1 # Test cases for Device Provisioning Protocol (DPP)
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
12 logger
= logging
.getLogger()
21 from hwsim
import HWSimRadio
22 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
23 from wpasupplicant
import WpaSupplicant
27 openssl_imported
= True
29 openssl_imported
= False
31 def check_dpp_capab(dev
, brainpool
=False, min_ver
=1):
32 if "UNKNOWN COMMAND" in dev
.request("DPP_BOOTSTRAP_GET_URI 0"):
33 raise HwsimSkip("DPP not supported")
35 tls
= dev
.request("GET tls_library")
36 if not tls
.startswith("OpenSSL") or "run=BoringSSL" in tls
:
37 raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls
)
38 capa
= dev
.request("GET_CAPABILITY dpp")
40 if capa
.startswith("DPP="):
43 raise HwsimSkip("DPP version %d not supported" % min_ver
)
46 def wait_dpp_fail(dev
, expected
=None):
47 ev
= dev
.wait_event(["DPP-FAIL"], timeout
=5)
49 raise Exception("Failure not reported")
50 if expected
and expected
not in ev
:
51 raise Exception("Unexpected result: " + ev
)
53 def test_dpp_qr_code_parsing(dev
, apdev
):
54 """DPP QR Code parsing"""
55 check_dpp_capab(dev
[0])
58 tests
= ["DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
59 "DPP:C:81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13,82/14,83/1,83/2,83/3,83/4,83/5,83/6,83/7,83/8,83/9,84/5,84/6,84/7,84/8,84/9,84/10,84/11,84/12,84/13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
60 "DPP:C:81/1,2,3,4,5,6,7,8,9,10,11,12,13,82/14,83/1,2,3,4,5,6,7,8,9,84/5,6,7,8,9,10,11,12,13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
61 "DPP:C:81/1,2,3;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
62 "DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
63 "DPP:I:;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"]
65 id.append(dev
[0].dpp_qr_code(uri
))
67 uri2
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id[-1])
69 raise Exception("Returned URI does not match")
75 "DPP:I:;M:01020304050;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
76 "DPP:K:" + base64
.b64encode(b
"hello").decode() + ";;",
77 "DPP:K:MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
78 "DPP:K:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANNZaZA4T/kRDjnmpI1ACOJhAuTIIEk2KFOpS6XPpGF+EVr/ao3XemkE0/nzXmGaLzLqTUCJknSdxTnVPeWfCVsCAwEAAQ==;;",
79 "DPP:K:MIIBCjCB0wYHKoZIzj0CATCBxwIBATAkBgcqhkjOPQEBAhkA/////////////////////v//////////MEsEGP////////////////////7//////////AQYZCEFGeWcgOcPp+mrciQwSf643uzBRrmxAxUAMEWub8hCL2TtV5Uo04Eg6uEhltUEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
80 "DPP:I:foo\tbar;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
81 "DPP:C:1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
82 "DPP:C:81/1a;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
83 "DPP:C:1/2000,81/-1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
84 "DPP:C:-1/1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;"]
86 res
= dev
[0].request("DPP_QR_CODE " + t
)
88 raise Exception("Accepted invalid QR Code: " + t
)
90 logger
.info("ID: " + str(id))
91 if id[0] == id[1] or id[0] == id[2] or id[1] == id[2]:
92 raise Exception("Duplicate ID returned")
94 if "FAIL" not in dev
[0].request("DPP_BOOTSTRAP_REMOVE 12345678"):
95 raise Exception("DPP_BOOTSTRAP_REMOVE accepted unexpectedly")
96 if "OK" not in dev
[0].request("DPP_BOOTSTRAP_REMOVE %d" % id[1]):
97 raise Exception("DPP_BOOTSTRAP_REMOVE failed")
99 id = dev
[0].dpp_bootstrap_gen()
100 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
101 logger
.info("Generated URI: " + uri
)
103 dev
[0].dpp_qr_code(uri
)
105 id = dev
[0].dpp_bootstrap_gen(chan
="81/1,115/36", mac
="010203040506",
107 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
108 logger
.info("Generated URI: " + uri
)
110 dev
[0].dpp_qr_code(uri
)
112 def test_dpp_qr_code_parsing_fail(dev
, apdev
):
113 """DPP QR Code parsing local failure"""
114 check_dpp_capab(dev
[0])
115 with
alloc_fail(dev
[0], 1, "dpp_parse_uri_info"):
116 if "FAIL" not in dev
[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
117 raise Exception("DPP_QR_CODE failure not reported")
119 with
alloc_fail(dev
[0], 1, "dpp_parse_uri_pk"):
120 if "FAIL" not in dev
[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
121 raise Exception("DPP_QR_CODE failure not reported")
123 with
fail_test(dev
[0], 1, "dpp_parse_uri_pk"):
124 if "FAIL" not in dev
[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
125 raise Exception("DPP_QR_CODE failure not reported")
127 with
alloc_fail(dev
[0], 1, "dpp_parse_uri"):
128 if "FAIL" not in dev
[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
129 raise Exception("DPP_QR_CODE failure not reported")
131 dpp_key_p256
= "30570201010420777fc55dc51e967c10ec051b91d860b5f1e6c934e48d5daffef98d032c64b170a00a06082a8648ce3d030107a124032200020c804188c7f85beb6e91070d2b3e5e39b90ca77b4d3c5251bc1844d6ca29dcad"
132 dpp_key_p384
= "307402010104302f56fdd83b5345cacb630eb7c22fa5ad5daba37307c95191e2a75756d137003bd8b32dbcb00eb5650c1eb499ecfcaec0a00706052b81040022a13403320003615ec2141b5b77aebb6523f8a012755f9a34405a8398d2ceeeebca7f5ce868bf55056cba4c4ec62fad3ed26dd29e0f23"
133 dpp_key_p521
= "308198020101044200c8010d5357204c252551aaf4e210343111e503fd1dc615b257058997c49b6b643c975226e93be8181cca3d83a7072defd161dfbdf433c19abe1f2ad51867a05761a00706052b81040023a1460344000301cdf3608b1305fe34a1f976095dcf001182b9973354efe156291a66830292f9babd8f412ad462958663e7a75d1d0610abdfc3dd95d40669f7ab3bc001668cfb3b7c"
134 dpp_key_bp256
= "3058020101042057133a676fb60bf2a3e6797e19833c7b0f89dc192ab99ab5fa377ae23a157765a00b06092b2403030208010107a12403220002945d9bf7ce30c9c1ac0ff21ca62b984d5bb80ff69d2be8c9716ab39a10d2caf0"
135 dpp_key_bp384
= "307802010104304902df9f3033a9b7128554c0851dc7127c3573eed150671dae74c0013e9896a9b1c22b6f7d43d8a2ebb7cd474dc55039a00b06092b240303020801010ba13403320003623cb5e68787f351faababf3425161571560add2e6f9a306fcbffb507735bf955bb46dd20ba246b0d5cadce73e5bd6a6"
136 dpp_key_bp512
= "30819802010104405803494226eb7e50bf0e90633f37e7e35d33f5fa502165eeba721d927f9f846caf12e925701d18e123abaaaf4a7edb4fc4de21ce18bc10c4d12e8b3439f74e40a00b06092b240303020801010da144034200033b086ccd47486522d35dc16fbb2229642c2e9e87897d45abbf21f9fb52acb5a6272b31d1b227c3e53720769cc16b4cb181b26cd0d35fe463218aaedf3b6ec00a"
138 def test_dpp_qr_code_curves(dev
, apdev
):
139 """DPP QR Code and supported curves"""
140 check_dpp_capab(dev
[0])
141 tests
= [("prime256v1", dpp_key_p256
),
142 ("secp384r1", dpp_key_p384
),
143 ("secp521r1", dpp_key_p521
)]
144 for curve
, hex in tests
:
145 id = dev
[0].dpp_bootstrap_gen(key
=hex)
146 info
= dev
[0].request("DPP_BOOTSTRAP_INFO %d" % id)
148 raise Exception("Failed to get info for " + curve
)
149 if "curve=" + curve
not in info
:
150 raise Exception("Curve mismatch for " + curve
)
152 def test_dpp_qr_code_curves_brainpool(dev
, apdev
):
153 """DPP QR Code and supported Brainpool curves"""
154 check_dpp_capab(dev
[0], brainpool
=True)
155 tests
= [("brainpoolP256r1", dpp_key_bp256
),
156 ("brainpoolP384r1", dpp_key_bp384
),
157 ("brainpoolP512r1", dpp_key_bp512
)]
158 for curve
, hex in tests
:
159 id = dev
[0].dpp_bootstrap_gen(key
=hex)
160 info
= dev
[0].request("DPP_BOOTSTRAP_INFO %d" % id)
162 raise Exception("Failed to get info for " + curve
)
163 if "curve=" + curve
not in info
:
164 raise Exception("Curve mismatch for " + curve
)
166 def test_dpp_qr_code_unsupported_curve(dev
, apdev
):
167 """DPP QR Code and unsupported curve"""
168 check_dpp_capab(dev
[0])
170 id = dev
[0].request("DPP_BOOTSTRAP_GEN type=qrcode curve=unsupported")
172 raise Exception("Unsupported curve accepted")
175 "305f02010104187f723ed9e1b41979ec5cd02eb82696efc76b40e277661049a00a06082a8648ce3d030101a134033200043f292614dea97c43f500f069e79ae9fb48f8b07369180de5eec8fa2bc9eea5af7a46dc335f52f10cb1c0e9464201d41b"]
177 id = dev
[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex)
179 raise Exception("Unsupported/invalid curve accepted")
181 def test_dpp_qr_code_keygen_fail(dev
, apdev
):
182 """DPP QR Code and keygen failure"""
183 check_dpp_capab(dev
[0])
185 with
alloc_fail(dev
[0], 1, "dpp_bootstrap_key_der;dpp_keygen"):
186 if "FAIL" not in dev
[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
187 raise Exception("Failure not reported")
189 with
alloc_fail(dev
[0], 1, "base64_gen_encode;dpp_keygen"):
190 if "FAIL" not in dev
[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
191 raise Exception("Failure not reported")
193 def test_dpp_qr_code_curve_select(dev
, apdev
):
194 """DPP QR Code and curve selection"""
195 check_dpp_capab(dev
[0], brainpool
=True)
196 check_dpp_capab(dev
[1], brainpool
=True)
199 for key
in [dpp_key_p256
, dpp_key_p384
, dpp_key_p521
,
200 dpp_key_bp256
, dpp_key_bp384
, dpp_key_bp512
]:
201 id = dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True, key
=key
)
202 info
= dev
[0].request("DPP_BOOTSTRAP_INFO %d" % id)
203 for i
in info
.splitlines():
205 name
, val
= i
.split('=')
209 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
210 bi
.append((curve
, uri
))
212 for curve
, uri
in bi
:
213 logger
.info("Curve: " + curve
)
214 logger
.info("URI: " + uri
)
216 dev
[0].dpp_listen(2412)
217 dev
[1].dpp_auth_init(uri
=uri
)
218 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
219 allow_enrollee_failure
=True, stop_responder
=True,
222 def test_dpp_qr_code_auth_broadcast(dev
, apdev
):
223 """DPP QR Code and authentication exchange (broadcast)"""
224 check_dpp_capab(dev
[0])
225 check_dpp_capab(dev
[1])
226 logger
.info("dev0 displays QR Code")
227 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1")
228 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
229 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
230 dev
[0].dpp_listen(2412)
231 dev
[1].dpp_auth_init(uri
=uri0
)
232 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
234 def test_dpp_qr_code_auth_unicast(dev
, apdev
):
235 """DPP QR Code and authentication exchange (unicast)"""
236 run_dpp_qr_code_auth_unicast(dev
, apdev
, None)
238 def test_dpp_qr_code_auth_unicast_ap_enrollee(dev
, apdev
):
239 """DPP QR Code and authentication exchange (AP enrollee)"""
240 run_dpp_qr_code_auth_unicast(dev
, apdev
, None, netrole
="ap")
242 def test_dpp_qr_code_curve_prime256v1(dev
, apdev
):
243 """DPP QR Code and curve prime256v1"""
244 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1")
246 def test_dpp_qr_code_curve_secp384r1(dev
, apdev
):
247 """DPP QR Code and curve secp384r1"""
248 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1")
250 def test_dpp_qr_code_curve_secp521r1(dev
, apdev
):
251 """DPP QR Code and curve secp521r1"""
252 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1")
254 def test_dpp_qr_code_curve_brainpoolP256r1(dev
, apdev
):
255 """DPP QR Code and curve brainpoolP256r1"""
256 run_dpp_qr_code_auth_unicast(dev
, apdev
, "brainpoolP256r1")
258 def test_dpp_qr_code_curve_brainpoolP384r1(dev
, apdev
):
259 """DPP QR Code and curve brainpoolP384r1"""
260 run_dpp_qr_code_auth_unicast(dev
, apdev
, "brainpoolP384r1")
262 def test_dpp_qr_code_curve_brainpoolP512r1(dev
, apdev
):
263 """DPP QR Code and curve brainpoolP512r1"""
264 run_dpp_qr_code_auth_unicast(dev
, apdev
, "brainpoolP512r1")
266 def test_dpp_qr_code_set_key(dev
, apdev
):
267 """DPP QR Code and fixed bootstrapping key"""
268 run_dpp_qr_code_auth_unicast(dev
, apdev
, None, key
="30770201010420e5143ac74682cc6869a830e8f5301a5fa569130ac329b1d7dd6f2a7495dbcbe1a00a06082a8648ce3d030107a144034200045e13e167c33dbc7d85541e5509600aa8139bbb3e39e25898992c5d01be92039ee2850f17e71506ded0d6b25677441eae249f8e225c68dd15a6354dca54006383")
270 def run_dpp_qr_code_auth_unicast(dev
, apdev
, curve
, netrole
=None, key
=None,
271 require_conf_success
=False, init_extra
=None,
272 require_conf_failure
=False,
273 configurator
=False, conf_curve
=None):
274 check_dpp_capab(dev
[0], curve
and "brainpool" in curve
)
275 check_dpp_capab(dev
[1], curve
and "brainpool" in curve
)
277 conf_id
= dev
[1].dpp_configurator_add(curve
=conf_curve
)
281 logger
.info("dev0 displays QR Code")
282 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
=curve
, key
=key
)
283 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
285 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
286 dev
[0].dpp_listen(2412, netrole
=netrole
)
287 dev
[1].dpp_auth_init(uri
=uri0
, extra
=init_extra
, configurator
=conf_id
)
288 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
289 allow_enrollee_failure
=True,
290 allow_configurator_failure
=not require_conf_success
,
291 require_configurator_failure
=require_conf_failure
,
294 def test_dpp_qr_code_auth_mutual(dev
, apdev
):
295 """DPP QR Code and authentication exchange (mutual)"""
296 check_dpp_capab(dev
[0])
297 check_dpp_capab(dev
[1])
298 logger
.info("dev0 displays QR Code")
299 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
300 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
302 logger
.info("dev1 displays QR Code")
303 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
304 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
306 logger
.info("dev0 scans QR Code")
307 id0b
= dev
[0].dpp_qr_code(uri1b
)
309 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
310 dev
[0].dpp_listen(2412)
311 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
)
313 ev
= dev
[1].wait_event(["DPP-AUTH-DIRECTION"], timeout
=5)
315 raise Exception("DPP authentication direction not indicated (Initiator)")
316 if "mutual=1" not in ev
:
317 raise Exception("Mutual authentication not used")
319 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
321 def test_dpp_qr_code_auth_mutual2(dev
, apdev
):
322 """DPP QR Code and authentication exchange (mutual2)"""
323 check_dpp_capab(dev
[0])
324 check_dpp_capab(dev
[1])
325 logger
.info("dev0 displays QR Code")
326 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
327 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
329 logger
.info("dev1 displays QR Code")
330 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
331 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
333 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
334 dev
[0].dpp_listen(2412, qr
="mutual")
335 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
)
337 ev
= dev
[1].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
339 raise Exception("Pending response not reported")
340 ev
= dev
[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
342 raise Exception("QR Code scan for mutual authentication not requested")
344 logger
.info("dev0 scans QR Code")
345 id0b
= dev
[0].dpp_qr_code(uri1b
)
347 ev
= dev
[1].wait_event(["DPP-AUTH-DIRECTION"], timeout
=5)
349 raise Exception("DPP authentication direction not indicated (Initiator)")
350 if "mutual=1" not in ev
:
351 raise Exception("Mutual authentication not used")
353 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
355 def test_dpp_qr_code_auth_mutual_p_256(dev
, apdev
):
356 """DPP QR Code and authentication exchange (mutual, autogen P-256)"""
357 run_dpp_qr_code_auth_mutual(dev
, apdev
, "P-256")
359 def test_dpp_qr_code_auth_mutual_p_384(dev
, apdev
):
360 """DPP QR Code and authentication exchange (mutual, autogen P-384)"""
361 run_dpp_qr_code_auth_mutual(dev
, apdev
, "P-384")
363 def test_dpp_qr_code_auth_mutual_p_521(dev
, apdev
):
364 """DPP QR Code and authentication exchange (mutual, autogen P-521)"""
365 run_dpp_qr_code_auth_mutual(dev
, apdev
, "P-521")
367 def test_dpp_qr_code_auth_mutual_bp_256(dev
, apdev
):
368 """DPP QR Code and authentication exchange (mutual, autogen BP-256)"""
369 run_dpp_qr_code_auth_mutual(dev
, apdev
, "BP-256")
371 def test_dpp_qr_code_auth_mutual_bp_384(dev
, apdev
):
372 """DPP QR Code and authentication exchange (mutual, autogen BP-384)"""
373 run_dpp_qr_code_auth_mutual(dev
, apdev
, "BP-384")
375 def test_dpp_qr_code_auth_mutual_bp_512(dev
, apdev
):
376 """DPP QR Code and authentication exchange (mutual, autogen BP-512)"""
377 run_dpp_qr_code_auth_mutual(dev
, apdev
, "BP-512")
379 def run_dpp_qr_code_auth_mutual(dev
, apdev
, curve
):
380 check_dpp_capab(dev
[0], curve
and "BP-" in curve
)
381 check_dpp_capab(dev
[1], curve
and "BP-" in curve
)
382 logger
.info("dev0 displays QR Code")
383 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
=curve
)
384 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
385 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
386 dev
[0].dpp_listen(2412, qr
="mutual")
387 dev
[1].dpp_auth_init(uri
=uri0
)
389 ev
= dev
[1].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
391 raise Exception("Pending response not reported")
392 uri
= ev
.split(' ')[1]
394 ev
= dev
[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
396 raise Exception("QR Code scan for mutual authentication not requested")
398 logger
.info("dev0 scans QR Code")
399 dev
[0].dpp_qr_code(uri
)
401 ev
= dev
[1].wait_event(["DPP-AUTH-DIRECTION"], timeout
=5)
403 raise Exception("DPP authentication direction not indicated (Initiator)")
404 if "mutual=1" not in ev
:
405 raise Exception("Mutual authentication not used")
407 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
409 def test_dpp_auth_resp_retries(dev
, apdev
):
410 """DPP Authentication Response retries"""
411 check_dpp_capab(dev
[0])
412 check_dpp_capab(dev
[1])
413 dev
[0].set("dpp_resp_max_tries", "3")
414 dev
[0].set("dpp_resp_retry_time", "100")
416 logger
.info("dev0 displays QR Code")
417 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
418 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
419 logger
.info("dev1 displays QR Code")
420 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
421 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
422 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
423 dev
[0].dpp_listen(2412, qr
="mutual")
424 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
)
426 ev
= dev
[1].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
428 raise Exception("Pending response not reported")
429 ev
= dev
[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
431 raise Exception("QR Code scan for mutual authentication not requested")
433 # Stop Initiator from listening to frames to force retransmission of the
434 # DPP Authentication Response frame with Status=0
435 dev
[1].request("DPP_STOP_LISTEN")
437 dev
[1].dump_monitor()
438 dev
[0].dump_monitor()
440 logger
.info("dev0 scans QR Code")
441 id0b
= dev
[0].dpp_qr_code(uri1b
)
443 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
444 if ev
is None or "type=1" not in ev
:
445 raise Exception("DPP Authentication Response not sent")
446 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=5)
448 raise Exception("TX status for DPP Authentication Response not reported")
449 if "result=no-ACK" not in ev
:
450 raise Exception("Unexpected TX status for Authentication Response: " + ev
)
452 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=15)
453 if ev
is None or "type=1" not in ev
:
454 raise Exception("DPP Authentication Response retransmission not sent")
456 def test_dpp_qr_code_auth_mutual_not_used(dev
, apdev
):
457 """DPP QR Code and authentication exchange (mutual not used)"""
458 check_dpp_capab(dev
[0])
459 check_dpp_capab(dev
[1])
460 logger
.info("dev0 displays QR Code")
461 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
462 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
463 logger
.info("dev1 displays QR Code")
464 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
465 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
466 logger
.info("dev0 does not scan QR Code")
467 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
468 dev
[0].dpp_listen(2412)
469 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
)
471 ev
= dev
[1].wait_event(["DPP-AUTH-DIRECTION"], timeout
=5)
473 raise Exception("DPP authentication direction not indicated (Initiator)")
474 if "mutual=0" not in ev
:
475 raise Exception("Mutual authentication not used")
477 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
479 def test_dpp_qr_code_auth_mutual_curve_mismatch(dev
, apdev
):
480 """DPP QR Code and authentication exchange (mutual/mismatch)"""
481 check_dpp_capab(dev
[0])
482 check_dpp_capab(dev
[1])
483 logger
.info("dev0 displays QR Code")
484 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
485 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
486 logger
.info("dev1 displays QR Code")
487 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
="secp384r1")
488 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
489 logger
.info("dev0 scans QR Code")
490 id0b
= dev
[0].dpp_qr_code(uri1b
)
491 logger
.info("dev1 scans QR Code")
492 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
, expect_fail
=True)
494 def test_dpp_qr_code_auth_hostapd_mutual2(dev
, apdev
):
495 """DPP QR Code and authentication exchange (hostapd mutual2)"""
496 check_dpp_capab(dev
[0])
497 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
498 check_dpp_capab(hapd
)
499 logger
.info("AP displays QR Code")
500 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
501 uri_h
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
502 logger
.info("dev0 displays QR Code")
503 id0b
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
504 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b
)
505 logger
.info("dev0 scans QR Code and initiates DPP Authentication")
506 hapd
.dpp_listen(2412, qr
="mutual")
507 dev
[0].dpp_auth_init(uri
=uri_h
, own
=id0b
)
509 ev
= dev
[0].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
511 raise Exception("Pending response not reported")
512 ev
= hapd
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
514 raise Exception("QR Code scan for mutual authentication not requested")
516 logger
.info("AP scans QR Code")
517 hapd
.dpp_qr_code(uri0
)
519 wait_auth_success(hapd
, dev
[0], stop_responder
=True)
521 def test_dpp_qr_code_listen_continue(dev
, apdev
):
522 """DPP QR Code and listen operation needing continuation"""
523 check_dpp_capab(dev
[0])
524 check_dpp_capab(dev
[1])
525 logger
.info("dev0 displays QR Code")
526 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
527 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
528 dev
[0].dpp_listen(2412)
529 logger
.info("Wait for listen to expire and get restarted")
531 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
532 dev
[1].dpp_auth_init(uri
=uri0
)
533 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
535 def test_dpp_qr_code_auth_initiator_enrollee(dev
, apdev
):
536 """DPP QR Code and authentication exchange (Initiator in Enrollee role)"""
538 run_dpp_qr_code_auth_initiator_enrollee(dev
, apdev
)
540 dev
[0].set("gas_address3", "0")
541 dev
[1].set("gas_address3", "0")
543 def run_dpp_qr_code_auth_initiator_enrollee(dev
, apdev
):
544 check_dpp_capab(dev
[0])
545 check_dpp_capab(dev
[1])
546 dev
[0].request("SET gas_address3 1")
547 dev
[1].request("SET gas_address3 1")
548 logger
.info("dev0 displays QR Code")
549 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
550 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
551 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
552 dev
[0].dpp_listen(2412)
553 dev
[1].dpp_auth_init(uri
=uri0
, role
="enrollee")
554 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[0], enrollee
=dev
[1],
555 allow_enrollee_failure
=True, stop_responder
=True)
557 def test_dpp_qr_code_auth_initiator_either_1(dev
, apdev
):
558 """DPP QR Code and authentication exchange (Initiator in either role)"""
559 run_dpp_qr_code_auth_initiator_either(dev
, apdev
, None, dev
[1], dev
[0])
561 def test_dpp_qr_code_auth_initiator_either_2(dev
, apdev
):
562 """DPP QR Code and authentication exchange (Initiator in either role)"""
563 run_dpp_qr_code_auth_initiator_either(dev
, apdev
, "enrollee",
566 def test_dpp_qr_code_auth_initiator_either_3(dev
, apdev
):
567 """DPP QR Code and authentication exchange (Initiator in either role)"""
568 run_dpp_qr_code_auth_initiator_either(dev
, apdev
, "configurator",
571 def run_dpp_qr_code_auth_initiator_either(dev
, apdev
, resp_role
,
572 conf_dev
, enrollee_dev
):
573 check_dpp_capab(dev
[0])
574 check_dpp_capab(dev
[1])
575 logger
.info("dev0 displays QR Code")
576 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
577 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
578 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
579 dev
[0].dpp_listen(2412, role
=resp_role
)
580 dev
[1].dpp_auth_init(uri
=uri0
, role
="either")
581 wait_auth_success(dev
[0], dev
[1], configurator
=conf_dev
,
582 enrollee
=enrollee_dev
, allow_enrollee_failure
=True,
585 def run_init_incompatible_roles(dev
, role
="enrollee"):
586 check_dpp_capab(dev
[0])
587 check_dpp_capab(dev
[1])
588 logger
.info("dev0 displays QR Code")
589 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
590 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
592 logger
.info("dev1 scans QR Code")
593 id1
= dev
[1].dpp_qr_code(uri0
)
595 logger
.info("dev1 initiates DPP Authentication")
596 dev
[0].dpp_listen(2412, role
=role
)
599 def test_dpp_qr_code_auth_incompatible_roles(dev
, apdev
):
600 """DPP QR Code and authentication exchange (incompatible roles)"""
601 id1
= run_init_incompatible_roles(dev
)
602 dev
[1].dpp_auth_init(peer
=id1
, role
="enrollee")
603 ev
= dev
[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=5)
605 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
606 ev
= dev
[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=1)
608 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
609 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
610 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
612 def test_dpp_qr_code_auth_incompatible_roles2(dev
, apdev
):
613 """DPP QR Code and authentication exchange (incompatible roles 2)"""
614 id1
= run_init_incompatible_roles(dev
, role
="configurator")
615 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
616 ev
= dev
[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=5)
618 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
619 ev
= dev
[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=1)
621 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
623 def test_dpp_qr_code_auth_incompatible_roles_failure(dev
, apdev
):
624 """DPP QR Code and authentication exchange (incompatible roles failure)"""
625 id1
= run_init_incompatible_roles(dev
, role
="configurator")
626 with
alloc_fail(dev
[0], 1, "dpp_auth_build_resp_status"):
627 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
628 ev
= dev
[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=1)
630 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
632 def test_dpp_qr_code_auth_incompatible_roles_failure2(dev
, apdev
):
633 """DPP QR Code and authentication exchange (incompatible roles failure 2)"""
634 id1
= run_init_incompatible_roles(dev
, role
="configurator")
635 with
alloc_fail(dev
[1], 1, "dpp_auth_resp_rx_status"):
636 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
637 wait_fail_trigger(dev
[1], "GET_ALLOC_FAIL")
639 def test_dpp_qr_code_auth_incompatible_roles_failure3(dev
, apdev
):
640 """DPP QR Code and authentication exchange (incompatible roles failure 3)"""
641 id1
= run_init_incompatible_roles(dev
, role
="configurator")
642 with
fail_test(dev
[1], 1, "dpp_auth_resp_rx_status"):
643 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
644 wait_dpp_fail(dev
[1], "AES-SIV decryption failed")
646 def test_dpp_qr_code_auth_neg_chan(dev
, apdev
):
647 """DPP QR Code and authentication exchange with requested different channel"""
648 check_dpp_capab(dev
[0])
649 check_dpp_capab(dev
[1])
650 conf_id
= dev
[1].dpp_configurator_add()
651 logger
.info("dev0 displays QR Code")
652 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
653 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
654 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
655 dev
[0].dpp_listen(2412)
656 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-dpp", neg_freq
=2462,
657 configurator
=conf_id
)
659 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
661 raise Exception("DPP Authentication Request not sent")
662 if "freq=2412 type=0" not in ev
:
663 raise Exception("Unexpected TX data for Authentication Request: " + ev
)
665 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
667 raise Exception("DPP Authentication Request not received")
668 if "freq=2412 type=0" not in ev
:
669 raise Exception("Unexpected RX data for Authentication Request: " + ev
)
671 ev
= dev
[1].wait_event(["DPP-TX-STATUS"], timeout
=5)
673 raise Exception("TX status for DPP Authentication Request not reported")
674 if "freq=2412 result=SUCCESS" not in ev
:
675 raise Exception("Unexpected TX status for Authentication Request: " + ev
)
677 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
679 raise Exception("DPP Authentication Response not sent")
680 if "freq=2462 type=1" not in ev
:
681 raise Exception("Unexpected TX data for Authentication Response: " + ev
)
683 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=5)
685 raise Exception("DPP Authentication Response not received")
686 if "freq=2462 type=1" not in ev
:
687 raise Exception("Unexpected RX data for Authentication Response: " + ev
)
689 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=5)
691 raise Exception("TX status for DPP Authentication Response not reported")
692 if "freq=2462 result=SUCCESS" not in ev
:
693 raise Exception("Unexpected TX status for Authentication Response: " + ev
)
695 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
697 raise Exception("DPP Authentication Confirm not sent")
698 if "freq=2462 type=2" not in ev
:
699 raise Exception("Unexpected TX data for Authentication Confirm: " + ev
)
701 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
703 raise Exception("DPP Authentication Confirm not received")
704 if "freq=2462 type=2" not in ev
:
705 raise Exception("Unexpected RX data for Authentication Confirm: " + ev
)
707 ev
= dev
[1].wait_event(["DPP-TX-STATUS"], timeout
=5)
709 raise Exception("TX status for DPP Authentication Confirm not reported")
710 if "freq=2462 result=SUCCESS" not in ev
:
711 raise Exception("Unexpected TX status for Authentication Confirm: " + ev
)
713 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
716 def test_dpp_config_legacy(dev
, apdev
):
717 """DPP Config Object for legacy network using passphrase"""
718 check_dpp_capab(dev
[1])
719 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
720 dev
[1].set("dpp_config_obj_override", conf
)
721 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
722 require_conf_success
=True)
724 def test_dpp_config_legacy_psk_hex(dev
, apdev
):
725 """DPP Config Object for legacy network using PSK"""
726 check_dpp_capab(dev
[1])
727 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"' + 32*"12" + '"}}'
728 dev
[1].set("dpp_config_obj_override", conf
)
729 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
730 require_conf_success
=True)
732 def test_dpp_config_fragmentation(dev
, apdev
):
733 """DPP Config Object for legacy network requiring fragmentation"""
734 check_dpp_capab(dev
[1])
735 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
736 dev
[1].set("dpp_config_obj_override", conf
)
737 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
738 require_conf_success
=True)
740 def test_dpp_config_legacy_gen(dev
, apdev
):
741 """Generate DPP Config Object for legacy network"""
742 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
743 init_extra
="conf=sta-psk pass=%s" % binascii
.hexlify(b
"passphrase").decode(),
744 require_conf_success
=True)
746 def test_dpp_config_legacy_gen_psk(dev
, apdev
):
747 """Generate DPP Config Object for legacy network (PSK)"""
748 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
749 init_extra
="conf=sta-psk psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
750 require_conf_success
=True)
752 def test_dpp_config_dpp_gen_prime256v1(dev
, apdev
):
753 """Generate DPP Config Object for DPP network (P-256)"""
754 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
755 init_extra
="conf=sta-dpp",
756 require_conf_success
=True,
759 def test_dpp_config_dpp_gen_secp384r1(dev
, apdev
):
760 """Generate DPP Config Object for DPP network (P-384)"""
761 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
762 init_extra
="conf=sta-dpp",
763 require_conf_success
=True,
766 def test_dpp_config_dpp_gen_secp521r1(dev
, apdev
):
767 """Generate DPP Config Object for DPP network (P-521)"""
768 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
769 init_extra
="conf=sta-dpp",
770 require_conf_success
=True,
773 def test_dpp_config_dpp_gen_prime256v1_prime256v1(dev
, apdev
):
774 """Generate DPP Config Object for DPP network (P-256 + P-256)"""
775 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
776 init_extra
="conf=sta-dpp",
777 require_conf_success
=True,
779 conf_curve
="prime256v1")
781 def test_dpp_config_dpp_gen_prime256v1_secp384r1(dev
, apdev
):
782 """Generate DPP Config Object for DPP network (P-256 + P-384)"""
783 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
784 init_extra
="conf=sta-dpp",
785 require_conf_success
=True,
787 conf_curve
="secp384r1")
789 def test_dpp_config_dpp_gen_prime256v1_secp521r1(dev
, apdev
):
790 """Generate DPP Config Object for DPP network (P-256 + P-521)"""
791 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
792 init_extra
="conf=sta-dpp",
793 require_conf_success
=True,
795 conf_curve
="secp521r1")
797 def test_dpp_config_dpp_gen_secp384r1_prime256v1(dev
, apdev
):
798 """Generate DPP Config Object for DPP network (P-384 + P-256)"""
799 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
800 init_extra
="conf=sta-dpp",
801 require_conf_success
=True,
803 conf_curve
="prime256v1")
805 def test_dpp_config_dpp_gen_secp384r1_secp384r1(dev
, apdev
):
806 """Generate DPP Config Object for DPP network (P-384 + P-384)"""
807 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
808 init_extra
="conf=sta-dpp",
809 require_conf_success
=True,
811 conf_curve
="secp384r1")
813 def test_dpp_config_dpp_gen_secp384r1_secp521r1(dev
, apdev
):
814 """Generate DPP Config Object for DPP network (P-384 + P-521)"""
815 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
816 init_extra
="conf=sta-dpp",
817 require_conf_success
=True,
819 conf_curve
="secp521r1")
821 def test_dpp_config_dpp_gen_secp521r1_prime256v1(dev
, apdev
):
822 """Generate DPP Config Object for DPP network (P-521 + P-256)"""
823 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
824 init_extra
="conf=sta-dpp",
825 require_conf_success
=True,
827 conf_curve
="prime256v1")
829 def test_dpp_config_dpp_gen_secp521r1_secp384r1(dev
, apdev
):
830 """Generate DPP Config Object for DPP network (P-521 + P-384)"""
831 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
832 init_extra
="conf=sta-dpp",
833 require_conf_success
=True,
835 conf_curve
="secp384r1")
837 def test_dpp_config_dpp_gen_secp521r1_secp521r1(dev
, apdev
):
838 """Generate DPP Config Object for DPP network (P-521 + P-521)"""
839 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
840 init_extra
="conf=sta-dpp",
841 require_conf_success
=True,
843 conf_curve
="secp521r1")
845 def test_dpp_config_dpp_gen_expiry(dev
, apdev
):
846 """Generate DPP Config Object for DPP network with expiry value"""
847 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
848 init_extra
="conf=sta-dpp expiry=%d" % (time
.time() + 1000),
849 require_conf_success
=True,
852 def test_dpp_config_dpp_gen_expired_key(dev
, apdev
):
853 """Generate DPP Config Object for DPP network with expiry value"""
854 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
855 init_extra
="conf=sta-dpp expiry=%d" % (time
.time() - 10),
856 require_conf_failure
=True,
859 def test_dpp_config_dpp_override_prime256v1(dev
, apdev
):
860 """DPP Config Object override (P-256)"""
861 check_dpp_capab(dev
[0])
862 check_dpp_capab(dev
[1])
863 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}'
864 dev
[0].set("dpp_ignore_netaccesskey_mismatch", "1")
865 dev
[1].set("dpp_config_obj_override", conf
)
866 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
867 require_conf_success
=True)
869 def test_dpp_config_dpp_override_secp384r1(dev
, apdev
):
870 """DPP Config Object override (P-384)"""
871 check_dpp_capab(dev
[0])
872 check_dpp_capab(dev
[1])
873 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJabi1iMndjbjRLM2pGQklkYmhGZkpVTHJTXzdESS0yMWxFQi02R3gxNjl3IiwiYWxnIjoiRVMzODQifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0zODQiLCJ4IjoickdrSGg1UUZsOUtfWjdqYUZkVVhmbThoY1RTRjM1b25Xb1NIRXVsbVNzWW9oX1RXZGpoRjhiVGdiS0ZRN2tBViIsInkiOiJBbU1QVDA5VmFENWpGdzMwTUFKQlp2VkZXeGNlVVlKLXR5blQ0bVJ5N0xOZWxhZ0dEWHpfOExaRlpOU2FaNUdLIn19.Yn_F7m-bbOQ5PlaYQJ9-1qsuqYQ6V-rAv8nWw1COKiCYwwbt3WFBJ8DljY0dPrlg5CHJC4saXwkytpI-CpELW1yUdzYb4Lrun07d20Eo_g10ICyOl5sqQCAUElKMe_Xr","csign":{"kty":"EC","crv":"P-384","x":"dmTyXXiPV2Y8a01fujL-jo08gvzyby23XmzOtzjAiujKQZZgPJsbhfEKrZDlc6ey","y":"H5Z0av5c7bqInxYb2_OOJdNiMhVf3zlcULR0516ZZitOY4U31KhL4wl4KGV7g2XW","kid":"Zn-b2wcn4K3jFBIdbhFfJULrS_7DI-21lEB-6Gx169w"}}}'
874 dev
[0].set("dpp_ignore_netaccesskey_mismatch", "1")
875 dev
[1].set("dpp_config_obj_override", conf
)
876 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
877 require_conf_success
=True)
879 def test_dpp_config_dpp_override_secp521r1(dev
, apdev
):
880 """DPP Config Object override (P-521)"""
881 check_dpp_capab(dev
[0])
882 check_dpp_capab(dev
[1])
883 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJMZkhKY3hnV2ZKcG1uS2IwenZRT0F2VDB2b0ZKc0JjZnBmYzgxY3Y5ZXFnIiwiYWxnIjoiRVM1MTIifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC01MjEiLCJ4IjoiQVJlUFBrMFNISkRRR2NWbnlmM3lfbTlaQllHNjFJeElIbDN1NkdwRHVhMkU1WVd4TE1BSUtMMnZuUGtlSGFVRXljRmZaZlpYZ2JlNkViUUxMVkRVUm1VUSIsInkiOiJBWUtaYlNwUkFFNjJVYm9YZ2c1ZWRBVENzbEpzTlpwcm9RR1dUcW9Md04weXkzQkVoT3ZRZmZrOWhaR2lKZ295TzFobXFRRVRrS0pXb2tIYTBCQUpLSGZtIn19.ACEZLyPk13cM_OFScpLoCElQ2t1sxq5z2d_W_3_QslTQQe5SFiH_o8ycL4632YLAH4RV0gZcMKKRMtZdHgBYHjkzASDqgY-_aYN2SBmpfl8hw0YdDlUJWX3DJf-ofqNAlTbnGmhpSg69cEAhFn41Xgvx2MdwYcPVncxxESVOtWl5zNLK","csign":{"kty":"EC","crv":"P-521","x":"ADiOI_YJOAipEXHB-SpGl4KqokX8m8h3BVYCc8dgiwssZ061-nIIY3O1SIO6Re4Jjfy53RPgzDG6jitOgOGLtzZs","y":"AZKggKaQi0ExutSpJAU3-lqDV03sBQLA9C7KabfWoAn8qD6Vk4jU0WAJdt-wBBTF9o1nVuiqS2OxMVYrxN4lOz79","kid":"LfHJcxgWfJpmnKb0zvQOAvT0voFJsBcfpfc81cv9eqg"}}}'
884 dev
[0].set("dpp_ignore_netaccesskey_mismatch", "1")
885 dev
[1].set("dpp_config_obj_override", conf
)
886 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
887 require_conf_success
=True)
889 def test_dpp_config_override_objects(dev
, apdev
):
890 """Generate DPP Config Object and override objects)"""
891 check_dpp_capab(dev
[1])
892 discovery
= '{\n"ssid":"mywifi"\n}'
893 groups
= '[\n {"groupId":"home","netRole":"sta"},\n {"groupId":"cottage","netRole":"sta"}\n]'
894 dev
[1].set("dpp_discovery_override", discovery
)
895 dev
[1].set("dpp_groups_override", groups
)
896 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
897 init_extra
="conf=sta-dpp",
898 require_conf_success
=True,
901 def build_conf_obj(kty
="EC", crv
="P-256",
902 x
="W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s",
903 y
="Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE",
904 kid
="TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU",
905 prot_hdr
='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}',
906 signed_connector
=None,
907 no_signed_connector
=False,
909 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{'
910 conf
+= '"akm":"dpp",'
913 conn
= signed_connector
914 conf
+= '"signedConnector":"%s",' % conn
915 elif not no_signed_connector
:
916 payload
= '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
917 sign
= "_sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A"
918 conn
= base64
.urlsafe_b64encode(prot_hdr
.encode()).decode().rstrip('=') + '.'
919 conn
+= base64
.urlsafe_b64encode(payload
.encode()).decode().rstrip('=') + '.'
921 conf
+= '"signedConnector":"%s",' % conn
926 conf
+= '"kty":"%s",' % kty
928 conf
+= '"crv":"%s",' % crv
930 conf
+= '"x":"%s",' % x
932 conf
+= '"y":"%s",' % y
934 conf
+= '"kid":"%s"' % kid
935 conf
= conf
.rstrip(',')
938 conf
= conf
.rstrip(',')
944 def run_dpp_config_error(dev
, apdev
, conf
,
945 skip_net_access_key_mismatch
=True,
947 check_dpp_capab(dev
[0])
948 check_dpp_capab(dev
[1])
949 if skip_net_access_key_mismatch
:
950 dev
[0].set("dpp_ignore_netaccesskey_mismatch", "1")
951 dev
[1].set("dpp_config_obj_override", conf
)
952 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
953 require_conf_success
=not conf_failure
,
954 require_conf_failure
=conf_failure
)
956 def test_dpp_config_jwk_error_no_kty(dev
, apdev
):
957 """DPP Config Object JWK error - no kty"""
958 run_dpp_config_error(dev
, apdev
, build_conf_obj(kty
=None))
960 def test_dpp_config_jwk_error_unexpected_kty(dev
, apdev
):
961 """DPP Config Object JWK error - unexpected kty"""
962 run_dpp_config_error(dev
, apdev
, build_conf_obj(kty
="unknown"))
964 def test_dpp_config_jwk_error_no_crv(dev
, apdev
):
965 """DPP Config Object JWK error - no crv"""
966 run_dpp_config_error(dev
, apdev
, build_conf_obj(crv
=None))
968 def test_dpp_config_jwk_error_unsupported_crv(dev
, apdev
):
969 """DPP Config Object JWK error - unsupported curve"""
970 run_dpp_config_error(dev
, apdev
, build_conf_obj(crv
="unsupported"))
972 def test_dpp_config_jwk_error_no_x(dev
, apdev
):
973 """DPP Config Object JWK error - no x"""
974 run_dpp_config_error(dev
, apdev
, build_conf_obj(x
=None))
976 def test_dpp_config_jwk_error_invalid_x(dev
, apdev
):
977 """DPP Config Object JWK error - invalid x"""
978 run_dpp_config_error(dev
, apdev
, build_conf_obj(x
="MTIz"))
980 def test_dpp_config_jwk_error_no_y(dev
, apdev
):
981 """DPP Config Object JWK error - no y"""
982 run_dpp_config_error(dev
, apdev
, build_conf_obj(y
=None))
984 def test_dpp_config_jwk_error_invalid_y(dev
, apdev
):
985 """DPP Config Object JWK error - invalid y"""
986 run_dpp_config_error(dev
, apdev
, build_conf_obj(y
="MTIz"))
988 def test_dpp_config_jwk_error_invalid_xy(dev
, apdev
):
989 """DPP Config Object JWK error - invalid x,y"""
990 conf
= build_conf_obj(x
="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY",
991 y
="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY")
992 run_dpp_config_error(dev
, apdev
, conf
)
994 def test_dpp_config_jwk_error_no_kid(dev
, apdev
):
995 """DPP Config Object JWK error - no kid"""
996 # csign kid is optional field, so this results in success
997 run_dpp_config_error(dev
, apdev
, build_conf_obj(kid
=None),
1000 def test_dpp_config_jws_error_prot_hdr_not_an_object(dev
, apdev
):
1001 """DPP Config Object JWS error - protected header not an object"""
1002 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
="1"))
1004 def test_dpp_config_jws_error_prot_hdr_no_typ(dev
, apdev
):
1005 """DPP Config Object JWS error - protected header - no typ"""
1006 prot_hdr
= '{"kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1007 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1009 def test_dpp_config_jws_error_prot_hdr_unsupported_typ(dev
, apdev
):
1010 """DPP Config Object JWS error - protected header - unsupported typ"""
1011 prot_hdr
= '{"typ":"unsupported","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1012 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1014 def test_dpp_config_jws_error_prot_hdr_no_alg(dev
, apdev
):
1015 """DPP Config Object JWS error - protected header - no alg"""
1016 prot_hdr
= '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}'
1017 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1019 def test_dpp_config_jws_error_prot_hdr_unexpected_alg(dev
, apdev
):
1020 """DPP Config Object JWS error - protected header - unexpected alg"""
1021 prot_hdr
= '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"unexpected"}'
1022 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1024 def test_dpp_config_jws_error_prot_hdr_no_kid(dev
, apdev
):
1025 """DPP Config Object JWS error - protected header - no kid"""
1026 prot_hdr
= '{"typ":"dppCon","alg":"ES256"}'
1027 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1029 def test_dpp_config_jws_error_prot_hdr_unexpected_kid(dev
, apdev
):
1030 """DPP Config Object JWS error - protected header - unexpected kid"""
1031 prot_hdr
= '{"typ":"dppCon","kid":"MTIz","alg":"ES256"}'
1032 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1034 def test_dpp_config_signed_connector_error_no_dot_1(dev
, apdev
):
1035 """DPP Config Object signedConnector error - no dot(1)"""
1037 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
=conn
))
1039 def test_dpp_config_signed_connector_error_no_dot_2(dev
, apdev
):
1040 """DPP Config Object signedConnector error - no dot(2)"""
1041 conn
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz"
1042 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
=conn
))
1044 def test_dpp_config_signed_connector_error_unexpected_signature_len(dev
, apdev
):
1045 """DPP Config Object signedConnector error - unexpected signature length"""
1046 conn
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTIz"
1047 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
=conn
))
1049 def test_dpp_config_signed_connector_error_invalid_signature_der(dev
, apdev
):
1050 """DPP Config Object signedConnector error - invalid signature DER"""
1051 conn
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTI"
1052 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
=conn
))
1054 def test_dpp_config_no_csign(dev
, apdev
):
1055 """DPP Config Object error - no csign"""
1056 run_dpp_config_error(dev
, apdev
, build_conf_obj(csign
=False))
1058 def test_dpp_config_no_signed_connector(dev
, apdev
):
1059 """DPP Config Object error - no signedConnector"""
1060 run_dpp_config_error(dev
, apdev
, build_conf_obj(no_signed_connector
=True))
1062 def test_dpp_config_unexpected_signed_connector_char(dev
, apdev
):
1063 """DPP Config Object error - unexpected signedConnector character"""
1064 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
='a\nb'))
1066 def test_dpp_config_root_not_an_object(dev
, apdev
):
1067 """DPP Config Object error - root not an object"""
1069 run_dpp_config_error(dev
, apdev
, conf
)
1071 def test_dpp_config_no_wi_fi_tech(dev
, apdev
):
1072 """DPP Config Object error - no wi-fi_tech"""
1074 run_dpp_config_error(dev
, apdev
, conf
)
1076 def test_dpp_config_unsupported_wi_fi_tech(dev
, apdev
):
1077 """DPP Config Object error - unsupported wi-fi_tech"""
1078 conf
= '{"wi-fi_tech":"unsupported"}'
1079 run_dpp_config_error(dev
, apdev
, conf
)
1081 def test_dpp_config_no_discovery(dev
, apdev
):
1082 """DPP Config Object error - no discovery"""
1083 conf
= '{"wi-fi_tech":"infra"}'
1084 run_dpp_config_error(dev
, apdev
, conf
)
1086 def test_dpp_config_no_discovery_ssid(dev
, apdev
):
1087 """DPP Config Object error - no discovery::ssid"""
1088 conf
= '{"wi-fi_tech":"infra","discovery":{}}'
1089 run_dpp_config_error(dev
, apdev
, conf
)
1091 def test_dpp_config_too_long_discovery_ssid(dev
, apdev
):
1092 """DPP Config Object error - too long discovery::ssid"""
1093 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"%s"}}' % (33*'A')
1094 run_dpp_config_error(dev
, apdev
, conf
)
1096 def test_dpp_config_no_cred(dev
, apdev
):
1097 """DPP Config Object error - no cred"""
1098 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"}}'
1099 run_dpp_config_error(dev
, apdev
, conf
)
1101 def test_dpp_config_no_cred_akm(dev
, apdev
):
1102 """DPP Config Object error - no cred::akm"""
1103 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{}}'
1104 run_dpp_config_error(dev
, apdev
, conf
)
1106 def test_dpp_config_unsupported_cred_akm(dev
, apdev
):
1107 """DPP Config Object error - unsupported cred::akm"""
1108 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"unsupported"}}'
1109 run_dpp_config_error(dev
, apdev
, conf
)
1111 def test_dpp_config_error_legacy_no_pass(dev
, apdev
):
1112 """DPP Config Object legacy error - no pass/psk"""
1113 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk"}}'
1114 run_dpp_config_error(dev
, apdev
, conf
)
1116 def test_dpp_config_error_legacy_too_short_pass(dev
, apdev
):
1117 """DPP Config Object legacy error - too short pass/psk"""
1118 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"1"}}'
1119 run_dpp_config_error(dev
, apdev
, conf
)
1121 def test_dpp_config_error_legacy_too_long_pass(dev
, apdev
):
1122 """DPP Config Object legacy error - too long pass/psk"""
1123 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"%s"}}' % (64*'A')
1124 run_dpp_config_error(dev
, apdev
, conf
)
1126 def test_dpp_config_error_legacy_psk_with_sae(dev
, apdev
):
1127 """DPP Config Object legacy error - psk_hex with SAE"""
1128 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"sae","psk_hex":"%s"}}' % (32*"12")
1129 run_dpp_config_error(dev
, apdev
, conf
)
1131 def test_dpp_config_error_legacy_no_pass_for_sae(dev
, apdev
):
1132 """DPP Config Object legacy error - no pass for SAE"""
1133 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk+sae","psk_hex":"%s"}}' % (32*"12")
1134 run_dpp_config_error(dev
, apdev
, conf
)
1136 def test_dpp_config_error_legacy_invalid_psk(dev
, apdev
):
1137 """DPP Config Object legacy error - invalid psk_hex"""
1138 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (32*"qa")
1139 run_dpp_config_error(dev
, apdev
, conf
)
1141 def test_dpp_config_error_legacy_too_short_psk(dev
, apdev
):
1142 """DPP Config Object legacy error - too short psk_hex"""
1143 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (31*"12")
1144 run_dpp_config_error(dev
, apdev
, conf
)
1146 def get_der_int_32(val
):
1147 a
, b
= struct
.unpack('BB', val
[0:2])
1149 raise Exception("Invalid DER encoding of INTEGER")
1150 if b
> len(val
) - 2:
1151 raise Exception("Invalid length of INTEGER (truncated)")
1157 raise Exception("Too large INTEGER (32)")
1160 r
= (32 - b
) * b
'\x00' + val
[0:b
]
1162 raise Exception("Invalid length of INTEGER (32): %d" % b
)
1165 def ecdsa_sign(pkey
, message
, alg
="sha256"):
1166 sign
= OpenSSL
.crypto
.sign(pkey
, message
, alg
)
1167 logger
.debug("sign=" + binascii
.hexlify(sign
).decode())
1168 a
, b
= struct
.unpack('BB', sign
[0:2])
1170 raise Exception("Invalid DER encoding of ECDSA signature")
1171 if b
!= len(sign
) - 2:
1172 raise Exception("Invalid length of ECDSA signature")
1175 r
, sign
= get_der_int_32(sign
)
1176 s
, sign
= get_der_int_32(sign
)
1178 raise Exception("Extra data at the end of ECDSA signature")
1180 logger
.info("r=" + binascii
.hexlify(r
).decode())
1181 logger
.info("s=" + binascii
.hexlify(s
).decode())
1183 return base64
.urlsafe_b64encode(raw_sign
).decode().rstrip('=')
1185 p256_priv_key
= """-----BEGIN EC PRIVATE KEY-----
1186 MHcCAQEEIBVQij9ah629f1pu3tarDQGQvrzHgAkgYd1jHGiLxNajoAoGCCqGSM49
1187 AwEHoUQDQgAEAC9d2/JirKu72F2qLuv5jEFMD1Cqu9EiyGk7cOzn/2DJ51p2mEoW
1188 n03N6XRvTC+G7WPol9Ng97NAM2sK57+F/Q==
1189 -----END EC PRIVATE KEY-----"""
1190 p256_pub_key_x
= binascii
.unhexlify("002f5ddbf262acabbbd85daa2eebf98c414c0f50aabbd122c8693b70ece7ff60")
1191 p256_pub_key_y
= binascii
.unhexlify("c9e75a76984a169f4dcde9746f4c2f86ed63e897d360f7b340336b0ae7bf85fd")
1193 def run_dpp_config_connector(dev
, apdev
, expiry
=None, payload
=None,
1194 skip_net_access_key_mismatch
=True,
1196 if not openssl_imported
:
1197 raise HwsimSkip("OpenSSL python method not available")
1198 pkey
= OpenSSL
.crypto
.load_privatekey(OpenSSL
.crypto
.FILETYPE_PEM
,
1200 x
= base64
.urlsafe_b64encode(p256_pub_key_x
).decode().rstrip('=')
1201 y
= base64
.urlsafe_b64encode(p256_pub_key_y
).decode().rstrip('=')
1203 pubkey
= b
'\x04' + p256_pub_key_x
+ p256_pub_key_y
1204 kid
= base64
.urlsafe_b64encode(hashlib
.sha256(pubkey
).digest()).decode().rstrip('=')
1206 prot_hdr
= '{"typ":"dppCon","kid":"%s","alg":"ES256"}' % kid
1209 payload
= '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}'
1211 payload
+= ',"expiry":"%s"' % expiry
1213 conn
= base64
.urlsafe_b64encode(prot_hdr
.encode()).decode().rstrip('=') + '.'
1214 conn
+= base64
.urlsafe_b64encode(payload
.encode()).decode().rstrip('=')
1215 sign
= ecdsa_sign(pkey
, conn
)
1217 run_dpp_config_error(dev
, apdev
,
1218 build_conf_obj(x
=x
, y
=y
, signed_connector
=conn
),
1219 skip_net_access_key_mismatch
=skip_net_access_key_mismatch
,
1220 conf_failure
=conf_failure
)
1222 def test_dpp_config_connector_error_ext_sign(dev
, apdev
):
1223 """DPP Config Object connector error - external signature calculation"""
1224 run_dpp_config_connector(dev
, apdev
, conf_failure
=False)
1226 def test_dpp_config_connector_error_too_short_timestamp(dev
, apdev
):
1227 """DPP Config Object connector error - too short timestamp"""
1228 run_dpp_config_connector(dev
, apdev
, expiry
="1")
1230 def test_dpp_config_connector_error_invalid_timestamp(dev
, apdev
):
1231 """DPP Config Object connector error - invalid timestamp"""
1232 run_dpp_config_connector(dev
, apdev
, expiry
=19*"1")
1234 def test_dpp_config_connector_error_invalid_timestamp_date(dev
, apdev
):
1235 """DPP Config Object connector error - invalid timestamp date"""
1236 run_dpp_config_connector(dev
, apdev
, expiry
="9999-99-99T99:99:99Z")
1238 def test_dpp_config_connector_error_invalid_time_zone(dev
, apdev
):
1239 """DPP Config Object connector error - invalid time zone"""
1240 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00*")
1242 def test_dpp_config_connector_error_invalid_time_zone_2(dev
, apdev
):
1243 """DPP Config Object connector error - invalid time zone 2"""
1244 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00+")
1246 def test_dpp_config_connector_error_expired_1(dev
, apdev
):
1247 """DPP Config Object connector error - expired 1"""
1248 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00")
1250 def test_dpp_config_connector_error_expired_2(dev
, apdev
):
1251 """DPP Config Object connector error - expired 2"""
1252 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00Z")
1254 def test_dpp_config_connector_error_expired_3(dev
, apdev
):
1255 """DPP Config Object connector error - expired 3"""
1256 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00+01")
1258 def test_dpp_config_connector_error_expired_4(dev
, apdev
):
1259 """DPP Config Object connector error - expired 4"""
1260 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00+01:02")
1262 def test_dpp_config_connector_error_expired_5(dev
, apdev
):
1263 """DPP Config Object connector error - expired 5"""
1264 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00-01")
1266 def test_dpp_config_connector_error_expired_6(dev
, apdev
):
1267 """DPP Config Object connector error - expired 6"""
1268 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00-01:02")
1270 def test_dpp_config_connector_error_no_groups(dev
, apdev
):
1271 """DPP Config Object connector error - no groups"""
1272 payload
= '{"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1273 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1275 def test_dpp_config_connector_error_empty_groups(dev
, apdev
):
1276 """DPP Config Object connector error - empty groups"""
1277 payload
= '{"groups":[],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1278 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1280 def test_dpp_config_connector_error_missing_group_id(dev
, apdev
):
1281 """DPP Config Object connector error - missing groupId"""
1282 payload
= '{"groups":[{"netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1283 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1285 def test_dpp_config_connector_error_missing_net_role(dev
, apdev
):
1286 """DPP Config Object connector error - missing netRole"""
1287 payload
= '{"groups":[{"groupId":"*"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1288 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1290 def test_dpp_config_connector_error_missing_net_access_key(dev
, apdev
):
1291 """DPP Config Object connector error - missing netAccessKey"""
1292 payload
= '{"groups":[{"groupId":"*","netRole":"sta"}]}'
1293 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1295 def test_dpp_config_connector_error_net_access_key_mismatch(dev
, apdev
):
1296 """DPP Config Object connector error - netAccessKey mismatch"""
1297 payload
= '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1298 run_dpp_config_connector(dev
, apdev
, payload
=payload
,
1299 skip_net_access_key_mismatch
=False)
1301 def test_dpp_gas_timeout(dev
, apdev
):
1302 """DPP and GAS server timeout for a query"""
1303 check_dpp_capab(dev
[0])
1304 check_dpp_capab(dev
[1])
1305 logger
.info("dev0 displays QR Code")
1306 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1307 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1309 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
1310 dev
[0].set("ext_mgmt_frame_handling", "1")
1311 dev
[0].dpp_listen(2412)
1313 # Force GAS fragmentation
1314 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
1315 dev
[1].set("dpp_config_obj_override", conf
)
1317 dev
[1].dpp_auth_init(uri
=uri0
)
1319 # DPP Authentication Request
1320 msg
= dev
[0].mgmt_rx()
1321 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1322 msg
['freq'], msg
['datarate'], msg
['ssi_signal'], binascii
.hexlify(msg
['frame']).decode())):
1323 raise Exception("MGMT_RX_PROCESS failed")
1325 # DPP Authentication Confirmation
1326 msg
= dev
[0].mgmt_rx()
1327 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1328 msg
['freq'], msg
['datarate'], msg
['ssi_signal'], binascii
.hexlify(msg
['frame']).decode())):
1329 raise Exception("MGMT_RX_PROCESS failed")
1331 wait_auth_success(dev
[0], dev
[1])
1333 # DPP Configuration Response (GAS Initial Response frame)
1334 msg
= dev
[0].mgmt_rx()
1335 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1336 msg
['freq'], msg
['datarate'], msg
['ssi_signal'], binascii
.hexlify(msg
['frame']).decode())):
1337 raise Exception("MGMT_RX_PROCESS failed")
1339 # GAS Comeback Response frame
1340 msg
= dev
[0].mgmt_rx()
1341 # Do not continue to force timeout on GAS server
1343 ev
= dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=10)
1345 raise Exception("GAS result not reported (Enrollee)")
1346 if "result=TIMEOUT" not in ev
:
1347 raise Exception("Unexpected GAS result (Enrollee): " + ev
)
1348 dev
[0].set("ext_mgmt_frame_handling", "0")
1350 ev
= dev
[1].wait_event(["DPP-CONF-FAILED"], timeout
=15)
1352 raise Exception("DPP configuration failure not reported (Configurator)")
1354 ev
= dev
[0].wait_event(["DPP-CONF-FAILED"], timeout
=1)
1356 raise Exception("DPP configuration failure not reported (Enrollee)")
1358 def test_dpp_akm_sha256(dev
, apdev
):
1359 """DPP AKM (SHA256)"""
1360 run_dpp_akm(dev
, apdev
, 32)
1362 def test_dpp_akm_sha384(dev
, apdev
):
1363 """DPP AKM (SHA384)"""
1364 run_dpp_akm(dev
, apdev
, 48)
1366 def test_dpp_akm_sha512(dev
, apdev
):
1367 """DPP AKM (SHA512)"""
1368 run_dpp_akm(dev
, apdev
, 64)
1370 def run_dpp_akm(dev
, apdev
, pmk_len
):
1371 check_dpp_capab(dev
[0])
1372 check_dpp_capab(dev
[1])
1373 params
= {"ssid": "dpp",
1375 "wpa_key_mgmt": "DPP",
1376 "rsn_pairwise": "CCMP",
1379 hapd
= hostapd
.add_ap(apdev
[0], params
)
1381 raise HwsimSkip("DPP not supported")
1383 id = dev
[0].connect("dpp", key_mgmt
="DPP", ieee80211w
="2", scan_freq
="2412",
1385 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=2)
1387 raise Exception("Network mismatch not reported")
1388 dev
[0].request("DISCONNECT")
1389 dev
[0].dump_monitor()
1391 bssid
= hapd
.own_addr()
1395 cmd
= "PMKSA_ADD %d %s %s %s 30240 43200 %d 0" % (id, bssid
, pmkid
, pmk
, akmp
)
1396 if "OK" not in dev
[0].request(cmd
):
1397 raise Exception("PMKSA_ADD failed (wpa_supplicant)")
1398 dev
[0].select_network(id, freq
="2412")
1399 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=2)
1400 dev
[0].request("DISCONNECT")
1401 dev
[0].dump_monitor()
1403 raise Exception("Association attempt was not rejected")
1404 if "status_code=53" not in ev
:
1405 raise Exception("Unexpected status code: " + ev
)
1407 addr
= dev
[0].own_addr()
1408 cmd
= "PMKSA_ADD %s %s %s 0 %d" % (addr
, pmkid
, pmk
, akmp
)
1409 if "OK" not in hapd
.request(cmd
):
1410 raise Exception("PMKSA_ADD failed (hostapd)")
1412 dev
[0].select_network(id, freq
="2412")
1413 dev
[0].wait_connected()
1414 val
= dev
[0].get_status_field("key_mgmt")
1416 raise Exception("Unexpected key_mgmt: " + val
)
1418 params1_csign
= "3059301306072a8648ce3d020106082a8648ce3d03010703420004d02e5bd81a120762b5f0f2994777f5d40297238a6c294fd575cdf35fabec44c050a6421c401d98d659fd2ed13c961cc8287944dd3202f516977800d3ab2f39ee"
1419 params1_ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwOHF4TlNYRzRWemdCV3BjVUdNSmc1czNvbElOVFJsRVQ1aERpNkRKY3ZjIiwieSI6IlVhaGFYQXpKRVpRQk1YaHRUQnlZZVlrOWtJYjk5UDA3UV9NcW9TVVZTVEkifX0.a5_nfMVr7Qe1SW0ZL3u6oQRm5NUCYUSfixDAJOUFN3XUfECBZ6E8fm8xjeSfdOytgRidTz0CTlIRjzPQo82dmQ"
1420 params1_ap_netaccesskey
= "30770201010420f6531d17f29dfab655b7c9e923478d5a345164c489aadd44a3519c3e9dcc792da00a06082a8648ce3d030107a14403420004d3cab13525c6e15ce0056a5c506309839b37a2520d4d19444f98438ba0c972f751a85a5c0cc911940131786d4c1c9879893d9086fdf4fd3b43f32aa125154932"
1421 params1_sta_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiZWMzR3NqQ3lQMzVBUUZOQUJJdEltQnN4WXVyMGJZX1dES1lfSE9zUGdjNCIsInkiOiJTRS1HVllkdWVnTFhLMU1TQXZNMEx2QWdLREpTNWoyQVhCbE9PMTdUSTRBIn19.PDK9zsGlK-e1pEOmNxVeJfCS8pNeay6ckIS1TXCQsR64AR-9wFPCNVjqOxWvVKltehyMFqVAtOcv0IrjtMJFqQ"
1422 params1_sta_netaccesskey
= "30770201010420bc33380c26fd2168b69cd8242ed1df07ba89aa4813f8d4e8523de6ca3f8dd28ba00a06082a8648ce3d030107a1440342000479cdc6b230b23f7e40405340048b48981b3162eaf46d8fd60ca63f1ceb0f81ce484f8655876e7a02d72b531202f3342ef020283252e63d805c194e3b5ed32380"
1424 def test_dpp_network_introduction(dev
, apdev
):
1425 """DPP network introduction"""
1426 check_dpp_capab(dev
[0])
1427 check_dpp_capab(dev
[1])
1429 params
= {"ssid": "dpp",
1431 "wpa_key_mgmt": "DPP",
1433 "rsn_pairwise": "CCMP",
1434 "dpp_connector": params1_ap_connector
,
1435 "dpp_csign": params1_csign
,
1436 "dpp_netaccesskey": params1_ap_netaccesskey
}
1438 hapd
= hostapd
.add_ap(apdev
[0], params
)
1440 raise HwsimSkip("DPP not supported")
1442 id = dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
1444 dpp_csign
=params1_csign
,
1445 dpp_connector
=params1_sta_connector
,
1446 dpp_netaccesskey
=params1_sta_netaccesskey
)
1447 val
= dev
[0].get_status_field("key_mgmt")
1449 raise Exception("Unexpected key_mgmt: " + val
)
1451 def test_dpp_network_introduction_expired(dev
, apdev
):
1452 """DPP network introduction with expired netaccesskey"""
1453 check_dpp_capab(dev
[0])
1454 check_dpp_capab(dev
[1])
1456 params
= {"ssid": "dpp",
1458 "wpa_key_mgmt": "DPP",
1460 "rsn_pairwise": "CCMP",
1461 "dpp_connector": params1_ap_connector
,
1462 "dpp_csign": params1_csign
,
1463 "dpp_netaccesskey": params1_ap_netaccesskey
,
1464 "dpp_netaccesskey_expiry": "1565530889"}
1466 hapd
= hostapd
.add_ap(apdev
[0], params
)
1468 raise HwsimSkip("DPP not supported")
1470 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
1472 dpp_csign
=params1_csign
,
1473 dpp_connector
=params1_sta_connector
,
1474 dpp_netaccesskey
=params1_sta_netaccesskey
,
1476 ev
= hapd
.wait_event(["DPP-RX"], timeout
=10)
1478 raise Exception("No DPP Peer Discovery Request seen")
1479 if "type=5" not in ev
:
1480 raise Exception("Unexpected DPP message received: " + ev
)
1481 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
1482 dev
[0].request("DISCONNECT")
1484 raise Exception("Connection reported")
1487 hapd
.set("dpp_netaccesskey_expiry", "2565530889")
1489 dev
[0].request("RECONNECT")
1490 dev
[0].wait_connected()
1492 def test_dpp_and_sae_akm(dev
, apdev
):
1493 """DPP and SAE AKMs"""
1494 check_dpp_capab(dev
[0])
1495 check_dpp_capab(dev
[1])
1496 if "SAE" not in dev
[1].get_capability("auth_alg"):
1497 raise HwsimSkip("SAE not supported")
1499 params
= {"ssid": "dpp+sae",
1501 "wpa_key_mgmt": "DPP SAE",
1503 "rsn_pairwise": "CCMP",
1504 "sae_password": "sae-password",
1505 "dpp_connector": params1_ap_connector
,
1506 "dpp_csign": params1_csign
,
1507 "dpp_netaccesskey": params1_ap_netaccesskey
}
1509 hapd
= hostapd
.add_ap(apdev
[0], params
)
1511 raise HwsimSkip("DPP not supported")
1513 id = dev
[0].connect("dpp+sae", key_mgmt
="DPP", scan_freq
="2412",
1515 dpp_csign
=params1_csign
,
1516 dpp_connector
=params1_sta_connector
,
1517 dpp_netaccesskey
=params1_sta_netaccesskey
)
1518 val
= dev
[0].get_status_field("key_mgmt")
1520 raise Exception("Unexpected key_mgmt for DPP: " + val
)
1522 dev
[1].request("SET sae_groups ")
1523 id = dev
[1].connect("dpp+sae", key_mgmt
="SAE", scan_freq
="2412",
1524 ieee80211w
="2", psk
="sae-password")
1525 val
= dev
[1].get_status_field("key_mgmt")
1527 raise Exception("Unexpected key_mgmt for SAE: " + val
)
1529 def test_dpp_ap_config(dev
, apdev
):
1530 """DPP and AP configuration"""
1531 run_dpp_ap_config(dev
, apdev
)
1533 def test_dpp_ap_config_p256_p256(dev
, apdev
):
1534 """DPP and AP configuration (P-256 + P-256)"""
1535 run_dpp_ap_config(dev
, apdev
, curve
="P-256", conf_curve
="P-256")
1537 def test_dpp_ap_config_p256_p384(dev
, apdev
):
1538 """DPP and AP configuration (P-256 + P-384)"""
1539 run_dpp_ap_config(dev
, apdev
, curve
="P-256", conf_curve
="P-384")
1541 def test_dpp_ap_config_p256_p521(dev
, apdev
):
1542 """DPP and AP configuration (P-256 + P-521)"""
1543 run_dpp_ap_config(dev
, apdev
, curve
="P-256", conf_curve
="P-521")
1545 def test_dpp_ap_config_p384_p256(dev
, apdev
):
1546 """DPP and AP configuration (P-384 + P-256)"""
1547 run_dpp_ap_config(dev
, apdev
, curve
="P-384", conf_curve
="P-256")
1549 def test_dpp_ap_config_p384_p384(dev
, apdev
):
1550 """DPP and AP configuration (P-384 + P-384)"""
1551 run_dpp_ap_config(dev
, apdev
, curve
="P-384", conf_curve
="P-384")
1553 def test_dpp_ap_config_p384_p521(dev
, apdev
):
1554 """DPP and AP configuration (P-384 + P-521)"""
1555 run_dpp_ap_config(dev
, apdev
, curve
="P-384", conf_curve
="P-521")
1557 def test_dpp_ap_config_p521_p256(dev
, apdev
):
1558 """DPP and AP configuration (P-521 + P-256)"""
1559 run_dpp_ap_config(dev
, apdev
, curve
="P-521", conf_curve
="P-256")
1561 def test_dpp_ap_config_p521_p384(dev
, apdev
):
1562 """DPP and AP configuration (P-521 + P-384)"""
1563 run_dpp_ap_config(dev
, apdev
, curve
="P-521", conf_curve
="P-384")
1565 def test_dpp_ap_config_p521_p521(dev
, apdev
):
1566 """DPP and AP configuration (P-521 + P-521)"""
1567 run_dpp_ap_config(dev
, apdev
, curve
="P-521", conf_curve
="P-521")
1569 def test_dpp_ap_config_bp256_bp256(dev
, apdev
):
1570 """DPP and AP configuration (BP-256 + BP-256)"""
1571 run_dpp_ap_config(dev
, apdev
, curve
="BP-256", conf_curve
="BP-256")
1573 def test_dpp_ap_config_bp384_bp384(dev
, apdev
):
1574 """DPP and AP configuration (BP-384 + BP-384)"""
1575 run_dpp_ap_config(dev
, apdev
, curve
="BP-384", conf_curve
="BP-384")
1577 def test_dpp_ap_config_bp512_bp512(dev
, apdev
):
1578 """DPP and AP configuration (BP-512 + BP-512)"""
1579 run_dpp_ap_config(dev
, apdev
, curve
="BP-512", conf_curve
="BP-512")
1581 def test_dpp_ap_config_p256_bp256(dev
, apdev
):
1582 """DPP and AP configuration (P-256 + BP-256)"""
1583 run_dpp_ap_config(dev
, apdev
, curve
="P-256", conf_curve
="BP-256")
1585 def test_dpp_ap_config_bp256_p256(dev
, apdev
):
1586 """DPP and AP configuration (BP-256 + P-256)"""
1587 run_dpp_ap_config(dev
, apdev
, curve
="BP-256", conf_curve
="P-256")
1589 def test_dpp_ap_config_p521_bp512(dev
, apdev
):
1590 """DPP and AP configuration (P-521 + BP-512)"""
1591 run_dpp_ap_config(dev
, apdev
, curve
="P-521", conf_curve
="BP-512")
1593 def test_dpp_ap_config_bp512_p521(dev
, apdev
):
1594 """DPP and AP configuration (BP-512 + P-521)"""
1595 run_dpp_ap_config(dev
, apdev
, curve
="BP-512", conf_curve
="P-521")
1597 def test_dpp_ap_config_reconfig_configurator(dev
, apdev
):
1598 """DPP and AP configuration with Configurator reconfiguration"""
1599 run_dpp_ap_config(dev
, apdev
, reconf_configurator
=True)
1601 def update_hapd_config(hapd
):
1602 ev
= hapd
.wait_event(["DPP-CONFOBJ-SSID"], timeout
=1)
1604 raise Exception("SSID not reported (AP)")
1605 ssid
= ev
.split(' ')[1]
1607 ev
= hapd
.wait_event(["DPP-CONNECTOR"], timeout
=1)
1609 raise Exception("Connector not reported (AP)")
1610 connector
= ev
.split(' ')[1]
1612 ev
= hapd
.wait_event(["DPP-C-SIGN-KEY"], timeout
=1)
1614 raise Exception("C-sign-key not reported (AP)")
1618 ev
= hapd
.wait_event(["DPP-NET-ACCESS-KEY"], timeout
=1)
1620 raise Exception("netAccessKey not reported (AP)")
1622 net_access_key
= p
[1]
1623 net_access_key_expiry
= p
[2] if len(p
) > 2 else None
1625 logger
.info("Update AP configuration to use key_mgmt=DPP")
1627 hapd
.set("ssid", ssid
)
1628 hapd
.set("utf8_ssid", "1")
1629 hapd
.set("wpa", "2")
1630 hapd
.set("wpa_key_mgmt", "DPP")
1631 hapd
.set("ieee80211w", "2")
1632 hapd
.set("rsn_pairwise", "CCMP")
1633 hapd
.set("dpp_connector", connector
)
1634 hapd
.set("dpp_csign", csign
)
1635 hapd
.set("dpp_netaccesskey", net_access_key
)
1636 if net_access_key_expiry
:
1637 hapd
.set("dpp_netaccesskey_expiry", net_access_key_expiry
)
1640 def run_dpp_ap_config(dev
, apdev
, curve
=None, conf_curve
=None,
1641 reconf_configurator
=False):
1642 check_dpp_capab(dev
[0])
1643 check_dpp_capab(dev
[1])
1644 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
1645 check_dpp_capab(hapd
)
1647 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
=curve
)
1648 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
1650 conf_id
= dev
[0].dpp_configurator_add(curve
=conf_curve
)
1652 if reconf_configurator
:
1653 csign
= dev
[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id
)
1654 if "FAIL" in csign
or len(csign
) == 0:
1655 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
1657 dev
[0].dpp_auth_init(uri
=uri
, conf
="ap-dpp", configurator
=conf_id
)
1658 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
)
1659 update_hapd_config(hapd
)
1661 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
=curve
)
1662 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
1664 if reconf_configurator
:
1665 dev
[0].dpp_configurator_remove(conf_id
)
1666 conf_id
= dev
[0].dpp_configurator_add(curve
=conf_curve
, key
=csign
)
1668 dev
[1].dpp_listen(2412)
1669 dev
[0].dpp_auth_init(uri
=uri1
, conf
="sta-dpp", configurator
=conf_id
)
1670 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[0], enrollee
=dev
[1],
1671 stop_responder
=True)
1673 ev
= dev
[1].wait_event(["DPP-CONFOBJ-SSID"], timeout
=1)
1675 raise Exception("SSID not reported")
1676 ssid
= ev
.split(' ')[1]
1678 ev
= dev
[1].wait_event(["DPP-CONNECTOR"], timeout
=1)
1680 raise Exception("Connector not reported")
1681 connector
= ev
.split(' ')[1]
1683 ev
= dev
[1].wait_event(["DPP-C-SIGN-KEY"], timeout
=1)
1685 raise Exception("C-sign-key not reported")
1689 ev
= dev
[1].wait_event(["DPP-NET-ACCESS-KEY"], timeout
=1)
1691 raise Exception("netAccessKey not reported")
1693 net_access_key
= p
[1]
1694 net_access_key_expiry
= p
[2] if len(p
) > 2 else None
1696 dev
[1].dump_monitor()
1698 id = dev
[1].connect(ssid
, key_mgmt
="DPP", ieee80211w
="2", scan_freq
="2412",
1699 only_add_network
=True)
1700 dev
[1].set_network_quoted(id, "dpp_connector", connector
)
1701 dev
[1].set_network(id, "dpp_csign", csign
)
1702 dev
[1].set_network(id, "dpp_netaccesskey", net_access_key
)
1703 if net_access_key_expiry
:
1704 dev
[1].set_network(id, "dpp_netaccess_expiry", net_access_key_expiry
)
1706 logger
.info("Check data connection")
1707 dev
[1].select_network(id, freq
="2412")
1708 dev
[1].wait_connected()
1710 def test_dpp_auto_connect_1(dev
, apdev
):
1711 """DPP and auto connect (1)"""
1713 run_dpp_auto_connect(dev
, apdev
, 1)
1715 dev
[0].set("dpp_config_processing", "0")
1717 def test_dpp_auto_connect_2(dev
, apdev
):
1718 """DPP and auto connect (2)"""
1720 run_dpp_auto_connect(dev
, apdev
, 2)
1722 dev
[0].set("dpp_config_processing", "0")
1724 def test_dpp_auto_connect_2_connect_cmd(dev
, apdev
):
1725 """DPP and auto connect (2) using connect_cmd"""
1726 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
1727 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
1728 dev_new
= [wpas
, dev
[1]]
1730 run_dpp_auto_connect(dev_new
, apdev
, 2)
1732 wpas
.set("dpp_config_processing", "0")
1734 def run_dpp_auto_connect(dev
, apdev
, processing
):
1735 check_dpp_capab(dev
[0])
1736 check_dpp_capab(dev
[1])
1738 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1739 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1740 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1741 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1743 params
= {"ssid": "test",
1745 "wpa_key_mgmt": "DPP",
1747 "rsn_pairwise": "CCMP",
1748 "dpp_connector": ap_connector
,
1749 "dpp_csign": csign_pub
,
1750 "dpp_netaccesskey": ap_netaccesskey
}
1752 hapd
= hostapd
.add_ap(apdev
[0], params
)
1754 raise HwsimSkip("DPP not supported")
1756 conf_id
= dev
[1].dpp_configurator_add(key
=csign
)
1757 dev
[0].set("dpp_config_processing", str(processing
))
1758 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1759 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1760 dev
[0].dpp_listen(2412)
1761 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-dpp", configurator
=conf_id
)
1762 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0])
1763 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
1765 raise Exception("DPP network profile not generated")
1766 id = ev
.split(' ')[1]
1769 dev
[0].select_network(id, freq
=2412)
1771 dev
[0].wait_connected()
1772 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1774 def test_dpp_auto_connect_legacy(dev
, apdev
):
1775 """DPP and auto connect (legacy)"""
1777 run_dpp_auto_connect_legacy(dev
, apdev
)
1779 dev
[0].set("dpp_config_processing", "0")
1781 def test_dpp_auto_connect_legacy_ssid_charset(dev
, apdev
):
1782 """DPP and auto connect (legacy, ssid_charset)"""
1784 run_dpp_auto_connect_legacy(dev
, apdev
, ssid_charset
=12345)
1786 dev
[0].set("dpp_config_processing", "0")
1788 def test_dpp_auto_connect_legacy_sae_1(dev
, apdev
):
1789 """DPP and auto connect (legacy SAE)"""
1791 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-sae', psk_sae
=True)
1793 dev
[0].set("dpp_config_processing", "0")
1795 def test_dpp_auto_connect_legacy_sae_2(dev
, apdev
):
1796 """DPP and auto connect (legacy SAE)"""
1798 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-sae', sae_only
=True)
1800 dev
[0].set("dpp_config_processing", "0")
1802 def test_dpp_auto_connect_legacy_psk_sae_1(dev
, apdev
):
1803 """DPP and auto connect (legacy PSK+SAE)"""
1805 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-psk-sae',
1808 dev
[0].set("dpp_config_processing", "0")
1810 def test_dpp_auto_connect_legacy_psk_sae_2(dev
, apdev
):
1811 """DPP and auto connect (legacy PSK+SAE)"""
1813 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-psk-sae',
1816 dev
[0].set("dpp_config_processing", "0")
1818 def test_dpp_auto_connect_legacy_psk_sae_3(dev
, apdev
):
1819 """DPP and auto connect (legacy PSK+SAE)"""
1821 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-psk-sae')
1823 dev
[0].set("dpp_config_processing", "0")
1825 def run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-psk',
1827 psk_sae
=False, sae_only
=False):
1828 check_dpp_capab(dev
[0])
1829 check_dpp_capab(dev
[1])
1831 params
= hostapd
.wpa2_params(ssid
="dpp-legacy",
1832 passphrase
="secret passphrase")
1834 params
['wpa_key_mgmt'] = 'SAE'
1835 params
['ieee80211w'] = '2'
1837 params
['wpa_key_mgmt'] = 'WPA-PSK SAE'
1838 params
['ieee80211w'] = '1'
1839 params
['sae_require_mfp'] = '1'
1841 hapd
= hostapd
.add_ap(apdev
[0], params
)
1843 dev
[0].request("SET sae_groups ")
1844 dev
[0].set("dpp_config_processing", "2")
1845 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1846 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1848 dev
[0].dpp_listen(2412)
1849 dev
[1].dpp_auth_init(uri
=uri0
, conf
=conf
, ssid
="dpp-legacy",
1850 ssid_charset
=ssid_charset
,
1851 passphrase
="secret passphrase")
1852 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0])
1854 ev
= dev
[0].wait_event(["DPP-CONFOBJ-SSID-CHARSET"], timeout
=1)
1856 raise Exception("ssid_charset not reported")
1857 charset
= ev
.split(' ')[1]
1858 if charset
!= str(ssid_charset
):
1859 raise Exception("Incorrect ssid_charset reported: " + ev
)
1860 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
1862 raise Exception("DPP network profile not generated")
1863 id = ev
.split(' ')[1]
1865 dev
[0].wait_connected()
1867 def test_dpp_auto_connect_legacy_pmf_required(dev
, apdev
):
1868 """DPP and auto connect (legacy, PMF required)"""
1870 run_dpp_auto_connect_legacy_pmf_required(dev
, apdev
)
1872 dev
[0].set("dpp_config_processing", "0")
1874 def run_dpp_auto_connect_legacy_pmf_required(dev
, apdev
):
1875 check_dpp_capab(dev
[0])
1876 check_dpp_capab(dev
[1])
1878 params
= hostapd
.wpa2_params(ssid
="dpp-legacy",
1879 passphrase
="secret passphrase")
1880 params
['wpa_key_mgmt'] = "WPA-PSK-SHA256"
1881 params
['ieee80211w'] = "2"
1882 hapd
= hostapd
.add_ap(apdev
[0], params
)
1884 dev
[0].set("dpp_config_processing", "2")
1885 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1886 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1887 dev
[0].dpp_listen(2412)
1888 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-psk", ssid
="dpp-legacy",
1889 passphrase
="secret passphrase")
1890 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0])
1891 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
1893 raise Exception("DPP network profile not generated")
1894 dev
[0].wait_connected()
1896 def test_dpp_qr_code_auth_responder_configurator(dev
, apdev
):
1897 """DPP QR Code and responder as the configurator"""
1898 run_dpp_qr_code_auth_responder_configurator(dev
, apdev
, "")
1900 def test_dpp_qr_code_auth_responder_configurator_group_id(dev
, apdev
):
1901 """DPP QR Code and responder as the configurator with group_id)"""
1902 run_dpp_qr_code_auth_responder_configurator(dev
, apdev
,
1903 " group_id=test-group")
1905 def run_dpp_qr_code_auth_responder_configurator(dev
, apdev
, extra
):
1906 check_dpp_capab(dev
[0])
1907 check_dpp_capab(dev
[1])
1908 conf_id
= dev
[0].dpp_configurator_add()
1909 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1910 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1911 dev
[0].set("dpp_configurator_params",
1912 " conf=sta-dpp configurator=%d%s" % (conf_id
, extra
))
1913 dev
[0].dpp_listen(2412, role
="configurator")
1914 dev
[1].dpp_auth_init(uri
=uri0
, role
="enrollee")
1915 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[0], enrollee
=dev
[1],
1916 stop_responder
=True)
1918 def test_dpp_qr_code_hostapd_init(dev
, apdev
):
1919 """DPP QR Code and hostapd as initiator"""
1920 check_dpp_capab(dev
[0])
1921 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
1923 check_dpp_capab(hapd
)
1924 conf_id
= dev
[0].dpp_configurator_add()
1925 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1926 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1927 dev
[0].set("dpp_configurator_params",
1928 " conf=ap-dpp configurator=%d" % conf_id
)
1929 dev
[0].dpp_listen(2437, role
="configurator")
1930 hapd
.dpp_auth_init(uri
=uri0
, role
="enrollee")
1931 wait_auth_success(dev
[0], hapd
, configurator
=dev
[0], enrollee
=hapd
,
1932 stop_responder
=True)
1934 def test_dpp_qr_code_hostapd_init_offchannel(dev
, apdev
):
1935 """DPP QR Code and hostapd as initiator (offchannel)"""
1936 run_dpp_qr_code_hostapd_init_offchannel(dev
, apdev
, None)
1938 def test_dpp_qr_code_hostapd_init_offchannel_neg_freq(dev
, apdev
):
1939 """DPP QR Code and hostapd as initiator (offchannel, neg_freq)"""
1940 run_dpp_qr_code_hostapd_init_offchannel(dev
, apdev
, "neg_freq=2437")
1942 def run_dpp_qr_code_hostapd_init_offchannel(dev
, apdev
, extra
):
1943 check_dpp_capab(dev
[0])
1944 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
1946 check_dpp_capab(hapd
)
1947 conf_id
= dev
[0].dpp_configurator_add()
1948 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1,81/11", mac
=True)
1949 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1950 dev
[0].set("dpp_configurator_params",
1951 " conf=ap-dpp configurator=%d" % conf_id
)
1952 dev
[0].dpp_listen(2462, role
="configurator")
1953 hapd
.dpp_auth_init(uri
=uri0
, role
="enrollee", extra
=extra
)
1954 wait_auth_success(dev
[0], hapd
, configurator
=dev
[0], enrollee
=hapd
,
1955 stop_responder
=True)
1957 def test_dpp_test_vector_p_256(dev
, apdev
):
1958 """DPP P-256 test vector (mutual auth)"""
1959 check_dpp_capab(dev
[0])
1960 check_dpp_capab(dev
[1])
1962 # Responder bootstrapping key
1963 priv
= "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
1964 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True, key
="30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1965 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1967 # Responder protocol keypair override
1968 priv
= "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
1969 dev
[0].set("dpp_protocol_key_override",
1970 "30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1972 dev
[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
1974 # Initiator bootstrapping key
1975 priv
= "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
1976 id1
= dev
[1].dpp_bootstrap_gen(key
="30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1977 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
1979 # Initiator protocol keypair override
1980 priv
= "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
1981 dev
[1].set("dpp_protocol_key_override",
1982 "30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1984 dev
[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
1986 dev
[0].dpp_qr_code(uri1
)
1987 dev
[0].dpp_listen(2462, qr
="mutual")
1988 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1
, neg_freq
=2412)
1989 wait_auth_success(dev
[0], dev
[1])
1991 def test_dpp_test_vector_p_256_b(dev
, apdev
):
1992 """DPP P-256 test vector (Responder-only auth)"""
1993 check_dpp_capab(dev
[0])
1994 check_dpp_capab(dev
[1])
1996 # Responder bootstrapping key
1997 priv
= "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
1998 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True, key
="30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1999 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2001 # Responder protocol keypair override
2002 priv
= "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
2003 dev
[0].set("dpp_protocol_key_override",
2004 "30310201010420" + priv
+ "a00a06082a8648ce3d030107")
2006 dev
[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
2008 # Initiator bootstrapping key
2009 priv
= "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
2010 id1
= dev
[1].dpp_bootstrap_gen(key
="30310201010420" + priv
+ "a00a06082a8648ce3d030107")
2011 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
2013 # Initiator protocol keypair override
2014 priv
= "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
2015 dev
[1].set("dpp_protocol_key_override",
2016 "30310201010420" + priv
+ "a00a06082a8648ce3d030107")
2018 dev
[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
2020 dev
[0].dpp_listen(2462)
2021 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1
, neg_freq
=2412)
2022 wait_auth_success(dev
[0], dev
[1])
2024 def der_priv_key_p_521(priv
):
2025 if len(priv
) != 2 * 66:
2026 raise Exception("Unexpected der_priv_key_p_521 parameter: " + priv
)
2027 der_prefix
= "3081500201010442"
2028 der_postfix
= "a00706052b81040023"
2029 return der_prefix
+ priv
+ der_postfix
2031 def test_dpp_test_vector_p_521(dev
, apdev
):
2032 """DPP P-521 test vector (mutual auth)"""
2033 check_dpp_capab(dev
[0])
2034 check_dpp_capab(dev
[1])
2036 # Responder bootstrapping key
2037 priv
= "0061e54f518cdf859735da3dd64c6f72c2f086f41a6fd52915152ea2fe0f24ddaecd8883730c9c9fd82cf7c043a41021696388cf5190b731dd83638bcd56d8b6c743"
2038 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True,
2039 key
=der_priv_key_p_521(priv
))
2040 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2042 # Responder protocol keypair override
2043 priv
= "01d8b7b17cd1b0a33f7c66fb4220999329cdaf4f8b44b2ffadde8ab8ed8abffa9f5358c5b1caae26709ca4fb78e52a4d08f2e4f24111a36a6f440d20a0000ff51597"
2044 dev
[0].set("dpp_protocol_key_override", der_priv_key_p_521(priv
))
2046 dev
[0].set("dpp_nonce_override",
2047 "d749a782012eb0a8595af30b2dfc8d0880d004ebddb55ecc5afbdef18c400e01")
2049 # Initiator bootstrapping key
2050 priv
= "0060c10df14af5ef27f6e362d31bdd9eeb44be77a323ba64b08f3f03d58b92cbfe05c182a91660caa081ca344243c47b5aa088bcdf738840eb35f0218b9f26881e02"
2051 id1
= dev
[1].dpp_bootstrap_gen(key
=der_priv_key_p_521(priv
))
2052 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
2054 # Initiator protocol keypair override
2055 priv
= "019c1c08caaeec38fb931894699b095bc3ab8c1ec7ef0622d2e3eba821477c8c6fca41774f21166ad98aebda37c067d9aa08a8a2e1b5c44c61f2bae02a61f85d9661"
2056 dev
[1].set("dpp_protocol_key_override", der_priv_key_p_521(priv
))
2058 dev
[1].set("dpp_nonce_override",
2059 "de972af3847bec3ba2aedd9f5c21cfdec7bf0bc5fe8b276cbcd0267807fb15b0")
2061 dev
[0].dpp_qr_code(uri1
)
2062 dev
[0].dpp_listen(2462, qr
="mutual")
2063 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1
, neg_freq
=2412)
2064 wait_auth_success(dev
[0], dev
[1])
2066 def test_dpp_pkex(dev
, apdev
):
2068 run_dpp_pkex(dev
, apdev
)
2070 def test_dpp_pkex_p256(dev
, apdev
):
2071 """DPP and PKEX (P-256)"""
2072 run_dpp_pkex(dev
, apdev
, "P-256")
2074 def test_dpp_pkex_p384(dev
, apdev
):
2075 """DPP and PKEX (P-384)"""
2076 run_dpp_pkex(dev
, apdev
, "P-384")
2078 def test_dpp_pkex_p521(dev
, apdev
):
2079 """DPP and PKEX (P-521)"""
2080 run_dpp_pkex(dev
, apdev
, "P-521")
2082 def test_dpp_pkex_bp256(dev
, apdev
):
2083 """DPP and PKEX (BP-256)"""
2084 run_dpp_pkex(dev
, apdev
, "brainpoolP256r1")
2086 def test_dpp_pkex_bp384(dev
, apdev
):
2087 """DPP and PKEX (BP-384)"""
2088 run_dpp_pkex(dev
, apdev
, "brainpoolP384r1")
2090 def test_dpp_pkex_bp512(dev
, apdev
):
2091 """DPP and PKEX (BP-512)"""
2092 run_dpp_pkex(dev
, apdev
, "brainpoolP512r1")
2094 def test_dpp_pkex_config(dev
, apdev
):
2095 """DPP and PKEX with initiator as the configurator"""
2096 check_dpp_capab(dev
[1])
2097 conf_id
= dev
[1].dpp_configurator_add()
2098 run_dpp_pkex(dev
, apdev
,
2099 init_extra
="conf=sta-dpp configurator=%d" % (conf_id
),
2102 def test_dpp_pkex_no_identifier(dev
, apdev
):
2103 """DPP and PKEX without identifier"""
2104 run_dpp_pkex(dev
, apdev
, identifier_i
=None, identifier_r
=None)
2106 def test_dpp_pkex_identifier_mismatch(dev
, apdev
):
2107 """DPP and PKEX with different identifiers"""
2108 run_dpp_pkex(dev
, apdev
, identifier_i
="foo", identifier_r
="bar",
2109 expect_no_resp
=True)
2111 def test_dpp_pkex_identifier_mismatch2(dev
, apdev
):
2112 """DPP and PKEX with initiator using identifier and the responder not"""
2113 run_dpp_pkex(dev
, apdev
, identifier_i
="foo", identifier_r
=None,
2114 expect_no_resp
=True)
2116 def test_dpp_pkex_identifier_mismatch3(dev
, apdev
):
2117 """DPP and PKEX with responder using identifier and the initiator not"""
2118 run_dpp_pkex(dev
, apdev
, identifier_i
=None, identifier_r
="bar",
2119 expect_no_resp
=True)
2121 def run_dpp_pkex(dev
, apdev
, curve
=None, init_extra
=None, check_config
=False,
2122 identifier_i
="test", identifier_r
="test",
2123 expect_no_resp
=False):
2124 check_dpp_capab(dev
[0], curve
and "brainpool" in curve
)
2125 check_dpp_capab(dev
[1], curve
and "brainpool" in curve
)
2126 dev
[0].dpp_pkex_resp(2437, identifier
=identifier_r
, code
="secret",
2128 dev
[1].dpp_pkex_init(identifier
=identifier_i
, code
="secret", curve
=curve
,
2132 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=10)
2134 raise Exception("DPP PKEX frame not received")
2135 ev
= dev
[1].wait_event(["DPP-AUTH-SUCCESS"], timeout
=1)
2137 raise Exception("DPP authentication succeeded")
2138 ev
= dev
[0].wait_event(["DPP-AUTH-SUCCESS"], timeout
=0.1)
2140 raise Exception("DPP authentication succeeded")
2143 wait_auth_success(dev
[0], dev
[1],
2144 configurator
=dev
[1] if check_config
else None,
2145 enrollee
=dev
[0] if check_config
else None)
2147 def test_dpp_pkex_5ghz(dev
, apdev
):
2148 """DPP and PKEX on 5 GHz"""
2150 dev
[0].request("SET country US")
2151 dev
[1].request("SET country US")
2152 ev
= dev
[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout
=1)
2154 ev
= dev
[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"],
2156 run_dpp_pkex_5ghz(dev
, apdev
)
2158 dev
[0].request("SET country 00")
2159 dev
[1].request("SET country 00")
2160 subprocess
.call(['iw', 'reg', 'set', '00'])
2163 def run_dpp_pkex_5ghz(dev
, apdev
):
2164 check_dpp_capab(dev
[0])
2165 check_dpp_capab(dev
[1])
2166 dev
[0].dpp_pkex_resp(5745, identifier
="test", code
="secret")
2167 dev
[1].dpp_pkex_init(identifier
="test", code
="secret")
2168 wait_auth_success(dev
[0], dev
[1], timeout
=20)
2170 def test_dpp_pkex_test_vector(dev
, apdev
):
2171 """DPP and PKEX (P-256) test vector"""
2172 check_dpp_capab(dev
[0])
2173 check_dpp_capab(dev
[1])
2175 init_addr
= "ac:64:91:f4:52:07"
2176 resp_addr
= "6e:5e:ce:6e:f3:dd"
2178 identifier
= "joes_key"
2179 code
= "thisisreallysecret"
2181 # Initiator bootstrapping private key
2182 init_priv
= "5941b51acfc702cdc1c347264beb2920db88eb1a0bf03a211868b1632233c269"
2184 # Responder bootstrapping private key
2185 resp_priv
= "2ae8956293f49986b6d0b8169a86805d9232babb5f6813fdfe96f19d59536c60"
2187 # Initiator x/X keypair override
2188 init_x_priv
= "8365c5ed93d751bef2d92b410dc6adfd95670889183fac1bd66759ad85c3187a"
2190 # Responder y/Y keypair override
2191 resp_y_priv
= "d98faa24d7dd3f592665d71a95c862bfd02c4c48acb0c515a41cbc6e929675ea"
2193 p256_prefix
= "30310201010420"
2194 p256_postfix
= "a00a06082a8648ce3d030107"
2196 dev
[0].set("dpp_pkex_own_mac_override", resp_addr
)
2197 dev
[0].set("dpp_pkex_peer_mac_override", init_addr
)
2198 dev
[1].set("dpp_pkex_own_mac_override", init_addr
)
2199 dev
[1].set("dpp_pkex_peer_mac_override", resp_addr
)
2201 # Responder y/Y keypair override
2202 dev
[0].set("dpp_pkex_ephemeral_key_override",
2203 p256_prefix
+ resp_y_priv
+ p256_postfix
)
2205 # Initiator x/X keypair override
2206 dev
[1].set("dpp_pkex_ephemeral_key_override",
2207 p256_prefix
+ init_x_priv
+ p256_postfix
)
2209 dev
[0].dpp_pkex_resp(2437, identifier
=identifier
, code
=code
,
2210 key
=p256_prefix
+ resp_priv
+ p256_postfix
)
2211 dev
[1].dpp_pkex_init(identifier
=identifier
, code
=code
,
2212 key
=p256_prefix
+ init_priv
+ p256_postfix
)
2213 wait_auth_success(dev
[0], dev
[1])
2215 def test_dpp_pkex_code_mismatch(dev
, apdev
):
2216 """DPP and PKEX with mismatching code"""
2217 check_dpp_capab(dev
[0])
2218 check_dpp_capab(dev
[1])
2219 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2220 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="unknown")
2221 wait_dpp_fail(dev
[0], "possible PKEX code mismatch")
2222 dev
[0].dump_monitor()
2223 dev
[1].dump_monitor()
2224 dev
[1].dpp_pkex_init(identifier
="test", code
="secret", use_id
=id1
)
2225 wait_auth_success(dev
[0], dev
[1])
2227 def test_dpp_pkex_code_mismatch_limit(dev
, apdev
):
2228 """DPP and PKEX with mismatching code limit"""
2229 check_dpp_capab(dev
[0])
2230 check_dpp_capab(dev
[1])
2231 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2235 dev
[0].dump_monitor()
2236 dev
[1].dump_monitor()
2237 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="unknown",
2239 wait_dpp_fail(dev
[0], "possible PKEX code mismatch")
2241 ev
= dev
[0].wait_event(["DPP-PKEX-T-LIMIT"], timeout
=1)
2243 raise Exception("PKEX t limit not reported")
2245 def test_dpp_pkex_curve_mismatch(dev
, apdev
):
2246 """DPP and PKEX with mismatching curve"""
2247 check_dpp_capab(dev
[0])
2248 check_dpp_capab(dev
[1])
2249 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret", curve
="P-256")
2250 dev
[1].dpp_pkex_init(identifier
="test", code
="secret", curve
="P-384")
2251 wait_dpp_fail(dev
[0], "Mismatching PKEX curve: peer=20 own=19")
2252 wait_dpp_fail(dev
[1], "Peer indicated mismatching PKEX group - proposed 19")
2254 def test_dpp_pkex_curve_mismatch_failure(dev
, apdev
):
2255 """DPP and PKEX with mismatching curve (local failure)"""
2256 run_dpp_pkex_curve_mismatch_failure(dev
, apdev
, "=dpp_pkex_rx_exchange_req")
2258 def test_dpp_pkex_curve_mismatch_failure2(dev
, apdev
):
2259 """DPP and PKEX with mismatching curve (local failure 2)"""
2260 run_dpp_pkex_curve_mismatch_failure(dev
, apdev
,
2261 "dpp_pkex_build_exchange_resp")
2263 def run_dpp_pkex_curve_mismatch_failure(dev
, apdev
, func
):
2264 check_dpp_capab(dev
[0])
2265 check_dpp_capab(dev
[1])
2266 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret", curve
="P-256")
2268 with
alloc_fail(dev
[0], 1, func
):
2269 dev
[1].dpp_pkex_init(identifier
="test", code
="secret", curve
="P-384")
2271 ev
= dev
[0].wait_event(["DPP-FAIL"], timeout
=5)
2273 raise Exception("Failure not reported (dev 0)")
2274 if "Mismatching PKEX curve: peer=20 own=19" not in ev
:
2275 raise Exception("Unexpected result: " + ev
)
2276 wait_dpp_fail(dev
[0], "Mismatching PKEX curve: peer=20 own=19")
2278 def test_dpp_pkex_exchange_resp_processing_failure(dev
, apdev
):
2279 """DPP and PKEX with local failure in processing Exchange Resp"""
2280 check_dpp_capab(dev
[0])
2281 check_dpp_capab(dev
[1])
2282 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2284 with
fail_test(dev
[1], 1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_resp"):
2285 dev
[1].dpp_pkex_init(identifier
="test", code
="secret")
2286 wait_fail_trigger(dev
[1], "GET_FAIL")
2288 def test_dpp_pkex_commit_reveal_req_processing_failure(dev
, apdev
):
2289 """DPP and PKEX with local failure in processing Commit Reveal Req"""
2290 check_dpp_capab(dev
[0])
2291 check_dpp_capab(dev
[1])
2292 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2294 with
alloc_fail(dev
[0], 1,
2295 "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"):
2296 dev
[1].dpp_pkex_init(identifier
="test", code
="secret")
2297 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
2299 def test_dpp_pkex_config2(dev
, apdev
):
2300 """DPP and PKEX with responder as the configurator"""
2301 check_dpp_capab(dev
[0])
2302 conf_id
= dev
[0].dpp_configurator_add()
2303 dev
[0].set("dpp_configurator_params",
2304 " conf=sta-dpp configurator=%d" % conf_id
)
2305 run_dpp_pkex2(dev
, apdev
)
2307 def run_dpp_pkex2(dev
, apdev
, curve
=None, init_extra
=""):
2308 check_dpp_capab(dev
[0])
2309 check_dpp_capab(dev
[1])
2310 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret", curve
=curve
,
2311 listen_role
="configurator")
2312 dev
[1].dpp_pkex_init(identifier
="test", code
="secret", role
="enrollee",
2313 curve
=curve
, extra
=init_extra
)
2314 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[0], enrollee
=dev
[1])
2316 def test_dpp_pkex_no_responder(dev
, apdev
):
2317 """DPP and PKEX with no responder (retry behavior)"""
2318 check_dpp_capab(dev
[0])
2319 dev
[0].dpp_pkex_init(identifier
="test", code
="secret")
2322 ev
= dev
[0].wait_event(["DPP-TX ", "DPP-FAIL"], timeout
=5)
2324 raise Exception("DPP PKEX failure not reported")
2325 if "DPP-FAIL" not in ev
:
2327 if "No response from PKEX peer" not in ev
:
2328 raise Exception("Unexpected failure reason: " + ev
)
2331 def test_dpp_pkex_after_retry(dev
, apdev
):
2332 """DPP and PKEX completing after retry"""
2333 check_dpp_capab(dev
[0])
2334 dev
[0].dpp_pkex_init(identifier
="test", code
="secret")
2336 dev
[1].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2337 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[0], enrollee
=dev
[1],
2338 allow_enrollee_failure
=True)
2340 def test_dpp_pkex_hostapd_responder(dev
, apdev
):
2341 """DPP PKEX with hostapd as responder"""
2342 check_dpp_capab(dev
[0])
2343 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
2345 check_dpp_capab(hapd
)
2346 hapd
.dpp_pkex_resp(2437, identifier
="test", code
="secret")
2347 conf_id
= dev
[0].dpp_configurator_add()
2348 dev
[0].dpp_pkex_init(identifier
="test", code
="secret",
2349 extra
="conf=ap-dpp configurator=%d" % conf_id
)
2350 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
,
2351 stop_initiator
=True)
2353 def test_dpp_pkex_hostapd_initiator(dev
, apdev
):
2354 """DPP PKEX with hostapd as initiator"""
2355 check_dpp_capab(dev
[0])
2356 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
2358 check_dpp_capab(hapd
)
2359 conf_id
= dev
[0].dpp_configurator_add()
2360 dev
[0].set("dpp_configurator_params",
2361 " conf=ap-dpp configurator=%d" % conf_id
)
2362 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
2363 listen_role
="configurator")
2364 hapd
.dpp_pkex_init(identifier
="test", code
="secret", role
="enrollee")
2365 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
,
2366 stop_initiator
=True)
2368 def test_dpp_hostapd_configurator(dev
, apdev
):
2369 """DPP with hostapd as configurator/initiator"""
2370 check_dpp_capab(dev
[0])
2371 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
2373 check_dpp_capab(hapd
)
2374 conf_id
= hapd
.dpp_configurator_add()
2375 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2376 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2377 id1
= hapd
.dpp_qr_code(uri0
)
2378 res
= hapd
.request("DPP_BOOTSTRAP_INFO %d" % id1
)
2380 raise Exception("DPP_BOOTSTRAP_INFO failed")
2381 if "type=QRCODE" not in res
:
2382 raise Exception("DPP_BOOTSTRAP_INFO did not report correct type")
2383 if "mac_addr=" + dev
[0].own_addr() not in res
:
2384 raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr")
2385 dev
[0].dpp_listen(2412)
2386 hapd
.dpp_auth_init(peer
=id1
, configurator
=conf_id
, conf
="sta-dpp")
2387 wait_auth_success(dev
[0], hapd
, configurator
=hapd
, enrollee
=dev
[0],
2388 stop_responder
=True)
2390 def test_dpp_hostapd_configurator_responder(dev
, apdev
):
2391 """DPP with hostapd as configurator/responder"""
2392 check_dpp_capab(dev
[0])
2393 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
2395 check_dpp_capab(hapd
)
2396 conf_id
= hapd
.dpp_configurator_add()
2397 hapd
.set("dpp_configurator_params",
2398 " conf=sta-dpp configurator=%d" % conf_id
)
2399 id0
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2400 uri0
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2401 dev
[0].dpp_auth_init(uri
=uri0
, role
="enrollee")
2402 wait_auth_success(hapd
, dev
[0], configurator
=hapd
, enrollee
=dev
[0],
2403 stop_initiator
=True)
2405 def test_dpp_own_config(dev
, apdev
):
2406 """DPP configurator signing own connector"""
2408 run_dpp_own_config(dev
, apdev
)
2410 dev
[0].set("dpp_config_processing", "0")
2412 def test_dpp_own_config_group_id(dev
, apdev
):
2413 """DPP configurator signing own connector"""
2415 run_dpp_own_config(dev
, apdev
, extra
=" group_id=test-group")
2417 dev
[0].set("dpp_config_processing", "0")
2419 def test_dpp_own_config_curve_mismatch(dev
, apdev
):
2420 """DPP configurator signing own connector using mismatching curve"""
2422 run_dpp_own_config(dev
, apdev
, own_curve
="BP-384", expect_failure
=True)
2424 dev
[0].set("dpp_config_processing", "0")
2426 def run_dpp_own_config(dev
, apdev
, own_curve
=None, expect_failure
=False,
2428 check_dpp_capab(dev
[0], own_curve
and "BP" in own_curve
)
2429 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2430 check_dpp_capab(hapd
)
2431 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2432 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
2433 conf_id
= dev
[0].dpp_configurator_add()
2434 dev
[0].dpp_auth_init(uri
=uri
, conf
="ap-dpp", configurator
=conf_id
,
2436 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
)
2437 update_hapd_config(hapd
)
2439 dev
[0].set("dpp_config_processing", "1")
2440 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d%s" % (conf_id
, extra
)
2442 cmd
+= " curve=" + own_curve
2443 res
= dev
[0].request(cmd
)
2445 raise Exception("Failed to generate own configuration")
2447 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
2449 raise Exception("DPP network profile not generated")
2450 id = ev
.split(' ')[1]
2451 dev
[0].select_network(id, freq
="2412")
2453 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2455 raise Exception("Unexpected connection")
2456 dev
[0].request("DISCONNECT")
2458 dev
[0].wait_connected()
2460 def test_dpp_own_config_ap(dev
, apdev
):
2461 """DPP configurator (AP) signing own connector"""
2463 run_dpp_own_config_ap(dev
, apdev
)
2465 dev
[0].set("dpp_config_processing", "0")
2467 def test_dpp_own_config_ap_group_id(dev
, apdev
):
2468 """DPP configurator (AP) signing own connector (group_id)"""
2470 run_dpp_own_config_ap(dev
, apdev
, extra
=" group_id=test-group")
2472 dev
[0].set("dpp_config_processing", "0")
2474 def test_dpp_own_config_ap_reconf(dev
, apdev
):
2475 """DPP configurator (AP) signing own connector and configurator reconf"""
2477 run_dpp_own_config_ap(dev
, apdev
)
2479 dev
[0].set("dpp_config_processing", "0")
2481 def run_dpp_own_config_ap(dev
, apdev
, reconf_configurator
=False, extra
=None):
2482 check_dpp_capab(dev
[0])
2483 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2484 check_dpp_capab(hapd
)
2485 conf_id
= hapd
.dpp_configurator_add()
2486 if reconf_configurator
:
2487 csign
= hapd
.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id
)
2488 if "FAIL" in csign
or len(csign
) == 0:
2489 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
2491 cmd
= "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d%s" % (conf_id
, extra
)
2492 res
= hapd
.request(cmd
)
2494 raise Exception("Failed to generate own configuration")
2495 update_hapd_config(hapd
)
2497 if reconf_configurator
:
2498 hapd
.dpp_configurator_remove(conf_id
)
2499 conf_id
= hapd
.dpp_configurator_add(key
=csign
)
2501 id = dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2502 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2503 dev
[0].set("dpp_config_processing", "2")
2504 dev
[0].dpp_listen(2412)
2505 hapd
.dpp_auth_init(uri
=uri
, conf
="sta-dpp", configurator
=conf_id
,
2507 wait_auth_success(dev
[0], hapd
, configurator
=hapd
, enrollee
=dev
[0])
2508 dev
[0].wait_connected()
2510 def test_dpp_intro_mismatch(dev
, apdev
):
2511 """DPP network introduction mismatch cases"""
2514 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
2515 wpas
.interface_add("wlan5")
2516 check_dpp_capab(wpas
)
2517 run_dpp_intro_mismatch(dev
, apdev
, wpas
)
2519 dev
[0].set("dpp_config_processing", "0")
2520 dev
[2].set("dpp_config_processing", "0")
2522 wpas
.set("dpp_config_processing", "0")
2524 def run_dpp_intro_mismatch(dev
, apdev
, wpas
):
2525 check_dpp_capab(dev
[0])
2526 check_dpp_capab(dev
[1])
2527 check_dpp_capab(dev
[2])
2528 logger
.info("Start AP in unconfigured state")
2529 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2530 check_dpp_capab(hapd
)
2531 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2532 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
2533 logger
.info("Provision AP with DPP configuration")
2534 conf_id
= dev
[1].dpp_configurator_add()
2535 dev
[1].set("dpp_groups_override", '[{"groupId":"a","netRole":"ap"}]')
2536 dev
[1].dpp_auth_init(uri
=uri
, conf
="ap-dpp", configurator
=conf_id
)
2537 update_hapd_config(hapd
)
2539 logger
.info("Provision STA0 with DPP Connector that has mismatching groupId")
2540 dev
[0].set("dpp_config_processing", "2")
2541 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2542 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2543 dev
[0].dpp_listen(2412)
2544 dev
[1].set("dpp_groups_override", '[{"groupId":"b","netRole":"sta"}]')
2545 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-dpp", configurator
=conf_id
)
2546 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0])
2548 logger
.info("Provision STA2 with DPP Connector that has mismatching C-sign-key")
2549 dev
[2].set("dpp_config_processing", "2")
2550 id2
= dev
[2].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2551 uri2
= dev
[2].request("DPP_BOOTSTRAP_GET_URI %d" % id2
)
2552 dev
[2].dpp_listen(2412)
2553 conf_id_2
= dev
[1].dpp_configurator_add()
2554 dev
[1].set("dpp_groups_override", '')
2555 dev
[1].dpp_auth_init(uri
=uri2
, conf
="sta-dpp", configurator
=conf_id_2
)
2556 wait_auth_success(dev
[2], dev
[1], configurator
=dev
[1], enrollee
=dev
[2])
2558 logger
.info("Provision STA5 with DPP Connector that has mismatching netAccessKey EC group")
2559 wpas
.set("dpp_config_processing", "2")
2560 id5
= wpas
.dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
="P-521")
2561 uri5
= wpas
.request("DPP_BOOTSTRAP_GET_URI %d" % id5
)
2562 wpas
.dpp_listen(2412)
2563 dev
[1].set("dpp_groups_override", '')
2564 dev
[1].dpp_auth_init(uri
=uri5
, conf
="sta-dpp", configurator
=conf_id
)
2565 wait_auth_success(wpas
, dev
[1], configurator
=dev
[1], enrollee
=wpas
)
2567 logger
.info("Verify network introduction results")
2568 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
2570 raise Exception("DPP network introduction result not seen on STA0")
2571 if "status=8" not in ev
:
2572 raise Exception("Unexpected network introduction result on STA0: " + ev
)
2574 ev
= dev
[2].wait_event(["DPP-INTRO"], timeout
=5)
2576 raise Exception("DPP network introduction result not seen on STA2")
2577 if "status=8" not in ev
:
2578 raise Exception("Unexpected network introduction result on STA2: " + ev
)
2580 ev
= wpas
.wait_event(["DPP-INTRO"], timeout
=10)
2582 raise Exception("DPP network introduction result not seen on STA5")
2583 if "status=7" not in ev
:
2584 raise Exception("Unexpected network introduction result on STA5: " + ev
)
2586 def run_dpp_proto_init(dev
, test_dev
, test
, mutual
=False, unicast
=True,
2587 listen
=True, chan
="81/1", init_enrollee
=False,
2588 incompatible_roles
=False):
2589 check_dpp_capab(dev
[0])
2590 check_dpp_capab(dev
[1])
2591 dev
[test_dev
].set("dpp_test", str(test
))
2593 conf_id
= dev
[0].dpp_configurator_add()
2595 conf_id
= dev
[1].dpp_configurator_add()
2596 id0
= dev
[0].dpp_bootstrap_gen(chan
=chan
, mac
=unicast
)
2597 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2600 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2601 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
2603 id0b
= dev
[0].dpp_qr_code(uri1b
)
2609 if incompatible_roles
:
2612 role
= "configurator"
2613 dev
[0].set("dpp_configurator_params",
2614 " conf=sta-dpp configurator=%d" % conf_id
)
2615 elif incompatible_roles
:
2621 dev
[0].dpp_listen(2412, qr
=qr
, role
=role
)
2631 configurator
=conf_id
2633 if incompatible_roles
:
2637 dev
[1].dpp_auth_init(uri
=uri0
, role
=role
, configurator
=configurator
,
2640 def test_dpp_proto_after_wrapped_data_auth_req(dev
, apdev
):
2641 """DPP protocol testing - attribute after Wrapped Data in Auth Req"""
2642 run_dpp_proto_init(dev
, 1, 1)
2643 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
2645 raise Exception("DPP Authentication Request not seen")
2646 if "type=0" not in ev
or "ignore=invalid-attributes" not in ev
:
2647 raise Exception("Unexpected RX info: " + ev
)
2648 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=0.1)
2650 raise Exception("Unexpected DPP message seen")
2652 def test_dpp_auth_req_stop_after_ack(dev
, apdev
):
2653 """DPP initiator stopping after ACK, but no response"""
2654 run_dpp_proto_init(dev
, 1, 1, listen
=True)
2655 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
2657 raise Exception("Authentication failure not reported")
2659 def test_dpp_auth_req_retries(dev
, apdev
):
2660 """DPP initiator retries with no ACK"""
2661 check_dpp_capab(dev
[1])
2662 dev
[1].set("dpp_init_max_tries", "3")
2663 dev
[1].set("dpp_init_retry_time", "1000")
2664 dev
[1].set("dpp_resp_wait_time", "100")
2665 run_dpp_proto_init(dev
, 1, 1, unicast
=False, listen
=False)
2668 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
2670 raise Exception("Auth Req not sent (%d)" % i
)
2672 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
2674 raise Exception("Authentication failure not reported")
2676 def test_dpp_auth_req_retries_multi_chan(dev
, apdev
):
2677 """DPP initiator retries with no ACK and multiple channels"""
2678 check_dpp_capab(dev
[1])
2679 dev
[1].set("dpp_init_max_tries", "3")
2680 dev
[1].set("dpp_init_retry_time", "1000")
2681 dev
[1].set("dpp_resp_wait_time", "100")
2682 run_dpp_proto_init(dev
, 1, 1, unicast
=False, listen
=False,
2683 chan
="81/1,81/6,81/11")
2685 for i
in range(3 * 3):
2686 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
2688 raise Exception("Auth Req not sent (%d)" % i
)
2690 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
2692 raise Exception("Authentication failure not reported")
2694 def test_dpp_proto_after_wrapped_data_auth_resp(dev
, apdev
):
2695 """DPP protocol testing - attribute after Wrapped Data in Auth Resp"""
2696 run_dpp_proto_init(dev
, 0, 2)
2697 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=5)
2699 raise Exception("DPP Authentication Response not seen")
2700 if "type=1" not in ev
or "ignore=invalid-attributes" not in ev
:
2701 raise Exception("Unexpected RX info: " + ev
)
2702 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=1)
2703 if ev
is None or "type=0" not in ev
:
2704 raise Exception("DPP Authentication Request not seen")
2705 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=0.1)
2707 raise Exception("Unexpected DPP message seen")
2709 def test_dpp_proto_after_wrapped_data_auth_conf(dev
, apdev
):
2710 """DPP protocol testing - attribute after Wrapped Data in Auth Conf"""
2711 run_dpp_proto_init(dev
, 1, 3)
2712 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
2713 if ev
is None or "type=0" not in ev
:
2714 raise Exception("DPP Authentication Request not seen")
2715 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
2717 raise Exception("DPP Authentication Confirm not seen")
2718 if "type=2" not in ev
or "ignore=invalid-attributes" not in ev
:
2719 raise Exception("Unexpected RX info: " + ev
)
2721 def test_dpp_proto_after_wrapped_data_conf_req(dev
, apdev
):
2722 """DPP protocol testing - attribute after Wrapped Data in Conf Req"""
2723 run_dpp_proto_init(dev
, 0, 6)
2724 ev
= dev
[1].wait_event(["DPP-CONF-FAILED"], timeout
=10)
2726 raise Exception("DPP Configuration failure not seen")
2728 def test_dpp_proto_after_wrapped_data_conf_resp(dev
, apdev
):
2729 """DPP protocol testing - attribute after Wrapped Data in Conf Resp"""
2730 run_dpp_proto_init(dev
, 1, 7)
2731 ev
= dev
[0].wait_event(["DPP-CONF-FAILED"], timeout
=10)
2733 raise Exception("DPP Configuration failure not seen")
2735 def test_dpp_proto_zero_i_capab(dev
, apdev
):
2736 """DPP protocol testing - zero I-capability in Auth Req"""
2737 run_dpp_proto_init(dev
, 1, 8)
2738 wait_dpp_fail(dev
[0], "Invalid role in I-capabilities 0x00")
2739 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=0.1)
2741 raise Exception("Unexpected DPP message seen")
2743 def test_dpp_proto_zero_r_capab(dev
, apdev
):
2744 """DPP protocol testing - zero R-capability in Auth Resp"""
2745 run_dpp_proto_init(dev
, 0, 9)
2746 wait_dpp_fail(dev
[1], "Unexpected role in R-capabilities 0x00")
2747 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=1)
2748 if ev
is None or "type=0" not in ev
:
2749 raise Exception("DPP Authentication Request not seen")
2750 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=0.1)
2752 raise Exception("Unexpected DPP message seen")
2754 def run_dpp_proto_auth_req_missing(dev
, test
, reason
, mutual
=False):
2755 run_dpp_proto_init(dev
, 1, test
, mutual
=mutual
)
2756 wait_dpp_fail(dev
[0], reason
)
2757 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=0.1)
2759 raise Exception("Unexpected DPP message seen")
2761 def test_dpp_proto_auth_req_no_r_bootstrap_key(dev
, apdev
):
2762 """DPP protocol testing - no R-bootstrap key in Auth Req"""
2763 run_dpp_proto_auth_req_missing(dev
, 10, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2765 def test_dpp_proto_auth_req_invalid_r_bootstrap_key(dev
, apdev
):
2766 """DPP protocol testing - invalid R-bootstrap key in Auth Req"""
2767 run_dpp_proto_auth_req_missing(dev
, 68, "No matching own bootstrapping key found - ignore message")
2769 def test_dpp_proto_auth_req_no_i_bootstrap_key(dev
, apdev
):
2770 """DPP protocol testing - no I-bootstrap key in Auth Req"""
2771 run_dpp_proto_auth_req_missing(dev
, 11, "Missing or invalid required Initiator Bootstrapping Key Hash attribute")
2773 def test_dpp_proto_auth_req_invalid_i_bootstrap_key(dev
, apdev
):
2774 """DPP protocol testing - invalid I-bootstrap key in Auth Req"""
2775 run_dpp_proto_init(dev
, 1, 69, mutual
=True)
2776 ev
= dev
[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
2778 raise Exception("DPP scan request not seen")
2779 ev
= dev
[1].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
2781 raise Exception("DPP response pending indivation not seen")
2783 def test_dpp_proto_auth_req_no_i_proto_key(dev
, apdev
):
2784 """DPP protocol testing - no I-proto key in Auth Req"""
2785 run_dpp_proto_auth_req_missing(dev
, 12, "Missing required Initiator Protocol Key attribute")
2787 def test_dpp_proto_auth_req_invalid_i_proto_key(dev
, apdev
):
2788 """DPP protocol testing - invalid I-proto key in Auth Req"""
2789 run_dpp_proto_auth_req_missing(dev
, 66, "Invalid Initiator Protocol Key")
2791 def test_dpp_proto_auth_req_no_i_nonce(dev
, apdev
):
2792 """DPP protocol testing - no I-nonce in Auth Req"""
2793 run_dpp_proto_auth_req_missing(dev
, 13, "Missing or invalid I-nonce")
2795 def test_dpp_proto_auth_req_invalid_i_nonce(dev
, apdev
):
2796 """DPP protocol testing - invalid I-nonce in Auth Req"""
2797 run_dpp_proto_auth_req_missing(dev
, 81, "Missing or invalid I-nonce")
2799 def test_dpp_proto_auth_req_no_i_capab(dev
, apdev
):
2800 """DPP protocol testing - no I-capab in Auth Req"""
2801 run_dpp_proto_auth_req_missing(dev
, 14, "Missing or invalid I-capab")
2803 def test_dpp_proto_auth_req_no_wrapped_data(dev
, apdev
):
2804 """DPP protocol testing - no Wrapped Data in Auth Req"""
2805 run_dpp_proto_auth_req_missing(dev
, 15, "Missing or invalid required Wrapped Data attribute")
2807 def run_dpp_proto_auth_resp_missing(dev
, test
, reason
,
2808 incompatible_roles
=False):
2809 run_dpp_proto_init(dev
, 0, test
, mutual
=True,
2810 incompatible_roles
=incompatible_roles
)
2812 if incompatible_roles
:
2813 ev
= dev
[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=5)
2815 raise Exception("DPP-NOT-COMPATIBLE not reported")
2818 wait_dpp_fail(dev
[1], reason
)
2819 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=1)
2820 if ev
is None or "type=0" not in ev
:
2821 raise Exception("DPP Authentication Request not seen")
2822 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=0.1)
2824 raise Exception("Unexpected DPP message seen")
2826 def test_dpp_proto_auth_resp_no_status(dev
, apdev
):
2827 """DPP protocol testing - no Status in Auth Resp"""
2828 run_dpp_proto_auth_resp_missing(dev
, 16, "Missing or invalid required DPP Status attribute")
2830 def test_dpp_proto_auth_resp_status_no_status(dev
, apdev
):
2831 """DPP protocol testing - no Status in Auth Resp(status)"""
2832 run_dpp_proto_auth_resp_missing(dev
, 16,
2833 "Missing or invalid required DPP Status attribute",
2834 incompatible_roles
=True)
2836 def test_dpp_proto_auth_resp_invalid_status(dev
, apdev
):
2837 """DPP protocol testing - invalid Status in Auth Resp"""
2838 run_dpp_proto_auth_resp_missing(dev
, 74, "Responder reported failure")
2840 def test_dpp_proto_auth_resp_no_r_bootstrap_key(dev
, apdev
):
2841 """DPP protocol testing - no R-bootstrap key in Auth Resp"""
2842 run_dpp_proto_auth_resp_missing(dev
, 17, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2844 def test_dpp_proto_auth_resp_status_no_r_bootstrap_key(dev
, apdev
):
2845 """DPP protocol testing - no R-bootstrap key in Auth Resp(status)"""
2846 run_dpp_proto_auth_resp_missing(dev
, 17,
2847 "Missing or invalid required Responder Bootstrapping Key Hash attribute",
2848 incompatible_roles
=True)
2850 def test_dpp_proto_auth_resp_invalid_r_bootstrap_key(dev
, apdev
):
2851 """DPP protocol testing - invalid R-bootstrap key in Auth Resp"""
2852 run_dpp_proto_auth_resp_missing(dev
, 70, "Unexpected Responder Bootstrapping Key Hash value")
2854 def test_dpp_proto_auth_resp_status_invalid_r_bootstrap_key(dev
, apdev
):
2855 """DPP protocol testing - invalid R-bootstrap key in Auth Resp(status)"""
2856 run_dpp_proto_auth_resp_missing(dev
, 70,
2857 "Unexpected Responder Bootstrapping Key Hash value",
2858 incompatible_roles
=True)
2860 def test_dpp_proto_auth_resp_no_i_bootstrap_key(dev
, apdev
):
2861 """DPP protocol testing - no I-bootstrap key in Auth Resp"""
2862 run_dpp_proto_auth_resp_missing(dev
, 18, None)
2864 def test_dpp_proto_auth_resp_status_no_i_bootstrap_key(dev
, apdev
):
2865 """DPP protocol testing - no I-bootstrap key in Auth Resp(status)"""
2866 run_dpp_proto_auth_resp_missing(dev
, 18, None, incompatible_roles
=True)
2868 def test_dpp_proto_auth_resp_invalid_i_bootstrap_key(dev
, apdev
):
2869 """DPP protocol testing - invalid I-bootstrap key in Auth Resp"""
2870 run_dpp_proto_auth_resp_missing(dev
, 71, "Initiator Bootstrapping Key Hash attribute did not match")
2872 def test_dpp_proto_auth_resp_status_invalid_i_bootstrap_key(dev
, apdev
):
2873 """DPP protocol testing - invalid I-bootstrap key in Auth Resp(status)"""
2874 run_dpp_proto_auth_resp_missing(dev
, 71,
2875 "Initiator Bootstrapping Key Hash attribute did not match",
2876 incompatible_roles
=True)
2878 def test_dpp_proto_auth_resp_no_r_proto_key(dev
, apdev
):
2879 """DPP protocol testing - no R-Proto Key in Auth Resp"""
2880 run_dpp_proto_auth_resp_missing(dev
, 19, "Missing required Responder Protocol Key attribute")
2882 def test_dpp_proto_auth_resp_invalid_r_proto_key(dev
, apdev
):
2883 """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
2884 run_dpp_proto_auth_resp_missing(dev
, 67, "Invalid Responder Protocol Key")
2886 def test_dpp_proto_auth_resp_no_r_nonce(dev
, apdev
):
2887 """DPP protocol testing - no R-nonce in Auth Resp"""
2888 run_dpp_proto_auth_resp_missing(dev
, 20, "Missing or invalid R-nonce")
2890 def test_dpp_proto_auth_resp_no_i_nonce(dev
, apdev
):
2891 """DPP protocol testing - no I-nonce in Auth Resp"""
2892 run_dpp_proto_auth_resp_missing(dev
, 21, "Missing or invalid I-nonce")
2894 def test_dpp_proto_auth_resp_status_no_i_nonce(dev
, apdev
):
2895 """DPP protocol testing - no I-nonce in Auth Resp(status)"""
2896 run_dpp_proto_auth_resp_missing(dev
, 21, "Missing or invalid I-nonce",
2897 incompatible_roles
=True)
2899 def test_dpp_proto_auth_resp_no_r_capab(dev
, apdev
):
2900 """DPP protocol testing - no R-capab in Auth Resp"""
2901 run_dpp_proto_auth_resp_missing(dev
, 22, "Missing or invalid R-capabilities")
2903 def test_dpp_proto_auth_resp_no_r_auth(dev
, apdev
):
2904 """DPP protocol testing - no R-auth in Auth Resp"""
2905 run_dpp_proto_auth_resp_missing(dev
, 23, "Missing or invalid Secondary Wrapped Data")
2907 def test_dpp_proto_auth_resp_no_wrapped_data(dev
, apdev
):
2908 """DPP protocol testing - no Wrapped Data in Auth Resp"""
2909 run_dpp_proto_auth_resp_missing(dev
, 24, "Missing or invalid required Wrapped Data attribute")
2911 def test_dpp_proto_auth_resp_i_nonce_mismatch(dev
, apdev
):
2912 """DPP protocol testing - I-nonce mismatch in Auth Resp"""
2913 run_dpp_proto_init(dev
, 0, 30, mutual
=True)
2914 wait_dpp_fail(dev
[1], "I-nonce mismatch")
2915 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=1)
2916 if ev
is None or "type=0" not in ev
:
2917 raise Exception("DPP Authentication Request not seen")
2918 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=0.1)
2920 raise Exception("Unexpected DPP message seen")
2922 def test_dpp_proto_auth_resp_incompatible_r_capab(dev
, apdev
):
2923 """DPP protocol testing - Incompatible R-capab in Auth Resp"""
2924 run_dpp_proto_init(dev
, 0, 31, mutual
=True)
2925 wait_dpp_fail(dev
[1], "Unexpected role in R-capabilities 0x02")
2926 wait_dpp_fail(dev
[0], "Peer reported incompatible R-capab role")
2928 def test_dpp_proto_auth_resp_r_auth_mismatch(dev
, apdev
):
2929 """DPP protocol testing - R-auth mismatch in Auth Resp"""
2930 run_dpp_proto_init(dev
, 0, 32, mutual
=True)
2931 wait_dpp_fail(dev
[1], "Mismatching Responder Authenticating Tag")
2932 wait_dpp_fail(dev
[0], "Peer reported authentication failure")
2934 def test_dpp_proto_auth_resp_r_auth_mismatch_failure(dev
, apdev
):
2935 """DPP protocol testing - Auth Conf RX processing failure"""
2936 with
alloc_fail(dev
[0], 1, "dpp_auth_conf_rx_failure"):
2937 run_dpp_proto_init(dev
, 0, 32, mutual
=True)
2938 wait_dpp_fail(dev
[0], "Authentication failed")
2940 def test_dpp_proto_auth_resp_r_auth_mismatch_failure2(dev
, apdev
):
2941 """DPP protocol testing - Auth Conf RX processing failure 2"""
2942 with
fail_test(dev
[0], 1, "dpp_auth_conf_rx_failure"):
2943 run_dpp_proto_init(dev
, 0, 32, mutual
=True)
2944 wait_dpp_fail(dev
[0], "AES-SIV decryption failed")
2946 def run_dpp_proto_auth_conf_missing(dev
, test
, reason
):
2947 run_dpp_proto_init(dev
, 1, test
, mutual
=True)
2951 wait_dpp_fail(dev
[0], reason
)
2953 def test_dpp_proto_auth_conf_no_status(dev
, apdev
):
2954 """DPP protocol testing - no Status in Auth Conf"""
2955 run_dpp_proto_auth_conf_missing(dev
, 25, "Missing or invalid required DPP Status attribute")
2957 def test_dpp_proto_auth_conf_invalid_status(dev
, apdev
):
2958 """DPP protocol testing - invalid Status in Auth Conf"""
2959 run_dpp_proto_auth_conf_missing(dev
, 75, "Authentication failed")
2961 def test_dpp_proto_auth_conf_no_r_bootstrap_key(dev
, apdev
):
2962 """DPP protocol testing - no R-bootstrap key in Auth Conf"""
2963 run_dpp_proto_auth_conf_missing(dev
, 26, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2965 def test_dpp_proto_auth_conf_invalid_r_bootstrap_key(dev
, apdev
):
2966 """DPP protocol testing - invalid R-bootstrap key in Auth Conf"""
2967 run_dpp_proto_auth_conf_missing(dev
, 72, "Responder Bootstrapping Key Hash mismatch")
2969 def test_dpp_proto_auth_conf_no_i_bootstrap_key(dev
, apdev
):
2970 """DPP protocol testing - no I-bootstrap key in Auth Conf"""
2971 run_dpp_proto_auth_conf_missing(dev
, 27, "Missing Initiator Bootstrapping Key Hash attribute")
2973 def test_dpp_proto_auth_conf_invalid_i_bootstrap_key(dev
, apdev
):
2974 """DPP protocol testing - invalid I-bootstrap key in Auth Conf"""
2975 run_dpp_proto_auth_conf_missing(dev
, 73, "Initiator Bootstrapping Key Hash mismatch")
2977 def test_dpp_proto_auth_conf_no_i_auth(dev
, apdev
):
2978 """DPP protocol testing - no I-Auth in Auth Conf"""
2979 run_dpp_proto_auth_conf_missing(dev
, 28, "Missing or invalid Initiator Authenticating Tag")
2981 def test_dpp_proto_auth_conf_no_wrapped_data(dev
, apdev
):
2982 """DPP protocol testing - no Wrapped Data in Auth Conf"""
2983 run_dpp_proto_auth_conf_missing(dev
, 29, "Missing or invalid required Wrapped Data attribute")
2985 def test_dpp_proto_auth_conf_i_auth_mismatch(dev
, apdev
):
2986 """DPP protocol testing - I-auth mismatch in Auth Conf"""
2987 run_dpp_proto_init(dev
, 1, 33, mutual
=True)
2988 wait_dpp_fail(dev
[0], "Mismatching Initiator Authenticating Tag")
2990 def test_dpp_proto_auth_conf_replaced_by_resp(dev
, apdev
):
2991 """DPP protocol testing - Auth Conf replaced by Resp"""
2992 run_dpp_proto_init(dev
, 1, 65, mutual
=True)
2993 wait_dpp_fail(dev
[0], "Unexpected Authentication Response")
2995 def run_dpp_proto_conf_req_missing(dev
, test
, reason
):
2996 run_dpp_proto_init(dev
, 0, test
)
2997 wait_dpp_fail(dev
[1], reason
)
2999 def test_dpp_proto_conf_req_no_e_nonce(dev
, apdev
):
3000 """DPP protocol testing - no E-nonce in Conf Req"""
3001 run_dpp_proto_conf_req_missing(dev
, 51,
3002 "Missing or invalid Enrollee Nonce attribute")
3004 def test_dpp_proto_conf_req_invalid_e_nonce(dev
, apdev
):
3005 """DPP protocol testing - invalid E-nonce in Conf Req"""
3006 run_dpp_proto_conf_req_missing(dev
, 83,
3007 "Missing or invalid Enrollee Nonce attribute")
3009 def test_dpp_proto_conf_req_no_config_attr_obj(dev
, apdev
):
3010 """DPP protocol testing - no Config Attr Obj in Conf Req"""
3011 run_dpp_proto_conf_req_missing(dev
, 52,
3012 "Missing or invalid Config Attributes attribute")
3014 def test_dpp_proto_conf_req_invalid_config_attr_obj(dev
, apdev
):
3015 """DPP protocol testing - invalid Config Attr Obj in Conf Req"""
3016 run_dpp_proto_conf_req_missing(dev
, 76,
3017 "Unsupported wi-fi_tech")
3019 def test_dpp_proto_conf_req_no_wrapped_data(dev
, apdev
):
3020 """DPP protocol testing - no Wrapped Data in Conf Req"""
3021 run_dpp_proto_conf_req_missing(dev
, 53,
3022 "Missing or invalid required Wrapped Data attribute")
3024 def run_dpp_proto_conf_resp_missing(dev
, test
, reason
):
3025 run_dpp_proto_init(dev
, 1, test
)
3026 wait_dpp_fail(dev
[0], reason
)
3028 def test_dpp_proto_conf_resp_no_e_nonce(dev
, apdev
):
3029 """DPP protocol testing - no E-nonce in Conf Resp"""
3030 run_dpp_proto_conf_resp_missing(dev
, 54,
3031 "Missing or invalid Enrollee Nonce attribute")
3033 def test_dpp_proto_conf_resp_no_config_obj(dev
, apdev
):
3034 """DPP protocol testing - no Config Object in Conf Resp"""
3035 run_dpp_proto_conf_resp_missing(dev
, 55,
3036 "Missing required Configuration Object attribute")
3038 def test_dpp_proto_conf_resp_no_status(dev
, apdev
):
3039 """DPP protocol testing - no Status in Conf Resp"""
3040 run_dpp_proto_conf_resp_missing(dev
, 56,
3041 "Missing or invalid required DPP Status attribute")
3043 def test_dpp_proto_conf_resp_no_wrapped_data(dev
, apdev
):
3044 """DPP protocol testing - no Wrapped Data in Conf Resp"""
3045 run_dpp_proto_conf_resp_missing(dev
, 57,
3046 "Missing or invalid required Wrapped Data attribute")
3048 def test_dpp_proto_conf_resp_invalid_status(dev
, apdev
):
3049 """DPP protocol testing - invalid Status in Conf Resp"""
3050 run_dpp_proto_conf_resp_missing(dev
, 58,
3051 "Configurator rejected configuration")
3053 def test_dpp_proto_conf_resp_e_nonce_mismatch(dev
, apdev
):
3054 """DPP protocol testing - E-nonce mismatch in Conf Resp"""
3055 run_dpp_proto_conf_resp_missing(dev
, 59,
3056 "Enrollee Nonce mismatch")
3058 def test_dpp_proto_stop_at_auth_req(dev
, apdev
):
3059 """DPP protocol testing - stop when receiving Auth Req"""
3060 run_dpp_proto_init(dev
, 0, 87)
3061 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
3063 raise Exception("Authentication init failure not reported")
3065 def test_dpp_proto_stop_at_auth_resp(dev
, apdev
):
3066 """DPP protocol testing - stop when receiving Auth Resp"""
3067 run_dpp_proto_init(dev
, 1, 88)
3069 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3071 raise Exception("Auth Req TX not seen")
3073 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3075 raise Exception("Auth Resp TX not seen")
3077 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=0.1)
3079 raise Exception("Unexpected Auth Conf TX")
3081 def test_dpp_proto_stop_at_auth_conf(dev
, apdev
):
3082 """DPP protocol testing - stop when receiving Auth Conf"""
3083 run_dpp_proto_init(dev
, 0, 89, init_enrollee
=True)
3084 ev
= dev
[1].wait_event(["GAS-QUERY-START"], timeout
=10)
3086 raise Exception("Enrollee did not start GAS")
3087 ev
= dev
[1].wait_event(["GAS-QUERY-DONE"], timeout
=10)
3089 raise Exception("Enrollee did not time out GAS")
3090 if "result=TIMEOUT" not in ev
:
3091 raise Exception("Unexpected GAS result: " + ev
)
3093 def test_dpp_proto_stop_at_auth_conf_tx(dev
, apdev
):
3094 """DPP protocol testing - stop when transmitting Auth Conf (Registrar)"""
3095 run_dpp_proto_init(dev
, 1, 89, init_enrollee
=True)
3096 wait_auth_success(dev
[0], dev
[1], timeout
=10)
3097 ev
= dev
[1].wait_event(["GAS-QUERY-START"], timeout
=0.1)
3099 raise Exception("Unexpected GAS query")
3101 # There is currently no timeout on GAS server side, so no event to wait for
3104 def test_dpp_proto_stop_at_auth_conf_tx2(dev
, apdev
):
3105 """DPP protocol testing - stop when transmitting Auth Conf (Enrollee)"""
3106 run_dpp_proto_init(dev
, 1, 89)
3107 wait_auth_success(dev
[0], dev
[1], timeout
=10)
3109 ev
= dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=5)
3110 if ev
is None or "result=TIMEOUT" not in ev
:
3111 raise Exception("GAS query did not time out")
3113 def test_dpp_proto_stop_at_conf_req(dev
, apdev
):
3114 """DPP protocol testing - stop when receiving Auth Req"""
3115 run_dpp_proto_init(dev
, 1, 90)
3116 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=10)
3118 raise Exception("Enrollee did not start GAS")
3119 ev
= dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=10)
3121 raise Exception("Enrollee did not time out GAS")
3122 if "result=TIMEOUT" not in ev
:
3123 raise Exception("Unexpected GAS result: " + ev
)
3125 def run_dpp_proto_init_pkex(dev
, test_dev
, test
):
3126 check_dpp_capab(dev
[0])
3127 check_dpp_capab(dev
[1])
3128 dev
[test_dev
].set("dpp_test", str(test
))
3129 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
3130 dev
[1].dpp_pkex_init(identifier
="test", code
="secret")
3132 def test_dpp_proto_after_wrapped_data_pkex_cr_req(dev
, apdev
):
3133 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Req"""
3134 run_dpp_proto_init_pkex(dev
, 1, 4)
3135 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
3136 if ev
is None or "type=7" not in ev
:
3137 raise Exception("PKEX Exchange Request not seen")
3138 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
3139 if ev
is None or "type=9" not in ev
:
3140 raise Exception("PKEX Commit-Reveal Request not seen")
3141 if "ignore=invalid-attributes" not in ev
:
3142 raise Exception("Unexpected RX info: " + ev
)
3144 def test_dpp_proto_after_wrapped_data_pkex_cr_resp(dev
, apdev
):
3145 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Resp"""
3146 run_dpp_proto_init_pkex(dev
, 0, 5)
3147 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=5)
3148 if ev
is None or "type=8" not in ev
:
3149 raise Exception("PKEX Exchange Response not seen")
3150 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=5)
3151 if ev
is None or "type=10" not in ev
:
3152 raise Exception("PKEX Commit-Reveal Response not seen")
3153 if "ignore=invalid-attributes" not in ev
:
3154 raise Exception("Unexpected RX info: " + ev
)
3156 def run_dpp_proto_pkex_req_missing(dev
, test
, reason
):
3157 run_dpp_proto_init_pkex(dev
, 1, test
)
3158 wait_dpp_fail(dev
[0], reason
)
3160 def run_dpp_proto_pkex_resp_missing(dev
, test
, reason
):
3161 run_dpp_proto_init_pkex(dev
, 0, test
)
3162 wait_dpp_fail(dev
[1], reason
)
3164 def test_dpp_proto_pkex_exchange_req_no_finite_cyclic_group(dev
, apdev
):
3165 """DPP protocol testing - no Finite Cyclic Group in PKEX Exchange Request"""
3166 run_dpp_proto_pkex_req_missing(dev
, 34,
3167 "Missing or invalid Finite Cyclic Group attribute")
3169 def test_dpp_proto_pkex_exchange_req_no_encrypted_key(dev
, apdev
):
3170 """DPP protocol testing - no Encrypted Key in PKEX Exchange Request"""
3171 run_dpp_proto_pkex_req_missing(dev
, 35,
3172 "Missing Encrypted Key attribute")
3174 def test_dpp_proto_pkex_exchange_resp_no_status(dev
, apdev
):
3175 """DPP protocol testing - no Status in PKEX Exchange Response"""
3176 run_dpp_proto_pkex_resp_missing(dev
, 36, "No DPP Status attribute")
3178 def test_dpp_proto_pkex_exchange_resp_no_encrypted_key(dev
, apdev
):
3179 """DPP protocol testing - no Encrypted Key in PKEX Exchange Response"""
3180 run_dpp_proto_pkex_resp_missing(dev
, 37, "Missing Encrypted Key attribute")
3182 def test_dpp_proto_pkex_cr_req_no_bootstrap_key(dev
, apdev
):
3183 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Request"""
3184 run_dpp_proto_pkex_req_missing(dev
, 38,
3185 "No valid peer bootstrapping key found")
3187 def test_dpp_proto_pkex_cr_req_no_i_auth_tag(dev
, apdev
):
3188 """DPP protocol testing - no I-Auth Tag in PKEX Commit-Reveal Request"""
3189 run_dpp_proto_pkex_req_missing(dev
, 39, "No valid u (I-Auth tag) found")
3191 def test_dpp_proto_pkex_cr_req_no_wrapped_data(dev
, apdev
):
3192 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Request"""
3193 run_dpp_proto_pkex_req_missing(dev
, 40, "Missing or invalid required Wrapped Data attribute")
3195 def test_dpp_proto_pkex_cr_resp_no_bootstrap_key(dev
, apdev
):
3196 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Response"""
3197 run_dpp_proto_pkex_resp_missing(dev
, 41,
3198 "No valid peer bootstrapping key found")
3200 def test_dpp_proto_pkex_cr_resp_no_r_auth_tag(dev
, apdev
):
3201 """DPP protocol testing - no R-Auth Tag in PKEX Commit-Reveal Response"""
3202 run_dpp_proto_pkex_resp_missing(dev
, 42, "No valid v (R-Auth tag) found")
3204 def test_dpp_proto_pkex_cr_resp_no_wrapped_data(dev
, apdev
):
3205 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Response"""
3206 run_dpp_proto_pkex_resp_missing(dev
, 43, "Missing or invalid required Wrapped Data attribute")
3208 def test_dpp_proto_pkex_exchange_req_invalid_encrypted_key(dev
, apdev
):
3209 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Request"""
3210 run_dpp_proto_pkex_req_missing(dev
, 44,
3211 "Invalid Encrypted Key value")
3213 def test_dpp_proto_pkex_exchange_resp_invalid_encrypted_key(dev
, apdev
):
3214 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Response"""
3215 run_dpp_proto_pkex_resp_missing(dev
, 45,
3216 "Invalid Encrypted Key value")
3218 def test_dpp_proto_pkex_exchange_resp_invalid_status(dev
, apdev
):
3219 """DPP protocol testing - invalid Status in PKEX Exchange Response"""
3220 run_dpp_proto_pkex_resp_missing(dev
, 46,
3221 "PKEX failed (peer indicated failure)")
3223 def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev
, apdev
):
3224 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
3225 run_dpp_proto_pkex_req_missing(dev
, 47,
3226 "Peer bootstrapping key is invalid")
3228 def test_dpp_proto_pkex_cr_resp_invalid_bootstrap_key(dev
, apdev
):
3229 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Response"""
3230 run_dpp_proto_pkex_resp_missing(dev
, 48,
3231 "Peer bootstrapping key is invalid")
3233 def test_dpp_proto_pkex_cr_req_i_auth_tag_mismatch(dev
, apdev
):
3234 """DPP protocol testing - I-auth tag mismatch in PKEX Commit-Reveal Request"""
3235 run_dpp_proto_pkex_req_missing(dev
, 49, "No valid u (I-Auth tag) found")
3237 def test_dpp_proto_pkex_cr_resp_r_auth_tag_mismatch(dev
, apdev
):
3238 """DPP protocol testing - R-auth tag mismatch in PKEX Commit-Reveal Response"""
3239 run_dpp_proto_pkex_resp_missing(dev
, 50, "No valid v (R-Auth tag) found")
3241 def test_dpp_proto_stop_at_pkex_exchange_resp(dev
, apdev
):
3242 """DPP protocol testing - stop when receiving PKEX Exchange Response"""
3243 run_dpp_proto_init_pkex(dev
, 1, 84)
3245 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3247 raise Exception("PKEX Exchange Req TX not seen")
3249 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3251 raise Exception("PKEX Exchange Resp not seen")
3253 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=0.1)
3255 raise Exception("Unexpected PKEX CR Req TX")
3257 def test_dpp_proto_stop_at_pkex_cr_req(dev
, apdev
):
3258 """DPP protocol testing - stop when receiving PKEX CR Request"""
3259 run_dpp_proto_init_pkex(dev
, 0, 85)
3261 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3263 raise Exception("PKEX Exchange Req TX not seen")
3265 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3267 raise Exception("PKEX Exchange Resp not seen")
3269 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3271 raise Exception("PKEX CR Req TX not seen")
3273 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=0.1)
3275 raise Exception("Unexpected PKEX CR Resp TX")
3277 def test_dpp_proto_stop_at_pkex_cr_resp(dev
, apdev
):
3278 """DPP protocol testing - stop when receiving PKEX CR Response"""
3279 run_dpp_proto_init_pkex(dev
, 1, 86)
3281 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3283 raise Exception("PKEX Exchange Req TX not seen")
3285 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3287 raise Exception("PKEX Exchange Resp not seen")
3289 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3291 raise Exception("PKEX CR Req TX not seen")
3293 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3295 raise Exception("PKEX CR Resp TX not seen")
3297 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=0.1)
3299 raise Exception("Unexpected Auth Req TX")
3301 def test_dpp_proto_network_introduction(dev
, apdev
):
3302 """DPP protocol testing - network introduction"""
3303 check_dpp_capab(dev
[0])
3304 check_dpp_capab(dev
[1])
3306 params
= {"ssid": "dpp",
3308 "wpa_key_mgmt": "DPP",
3310 "rsn_pairwise": "CCMP",
3311 "dpp_connector": params1_ap_connector
,
3312 "dpp_csign": params1_csign
,
3313 "dpp_netaccesskey": params1_ap_netaccesskey
}
3315 hapd
= hostapd
.add_ap(apdev
[0], params
)
3317 raise HwsimSkip("DPP not supported")
3319 for test
in [60, 61, 80, 82]:
3320 dev
[0].set("dpp_test", str(test
))
3321 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412", ieee80211w
="2",
3322 dpp_csign
=params1_csign
,
3323 dpp_connector
=params1_sta_connector
,
3324 dpp_netaccesskey
=params1_sta_netaccesskey
,
3327 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=10)
3328 if ev
is None or "type=5" not in ev
:
3329 raise Exception("Peer Discovery Request TX not reported")
3330 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=2)
3331 if ev
is None or "result=SUCCESS" not in ev
:
3332 raise Exception("Peer Discovery Request TX status not reported")
3334 ev
= hapd
.wait_event(["DPP-RX"], timeout
=10)
3335 if ev
is None or "type=5" not in ev
:
3336 raise Exception("Peer Discovery Request RX not reported")
3339 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
3341 raise Exception("DPP-INTRO not reported for test 80")
3342 if "status=7" not in ev
:
3343 raise Exception("Unexpected result in test 80: " + ev
)
3345 dev
[0].request("REMOVE_NETWORK all")
3346 dev
[0].dump_monitor()
3348 dev
[0].set("dpp_test", "0")
3350 for test
in [62, 63, 64, 77, 78, 79]:
3351 hapd
.set("dpp_test", str(test
))
3352 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412", ieee80211w
="2",
3353 dpp_csign
=params1_csign
,
3354 dpp_connector
=params1_sta_connector
,
3355 dpp_netaccesskey
=params1_sta_netaccesskey
,
3358 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
3360 raise Exception("Peer introduction result not reported (test %d)" % test
)
3362 if "fail=transaction_id_mismatch" not in ev
:
3363 raise Exception("Connector validation failure not reported")
3365 if "status=254" not in ev
:
3366 raise Exception("Invalid status value not reported")
3368 if "fail=peer_connector_validation_failed" not in ev
:
3369 raise Exception("Connector validation failure not reported")
3370 elif "status=" in ev
:
3371 raise Exception("Unexpected peer introduction result (test %d): " % test
+ ev
)
3373 dev
[0].request("REMOVE_NETWORK all")
3374 dev
[0].dump_monitor()
3376 hapd
.set("dpp_test", "0")
3378 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412", ieee80211w
="2",
3379 dpp_csign
=params1_csign
, dpp_connector
=params1_sta_connector
,
3380 dpp_netaccesskey
=params1_sta_netaccesskey
)
3382 def test_dpp_qr_code_no_chan_list_unicast(dev
, apdev
):
3383 """DPP QR Code and no channel list (unicast)"""
3384 run_dpp_qr_code_chan_list(dev
, apdev
, True, 2417, None)
3386 def test_dpp_qr_code_chan_list_unicast(dev
, apdev
):
3387 """DPP QR Code and 2.4 GHz channels (unicast)"""
3388 run_dpp_qr_code_chan_list(dev
, apdev
, True, 2417,
3389 "81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13")
3391 def test_dpp_qr_code_chan_list_unicast2(dev
, apdev
):
3392 """DPP QR Code and 2.4 GHz channels (unicast 2)"""
3393 run_dpp_qr_code_chan_list(dev
, apdev
, True, 2417,
3394 "81/1,2,3,4,5,6,7,8,9,10,11,12,13")
3396 def test_dpp_qr_code_chan_list_no_peer_unicast(dev
, apdev
):
3397 """DPP QR Code and channel list and no peer (unicast)"""
3398 run_dpp_qr_code_chan_list(dev
, apdev
, True, 2417, "81/1,81/6,81/11",
3400 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
3402 raise Exception("Initiation failure not reported")
3404 def test_dpp_qr_code_no_chan_list_broadcast(dev
, apdev
):
3405 """DPP QR Code and no channel list (broadcast)"""
3406 run_dpp_qr_code_chan_list(dev
, apdev
, False, 2412, None)
3408 def test_dpp_qr_code_chan_list_broadcast(dev
, apdev
):
3409 """DPP QR Code and some 2.4 GHz channels (broadcast)"""
3410 run_dpp_qr_code_chan_list(dev
, apdev
, False, 2412, "81/1,81/6,81/11",
3413 def run_dpp_qr_code_chan_list(dev
, apdev
, unicast
, listen_freq
, chanlist
,
3414 no_wait
=False, timeout
=5):
3415 check_dpp_capab(dev
[0])
3416 check_dpp_capab(dev
[1])
3417 dev
[1].set("dpp_init_max_tries", "3")
3418 dev
[1].set("dpp_init_retry_time", "100")
3419 dev
[1].set("dpp_resp_wait_time", "1000")
3421 logger
.info("dev0 displays QR Code")
3422 id0
= dev
[0].dpp_bootstrap_gen(chan
=chanlist
, mac
=unicast
)
3423 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3424 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
3425 dev
[0].dpp_listen(listen_freq
)
3426 dev
[1].dpp_auth_init(uri
=uri0
)
3429 wait_auth_success(dev
[0], dev
[1], timeout
=timeout
, configurator
=dev
[1],
3430 enrollee
=dev
[0], allow_enrollee_failure
=True,
3431 stop_responder
=True)
3433 def test_dpp_qr_code_chan_list_no_match(dev
, apdev
):
3434 """DPP QR Code and no matching supported channel"""
3435 check_dpp_capab(dev
[0])
3436 check_dpp_capab(dev
[1])
3437 id0
= dev
[0].dpp_bootstrap_gen(chan
="123/123")
3438 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3439 dev
[1].dpp_auth_init(uri
=uri0
, expect_fail
=True)
3441 def test_dpp_pkex_alloc_fail(dev
, apdev
):
3442 """DPP/PKEX and memory allocation failures"""
3443 check_dpp_capab(dev
[0])
3444 check_dpp_capab(dev
[1])
3446 tests
= [(1, "=dpp_keygen_configurator"),
3447 (1, "base64_gen_encode;dpp_keygen_configurator")]
3448 for count
, func
in tests
:
3449 with
alloc_fail(dev
[1], count
, func
):
3450 cmd
= "DPP_CONFIGURATOR_ADD"
3451 res
= dev
[1].request(cmd
)
3452 if "FAIL" not in res
:
3453 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
3455 conf_id
= dev
[1].dpp_configurator_add()
3460 # Local error cases on the Initiator
3461 tests
= [(1, "dpp_get_pubkey_point"),
3462 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_req"),
3463 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_req"),
3464 (1, "dpp_alloc_msg;dpp_auth_build_req"),
3465 (1, "dpp_alloc_msg;dpp_auth_build_conf"),
3466 (1, "dpp_bootstrap_key_hash"),
3467 (1, "dpp_auth_init"),
3468 (1, "=dpp_auth_resp_rx"),
3469 (2, "=dpp_auth_resp_rx"),
3470 (1, "dpp_build_conf_start"),
3471 (1, "dpp_build_conf_obj_dpp"),
3472 (2, "dpp_build_conf_obj_dpp"),
3473 (3, "dpp_build_conf_obj_dpp"),
3474 (4, "dpp_build_conf_obj_dpp"),
3475 (5, "dpp_build_conf_obj_dpp"),
3476 (6, "dpp_build_conf_obj_dpp"),
3477 (7, "dpp_build_conf_obj_dpp"),
3478 (8, "dpp_build_conf_obj_dpp"),
3479 (1, "dpp_conf_req_rx"),
3480 (2, "dpp_conf_req_rx"),
3481 (3, "dpp_conf_req_rx"),
3482 (4, "dpp_conf_req_rx"),
3483 (5, "dpp_conf_req_rx"),
3484 (6, "dpp_conf_req_rx"),
3485 (7, "dpp_conf_req_rx"),
3486 (1, "dpp_pkex_init"),
3487 (2, "dpp_pkex_init"),
3488 (3, "dpp_pkex_init"),
3489 (1, "dpp_pkex_derive_z"),
3490 (1, "=dpp_pkex_rx_commit_reveal_resp"),
3491 (1, "dpp_get_pubkey_point;dpp_build_jwk"),
3492 (2, "dpp_get_pubkey_point;dpp_build_jwk"),
3493 (1, "dpp_get_pubkey_point;dpp_auth_init")]
3494 for count
, func
in tests
:
3495 dev
[0].request("DPP_STOP_LISTEN")
3496 dev
[1].request("DPP_STOP_LISTEN")
3497 dev
[0].dump_monitor()
3498 dev
[1].dump_monitor()
3499 id0
= dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
3502 with
alloc_fail(dev
[1], count
, func
):
3503 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="secret",
3505 extra
="conf=sta-dpp configurator=%d" % conf_id
,
3507 wait_fail_trigger(dev
[1], "GET_ALLOC_FAIL", max_iter
=100)
3508 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=0.01)
3510 dev
[0].request("DPP_STOP_LISTEN")
3511 dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=3)
3513 # Local error cases on the Responder
3514 tests
= [(1, "dpp_get_pubkey_point"),
3515 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_resp"),
3516 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_resp"),
3517 (1, "dpp_alloc_msg;dpp_auth_build_resp"),
3518 (1, "dpp_get_pubkey_point;dpp_auth_build_resp_ok"),
3519 (1, "=dpp_auth_req_rx"),
3520 (2, "=dpp_auth_req_rx"),
3521 (1, "=dpp_auth_conf_rx"),
3522 (1, "json_parse;dpp_parse_jws_prot_hdr"),
3523 (1, "json_get_member_base64url;dpp_parse_jws_prot_hdr"),
3524 (1, "json_get_member_base64url;dpp_parse_jwk"),
3525 (2, "json_get_member_base64url;dpp_parse_jwk"),
3526 (1, "json_parse;dpp_parse_connector"),
3527 (1, "dpp_parse_jwk;dpp_parse_connector"),
3528 (1, "dpp_parse_jwk;dpp_parse_cred_dpp"),
3529 (1, "dpp_get_pubkey_point;dpp_check_pubkey_match"),
3530 (1, "base64_gen_decode;dpp_process_signed_connector"),
3531 (1, "dpp_parse_jws_prot_hdr;dpp_process_signed_connector"),
3532 (2, "base64_gen_decode;dpp_process_signed_connector"),
3533 (3, "base64_gen_decode;dpp_process_signed_connector"),
3534 (4, "base64_gen_decode;dpp_process_signed_connector"),
3535 (1, "json_parse;dpp_parse_conf_obj"),
3536 (1, "dpp_conf_resp_rx"),
3537 (1, "=dpp_pkex_derive_z"),
3538 (1, "=dpp_pkex_rx_exchange_req"),
3539 (2, "=dpp_pkex_rx_exchange_req"),
3540 (3, "=dpp_pkex_rx_exchange_req"),
3541 (1, "=dpp_pkex_rx_commit_reveal_req"),
3542 (1, "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"),
3543 (1, "dpp_bootstrap_key_hash")]
3544 for count
, func
in tests
:
3545 dev
[0].request("DPP_STOP_LISTEN")
3546 dev
[1].request("DPP_STOP_LISTEN")
3547 dev
[0].dump_monitor()
3548 dev
[1].dump_monitor()
3549 id0
= dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
3552 with
alloc_fail(dev
[0], count
, func
):
3553 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="secret",
3555 extra
="conf=sta-dpp configurator=%d" % conf_id
)
3556 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL", max_iter
=100)
3557 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=0.01)
3559 dev
[0].request("DPP_STOP_LISTEN")
3560 dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=3)
3562 def test_dpp_pkex_test_fail(dev
, apdev
):
3563 """DPP/PKEX and local failures"""
3564 check_dpp_capab(dev
[0])
3565 check_dpp_capab(dev
[1])
3567 tests
= [(1, "dpp_keygen_configurator")]
3568 for count
, func
in tests
:
3569 with
fail_test(dev
[1], count
, func
):
3570 cmd
= "DPP_CONFIGURATOR_ADD"
3571 res
= dev
[1].request(cmd
)
3572 if "FAIL" not in res
:
3573 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
3575 tests
= [(1, "dpp_keygen")]
3576 for count
, func
in tests
:
3577 with
fail_test(dev
[1], count
, func
):
3578 cmd
= "DPP_BOOTSTRAP_GEN type=pkex"
3579 res
= dev
[1].request(cmd
)
3580 if "FAIL" not in res
:
3581 raise Exception("Unexpected DPP_BOOTSTRAP_GEN success")
3583 conf_id
= dev
[1].dpp_configurator_add()
3588 # Local error cases on the Initiator
3589 tests
= [(1, "aes_siv_encrypt;dpp_auth_build_req"),
3590 (1, "os_get_random;dpp_auth_init"),
3591 (1, "dpp_derive_k1;dpp_auth_init"),
3592 (1, "dpp_hkdf_expand;dpp_derive_k1;dpp_auth_init"),
3593 (1, "dpp_gen_i_auth;dpp_auth_build_conf"),
3594 (1, "aes_siv_encrypt;dpp_auth_build_conf"),
3595 (1, "dpp_derive_k2;dpp_auth_resp_rx"),
3596 (1, "dpp_hkdf_expand;dpp_derive_k2;dpp_auth_resp_rx"),
3597 (1, "dpp_derive_ke;dpp_auth_resp_rx"),
3598 (1, "dpp_hkdf_expand;dpp_derive_ke;dpp_auth_resp_rx"),
3599 (1, "dpp_gen_r_auth;dpp_auth_resp_rx"),
3600 (1, "aes_siv_encrypt;dpp_build_conf_resp"),
3601 (1, "dpp_pkex_derive_Qi;dpp_pkex_build_exchange_req"),
3602 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_req"),
3603 (1, "hmac_sha256_vector;dpp_pkex_rx_exchange_resp"),
3604 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_resp"),
3605 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_resp"),
3606 (1, "dpp_bootstrap_key_hash")]
3607 for count
, func
in tests
:
3608 dev
[0].request("DPP_STOP_LISTEN")
3609 dev
[1].request("DPP_STOP_LISTEN")
3610 dev
[0].dump_monitor()
3611 dev
[1].dump_monitor()
3612 id0
= dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
3615 with
fail_test(dev
[1], count
, func
):
3616 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="secret",
3618 extra
="conf=sta-dpp configurator=%d" % conf_id
,
3620 wait_fail_trigger(dev
[1], "GET_FAIL", max_iter
=100)
3621 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=0.01)
3623 dev
[0].request("DPP_STOP_LISTEN")
3624 dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=3)
3626 # Local error cases on the Responder
3627 tests
= [(1, "aes_siv_encrypt;dpp_auth_build_resp"),
3628 (1, "aes_siv_encrypt;dpp_auth_build_resp;dpp_auth_build_resp_ok"),
3629 (1, "os_get_random;dpp_build_conf_req"),
3630 (1, "aes_siv_encrypt;dpp_build_conf_req"),
3631 (1, "os_get_random;dpp_auth_build_resp_ok"),
3632 (1, "dpp_derive_k2;dpp_auth_build_resp_ok"),
3633 (1, "dpp_derive_ke;dpp_auth_build_resp_ok"),
3634 (1, "dpp_gen_r_auth;dpp_auth_build_resp_ok"),
3635 (1, "aes_siv_encrypt;dpp_auth_build_resp_ok"),
3636 (1, "dpp_derive_k1;dpp_auth_req_rx"),
3637 (1, "aes_siv_decrypt;dpp_auth_req_rx"),
3638 (1, "aes_siv_decrypt;dpp_auth_conf_rx"),
3639 (1, "dpp_gen_i_auth;dpp_auth_conf_rx"),
3640 (1, "dpp_check_pubkey_match"),
3641 (1, "aes_siv_decrypt;dpp_conf_resp_rx"),
3642 (1, "hmac_sha256_kdf;dpp_pkex_derive_z"),
3643 (1, "dpp_pkex_derive_Qi;dpp_pkex_rx_exchange_req"),
3644 (1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_req"),
3645 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_resp"),
3646 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_req"),
3647 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req"),
3648 (2, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req")]
3649 for count
, func
in tests
:
3650 dev
[0].request("DPP_STOP_LISTEN")
3651 dev
[1].request("DPP_STOP_LISTEN")
3652 dev
[0].dump_monitor()
3653 dev
[1].dump_monitor()
3654 id0
= dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
3657 with
fail_test(dev
[0], count
, func
):
3658 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="secret",
3660 extra
="conf=sta-dpp configurator=%d" % conf_id
)
3661 wait_fail_trigger(dev
[0], "GET_FAIL", max_iter
=100)
3662 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=0.01)
3664 dev
[0].request("DPP_STOP_LISTEN")
3665 dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=3)
3667 def test_dpp_keygen_configurator_error(dev
, apdev
):
3668 """DPP Configurator keygen error case"""
3669 check_dpp_capab(dev
[0])
3670 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD curve=unknown"):
3671 raise Exception("Unexpected success of invalid DPP_CONFIGURATOR_ADD")
3673 def rx_process_frame(dev
):
3676 raise Exception("No management frame RX reported")
3677 if "OK" not in dev
.request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
3678 msg
['freq'], msg
['datarate'], msg
['ssi_signal'], binascii
.hexlify(msg
['frame']).decode())):
3679 raise Exception("MGMT_RX_PROCESS failed")
3682 def wait_auth_success(responder
, initiator
, configurator
=None, enrollee
=None,
3683 allow_enrollee_failure
=False,
3684 allow_configurator_failure
=False,
3685 require_configurator_failure
=False,
3686 timeout
=5, stop_responder
=False, stop_initiator
=False):
3688 ev
= responder
.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout
=timeout
)
3689 if ev
is None or "DPP-AUTH-SUCCESS" not in ev
:
3690 raise Exception("DPP authentication did not succeed (Responder)")
3691 ev
= initiator
.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout
=5)
3692 if ev
is None or "DPP-AUTH-SUCCESS" not in ev
:
3693 raise Exception("DPP authentication did not succeed (Initiator)")
3695 ev
= configurator
.wait_event(["DPP-CONF-SENT",
3696 "DPP-CONF-FAILED"], timeout
=5)
3698 raise Exception("DPP configuration not completed (Configurator)")
3699 if "DPP-CONF-FAILED" in ev
and not allow_configurator_failure
:
3700 raise Exception("DPP configuration did not succeed (Configurator")
3701 if "DPP-CONF-SENT" in ev
and require_configurator_failure
:
3702 raise Exception("DPP configuration succeeded (Configurator)")
3703 if "DPP-CONF-SENT" in ev
and "wait_conn_status=1" in ev
:
3704 res
['wait_conn_status'] = True
3706 ev
= enrollee
.wait_event(["DPP-CONF-RECEIVED",
3707 "DPP-CONF-FAILED"], timeout
=5)
3709 raise Exception("DPP configuration not completed (Enrollee)")
3710 if "DPP-CONF-FAILED" in ev
and not allow_enrollee_failure
:
3711 raise Exception("DPP configuration did not succeed (Enrollee)")
3713 responder
.request("DPP_STOP_LISTEN")
3715 initiator
.request("DPP_STOP_LISTEN")
3718 def wait_conf_completion(configurator
, enrollee
):
3719 ev
= configurator
.wait_event(["DPP-CONF-SENT"], timeout
=5)
3721 raise Exception("DPP configuration not completed (Configurator)")
3722 ev
= enrollee
.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
3725 raise Exception("DPP configuration not completed (Enrollee)")
3728 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3729 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3731 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
3732 dev
[0].set("dpp_config_obj_override", conf
)
3734 dev
[0].set("ext_mgmt_frame_handling", "1")
3735 dev
[0].dpp_listen(2412)
3736 dev
[1].dpp_auth_init(uri
=uri0
, role
="enrollee")
3738 def test_dpp_gas_timeout_handling(dev
, apdev
):
3739 """DPP and GAS timeout handling"""
3740 check_dpp_capab(dev
[0])
3741 check_dpp_capab(dev
[1])
3744 # DPP Authentication Request
3745 rx_process_frame(dev
[0])
3747 # DPP Authentication Confirmation
3748 rx_process_frame(dev
[0])
3750 wait_auth_success(dev
[0], dev
[1])
3752 # DPP Configuration Request (GAS Initial Request frame)
3753 rx_process_frame(dev
[0])
3755 # DPP Configuration Request (GAS Comeback Request frame)
3756 rx_process_frame(dev
[0])
3758 # Wait for GAS timeout
3759 ev
= dev
[1].wait_event(["DPP-CONF-FAILED"], timeout
=5)
3761 raise Exception("DPP configuration not completed (Enrollee)")
3763 def test_dpp_gas_comeback_after_failure(dev
, apdev
):
3764 """DPP and GAS comeback after failure"""
3765 check_dpp_capab(dev
[0])
3766 check_dpp_capab(dev
[1])
3769 # DPP Authentication Request
3770 rx_process_frame(dev
[0])
3772 # DPP Authentication Confirmation
3773 rx_process_frame(dev
[0])
3775 wait_auth_success(dev
[0], dev
[1])
3777 # DPP Configuration Request (GAS Initial Request frame)
3778 rx_process_frame(dev
[0])
3780 # DPP Configuration Request (GAS Comeback Request frame)
3781 msg
= dev
[0].mgmt_rx()
3782 frame
= binascii
.hexlify(msg
['frame']).decode()
3783 with
alloc_fail(dev
[0], 1, "gas_build_comeback_resp;gas_server_handle_rx_comeback_req"):
3784 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3785 raise Exception("MGMT_RX_PROCESS failed")
3786 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
3787 # Try the same frame again - this is expected to fail since the response has
3788 # already been freed.
3789 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3790 raise Exception("MGMT_RX_PROCESS failed")
3792 # DPP Configuration Request (GAS Comeback Request frame retry)
3793 msg
= dev
[0].mgmt_rx()
3795 def test_dpp_gas(dev
, apdev
):
3796 """DPP and GAS protocol testing"""
3797 ver0
= check_dpp_capab(dev
[0])
3798 ver1
= check_dpp_capab(dev
[1])
3801 # DPP Authentication Request
3802 rx_process_frame(dev
[0])
3804 # DPP Authentication Confirmation
3805 rx_process_frame(dev
[0])
3807 wait_auth_success(dev
[0], dev
[1])
3809 # DPP Configuration Request (GAS Initial Request frame)
3810 msg
= dev
[0].mgmt_rx()
3812 # Protected Dual of GAS Initial Request frame (dropped by GAS server)
3814 raise Exception("MGMT_RX_PROCESS failed. <Please retry>")
3815 frame
= binascii
.hexlify(msg
['frame'])
3816 frame
= frame
[0:48] + b
"09" + frame
[50:]
3817 frame
= frame
.decode()
3818 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3819 raise Exception("MGMT_RX_PROCESS failed")
3821 with
alloc_fail(dev
[0], 1, "gas_server_send_resp"):
3822 frame
= binascii
.hexlify(msg
['frame']).decode()
3823 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3824 raise Exception("MGMT_RX_PROCESS failed")
3825 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
3827 with
alloc_fail(dev
[0], 1, "gas_build_initial_resp;gas_server_send_resp"):
3828 frame
= binascii
.hexlify(msg
['frame']).decode()
3829 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3830 raise Exception("MGMT_RX_PROCESS failed")
3831 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
3833 # Add extra data after Query Request field to trigger
3834 # "GAS: Ignored extra data after Query Request field"
3835 frame
= binascii
.hexlify(msg
['frame']).decode() + "00"
3836 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3837 raise Exception("MGMT_RX_PROCESS failed")
3839 # DPP Configuration Request (GAS Comeback Request frame)
3840 rx_process_frame(dev
[0])
3842 # DPP Configuration Request (GAS Comeback Request frame)
3843 rx_process_frame(dev
[0])
3845 # DPP Configuration Request (GAS Comeback Request frame)
3846 rx_process_frame(dev
[0])
3848 if ver0
>= 2 and ver1
>= 2:
3849 # DPP Configuration Result
3850 rx_process_frame(dev
[0])
3852 wait_conf_completion(dev
[0], dev
[1])
3854 def test_dpp_truncated_attr(dev
, apdev
):
3855 """DPP and truncated attribute"""
3856 check_dpp_capab(dev
[0])
3857 check_dpp_capab(dev
[1])
3860 # DPP Authentication Request
3861 msg
= dev
[0].mgmt_rx()
3862 frame
= msg
['frame']
3864 # DPP: Truncated message - not enough room for the attribute - dropped
3865 frame1
= binascii
.hexlify(frame
[0:36]).decode()
3866 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame1
)):
3867 raise Exception("MGMT_RX_PROCESS failed")
3868 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
3869 if ev
is None or "ignore=invalid-attributes" not in ev
:
3870 raise Exception("Invalid attribute error not reported")
3872 # DPP: Unexpected octets (3) after the last attribute
3873 frame2
= binascii
.hexlify(frame
).decode() + "000000"
3874 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame2
)):
3875 raise Exception("MGMT_RX_PROCESS failed")
3876 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
3877 if ev
is None or "ignore=invalid-attributes" not in ev
:
3878 raise Exception("Invalid attribute error not reported")
3880 def test_dpp_bootstrap_key_autogen_issues(dev
, apdev
):
3881 """DPP bootstrap key autogen issues"""
3882 check_dpp_capab(dev
[0])
3883 check_dpp_capab(dev
[1])
3885 logger
.info("dev0 displays QR Code")
3886 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3887 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3889 logger
.info("dev1 scans QR Code")
3890 id1
= dev
[1].dpp_qr_code(uri0
)
3892 logger
.info("dev1 initiates DPP Authentication")
3893 dev
[0].dpp_listen(2412)
3894 with
alloc_fail(dev
[1], 1, "dpp_autogen_bootstrap_key"):
3895 dev
[1].dpp_auth_init(peer
=id1
, expect_fail
=True)
3896 with
alloc_fail(dev
[1], 2, "=dpp_autogen_bootstrap_key"):
3897 dev
[1].dpp_auth_init(peer
=id1
, expect_fail
=True)
3898 with
fail_test(dev
[1], 1, "dpp_keygen;dpp_autogen_bootstrap_key"):
3899 dev
[1].dpp_auth_init(peer
=id1
, expect_fail
=True)
3900 dev
[0].request("DPP_STOP_LISTEN")
3902 def test_dpp_auth_resp_status_failure(dev
, apdev
):
3903 """DPP and Auth Resp(status) build failure"""
3904 with
alloc_fail(dev
[0], 1, "dpp_auth_build_resp"):
3905 run_dpp_proto_auth_resp_missing(dev
, 99999, None,
3906 incompatible_roles
=True)
3908 def test_dpp_auth_resp_aes_siv_issue(dev
, apdev
):
3909 """DPP Auth Resp AES-SIV issue"""
3910 check_dpp_capab(dev
[0])
3911 check_dpp_capab(dev
[1])
3912 logger
.info("dev0 displays QR Code")
3913 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3914 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3915 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
3916 dev
[0].dpp_listen(2412)
3917 with
fail_test(dev
[1], 1, "aes_siv_decrypt;dpp_auth_resp_rx"):
3918 dev
[1].dpp_auth_init(uri
=uri0
)
3919 wait_dpp_fail(dev
[1], "AES-SIV decryption failed")
3920 dev
[0].request("DPP_STOP_LISTEN")
3922 def test_dpp_invalid_legacy_params(dev
, apdev
):
3923 """DPP invalid legacy parameters"""
3924 check_dpp_capab(dev
[0])
3925 check_dpp_capab(dev
[1])
3926 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3927 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3929 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-psk", ssid
="dpp-legacy",
3932 def test_dpp_invalid_legacy_params2(dev
, apdev
):
3933 """DPP invalid legacy parameters 2"""
3934 check_dpp_capab(dev
[0])
3935 check_dpp_capab(dev
[1])
3936 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3937 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3938 dev
[0].set("dpp_configurator_params",
3939 " conf=sta-psk ssid=%s" % (binascii
.hexlify(b
"dpp-legacy").decode()))
3940 dev
[0].dpp_listen(2412, role
="configurator")
3941 dev
[1].dpp_auth_init(uri
=uri0
, role
="enrollee")
3943 ev
= dev
[0].wait_event(["DPP: Failed to set configurator parameters"],
3946 raise Exception("DPP configuration failure not reported")
3948 def test_dpp_legacy_params_failure(dev
, apdev
):
3949 """DPP legacy parameters local failure"""
3950 check_dpp_capab(dev
[0])
3951 check_dpp_capab(dev
[1])
3952 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3953 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3954 dev
[0].dpp_listen(2412)
3955 with
alloc_fail(dev
[1], 1, "dpp_build_conf_obj_legacy"):
3956 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-psk", passphrase
="passphrase",
3958 ev
= dev
[0].wait_event(["DPP-CONF-FAILED"], timeout
=5)
3960 raise Exception("DPP configuration failure not reported")
3962 def test_dpp_invalid_configurator_key(dev
, apdev
):
3963 """DPP invalid configurator key"""
3964 check_dpp_capab(dev
[0])
3966 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=aa"):
3967 raise Exception("Invalid key accepted")
3969 with
alloc_fail(dev
[0], 1, "dpp_keygen_configurator"):
3970 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256
):
3971 raise Exception("Error not reported")
3973 with
alloc_fail(dev
[0], 1, "dpp_get_pubkey_point;dpp_keygen_configurator"):
3974 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256
):
3975 raise Exception("Error not reported")
3977 with
alloc_fail(dev
[0], 1, "base64_gen_encode;dpp_keygen_configurator"):
3978 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256
):
3979 raise Exception("Error not reported")
3981 with
fail_test(dev
[0], 1, "dpp_keygen_configurator"):
3982 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256
):
3983 raise Exception("Error not reported")
3985 def test_dpp_own_config_sign_fail(dev
, apdev
):
3986 """DPP own config signing failure"""
3987 check_dpp_capab(dev
[0])
3988 conf_id
= dev
[0].dpp_configurator_add()
3992 " configurator=%d" % conf_id
,
3993 " conf=sta-dpp configurator=%d curve=unsupported" % conf_id
]
3995 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_SIGN " + t
):
3996 raise Exception("Invalid command accepted: " + t
)
3998 def test_dpp_peer_intro_failures(dev
, apdev
):
3999 """DPP peer introduction failures"""
4001 run_dpp_peer_intro_failures(dev
, apdev
)
4003 dev
[0].set("dpp_config_processing", "0")
4005 def run_dpp_peer_intro_failures(dev
, apdev
):
4006 check_dpp_capab(dev
[0])
4007 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
4008 check_dpp_capab(hapd
)
4010 conf_id
= hapd
.dpp_configurator_add(key
=dpp_key_p256
)
4011 csign
= hapd
.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id
)
4012 if "FAIL" in csign
or len(csign
) == 0:
4013 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
4015 conf_id2
= dev
[0].dpp_configurator_add(key
=csign
)
4016 csign2
= dev
[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id2
)
4019 raise Exception("Unexpected difference in configurator key")
4021 cmd
= "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d" % conf_id
4022 res
= hapd
.request(cmd
)
4024 raise Exception("Failed to generate own configuration")
4025 update_hapd_config(hapd
)
4027 dev
[0].set("dpp_config_processing", "1")
4028 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
4029 res
= dev
[0].request(cmd
)
4031 raise Exception("Failed to generate own configuration")
4032 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
4034 raise Exception("DPP network profile not generated")
4035 id = ev
.split(' ')[1]
4036 dev
[0].select_network(id, freq
=2412)
4037 dev
[0].wait_connected()
4038 dev
[0].request("DISCONNECT")
4039 dev
[0].wait_disconnected()
4040 dev
[0].dump_monitor()
4042 tests
= ["eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOltdLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJiVmFMRGlBT09OQmFjcVFVN1pYamFBVEtEMVhhbDVlUExqOUZFZUl3VkN3IiwieSI6Il95c25JR1hTYjBvNEsyMWg0anZmSkZxMHdVNnlPNWp1VUFPd3FuM0dHVHMifX0.WgzZBOJaisWBRxvtXPbVYPXU7OIZxs6sZD-cPOLmJVTIYZKdMkSOMvP5b6si_j61FIrjhm43tmGq1P6cpoxB_g",
4043 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7fV0sIm5ldEFjY2Vzc0tleSI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkJhY3BWSDNpNDBrZklNS0RHa1FFRzhCODBCaEk4cEFmTWpLbzM5NlFZT2ciLCJ5IjoiMjBDYjhDNjRsSjFzQzV2NXlKMnBFZXRRempxMjI4YVV2cHMxNmQ0M3EwQSJ9fQ.dG2y8VvZQJ5hfob8E5F2FAeR7Nd700qstYkxDgA2QfARaNMZ0_SfKfoG-yKXsIZNM-TvGBfACgfhagG9Oaw_Xw",
4044 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJkc2VmcmJWWlhad0RMWHRpLWlObDBBYkFIOXpqeFFKd0R1SUd5NzNuZGU0IiwieSI6IjZFQnExN3cwYW1fZlh1OUQ4UGxWYk9XZ2I3b19DcTUxWHlmSG8wcHJyeDQifX0.caBvdDUtXrhnS61-juVZ_2FQdprepv0yZjC04G4ERvLUpeX7cgu0Hp-A1aFDogP1PEFGpkaEdcAWRQnSSRiIKQ"]
4046 dev
[0].set_network_quoted(id, "dpp_connector", t
)
4047 dev
[0].select_network(id, freq
=2412)
4048 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=5)
4049 if ev
is None or "status=8" not in ev
:
4050 raise Exception("Introduction failure not reported")
4051 dev
[0].request("DISCONNECT")
4052 dev
[0].dump_monitor()
4054 def test_dpp_peer_intro_local_failures(dev
, apdev
):
4055 """DPP peer introduction local failures"""
4056 check_dpp_capab(dev
[0])
4057 check_dpp_capab(dev
[1])
4059 params
= {"ssid": "dpp",
4061 "wpa_key_mgmt": "DPP",
4063 "rsn_pairwise": "CCMP",
4064 "dpp_connector": params1_ap_connector
,
4065 "dpp_csign": params1_csign
,
4066 "dpp_netaccesskey": params1_ap_netaccesskey
}
4068 hapd
= hostapd
.add_ap(apdev
[0], params
)
4070 raise HwsimSkip("DPP not supported")
4072 tests
= ["dpp_derive_pmk",
4073 "dpp_hkdf_expand;dpp_derive_pmk",
4076 with
fail_test(dev
[0], 1, func
):
4077 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4079 dpp_csign
=params1_csign
,
4080 dpp_connector
=params1_sta_connector
,
4081 dpp_netaccesskey
=params1_sta_netaccesskey
,
4083 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
4084 if ev
is None or "fail=peer_connector_validation_failed" not in ev
:
4085 raise Exception("Introduction failure not reported")
4086 dev
[0].request("REMOVE_NETWORK all")
4087 dev
[0].dump_monitor()
4089 tests
= [(1, "base64_gen_decode;dpp_peer_intro"),
4090 (1, "json_parse;dpp_peer_intro"),
4091 (50, "json_parse;dpp_peer_intro"),
4092 (1, "=dpp_peer_intro"),
4093 (1, "dpp_parse_jwk")]
4094 for count
, func
in tests
:
4095 with
alloc_fail(dev
[0], count
, func
):
4096 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4098 dpp_csign
=params1_csign
,
4099 dpp_connector
=params1_sta_connector
,
4100 dpp_netaccesskey
=params1_sta_netaccesskey
,
4102 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
4103 if ev
is None or "fail=peer_connector_validation_failed" not in ev
:
4104 raise Exception("Introduction failure not reported")
4105 dev
[0].request("REMOVE_NETWORK all")
4106 dev
[0].dump_monitor()
4108 parts
= params1_ap_connector
.split('.')
4109 for ap_connector
in ['.'.join(parts
[0:2]), '.'.join(parts
[0:1])]:
4110 hapd
.set("dpp_connector", ap_connector
)
4111 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4113 dpp_csign
=params1_csign
,
4114 dpp_connector
=params1_sta_connector
,
4115 dpp_netaccesskey
=params1_sta_netaccesskey
,
4117 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=10)
4119 raise Exception("No TX status reported")
4120 dev
[0].request("REMOVE_NETWORK all")
4121 dev
[0].dump_monitor()
4123 hapd
.set("dpp_netaccesskey", "00")
4124 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4126 dpp_csign
=params1_csign
,
4127 dpp_connector
=params1_sta_connector
,
4128 dpp_netaccesskey
=params1_sta_netaccesskey
,
4130 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=10)
4132 raise Exception("No TX status reported")
4133 dev
[0].request("REMOVE_NETWORK all")
4134 dev
[0].dump_monitor()
4136 hapd
.set("dpp_csign", "00")
4137 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4139 dpp_csign
=params1_csign
,
4140 dpp_connector
=params1_sta_connector
,
4141 dpp_netaccesskey
=params1_sta_netaccesskey
,
4143 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=10)
4145 raise Exception("No TX status reported")
4146 dev
[0].request("REMOVE_NETWORK all")
4148 def run_dpp_configurator_id_unknown(dev
):
4149 check_dpp_capab(dev
)
4150 conf_id
= dev
.dpp_configurator_add()
4151 if "FAIL" not in dev
.request("DPP_CONFIGURATOR_GET_KEY %d" % (conf_id
+ 1)):
4152 raise Exception("DPP_CONFIGURATOR_GET_KEY with incorrect id accepted")
4154 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % (conf_id
+ 1)
4155 if "FAIL" not in dev
.request(cmd
):
4156 raise Exception("DPP_CONFIGURATOR_SIGN with incorrect id accepted")
4158 def test_dpp_configurator_id_unknown(dev
, apdev
):
4159 """DPP and unknown configurator id"""
4160 run_dpp_configurator_id_unknown(dev
[0])
4161 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
4162 run_dpp_configurator_id_unknown(hapd
)
4164 def run_dpp_bootstrap_gen_failures(dev
):
4165 check_dpp_capab(dev
)
4167 tests
= ["type=unsupported",
4168 "type=qrcode chan=-1",
4169 "type=qrcode mac=a",
4170 "type=qrcode key=qq",
4172 "type=qrcode info=abc\tdef"]
4174 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GEN " + t
):
4175 raise Exception("Command accepted unexpectedly")
4177 id = dev
.dpp_bootstrap_gen()
4178 uri
= dev
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
4179 if not uri
.startswith("DPP:"):
4180 raise Exception("Could not get URI")
4181 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GET_URI 0"):
4182 raise Exception("Failure not reported")
4183 info
= dev
.request("DPP_BOOTSTRAP_INFO %d" % id)
4184 if not info
.startswith("type=QRCODE"):
4185 raise Exception("Could not get info")
4186 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_REMOVE 0"):
4187 raise Exception("Failure not reported")
4188 if "FAIL" in dev
.request("DPP_BOOTSTRAP_REMOVE *"):
4189 raise Exception("Failed to remove bootstrap info")
4190 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GET_URI %d" % id):
4191 raise Exception("Failure not reported")
4192 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_INFO %d" % id):
4193 raise Exception("Failure not reported")
4195 func
= "dpp_bootstrap_gen"
4196 with
alloc_fail(dev
, 1, "=" + func
):
4197 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GEN type=qrcode"):
4198 raise Exception("Command accepted unexpectedly")
4200 with
alloc_fail(dev
, 2, "=" + func
):
4201 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GEN type=qrcode"):
4202 raise Exception("Command accepted unexpectedly")
4204 with
alloc_fail(dev
, 1, "get_param"):
4205 dev
.request("DPP_BOOTSTRAP_GEN type=qrcode curve=foo")
4207 def test_dpp_bootstrap_gen_failures(dev
, apdev
):
4208 """DPP_BOOTSTRAP_GEN/REMOVE/GET_URI/INFO error cases"""
4209 run_dpp_bootstrap_gen_failures(dev
[0])
4210 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
4211 run_dpp_bootstrap_gen_failures(hapd
)
4213 def test_dpp_listen_continue(dev
, apdev
):
4214 """DPP and continue listen state"""
4215 check_dpp_capab(dev
[0])
4216 check_dpp_capab(dev
[1])
4217 id = dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4218 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4219 dev
[0].dpp_listen(2412)
4221 dev
[1].dpp_auth_init(uri
=uri
)
4222 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
4223 allow_enrollee_failure
=True, stop_responder
=True,
4224 stop_initiator
=True)
4226 def test_dpp_network_addition_failure(dev
, apdev
):
4227 """DPP network addition failure"""
4229 run_dpp_network_addition_failure(dev
, apdev
)
4231 dev
[0].set("dpp_config_processing", "0")
4233 def run_dpp_network_addition_failure(dev
, apdev
):
4234 check_dpp_capab(dev
[0])
4235 conf_id
= dev
[0].dpp_configurator_add()
4236 dev
[0].set("dpp_config_processing", "1")
4237 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
4238 tests
= [(1, "=wpas_dpp_add_network"),
4239 (2, "=wpas_dpp_add_network"),
4240 (3, "=wpas_dpp_add_network"),
4241 (4, "=wpas_dpp_add_network"),
4242 (1, "wpa_config_add_network;wpas_dpp_add_network")]
4243 for count
, func
in tests
:
4244 with
alloc_fail(dev
[0], count
, func
):
4245 res
= dev
[0].request(cmd
)
4247 ev
= dev
[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout
=2)
4249 raise Exception("Config object not processed")
4250 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4251 dev
[0].dump_monitor()
4253 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-psk pass=%s configurator=%d" % (binascii
.hexlify(b
"passphrase").decode(), conf_id
)
4254 tests
= [(1, "wpa_config_set_quoted;wpas_dpp_add_network")]
4255 for count
, func
in tests
:
4256 with
alloc_fail(dev
[0], count
, func
):
4257 res
= dev
[0].request(cmd
)
4259 ev
= dev
[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout
=2)
4261 raise Exception("Config object not processed")
4262 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4263 dev
[0].dump_monitor()
4265 def test_dpp_two_initiators(dev
, apdev
):
4266 """DPP and two initiators"""
4267 check_dpp_capab(dev
[0])
4268 check_dpp_capab(dev
[1])
4269 check_dpp_capab(dev
[2])
4270 id = dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4271 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4272 dev
[0].dpp_listen(2412)
4273 dev
[1].dpp_auth_init(uri
=uri
)
4274 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
4276 raise Exeption("No DPP Authentication Request seen")
4277 dev
[2].dpp_auth_init(uri
=uri
)
4278 wait_dpp_fail(dev
[0],
4279 "DPP-FAIL Already in DPP authentication exchange - ignore new one")
4281 ev
= dev
[0].wait_event(["DPP-CONF-FAILED"], timeout
=2)
4283 raise Exception("DPP configuration result not seen (Enrollee)")
4284 ev
= dev
[1].wait_event(["DPP-CONF-SENT"], timeout
=2)
4286 raise Exception("DPP configuration result not seen (Responder)")
4288 dev
[0].request("DPP_STOP_LISTEN")
4289 dev
[1].request("DPP_STOP_LISTEN")
4290 dev
[2].request("DPP_STOP_LISTEN")
4292 def test_dpp_conf_file_update(dev
, apdev
, params
):
4293 """DPP provisioning updating wpa_supplicant configuration file"""
4294 config
= os
.path
.join(params
['logdir'], 'dpp_conf_file_update.conf')
4295 with
open(config
, "w") as f
:
4296 f
.write("update_config=1\n")
4297 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
4298 wpas
.interface_add("wlan5", config
=config
)
4299 wpas
.set("dpp_config_processing", "1")
4300 run_dpp_qr_code_auth_unicast([wpas
, dev
[1]], apdev
, None,
4301 init_extra
="conf=sta-dpp",
4302 require_conf_success
=True,
4304 wpas
.interface_remove("wlan5")
4306 with
open(config
, "r") as f
:
4308 for i
in ["network={", "dpp_connector=", "key_mgmt=DPP", "ieee80211w=2",
4309 "dpp_netaccesskey=", "dpp_csign="]:
4311 raise Exception("Configuration file missing '%s'" % i
)
4313 wpas
.interface_add("wlan5", config
=config
)
4314 if len(wpas
.list_networks()) != 1:
4315 raise Exception("Unexpected number of networks")
4317 def test_dpp_duplicated_auth_resp(dev
, apdev
):
4318 """DPP and duplicated Authentication Response"""
4319 check_dpp_capab(dev
[0])
4320 check_dpp_capab(dev
[1])
4321 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4322 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
4323 dev
[0].set("ext_mgmt_frame_handling", "1")
4324 dev
[1].set("ext_mgmt_frame_handling", "1")
4325 dev
[0].dpp_listen(2412)
4326 dev
[1].dpp_auth_init(uri
=uri0
)
4328 # DPP Authentication Request
4329 rx_process_frame(dev
[0])
4331 # DPP Authentication Response
4332 msg
= rx_process_frame(dev
[1])
4333 frame
= binascii
.hexlify(msg
['frame']).decode()
4335 if "OK" not in dev
[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
4336 raise Exception("MGMT_RX_PROCESS failed")
4337 # Modified frame - nonzero status
4338 if frame
[2*32:2*37] != "0010010000":
4339 raise Exception("Could not find Status attribute")
4340 frame2
= frame
[0:2*32] + "0010010001" + frame
[2*37:]
4341 if "OK" not in dev
[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame2
)):
4342 raise Exception("MGMT_RX_PROCESS failed")
4343 frame2
= frame
[0:2*32] + "00100100ff" + frame
[2*37:]
4344 if "OK" not in dev
[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame2
)):
4345 raise Exception("MGMT_RX_PROCESS failed")
4347 # DPP Authentication Confirmation
4348 rx_process_frame(dev
[0])
4350 wait_auth_success(dev
[0], dev
[1])
4352 # DPP Configuration Request
4353 rx_process_frame(dev
[1])
4355 # DPP Configuration Response
4356 rx_process_frame(dev
[0])
4358 wait_conf_completion(dev
[1], dev
[0])
4360 def test_dpp_enrollee_reject_config(dev
, apdev
):
4361 """DPP and Enrollee rejecting Config Object"""
4362 check_dpp_capab(dev
[0])
4363 check_dpp_capab(dev
[1])
4364 dev
[0].set("dpp_test", "91")
4365 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4366 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
4367 dev
[0].dpp_listen(2412)
4368 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-sae", ssid
="dpp-legacy",
4369 passphrase
="secret passphrase")
4370 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
4371 allow_enrollee_failure
=True,
4372 allow_configurator_failure
=True)
4374 def test_dpp_enrollee_ap_reject_config(dev
, apdev
):
4375 """DPP and Enrollee AP rejecting Config Object"""
4376 check_dpp_capab(dev
[0])
4377 check_dpp_capab(dev
[1])
4378 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
4379 check_dpp_capab(hapd
)
4380 hapd
.set("dpp_test", "91")
4381 conf_id
= dev
[0].dpp_configurator_add()
4382 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
4383 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
4384 dev
[0].dpp_auth_init(uri
=uri
, conf
="ap-dpp", configurator
=conf_id
)
4385 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
,
4386 allow_enrollee_failure
=True,
4387 allow_configurator_failure
=True)
4389 def test_dpp_legacy_and_dpp_akm(dev
, apdev
):
4390 """DPP and provisoning DPP and legacy AKMs"""
4392 run_dpp_legacy_and_dpp_akm(dev
, apdev
)
4394 dev
[0].set("dpp_config_processing", "0")
4396 def run_dpp_legacy_and_dpp_akm(dev
, apdev
):
4397 check_dpp_capab(dev
[0], min_ver
=2)
4398 check_dpp_capab(dev
[1], min_ver
=2)
4400 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
4401 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
4402 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
4403 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
4406 passphrase
= "secret passphrase"
4407 params
= {"ssid": ssid
,
4409 "wpa_key_mgmt": "DPP WPA-PSK SAE",
4411 "sae_require_mfp": '1',
4412 "rsn_pairwise": "CCMP",
4413 "wpa_passphrase": passphrase
,
4414 "dpp_connector": ap_connector
,
4415 "dpp_csign": csign_pub
,
4416 "dpp_netaccesskey": ap_netaccesskey
}
4418 hapd
= hostapd
.add_ap(apdev
[0], params
)
4420 raise HwsimSkip("DPP not supported")
4422 dev
[0].request("SET sae_groups ")
4423 conf_id
= dev
[1].dpp_configurator_add(key
=csign
)
4424 dev
[0].set("dpp_config_processing", "1")
4425 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4426 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
4427 dev
[0].dpp_listen(2412)
4428 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-psk-sae-dpp", ssid
=ssid
,
4429 passphrase
=passphrase
, configurator
=conf_id
)
4430 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
4431 allow_enrollee_failure
=True,
4432 allow_configurator_failure
=True)
4433 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
4435 raise Exception("DPP network profile not generated")
4436 id0
= ev
.split(' ')[1]
4438 key_mgmt
= dev
[0].get_network(id0
, "key_mgmt").split(' ')
4439 for m
in ["SAE", "WPA-PSK", "DPP"]:
4440 if m
not in key_mgmt
:
4441 raise Exception("%s missing from key_mgmt" % m
)
4443 dev
[0].scan_for_bss(hapd
.own_addr(), freq
=2412)
4444 dev
[0].select_network(id0
, freq
=2412)
4445 dev
[0].wait_connected()
4447 dev
[0].request("DISCONNECT")
4448 dev
[0].wait_disconnected()
4451 params
= {"ssid": ssid
,
4453 "wpa_key_mgmt": "WPA-PSK SAE",
4455 "sae_require_mfp": '1',
4456 "rsn_pairwise": "CCMP",
4457 "wpa_passphrase": passphrase
}
4458 hapd2
= hostapd
.add_ap(apdev
[1], params
)
4460 dev
[0].request("BSS_FLUSH 0")
4461 dev
[0].scan_for_bss(hapd2
.own_addr(), freq
=2412, force_scan
=True,
4463 dev
[0].select_network(id0
, freq
=2412)
4464 dev
[0].wait_connected()
4466 dev
[0].request("DISCONNECT")
4467 dev
[0].wait_disconnected()
4469 def test_dpp_controller_relay(dev
, apdev
, params
):
4470 """DPP Controller/Relay"""
4472 run_dpp_controller_relay(dev
, apdev
, params
)
4474 dev
[0].set("dpp_config_processing", "0")
4475 dev
[1].request("DPP_CONTROLLER_STOP")
4477 def run_dpp_controller_relay(dev
, apdev
, params
):
4478 check_dpp_capab(dev
[0])
4479 check_dpp_capab(dev
[1])
4480 prefix
= "dpp_controller_relay"
4481 cap_lo
= os
.path
.join(params
['logdir'], prefix
+ ".lo.pcap")
4483 cmd
= subprocess
.Popen(['tcpdump', '-p', '-U', '-i', 'lo',
4484 '-w', cap_lo
, '-s', '2000'],
4485 stderr
=open('/dev/null', 'w'))
4488 conf_id
= dev
[1].dpp_configurator_add()
4489 dev
[1].set("dpp_configurator_params",
4490 " conf=sta-dpp configurator=%d" % conf_id
)
4491 id_c
= dev
[1].dpp_bootstrap_gen()
4492 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
4493 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
4495 for line
in res
.splitlines():
4496 name
, value
= line
.split('=')
4497 if name
== "pkhash":
4501 raise Exception("Could not fetch public key hash from Controller")
4502 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
4503 raise Exception("Failed to start Controller")
4506 params
= {"ssid": "unconfigured",
4508 "dpp_controller": "ipaddr=127.0.0.1 pkhash=" + pkhash
}
4509 relay
= hostapd
.add_ap(apdev
[1], params
)
4510 check_dpp_capab(relay
)
4512 # Enroll Relay to the network
4513 # TODO: Do this over TCP once direct Enrollee-over-TCP case is supported
4514 id_h
= relay
.dpp_bootstrap_gen(chan
="81/6", mac
=True)
4515 uri_r
= relay
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
4516 dev
[1].dpp_auth_init(uri
=uri_r
, conf
="ap-dpp", configurator
=conf_id
)
4517 wait_auth_success(relay
, dev
[1], configurator
=dev
[1], enrollee
=relay
)
4518 update_hapd_config(relay
)
4520 # Initiate from Enrollee with broadcast DPP Authentication Request
4521 dev
[0].set("dpp_config_processing", "2")
4522 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
4523 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0],
4524 allow_enrollee_failure
=True,
4525 allow_configurator_failure
=True)
4526 dev
[0].wait_connected()
4531 def test_dpp_tcp(dev
, apdev
, params
):
4534 cap_lo
= os
.path
.join(params
['logdir'], prefix
+ ".lo.pcap")
4536 run_dpp_tcp(dev
, apdev
, cap_lo
)
4538 dev
[1].request("DPP_CONTROLLER_STOP")
4540 def test_dpp_tcp_port(dev
, apdev
, params
):
4541 """DPP over TCP and specified port"""
4542 prefix
= "dpp_tcp_port"
4543 cap_lo
= os
.path
.join(params
['logdir'], prefix
+ ".lo.pcap")
4545 run_dpp_tcp(dev
, apdev
, cap_lo
, port
="23456")
4547 dev
[1].request("DPP_CONTROLLER_STOP")
4549 def run_dpp_tcp(dev
, apdev
, cap_lo
, port
=None):
4550 check_dpp_capab(dev
[0])
4551 check_dpp_capab(dev
[1])
4553 cmd
= subprocess
.Popen(['tcpdump', '-p', '-U', '-i', 'lo',
4554 '-w', cap_lo
, '-s', '2000'],
4555 stderr
=open('/dev/null', 'w'))
4559 conf_id
= dev
[1].dpp_configurator_add()
4560 dev
[1].set("dpp_configurator_params",
4561 " conf=sta-dpp configurator=%d" % conf_id
)
4562 id_c
= dev
[1].dpp_bootstrap_gen()
4563 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
4564 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
4566 for line
in res
.splitlines():
4567 name
, value
= line
.split('=')
4568 if name
== "pkhash":
4572 raise Exception("Could not fetch public key hash from Controller")
4573 req
= "DPP_CONTROLLER_START"
4575 req
+= " tcp_port=" + port
4576 if "OK" not in dev
[1].request(req
):
4577 raise Exception("Failed to start Controller")
4579 # Initiate from Enrollee with broadcast DPP Authentication Request
4580 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee", tcp_addr
="127.0.0.1",
4582 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0],
4583 allow_enrollee_failure
=True,
4584 allow_configurator_failure
=True)
4588 def test_dpp_tcp_controller_start_failure(dev
, apdev
, params
):
4589 """DPP Controller startup failure"""
4590 check_dpp_capab(dev
[0])
4593 if "OK" not in dev
[0].request("DPP_CONTROLLER_START"):
4594 raise Exception("Could not start Controller")
4595 if "OK" in dev
[0].request("DPP_CONTROLLER_START"):
4596 raise Exception("Second Controller start not rejected")
4598 dev
[0].request("DPP_CONTROLLER_STOP")
4600 tests
= ["dpp_controller_start",
4601 "eloop_sock_table_add_sock;?eloop_register_sock;dpp_controller_start"]
4603 with
alloc_fail(dev
[0], 1, func
):
4604 if "FAIL" not in dev
[0].request("DPP_CONTROLLER_START"):
4605 raise Exception("Failure not reported during OOM")
4607 def test_dpp_tcp_init_failure(dev
, apdev
, params
):
4608 """DPP TCP init failure"""
4609 check_dpp_capab(dev
[0])
4610 check_dpp_capab(dev
[1])
4611 id_c
= dev
[1].dpp_bootstrap_gen()
4612 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
4613 peer
= dev
[0].dpp_qr_code(uri_c
)
4614 tests
= ["dpp_tcp_init",
4615 "eloop_sock_table_add_sock;?eloop_register_sock;dpp_tcp_init",
4617 cmd
= "DPP_AUTH_INIT peer=%d tcp_addr=127.0.0.1" % peer
4619 with
alloc_fail(dev
[0], 1, func
):
4620 if "FAIL" not in dev
[0].request(cmd
):
4621 raise Exception("DPP_AUTH_INIT accepted during OOM")
4623 def test_dpp_controller_rx_failure(dev
, apdev
, params
):
4624 """DPP Controller RX failure"""
4625 check_dpp_capab(dev
[0])
4626 check_dpp_capab(dev
[1])
4628 run_dpp_controller_rx_failure(dev
, apdev
)
4630 dev
[0].request("DPP_CONTROLLER_STOP")
4632 def run_dpp_controller_rx_failure(dev
, apdev
):
4633 if "OK" not in dev
[0].request("DPP_CONTROLLER_START"):
4634 raise Exception("Could not start Controller")
4635 id_c
= dev
[0].dpp_bootstrap_gen()
4636 uri_c
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
4637 peer
= dev
[1].dpp_qr_code(uri_c
)
4638 tests
= ["dpp_controller_tcp_cb",
4639 "eloop_sock_table_add_sock;?eloop_register_sock;dpp_controller_tcp_cb",
4640 "dpp_controller_rx",
4641 "dpp_controller_rx_auth_req",
4642 "wpabuf_alloc;=dpp_controller_rx_auth_req"]
4643 cmd
= "DPP_AUTH_INIT peer=%d tcp_addr=127.0.0.1" % peer
4645 with
alloc_fail(dev
[0], 1, func
):
4646 if "OK" not in dev
[1].request(cmd
):
4647 raise Exception("Failed to initiate TCP connection")
4648 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4650 def test_dpp_controller_rx_errors(dev
, apdev
, params
):
4651 """DPP Controller RX error cases"""
4652 check_dpp_capab(dev
[0])
4653 check_dpp_capab(dev
[1])
4655 run_dpp_controller_rx_errors(dev
, apdev
)
4657 dev
[0].request("DPP_CONTROLLER_STOP")
4659 def run_dpp_controller_rx_errors(dev
, apdev
):
4660 if "OK" not in dev
[0].request("DPP_CONTROLLER_START"):
4661 raise Exception("Could not start Controller")
4663 addr
= ("127.0.0.1", 7871)
4667 b
"\x00\x00\x00\x00",
4668 b
"\x00\x00\x00\x01",
4669 b
"\x00\x00\x00\x01\x09",
4670 b
"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\xff\xff",
4671 b
"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\x01\xff",
4672 b
"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\x01\x00",
4673 b
"\x00\x00\x00\x08\x09\x50\x6f\x9a\x1a\x01\x00\xff",
4674 b
"\x00\x00\x00\x01\x0a",
4675 b
"\x00\x00\x00\x04\x0a\xff\xff\xff",
4676 b
"\x00\x00\x00\x01\x0b",
4677 b
"\x00\x00\x00\x08\x0b\xff\xff\xff\xff\xff\xff\xff",
4678 b
"\x00\x00\x00\x08\x0b\xff\x00\x00\xff\xff\xff\xff",
4679 b
"\x00\x00\x00\x08\x0b\xff\x00\x00\xff\xff\x6c\x00",
4680 b
"\x00\x00\x00\x0a\x0b\xff\x00\x00\xff\xff\x6c\x02\xff\xff",
4681 b
"\x00\x00\x00\x10\x0b\xff\x00\x00\xff\xff\x6c\x08\xff\xdd\x05\x50\x6f\x9a\x1a\x01",
4682 b
"\x00\x00\x00\x12\x0b\xff\x00\x00\xff\xff\x6c\x08\xff\xdd\x05\x50\x6f\x9a\x1a\x01\x00\x00",
4683 b
"\x00\x00\x00\x01\xff",
4684 b
"\x00\x00\x00\x01\xff\xee"]
4685 #define WLAN_PA_GAS_INITIAL_REQ 10
4686 #define WLAN_PA_GAS_INITIAL_RESP 11
4689 sock
= socket
.socket(socket
.AF_INET
, socket
.SOCK_STREAM
,
4691 sock
.settimeout(0.1)
4697 except socket
.timeout
:
4701 def test_dpp_conn_status_success(dev
, apdev
):
4702 """DPP connection status - success"""
4704 run_dpp_conn_status(dev
, apdev
)
4706 dev
[0].set("dpp_config_processing", "0")
4708 def test_dpp_conn_status_wrong_passphrase(dev
, apdev
):
4709 """DPP connection status - wrong passphrase"""
4711 run_dpp_conn_status(dev
, apdev
, result
=2)
4713 dev
[0].set("dpp_config_processing", "0")
4715 def test_dpp_conn_status_no_ap(dev
, apdev
):
4716 """DPP connection status - no AP"""
4718 run_dpp_conn_status(dev
, apdev
, result
=10)
4720 dev
[0].set("dpp_config_processing", "0")
4722 def test_dpp_conn_status_connector_mismatch(dev
, apdev
):
4723 """DPP connection status - invalid Connector"""
4725 run_dpp_conn_status(dev
, apdev
, result
=8)
4727 dev
[0].set("dpp_config_processing", "0")
4729 def test_dpp_conn_status_assoc_reject(dev
, apdev
):
4730 """DPP connection status - association rejection"""
4732 dev
[0].request("TEST_ASSOC_IE 30020000")
4733 run_dpp_conn_status(dev
, apdev
, assoc_reject
=True)
4735 dev
[0].set("dpp_config_processing", "0")
4737 def run_dpp_conn_status(dev
, apdev
, result
=0, assoc_reject
=False):
4738 check_dpp_capab(dev
[0], min_ver
=2)
4739 check_dpp_capab(dev
[1], min_ver
=2)
4742 if result
== 7 or result
== 8:
4743 params
= {"ssid": "dpp-status",
4745 "wpa_key_mgmt": "DPP",
4747 "rsn_pairwise": "CCMP",
4748 "dpp_connector": params1_ap_connector
,
4749 "dpp_csign": params1_csign
,
4750 "dpp_netaccesskey": params1_ap_netaccesskey
}
4753 passphrase
= "wrong passphrase"
4755 passphrase
= "secret passphrase"
4756 params
= hostapd
.wpa2_params(ssid
="dpp-status",
4757 passphrase
=passphrase
)
4759 hapd
= hostapd
.add_ap(apdev
[0], params
)
4761 raise HwsimSkip("DPP not supported")
4763 dev
[0].request("SET sae_groups ")
4764 dev
[0].set("dpp_config_processing", "2")
4765 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4766 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
4768 dev
[0].dpp_listen(2412)
4769 if result
== 7 or result
== 8:
4772 configurator
= dev
[1].dpp_configurator_add()
4775 passphrase
= "secret passphrase"
4777 dev
[1].dpp_auth_init(uri
=uri0
, conf
=conf
, ssid
="dpp-status",
4778 passphrase
=passphrase
, configurator
=configurator
,
4780 res
= wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1],
4782 if 'wait_conn_status' not in res
:
4783 raise Exception("Configurator did not request connection status")
4785 if assoc_reject
and result
== 0:
4787 ev
= dev
[1].wait_event(["DPP-CONN-STATUS-RESULT"], timeout
=20)
4789 raise Exception("No connection status reported")
4791 raise Exception("Connection status result timeout")
4792 if "result=%d" % result
not in ev
:
4793 raise Exception("Unexpected connection status result: " + ev
)
4794 if "ssid=dpp-status" not in ev
:
4795 raise Exception("SSID not reported")
4798 dev
[0].wait_connected()
4799 if result
== 10 and "channel_list=" not in ev
:
4800 raise Exception("Channel list not reported for no-AP")
4802 def test_dpp_mud_url(dev
, apdev
):
4804 check_dpp_capab(dev
[0])
4806 dev
[0].set("dpp_name", "Test Enrollee")
4807 dev
[0].set("dpp_mud_url", "https://example.com/mud")
4808 run_dpp_qr_code_auth_unicast(dev
, apdev
, None)
4810 dev
[0].set("dpp_mud_url", "")
4811 dev
[0].set("dpp_name", "Test")
4813 def test_dpp_mud_url_hostapd(dev
, apdev
):
4814 """DPP MUD URL from hostapd"""
4815 check_dpp_capab(dev
[0])
4816 check_dpp_capab(dev
[1])
4817 params
= {"ssid": "unconfigured",
4818 "dpp_name": "AP Enrollee",
4819 "dpp_mud_url": "https://example.com/mud"}
4820 hapd
= hostapd
.add_ap(apdev
[0], params
)
4821 check_dpp_capab(hapd
)
4823 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
4824 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
4826 conf_id
= dev
[0].dpp_configurator_add()
4827 dev
[0].dpp_auth_init(uri
=uri
, conf
="ap-dpp", configurator
=conf_id
)
4828 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
)
4829 update_hapd_config(hapd
)
4831 def test_dpp_config_save(dev
, apdev
, params
):
4832 """DPP configuration saving"""
4833 config
= os
.path
.join(params
['logdir'], 'dpp_config_save.conf')
4834 run_dpp_config_save(dev
, apdev
, config
, "test", '"test"')
4836 def test_dpp_config_save2(dev
, apdev
, params
):
4837 """DPP configuration saving (2)"""
4838 config
= os
.path
.join(params
['logdir'], 'dpp_config_save2.conf')
4839 run_dpp_config_save(dev
, apdev
, config
, "\\u0001*", '012a')
4841 def test_dpp_config_save3(dev
, apdev
, params
):
4842 """DPP configuration saving (3)"""
4843 config
= os
.path
.join(params
['logdir'], 'dpp_config_save3.conf')
4844 run_dpp_config_save(dev
, apdev
, config
, "\\u0001*\\u00c2\\u00bc\\u00c3\\u009e\\u00c3\\u00bf", '012ac2bcc39ec3bf')
4846 def run_dpp_config_save(dev
, apdev
, config
, conf_ssid
, exp_ssid
):
4847 with
open(config
, "w") as f
:
4848 f
.write("update_config=1\n" +
4849 "dpp_config_processing=1\n")
4850 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
4851 wpas
.interface_add("wlan5", config
=config
)
4852 check_dpp_capab(wpas
)
4853 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"' + conf_ssid
+ '"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
4854 dev
[1].set("dpp_config_obj_override", conf
)
4855 dpp_dev
= [wpas
, dev
[1]]
4856 run_dpp_qr_code_auth_unicast(dpp_dev
, apdev
, "prime256v1",
4857 require_conf_success
=True)
4858 if "OK" not in wpas
.request("SAVE_CONFIG"):
4859 raise Exception("Failed to save configuration file")
4860 with
open(config
, "r") as f
:
4862 logger
.info("Saved configuration:\n" + data
)
4863 if 'ssid=' + exp_ssid
+ '\n' not in data
:
4864 raise Exception("SSID not saved")
4865 if 'psk="secret passphrase"' not in data
:
4866 raise Exception("Passphtase not saved")
4868 def test_dpp_nfc_uri(dev
, apdev
):
4869 """DPP bootstrapping via NFC URI record"""
4870 check_dpp_capab(dev
[0])
4871 check_dpp_capab(dev
[1])
4873 id = dev
[0].dpp_bootstrap_gen(type="nfc-uri", chan
="81/1", mac
=True)
4874 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4875 logger
.info("Generated URI: " + uri
)
4876 info
= dev
[0].request("DPP_BOOTSTRAP_INFO %d" % id)
4877 logger
.info("Bootstrapping info:\n" + info
)
4878 if "type=NFC-URI" not in info
:
4879 raise Exception("Unexpected bootstrapping info contents")
4881 dev
[0].dpp_listen(2412)
4882 conf_id
= dev
[1].dpp_configurator_add()
4883 dev
[1].dpp_auth_init(nfc_uri
=uri
, configurator
=conf_id
, conf
="sta-dpp")
4884 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0])
4886 def test_dpp_with_p2p_device(dev
, apdev
):
4887 """DPP exchange when driver uses a separate P2P Device interface"""
4888 check_dpp_capab(dev
[0])
4889 with
HWSimRadio(use_p2p_device
=True) as (radio
, iface
):
4890 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
4891 wpas
.interface_add(iface
)
4892 check_dpp_capab(wpas
)
4893 id1
= wpas
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
4894 uri1
= wpas
.request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
4895 wpas
.dpp_listen(2412)
4897 dev
[0].dpp_auth_init(uri
=uri1
)
4898 wait_auth_success(wpas
, dev
[0], configurator
=dev
[0], enrollee
=wpas
,
4899 allow_enrollee_failure
=True)