state""" | |
b90b3eab JM |
213 | try: |
214 | _test_nfc_wps_handover_init(dev, apdev) | |
215 | finally: | |
216 | dev[0].request("SET ignore_old_scan_res 0") | |
217 | ||
218 | def _test_nfc_wps_handover_init(dev, apdev): | |
2108ae1e JM |
219 | dev[0].request("SET ignore_old_scan_res 1") |
220 | ssid = "test-wps-nfc-handover-init" | |
6f334bf7 | 221 | hapd = hostapd.add_ap(apdev[0], |
fab49f61 | 222 | {"ssid": ssid, "eap_server": "1", "wps_state": "1"}) |
2108ae1e JM |
223 | logger.info("NFC connection handover") |
224 | req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
225 | if "FAIL" in req: | |
226 | raise Exception("Failed to generate NFC connection handover request") | |
227 | sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() | |
228 | if "FAIL" in sel: | |
229 | raise Exception("Failed to generate NFC connection handover select") | |
230 | res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
231 | if "FAIL" in res: | |
232 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
233 | dev[0].dump_monitor() | |
234 | res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
235 | if "FAIL" in res: | |
236 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
5f35a5e2 | 237 | dev[0].wait_connected(timeout=15) |
a8375c94 | 238 | check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True) |
2108ae1e | 239 | |
24b7f282 JM |
240 | with alloc_fail(hapd, 1, "wps_build_nfc_handover_sel"): |
241 | if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR"): | |
242 | raise Exception("Unexpected NFC_GET_HANDOVER_SEL success during OOM") | |
243 | ||
82358a2a JM |
244 | if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL NDEF").rstrip(): |
245 | raise Exception("Invalid NFC_GET_HANDOVER_SEL accepted") | |
246 | if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL foo foo").rstrip(): | |
247 | raise Exception("Invalid NFC_GET_HANDOVER_SEL accepted") | |
248 | if "FAIL" not in hapd.request("NFC_GET_HANDOVER_SEL NDEF foo").rstrip(): | |
249 | raise Exception("Invalid NFC_GET_HANDOVER_SEL accepted") | |
250 | res_ndef = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() | |
251 | res_wps = hapd.request("NFC_GET_HANDOVER_SEL WPS WPS-CR").rstrip() | |
252 | if res_wps not in res_ndef: | |
253 | raise Exception("WPS handover select not in NDEF encapsulated version") | |
254 | ||
9fd6804d | 255 | @remote_compatible |
36a860b4 JM |
256 | def test_nfc_wps_handover_errors(dev, apdev): |
257 | """WPS AP NFC handover report error cases""" | |
258 | ssid = "test-wps-nfc-handover" | |
6f334bf7 | 259 | hapd = hostapd.add_ap(apdev[0], |
fab49f61 | 260 | {"ssid": ssid, "eap_server": "1", "wps_state": "1"}) |
36a860b4 JM |
261 | sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() |
262 | if "FAIL" in sel: | |
263 | raise Exception("Failed to generate NFC connection handover select") | |
264 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER "): | |
265 | raise Exception("Unexpected handover report success") | |
266 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP"): | |
267 | raise Exception("Unexpected handover report success") | |
268 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS"): | |
269 | raise Exception("Unexpected handover report success") | |
270 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122"): | |
271 | raise Exception("Unexpected handover report success") | |
272 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 00"): | |
273 | raise Exception("Unexpected handover report success") | |
274 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 0 00"): | |
275 | raise Exception("Unexpected handover report success") | |
276 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 0"): | |
277 | raise Exception("Unexpected handover report success") | |
278 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 00q122 001122"): | |
279 | raise Exception("Unexpected handover report success") | |
280 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001q22"): | |
281 | raise Exception("Unexpected handover report success") | |
282 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP FOO 001122 00"): | |
283 | raise Exception("Unexpected handover report success") | |
82358a2a JM |
284 | for i in range(1, 3): |
285 | with alloc_fail(hapd, i, | |
286 | "wpabuf_alloc;hostapd_ctrl_iface_nfc_report_handover"): | |
287 | if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001122"): | |
288 | raise Exception("NFC_REPORT_HANDOVER RESP succeeded during OOM") | |
36a860b4 | 289 | |
ea295abc JM |
290 | def test_nfc_wps_handover(dev, apdev): |
291 | """Connect to WPS AP with NFC connection handover""" | |
292 | ssid = "test-wps-nfc-handover" | |
293 | params = ap_wps_params(ssid) | |
6f334bf7 | 294 | hapd = hostapd.add_ap(apdev[0], params) |
ea295abc JM |
295 | logger.info("NFC connection handover") |
296 | req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
297 | if "FAIL" in req: | |
298 | raise Exception("Failed to generate NFC connection handover request") | |
299 | sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() | |
300 | if "FAIL" in sel: | |
301 | raise Exception("Failed to generate NFC connection handover select") | |
302 | res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
303 | if "FAIL" in res: | |
304 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
305 | dev[0].dump_monitor() | |
306 | res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
307 | if "FAIL" in res: | |
308 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
5f35a5e2 | 309 | dev[0].wait_connected(timeout=30) |
a8375c94 | 310 | check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
fa697bb8 | 311 | |
daad14cc JM |
312 | def test_nfc_wps_handover_5ghz(dev, apdev): |
313 | """Connect to WPS AP with NFC connection handover on 5 GHz band""" | |
f8b9e61e | 314 | hapd = None |
daad14cc JM |
315 | try: |
316 | ssid = "test-wps-nfc-handover" | |
317 | params = ap_wps_params(ssid) | |
318 | params["country_code"] = "FI" | |
319 | params["hw_mode"] = "a" | |
320 | params["channel"] = "36" | |
8b8a1864 | 321 | hapd = hostapd.add_ap(apdev[0], params) |
daad14cc JM |
322 | logger.info("NFC connection handover") |
323 | req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
324 | if "FAIL" in req: | |
325 | raise Exception("Failed to generate NFC connection handover request") | |
326 | sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() | |
327 | if "FAIL" in sel: | |
328 | raise Exception("Failed to generate NFC connection handover select") | |
329 | res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
330 | if "FAIL" in res: | |
331 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
332 | dev[0].dump_monitor() | |
333 | res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
334 | if "FAIL" in res: | |
335 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
5f35a5e2 | 336 | dev[0].wait_connected(timeout=30) |
a8375c94 | 337 | check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
daad14cc | 338 | finally: |
1ae044f7 | 339 | clear_regdom(hapd, dev) |
daad14cc JM |
340 | |
341 | def test_nfc_wps_handover_chan14(dev, apdev): | |
342 | """Connect to WPS AP with NFC connection handover on channel 14""" | |
f8b9e61e | 343 | hapd = None |
daad14cc JM |
344 | try: |
345 | ssid = "test-wps-nfc-handover" | |
346 | params = ap_wps_params(ssid) | |
347 | params["country_code"] = "JP" | |
348 | params["hw_mode"] = "b" | |
349 | params["channel"] = "14" | |
8b8a1864 | 350 | hapd = hostapd.add_ap(apdev[0], params) |
daad14cc JM |
351 | logger.info("NFC connection handover") |
352 | req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
353 | if "FAIL" in req: | |
354 | raise Exception("Failed to generate NFC connection handover request") | |
355 | sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() | |
356 | if "FAIL" in sel: | |
357 | raise Exception("Failed to generate NFC connection handover select") | |
358 | res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
359 | if "FAIL" in res: | |
360 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
361 | dev[0].dump_monitor() | |
362 | res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
363 | if "FAIL" in res: | |
364 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
5f35a5e2 | 365 | dev[0].wait_connected(timeout=30) |
a8375c94 | 366 | check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
daad14cc | 367 | finally: |
9d7fdac5 | 368 | dev[0].request("DISCONNECT") |
e0eb6e53 | 369 | clear_regdom(hapd, dev) |
daad14cc | 370 | |
8f96dadc JM |
371 | def test_nfc_wps_handover_with_pw_token_set(dev, apdev): |
372 | """Connect to WPS AP with NFC connection handover (wps_nfc_* set)""" | |
373 | ssid = "test-wps-nfc-handover2" | |
374 | params = ap_wps_params(ssid) | |
6f334bf7 | 375 | hapd = hostapd.add_ap(apdev[0], params) |
8f96dadc JM |
376 | # enable a password token (which won't be used in this test case) |
377 | pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip() | |
378 | if "FAIL" in pw: | |
379 | raise Exception("Failed to generate password token") | |
380 | res = hapd.request("WPS_NFC_TOKEN enable") | |
381 | if "FAIL" in pw: | |
382 | raise Exception("Failed to enable AP password token") | |
383 | logger.info("NFC connection handover") | |
384 | req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
385 | if "FAIL" in req: | |
386 | raise Exception("Failed to generate NFC connection handover request") | |
387 | sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() | |
388 | if "FAIL" in sel: | |
389 | raise Exception("Failed to generate NFC connection handover select") | |
390 | res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
391 | if "FAIL" in res: | |
392 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
393 | dev[0].dump_monitor() | |
394 | res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
395 | if "FAIL" in res: | |
396 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
5f35a5e2 | 397 | dev[0].wait_connected(timeout=15) |
a8375c94 | 398 | check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
8f96dadc | 399 | |
fa697bb8 JM |
400 | def test_nfc_wps_handover_pk_hash_mismatch_sta(dev, apdev): |
401 | """WPS NFC connection handover with invalid pkhash from station (negative)""" | |
402 | ssid = "wps-nfc-handover-pkhash-sta" | |
403 | if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"): | |
404 | raise Exception("Could not enable wps_corrupt_pkhash") | |
405 | params = ap_wps_params(ssid) | |
6f334bf7 | 406 | hapd = hostapd.add_ap(apdev[0], params) |
fa697bb8 JM |
407 | logger.info("NFC connection handover") |
408 | req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
409 | if "FAIL" in req: | |
410 | raise Exception("Failed to generate NFC connection handover request") | |
411 | sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() | |
412 | if "FAIL" in sel: | |
413 | raise Exception("Failed to generate NFC connection handover select") | |
414 | res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
415 | if "FAIL" in res: | |
416 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
417 | dev[0].dump_monitor() | |
418 | res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
419 | if "FAIL" in res: | |
420 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
421 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) | |
422 | if ev is None: | |
423 | raise Exception("Timed out") | |
424 | if "WPS-FAIL" not in ev: | |
425 | raise Exception("Public key hash mismatch not detected") | |
426 | ||
427 | def test_nfc_wps_handover_pk_hash_mismatch_ap(dev, apdev): | |
428 | """WPS NFC connection handover with invalid pkhash from AP (negative)""" | |
429 | ssid = "wps-nfc-handover-pkhash-ap" | |
430 | params = ap_wps_params(ssid) | |
6f334bf7 | 431 | hapd = hostapd.add_ap(apdev[0], params) |
fa697bb8 JM |
432 | if "FAIL" in hapd.request("SET wps_corrupt_pkhash 1"): |
433 | raise Exception("Could not enable wps_corrupt_pkhash") | |
434 | logger.info("NFC connection handover") | |
435 | req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
436 | if "FAIL" in req: | |
437 | raise Exception("Failed to generate NFC connection handover request") | |
438 | sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() | |
439 | if "FAIL" in sel: | |
440 | raise Exception("Failed to generate NFC connection handover select") | |
441 | res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
442 | if "FAIL" in res: | |
443 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
444 | dev[0].dump_monitor() | |
445 | res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
446 | if "FAIL" in res: | |
447 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
448 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) | |
449 | if ev is None: | |
450 | raise Exception("Timed out") | |
451 | if "WPS-FAIL" not in ev: | |
452 | raise Exception("Public key hash mismatch not detected") | |
014f60d0 JM |
453 | |
454 | def start_ap_er(er, ap, ssid): | |
455 | ap_pin = "12345670" | |
456 | ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e" | |
fab49f61 JM |
457 | params = {"ssid": ssid, "eap_server": "1", "wps_state": "2", |
458 | "wpa_passphrase": "12345678", "wpa": "2", | |
459 | "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP", | |
460 | "device_name": "Wireless AP", "manufacturer": "Company", | |
461 | "model_name": "WAP", "model_number": "123", | |
462 | "serial_number": "12345", "device_type": "6-0050F204-1", | |
463 | "os_version": "01020300", | |
464 | "config_methods": "label push_button", | |
465 | "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"} | |
40635905 | 466 | hapd = hostapd.add_ap(ap, params) |
014f60d0 JM |
467 | logger.info("Learn AP configuration") |
468 | er.dump_monitor() | |
b90b3eab JM |
469 | try: |
470 | er.request("SET ignore_old_scan_res 1") | |
471 | er.wps_reg(ap['bssid'], ap_pin) | |
472 | finally: | |
473 | er.request("SET ignore_old_scan_res 0") | |
014f60d0 JM |
474 | |
475 | logger.info("Start ER") | |
476 | er.request("WPS_ER_STOP") | |
477 | time.sleep(1) | |
478 | er.request("WPS_ER_START ifname=lo") | |
479 | ev = er.wait_event(["WPS-ER-AP-ADD"], timeout=15) | |
480 | if ev is None: | |
481 | raise Exception("AP discovery timed out") | |
482 | if ap_uuid not in ev: | |
483 | raise Exception("Expected AP UUID not found") | |
484 | ||
485 | logger.info("Use learned network configuration on ER") | |
486 | er.request("WPS_ER_SET_CONFIG " + ap_uuid + " 0") | |
40635905 | 487 | return hapd |
014f60d0 | 488 | |
9fd6804d | 489 | @remote_compatible |
014f60d0 JM |
490 | def test_nfc_wps_er_pw_token(dev, apdev): |
491 | """WPS NFC password token from Enrollee to ER""" | |
be9f1562 JM |
492 | try: |
493 | _test_nfc_wps_er_pw_token(dev, apdev) | |
494 | finally: | |
495 | dev[0].request("WPS_ER_STOP") | |
b90b3eab | 496 | dev[1].request("SET ignore_old_scan_res 0") |
be9f1562 JM |
497 | |
498 | def _test_nfc_wps_er_pw_token(dev, apdev): | |
014f60d0 | 499 | ssid = "wps-nfc-er-pw-token" |
40635905 | 500 | hapd = start_ap_er(dev[0], apdev[0], ssid) |
014f60d0 JM |
501 | logger.info("WPS provisioning step using password token from station") |
502 | dev[1].request("SET ignore_old_scan_res 1") | |
503 | pw = dev[1].request("WPS_NFC_TOKEN NDEF").rstrip() | |
504 | if "FAIL" in pw: | |
505 | raise Exception("Failed to generate password token") | |
506 | res = dev[0].request("WPS_NFC_TAG_READ " + pw) | |
507 | if "FAIL" in res: | |
508 | raise Exception("Failed to provide NFC tag contents to WPS ER") | |
509 | dev[0].dump_monitor() | |
510 | res = dev[1].request("WPS_NFC") | |
511 | if "FAIL" in res: | |
512 | raise Exception("Failed to start Enrollee using NFC password token") | |
513 | ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15) | |
514 | if ev is None: | |
515 | raise Exception("WPS ER did not report success") | |
5f35a5e2 | 516 | dev[1].wait_connected(timeout=15) |
a8375c94 | 517 | check_wpa2_connection(dev[1], apdev[0], hapd, ssid) |
014f60d0 | 518 | |
9fd6804d | 519 | @remote_compatible |
014f60d0 JM |
520 | def test_nfc_wps_er_config_token(dev, apdev): |
521 | """WPS NFC configuration token from ER to Enrollee""" | |
be9f1562 JM |
522 | try: |
523 | _test_nfc_wps_er_config_token(dev, apdev) | |
524 | finally: | |
525 | dev[0].request("WPS_ER_STOP") | |
b90b3eab | 526 | dev[1].request("SET ignore_old_scan_res 0") |
be9f1562 JM |
527 | |
528 | def _test_nfc_wps_er_config_token(dev, apdev): | |
014f60d0 | 529 | ssid = "wps-nfc-er-config-token" |
40635905 | 530 | hapd = start_ap_er(dev[0], apdev[0], ssid) |
014f60d0 | 531 | logger.info("WPS provisioning step using configuration token from ER") |
1490eff5 JM |
532 | wps = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN WPS " + apdev[0]['bssid']).rstrip() |
533 | if "FAIL" in wps: | |
534 | raise Exception("Failed to generate configuration token (WPS format)") | |
014f60d0 JM |
535 | conf = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN NDEF " + apdev[0]['bssid']).rstrip() |
536 | if "FAIL" in conf: | |
e946c8e6 | 537 | raise Exception("Failed to generate configuration token") |
014f60d0 JM |
538 | dev[1].request("SET ignore_old_scan_res 1") |
539 | res = dev[1].request("WPS_NFC_TAG_READ " + conf) | |
540 | if "FAIL" in res: | |
541 | raise Exception("Failed to provide NFC tag contents to wpa_supplicant") | |
5f35a5e2 | 542 | dev[1].wait_connected(timeout=15) |
a8375c94 | 543 | check_wpa2_connection(dev[1], apdev[0], hapd, ssid) |
014f60d0 JM |
544 | |
545 | def test_nfc_wps_er_handover(dev, apdev): | |
546 | """WPS NFC connection handover between Enrollee and ER""" | |
be9f1562 JM |
547 | try: |
548 | _test_nfc_wps_er_handover(dev, apdev) | |
549 | finally: | |
550 | dev[0].request("WPS_ER_STOP") | |
551 | ||
552 | def _test_nfc_wps_er_handover(dev, apdev): | |
014f60d0 | 553 | ssid = "wps-nfc-er-handover" |
40635905 | 554 | hapd = start_ap_er(dev[0], apdev[0], ssid) |
014f60d0 JM |
555 | logger.info("WPS provisioning step using connection handover") |
556 | req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
557 | if "FAIL" in req: | |
558 | raise Exception("Failed to generate NFC connection handover request") | |
559 | sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip() | |
560 | if "FAIL" in sel: | |
561 | raise Exception("Failed to generate NFC connection handover select") | |
562 | res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
563 | if "FAIL" in res: | |
564 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
565 | dev[1].dump_monitor() | |
566 | res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
567 | if "FAIL" in res: | |
568 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
5f35a5e2 | 569 | dev[1].wait_connected(timeout=15) |
a8375c94 | 570 | check_wpa2_connection(dev[1], apdev[0], hapd, ssid) |
014f60d0 JM |
571 | |
572 | def test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev): | |
573 | """WPS NFC connection handover with invalid pkhash from station to ER (negative)""" | |
be9f1562 JM |
574 | try: |
575 | _test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev) | |
576 | finally: | |
577 | dev[0].request("WPS_ER_STOP") | |
b90b3eab | 578 | dev[1].request("SET ignore_old_scan_res 0") |
be9f1562 JM |
579 | |
580 | def _test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev): | |
014f60d0 | 581 | ssid = "wps-nfc-er-handover-pkhash-sta" |
40635905 | 582 | hapd = start_ap_er(dev[0], apdev[0], ssid) |
014f60d0 JM |
583 | logger.info("WPS provisioning step using connection handover") |
584 | if "FAIL" in dev[1].request("SET wps_corrupt_pkhash 1"): | |
585 | raise Exception("Could not enable wps_corrupt_pkhash") | |
586 | dev[1].request("SET ignore_old_scan_res 1") | |
587 | req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
588 | if "FAIL" in req: | |
589 | raise Exception("Failed to generate NFC connection handover request") | |
590 | sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip() | |
591 | if "FAIL" in sel: | |
592 | raise Exception("Failed to generate NFC connection handover select") | |
593 | res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
594 | if "FAIL" in res: | |
595 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
596 | dev[1].dump_monitor() | |
597 | res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
598 | if "FAIL" in res: | |
599 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
600 | ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) | |
601 | if ev is None: | |
602 | raise Exception("Timed out") | |
603 | if "WPS-FAIL" not in ev: | |
604 | raise Exception("Public key hash mismatch not detected") | |
605 | ||
606 | def test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev): | |
607 | """WPS NFC connection handover with invalid pkhash from ER to station (negative)""" | |
be9f1562 JM |
608 | try: |
609 | _test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev) | |
610 | finally: | |
611 | dev[0].request("WPS_ER_STOP") | |
b90b3eab | 612 | dev[1].request("SET ignore_old_scan_res 0") |
be9f1562 JM |
613 | |
614 | def _test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev): | |
014f60d0 | 615 | ssid = "wps-nfc-er-handover-pkhash-er" |
40635905 | 616 | hapd = start_ap_er(dev[0], apdev[0], ssid) |
014f60d0 JM |
617 | logger.info("WPS provisioning step using connection handover") |
618 | if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"): | |
619 | raise Exception("Could not enable wps_corrupt_pkhash") | |
620 | dev[1].request("SET ignore_old_scan_res 1") | |
621 | req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
622 | if "FAIL" in req: | |
623 | raise Exception("Failed to generate NFC connection handover request") | |
624 | sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip() | |
625 | if "FAIL" in sel: | |
626 | raise Exception("Failed to generate NFC connection handover select") | |
627 | res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
628 | if "FAIL" in res: | |
629 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
630 | dev[1].dump_monitor() | |
631 | res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
632 | if "FAIL" in res: | |
633 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
634 | ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) | |
635 | if ev is None: | |
636 | raise Exception("Timed out") | |
637 | if "WPS-FAIL" not in ev: | |
638 | raise Exception("Public key hash mismatch not detected") | |
19879b45 | 639 | |
9fd6804d | 640 | @remote_compatible |
19879b45 JM |
641 | def test_nfc_invalid_ndef_record(dev, apdev): |
642 | """Invalid NFC NDEF record handling""" | |
fab49f61 JM |
643 | tests = ["11223344", |
644 | "00112233", | |
645 | "0000112233445566", | |
646 | "0800112233445566", | |
647 | "080011223344", | |
648 | "18000000", | |
649 | "18010000", | |
650 | "90000050", | |
651 | "9000005000", | |
652 | "9001013344", | |
653 | "98010101334455", | |
654 | "0017ffffffe3", | |
655 | "0017ffffffe4", | |
656 | "0017ffffffe9", | |
657 | "0000fffffffa", | |
658 | "0017ffffffe46170706c69636174696f6e2f766e642e7766612e777363", | |
659 | "0017ffffffff6170706c69636174696f6e2f766e642e7766612e777363", | |
660 | "0017000000006170706c69636174696f6e2f766e642e7766612e7773ff", | |
661 | "080000000000"] | |
19879b45 JM |
662 | for test in tests: |
663 | if "FAIL" not in dev[0].request("WPS_NFC_TAG_READ " + test): | |
664 | raise Exception("Invalid tag accepted: " + test) | |
4b1ae279 JM |
665 | |
666 | def test_nfc_wps_handover_failure(dev, apdev): | |
667 | """Connect to WPS AP with NFC connection handover (local failure)""" | |
668 | ssid = "test-wps-nfc-handover" | |
669 | params = ap_wps_params(ssid) | |
670 | hapd = hostapd.add_ap(apdev[0], params) | |
671 | logger.info("NFC connection handover") | |
672 | req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() | |
673 | if "FAIL" in req: | |
674 | raise Exception("Failed to generate NFC connection handover request") | |
675 | sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() | |
676 | if "FAIL" in sel: | |
677 | raise Exception("Failed to generate NFC connection handover select") | |
678 | res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) | |
679 | if "FAIL" in res: | |
680 | raise Exception("Failed to report NFC connection handover to to hostapd") | |
681 | dev[0].dump_monitor() | |
682 | ||
683 | with alloc_fail(hapd, 1, "wpabuf_dup;wps_build_public_key"): | |
684 | res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) | |
685 | if "FAIL" in res: | |
686 | raise Exception("Failed to report NFC connection handover to to wpa_supplicant") | |
687 | ev = dev[0].wait_event(["WPS-FAIL"], timeout=10) | |
688 | if ev is None: | |
689 | raise Exception("WPS failure not reported") |