]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_dpp.py
projects / thirdparty / hostap.git / blob
? search:


2e87c156451cc111b2e726f8c6c9ec86ea8c07f7
[thirdparty/hostap.git] / tests / hwsim / test_dpp.py
1 # Test cases for Device Provisioning Protocol (DPP)
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import base64
9 import binascii
10 import hashlib
11 import logging
12 logger = logging.getLogger()
13 import os
14 import socket
15 import struct
16 import subprocess
17 import time
18
19 import hostapd
20 import hwsim_utils
21 from hwsim import HWSimRadio
22 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger
23 from wpasupplicant import WpaSupplicant
24
25 try:
26 import OpenSSL
27 openssl_imported = True
28 except ImportError:
29 openssl_imported = False
30
31 def check_dpp_capab(dev, brainpool=False, min_ver=1):
32 if "UNKNOWN COMMAND" in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
33 raise HwsimSkip("DPP not supported")
34 if brainpool:
35 tls = dev.request("GET tls_library")
36 if not tls.startswith("OpenSSL") or "run=BoringSSL" in tls:
37 raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
38 capa = dev.request("GET_CAPABILITY dpp")
39 ver = 1
40 if capa.startswith("DPP="):
41 ver = int(capa[4:])
42 if ver < min_ver:
43 raise HwsimSkip("DPP version %d not supported" % min_ver)
44 return ver
45
46 def wait_dpp_fail(dev, expected=None):
47 ev = dev.wait_event(["DPP-FAIL"], timeout=5)
48 if ev is None:
49 raise Exception("Failure not reported")
50 if expected and expected not in ev:
51 raise Exception("Unexpected result: " + ev)
52
53 def test_dpp_qr_code_parsing(dev, apdev):
54 """DPP QR Code parsing"""
55 check_dpp_capab(dev[0])
56 id = []
57
58 tests = ["DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
59 "DPP:C:81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13,82/14,83/1,83/2,83/3,83/4,83/5,83/6,83/7,83/8,83/9,84/5,84/6,84/7,84/8,84/9,84/10,84/11,84/12,84/13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
60 "DPP:C:81/1,2,3,4,5,6,7,8,9,10,11,12,13,82/14,83/1,2,3,4,5,6,7,8,9,84/5,6,7,8,9,10,11,12,13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
61 "DPP:C:81/1,2,3;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
62 "DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
63 "DPP:I:;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"]
64 for uri in tests:
65 id.append(dev[0].dpp_qr_code(uri))
66
67 uri2 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id[-1])
68 if uri != uri2:
69 raise Exception("Returned URI does not match")
70
71 tests = ["foo",
72 "DPP:",
73 "DPP:;;",
74 "DPP:C:1/2;M:;K;;",
75 "DPP:I:;M:01020304050;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
76 "DPP:K:" + base64.b64encode(b"hello").decode() + ";;",
77 "DPP:K:MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
78 "DPP:K:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANNZaZA4T/kRDjnmpI1ACOJhAuTIIEk2KFOpS6XPpGF+EVr/ao3XemkE0/nzXmGaLzLqTUCJknSdxTnVPeWfCVsCAwEAAQ==;;",
79 "DPP:K:MIIBCjCB0wYHKoZIzj0CATCBxwIBATAkBgcqhkjOPQEBAhkA/////////////////////v//////////MEsEGP////////////////////7//////////AQYZCEFGeWcgOcPp+mrciQwSf643uzBRrmxAxUAMEWub8hCL2TtV5Uo04Eg6uEhltUEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
80 "DPP:I:foo\tbar;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
81 "DPP:C:1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
82 "DPP:C:81/1a;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
83 "DPP:C:1/2000,81/-1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
84 "DPP:C:-1/1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;"]
85 for t in tests:
86 res = dev[0].request("DPP_QR_CODE " + t)
87 if "FAIL" not in res:
88 raise Exception("Accepted invalid QR Code: " + t)
89
90 logger.info("ID: " + str(id))
91 if id[0] == id[1] or id[0] == id[2] or id[1] == id[2]:
92 raise Exception("Duplicate ID returned")
93
94 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_REMOVE 12345678"):
95 raise Exception("DPP_BOOTSTRAP_REMOVE accepted unexpectedly")
96 if "OK" not in dev[0].request("DPP_BOOTSTRAP_REMOVE %d" % id[1]):
97 raise Exception("DPP_BOOTSTRAP_REMOVE failed")
98
99 id = dev[0].dpp_bootstrap_gen()
100 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
101 logger.info("Generated URI: " + uri)
102
103 dev[0].dpp_qr_code(uri)
104
105 id = dev[0].dpp_bootstrap_gen(chan="81/1,115/36", mac="010203040506",
106 info="foo")
107 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
108 logger.info("Generated URI: " + uri)
109
110 dev[0].dpp_qr_code(uri)
111
112 def test_dpp_qr_code_parsing_fail(dev, apdev):
113 """DPP QR Code parsing local failure"""
114 check_dpp_capab(dev[0])
115 with alloc_fail(dev[0], 1, "dpp_parse_uri_info"):
116 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
117 raise Exception("DPP_QR_CODE failure not reported")
118
119 with alloc_fail(dev[0], 1, "dpp_parse_uri_pk"):
120 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
121 raise Exception("DPP_QR_CODE failure not reported")
122
123 with fail_test(dev[0], 1, "dpp_parse_uri_pk"):
124 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
125 raise Exception("DPP_QR_CODE failure not reported")
126
127 with alloc_fail(dev[0], 1, "dpp_parse_uri"):
128 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
129 raise Exception("DPP_QR_CODE failure not reported")
130
131 dpp_key_p256 = "30570201010420777fc55dc51e967c10ec051b91d860b5f1e6c934e48d5daffef98d032c64b170a00a06082a8648ce3d030107a124032200020c804188c7f85beb6e91070d2b3e5e39b90ca77b4d3c5251bc1844d6ca29dcad"
132 dpp_key_p384 = "307402010104302f56fdd83b5345cacb630eb7c22fa5ad5daba37307c95191e2a75756d137003bd8b32dbcb00eb5650c1eb499ecfcaec0a00706052b81040022a13403320003615ec2141b5b77aebb6523f8a012755f9a34405a8398d2ceeeebca7f5ce868bf55056cba4c4ec62fad3ed26dd29e0f23"
133 dpp_key_p521 = "308198020101044200c8010d5357204c252551aaf4e210343111e503fd1dc615b257058997c49b6b643c975226e93be8181cca3d83a7072defd161dfbdf433c19abe1f2ad51867a05761a00706052b81040023a1460344000301cdf3608b1305fe34a1f976095dcf001182b9973354efe156291a66830292f9babd8f412ad462958663e7a75d1d0610abdfc3dd95d40669f7ab3bc001668cfb3b7c"
134 dpp_key_bp256 = "3058020101042057133a676fb60bf2a3e6797e19833c7b0f89dc192ab99ab5fa377ae23a157765a00b06092b2403030208010107a12403220002945d9bf7ce30c9c1ac0ff21ca62b984d5bb80ff69d2be8c9716ab39a10d2caf0"
135 dpp_key_bp384 = "307802010104304902df9f3033a9b7128554c0851dc7127c3573eed150671dae74c0013e9896a9b1c22b6f7d43d8a2ebb7cd474dc55039a00b06092b240303020801010ba13403320003623cb5e68787f351faababf3425161571560add2e6f9a306fcbffb507735bf955bb46dd20ba246b0d5cadce73e5bd6a6"
136 dpp_key_bp512 = "30819802010104405803494226eb7e50bf0e90633f37e7e35d33f5fa502165eeba721d927f9f846caf12e925701d18e123abaaaf4a7edb4fc4de21ce18bc10c4d12e8b3439f74e40a00b06092b240303020801010da144034200033b086ccd47486522d35dc16fbb2229642c2e9e87897d45abbf21f9fb52acb5a6272b31d1b227c3e53720769cc16b4cb181b26cd0d35fe463218aaedf3b6ec00a"
137
138 def test_dpp_qr_code_curves(dev, apdev):
139 """DPP QR Code and supported curves"""
140 check_dpp_capab(dev[0])
141 tests = [("prime256v1", dpp_key_p256),
142 ("secp384r1", dpp_key_p384),
143 ("secp521r1", dpp_key_p521)]
144 for curve, hex in tests:
145 id = dev[0].dpp_bootstrap_gen(key=hex)
146 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
147 if "FAIL" in info:
148 raise Exception("Failed to get info for " + curve)
149 if "curve=" + curve not in info:
150 raise Exception("Curve mismatch for " + curve)
151
152 def test_dpp_qr_code_curves_brainpool(dev, apdev):
153 """DPP QR Code and supported Brainpool curves"""
154 check_dpp_capab(dev[0], brainpool=True)
155 tests = [("brainpoolP256r1", dpp_key_bp256),
156 ("brainpoolP384r1", dpp_key_bp384),
157 ("brainpoolP512r1", dpp_key_bp512)]
158 for curve, hex in tests:
159 id = dev[0].dpp_bootstrap_gen(key=hex)
160 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
161 if "FAIL" in info:
162 raise Exception("Failed to get info for " + curve)
163 if "curve=" + curve not in info:
164 raise Exception("Curve mismatch for " + curve)
165
166 def test_dpp_qr_code_unsupported_curve(dev, apdev):
167 """DPP QR Code and unsupported curve"""
168 check_dpp_capab(dev[0])
169
170 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode curve=unsupported")
171 if "FAIL" not in id:
172 raise Exception("Unsupported curve accepted")
173
174 tests = ["30",
175 "305f02010104187f723ed9e1b41979ec5cd02eb82696efc76b40e277661049a00a06082a8648ce3d030101a134033200043f292614dea97c43f500f069e79ae9fb48f8b07369180de5eec8fa2bc9eea5af7a46dc335f52f10cb1c0e9464201d41b"]
176 for hex in tests:
177 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex)
178 if "FAIL" not in id:
179 raise Exception("Unsupported/invalid curve accepted")
180
181 def test_dpp_qr_code_keygen_fail(dev, apdev):
182 """DPP QR Code and keygen failure"""
183 check_dpp_capab(dev[0])
184
185 with alloc_fail(dev[0], 1, "dpp_bootstrap_key_der;dpp_keygen"):
186 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
187 raise Exception("Failure not reported")
188
189 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen"):
190 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
191 raise Exception("Failure not reported")
192
193 def test_dpp_qr_code_curve_select(dev, apdev):
194 """DPP QR Code and curve selection"""
195 check_dpp_capab(dev[0], brainpool=True)
196 check_dpp_capab(dev[1], brainpool=True)
197
198 bi = []
199 for key in [dpp_key_p256, dpp_key_p384, dpp_key_p521,
200 dpp_key_bp256, dpp_key_bp384, dpp_key_bp512]:
201 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, key=key)
202 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
203 for i in info.splitlines():
204 if '=' in i:
205 name, val = i.split('=')
206 if name == "curve":
207 curve = val
208 break
209 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
210 bi.append((curve, uri))
211
212 for curve, uri in bi:
213 logger.info("Curve: " + curve)
214 logger.info("URI: " + uri)
215
216 dev[0].dpp_listen(2412)
217 dev[1].dpp_auth_init(uri=uri)
218 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
219 allow_enrollee_failure=True, stop_responder=True,
220 stop_initiator=True)
221
222 def test_dpp_qr_code_auth_broadcast(dev, apdev):
223 """DPP QR Code and authentication exchange (broadcast)"""
224 check_dpp_capab(dev[0])
225 check_dpp_capab(dev[1])
226 logger.info("dev0 displays QR Code")
227 id0 = dev[0].dpp_bootstrap_gen(chan="81/1")
228 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
229 logger.info("dev1 scans QR Code and initiates DPP Authentication")
230 dev[0].dpp_listen(2412)
231 dev[1].dpp_auth_init(uri=uri0)
232 wait_auth_success(dev[0], dev[1], stop_responder=True)
233
234 def test_dpp_qr_code_auth_unicast(dev, apdev):
235 """DPP QR Code and authentication exchange (unicast)"""
236 run_dpp_qr_code_auth_unicast(dev, apdev, None)
237
238 def test_dpp_qr_code_auth_unicast_ap_enrollee(dev, apdev):
239 """DPP QR Code and authentication exchange (AP enrollee)"""
240 run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="ap")
241
242 def test_dpp_qr_code_curve_prime256v1(dev, apdev):
243 """DPP QR Code and curve prime256v1"""
244 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1")
245
246 def test_dpp_qr_code_curve_secp384r1(dev, apdev):
247 """DPP QR Code and curve secp384r1"""
248 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1")
249
250 def test_dpp_qr_code_curve_secp521r1(dev, apdev):
251 """DPP QR Code and curve secp521r1"""
252 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1")
253
254 def test_dpp_qr_code_curve_brainpoolP256r1(dev, apdev):
255 """DPP QR Code and curve brainpoolP256r1"""
256 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP256r1")
257
258 def test_dpp_qr_code_curve_brainpoolP384r1(dev, apdev):
259 """DPP QR Code and curve brainpoolP384r1"""
260 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP384r1")
261
262 def test_dpp_qr_code_curve_brainpoolP512r1(dev, apdev):
263 """DPP QR Code and curve brainpoolP512r1"""
264 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP512r1")
265
266 def test_dpp_qr_code_set_key(dev, apdev):
267 """DPP QR Code and fixed bootstrapping key"""
268 run_dpp_qr_code_auth_unicast(dev, apdev, None, key="30770201010420e5143ac74682cc6869a830e8f5301a5fa569130ac329b1d7dd6f2a7495dbcbe1a00a06082a8648ce3d030107a144034200045e13e167c33dbc7d85541e5509600aa8139bbb3e39e25898992c5d01be92039ee2850f17e71506ded0d6b25677441eae249f8e225c68dd15a6354dca54006383")
269
270 def run_dpp_qr_code_auth_unicast(dev, apdev, curve, netrole=None, key=None,
271 require_conf_success=False, init_extra=None,
272 require_conf_failure=False,
273 configurator=False, conf_curve=None):
274 check_dpp_capab(dev[0], curve and "brainpool" in curve)
275 check_dpp_capab(dev[1], curve and "brainpool" in curve)
276 if configurator:
277 conf_id = dev[1].dpp_configurator_add(curve=conf_curve)
278 else:
279 conf_id = None
280
281 logger.info("dev0 displays QR Code")
282 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve, key=key)
283 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
284
285 logger.info("dev1 scans QR Code and initiates DPP Authentication")
286 dev[0].dpp_listen(2412, netrole=netrole)
287 dev[1].dpp_auth_init(uri=uri0, extra=init_extra, configurator=conf_id)
288 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
289 allow_enrollee_failure=True,
290 allow_configurator_failure=not require_conf_success,
291 require_configurator_failure=require_conf_failure,
292 stop_responder=True)
293
294 def test_dpp_qr_code_auth_mutual(dev, apdev):
295 """DPP QR Code and authentication exchange (mutual)"""
296 check_dpp_capab(dev[0])
297 check_dpp_capab(dev[1])
298 logger.info("dev0 displays QR Code")
299 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
300 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
301
302 logger.info("dev1 displays QR Code")
303 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
304 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
305
306 logger.info("dev0 scans QR Code")
307 id0b = dev[0].dpp_qr_code(uri1b)
308
309 logger.info("dev1 scans QR Code and initiates DPP Authentication")
310 dev[0].dpp_listen(2412)
311 dev[1].dpp_auth_init(uri=uri0, own=id1b)
312
313 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
314 if ev is None:
315 raise Exception("DPP authentication direction not indicated (Initiator)")
316 if "mutual=1" not in ev:
317 raise Exception("Mutual authentication not used")
318
319 wait_auth_success(dev[0], dev[1], stop_responder=True)
320
321 def test_dpp_qr_code_auth_mutual2(dev, apdev):
322 """DPP QR Code and authentication exchange (mutual2)"""
323 check_dpp_capab(dev[0])
324 check_dpp_capab(dev[1])
325 logger.info("dev0 displays QR Code")
326 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
327 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
328
329 logger.info("dev1 displays QR Code")
330 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
331 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
332
333 logger.info("dev1 scans QR Code and initiates DPP Authentication")
334 dev[0].dpp_listen(2412, qr="mutual")
335 dev[1].dpp_auth_init(uri=uri0, own=id1b)
336
337 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
338 if ev is None:
339 raise Exception("Pending response not reported")
340 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
341 if ev is None:
342 raise Exception("QR Code scan for mutual authentication not requested")
343
344 logger.info("dev0 scans QR Code")
345 id0b = dev[0].dpp_qr_code(uri1b)
346
347 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
348 if ev is None:
349 raise Exception("DPP authentication direction not indicated (Initiator)")
350 if "mutual=1" not in ev:
351 raise Exception("Mutual authentication not used")
352
353 wait_auth_success(dev[0], dev[1], stop_responder=True)
354
355 def test_dpp_qr_code_auth_mutual_p_256(dev, apdev):
356 """DPP QR Code and authentication exchange (mutual, autogen P-256)"""
357 run_dpp_qr_code_auth_mutual(dev, apdev, "P-256")
358
359 def test_dpp_qr_code_auth_mutual_p_384(dev, apdev):
360 """DPP QR Code and authentication exchange (mutual, autogen P-384)"""
361 run_dpp_qr_code_auth_mutual(dev, apdev, "P-384")
362
363 def test_dpp_qr_code_auth_mutual_p_521(dev, apdev):
364 """DPP QR Code and authentication exchange (mutual, autogen P-521)"""
365 run_dpp_qr_code_auth_mutual(dev, apdev, "P-521")
366
367 def test_dpp_qr_code_auth_mutual_bp_256(dev, apdev):
368 """DPP QR Code and authentication exchange (mutual, autogen BP-256)"""
369 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-256")
370
371 def test_dpp_qr_code_auth_mutual_bp_384(dev, apdev):
372 """DPP QR Code and authentication exchange (mutual, autogen BP-384)"""
373 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-384")
374
375 def test_dpp_qr_code_auth_mutual_bp_512(dev, apdev):
376 """DPP QR Code and authentication exchange (mutual, autogen BP-512)"""
377 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-512")
378
379 def run_dpp_qr_code_auth_mutual(dev, apdev, curve):
380 check_dpp_capab(dev[0], curve and "BP-" in curve)
381 check_dpp_capab(dev[1], curve and "BP-" in curve)
382 logger.info("dev0 displays QR Code")
383 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
384 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
385 logger.info("dev1 scans QR Code and initiates DPP Authentication")
386 dev[0].dpp_listen(2412, qr="mutual")
387 dev[1].dpp_auth_init(uri=uri0)
388
389 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
390 if ev is None:
391 raise Exception("Pending response not reported")
392 uri = ev.split(' ')[1]
393
394 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
395 if ev is None:
396 raise Exception("QR Code scan for mutual authentication not requested")
397
398 logger.info("dev0 scans QR Code")
399 dev[0].dpp_qr_code(uri)
400
401 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
402 if ev is None:
403 raise Exception("DPP authentication direction not indicated (Initiator)")
404 if "mutual=1" not in ev:
405 raise Exception("Mutual authentication not used")
406
407 wait_auth_success(dev[0], dev[1], stop_responder=True)
408
409 def test_dpp_auth_resp_retries(dev, apdev):
410 """DPP Authentication Response retries"""
411 check_dpp_capab(dev[0])
412 check_dpp_capab(dev[1])
413 dev[0].set("dpp_resp_max_tries", "3")
414 dev[0].set("dpp_resp_retry_time", "100")
415
416 logger.info("dev0 displays QR Code")
417 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
418 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
419 logger.info("dev1 displays QR Code")
420 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
421 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
422 logger.info("dev1 scans QR Code and initiates DPP Authentication")
423 dev[0].dpp_listen(2412, qr="mutual")
424 dev[1].dpp_auth_init(uri=uri0, own=id1b)
425
426 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
427 if ev is None:
428 raise Exception("Pending response not reported")
429 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
430 if ev is None:
431 raise Exception("QR Code scan for mutual authentication not requested")
432
433 # Stop Initiator from listening to frames to force retransmission of the
434 # DPP Authentication Response frame with Status=0
435 dev[1].request("DPP_STOP_LISTEN")
436
437 dev[1].dump_monitor()
438 dev[0].dump_monitor()
439
440 logger.info("dev0 scans QR Code")
441 id0b = dev[0].dpp_qr_code(uri1b)
442
443 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
444 if ev is None or "type=1" not in ev:
445 raise Exception("DPP Authentication Response not sent")
446 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
447 if ev is None:
448 raise Exception("TX status for DPP Authentication Response not reported")
449 if "result=no-ACK" not in ev:
450 raise Exception("Unexpected TX status for Authentication Response: " + ev)
451
452 ev = dev[0].wait_event(["DPP-TX "], timeout=15)
453 if ev is None or "type=1" not in ev:
454 raise Exception("DPP Authentication Response retransmission not sent")
455
456 def test_dpp_qr_code_auth_mutual_not_used(dev, apdev):
457 """DPP QR Code and authentication exchange (mutual not used)"""
458 check_dpp_capab(dev[0])
459 check_dpp_capab(dev[1])
460 logger.info("dev0 displays QR Code")
461 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
462 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
463 logger.info("dev1 displays QR Code")
464 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
465 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
466 logger.info("dev0 does not scan QR Code")
467 logger.info("dev1 scans QR Code and initiates DPP Authentication")
468 dev[0].dpp_listen(2412)
469 dev[1].dpp_auth_init(uri=uri0, own=id1b)
470
471 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
472 if ev is None:
473 raise Exception("DPP authentication direction not indicated (Initiator)")
474 if "mutual=0" not in ev:
475 raise Exception("Mutual authentication not used")
476
477 wait_auth_success(dev[0], dev[1], stop_responder=True)
478
479 def test_dpp_qr_code_auth_mutual_curve_mismatch(dev, apdev):
480 """DPP QR Code and authentication exchange (mutual/mismatch)"""
481 check_dpp_capab(dev[0])
482 check_dpp_capab(dev[1])
483 logger.info("dev0 displays QR Code")
484 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
485 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
486 logger.info("dev1 displays QR Code")
487 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve="secp384r1")
488 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
489 logger.info("dev0 scans QR Code")
490 id0b = dev[0].dpp_qr_code(uri1b)
491 logger.info("dev1 scans QR Code")
492 dev[1].dpp_auth_init(uri=uri0, own=id1b, expect_fail=True)
493
494 def test_dpp_qr_code_auth_hostapd_mutual2(dev, apdev):
495 """DPP QR Code and authentication exchange (hostapd mutual2)"""
496 check_dpp_capab(dev[0])
497 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
498 check_dpp_capab(hapd)
499 logger.info("AP displays QR Code")
500 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
501 uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
502 logger.info("dev0 displays QR Code")
503 id0b = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
504 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b)
505 logger.info("dev0 scans QR Code and initiates DPP Authentication")
506 hapd.dpp_listen(2412, qr="mutual")
507 dev[0].dpp_auth_init(uri=uri_h, own=id0b)
508
509 ev = dev[0].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
510 if ev is None:
511 raise Exception("Pending response not reported")
512 ev = hapd.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
513 if ev is None:
514 raise Exception("QR Code scan for mutual authentication not requested")
515
516 logger.info("AP scans QR Code")
517 hapd.dpp_qr_code(uri0)
518
519 wait_auth_success(hapd, dev[0], stop_responder=True)
520
521 def test_dpp_qr_code_listen_continue(dev, apdev):
522 """DPP QR Code and listen operation needing continuation"""
523 check_dpp_capab(dev[0])
524 check_dpp_capab(dev[1])
525 logger.info("dev0 displays QR Code")
526 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
527 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
528 dev[0].dpp_listen(2412)
529 logger.info("Wait for listen to expire and get restarted")
530 time.sleep(5.5)
531 logger.info("dev1 scans QR Code and initiates DPP Authentication")
532 dev[1].dpp_auth_init(uri=uri0)
533 wait_auth_success(dev[0], dev[1], stop_responder=True)
534
535 def test_dpp_qr_code_auth_initiator_enrollee(dev, apdev):
536 """DPP QR Code and authentication exchange (Initiator in Enrollee role)"""
537 try:
538 run_dpp_qr_code_auth_initiator_enrollee(dev, apdev)
539 finally:
540 dev[0].set("gas_address3", "0")
541 dev[1].set("gas_address3", "0")
542
543 def run_dpp_qr_code_auth_initiator_enrollee(dev, apdev):
544 check_dpp_capab(dev[0])
545 check_dpp_capab(dev[1])
546 dev[0].request("SET gas_address3 1")
547 dev[1].request("SET gas_address3 1")
548 logger.info("dev0 displays QR Code")
549 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
550 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
551 logger.info("dev1 scans QR Code and initiates DPP Authentication")
552 dev[0].dpp_listen(2412)
553 dev[1].dpp_auth_init(uri=uri0, role="enrollee")
554 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1],
555 allow_enrollee_failure=True, stop_responder=True)
556
557 def test_dpp_qr_code_auth_initiator_either_1(dev, apdev):
558 """DPP QR Code and authentication exchange (Initiator in either role)"""
559 run_dpp_qr_code_auth_initiator_either(dev, apdev, None, dev[1], dev[0])
560
561 def test_dpp_qr_code_auth_initiator_either_2(dev, apdev):
562 """DPP QR Code and authentication exchange (Initiator in either role)"""
563 run_dpp_qr_code_auth_initiator_either(dev, apdev, "enrollee",
564 dev[1], dev[0])
565
566 def test_dpp_qr_code_auth_initiator_either_3(dev, apdev):
567 """DPP QR Code and authentication exchange (Initiator in either role)"""
568 run_dpp_qr_code_auth_initiator_either(dev, apdev, "configurator",
569 dev[0], dev[1])
570
571 def run_dpp_qr_code_auth_initiator_either(dev, apdev, resp_role,
572 conf_dev, enrollee_dev):
573 check_dpp_capab(dev[0])
574 check_dpp_capab(dev[1])
575 logger.info("dev0 displays QR Code")
576 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
577 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
578 logger.info("dev1 scans QR Code and initiates DPP Authentication")
579 dev[0].dpp_listen(2412, role=resp_role)
580 dev[1].dpp_auth_init(uri=uri0, role="either")
581 wait_auth_success(dev[0], dev[1], configurator=conf_dev,
582 enrollee=enrollee_dev, allow_enrollee_failure=True,
583 stop_responder=True)
584
585 def run_init_incompatible_roles(dev, role="enrollee"):
586 check_dpp_capab(dev[0])
587 check_dpp_capab(dev[1])
588 logger.info("dev0 displays QR Code")
589 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
590 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
591
592 logger.info("dev1 scans QR Code")
593 id1 = dev[1].dpp_qr_code(uri0)
594
595 logger.info("dev1 initiates DPP Authentication")
596 dev[0].dpp_listen(2412, role=role)
597 return id1
598
599 def test_dpp_qr_code_auth_incompatible_roles(dev, apdev):
600 """DPP QR Code and authentication exchange (incompatible roles)"""
601 id1 = run_init_incompatible_roles(dev)
602 dev[1].dpp_auth_init(peer=id1, role="enrollee")
603 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
604 if ev is None:
605 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
606 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
607 if ev is None:
608 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
609 dev[1].dpp_auth_init(peer=id1, role="configurator")
610 wait_auth_success(dev[0], dev[1], stop_responder=True)
611
612 def test_dpp_qr_code_auth_incompatible_roles2(dev, apdev):
613 """DPP QR Code and authentication exchange (incompatible roles 2)"""
614 id1 = run_init_incompatible_roles(dev, role="configurator")
615 dev[1].dpp_auth_init(peer=id1, role="configurator")
616 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
617 if ev is None:
618 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
619 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
620 if ev is None:
621 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
622
623 def test_dpp_qr_code_auth_incompatible_roles_failure(dev, apdev):
624 """DPP QR Code and authentication exchange (incompatible roles failure)"""
625 id1 = run_init_incompatible_roles(dev, role="configurator")
626 with alloc_fail(dev[0], 1, "dpp_auth_build_resp_status"):
627 dev[1].dpp_auth_init(peer=id1, role="configurator")
628 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
629 if ev is None:
630 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
631
632 def test_dpp_qr_code_auth_incompatible_roles_failure2(dev, apdev):
633 """DPP QR Code and authentication exchange (incompatible roles failure 2)"""
634 id1 = run_init_incompatible_roles(dev, role="configurator")
635 with alloc_fail(dev[1], 1, "dpp_auth_resp_rx_status"):
636 dev[1].dpp_auth_init(peer=id1, role="configurator")
637 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL")
638
639 def test_dpp_qr_code_auth_incompatible_roles_failure3(dev, apdev):
640 """DPP QR Code and authentication exchange (incompatible roles failure 3)"""
641 id1 = run_init_incompatible_roles(dev, role="configurator")
642 with fail_test(dev[1], 1, "dpp_auth_resp_rx_status"):
643 dev[1].dpp_auth_init(peer=id1, role="configurator")
644 wait_dpp_fail(dev[1], "AES-SIV decryption failed")
645
646 def test_dpp_qr_code_auth_neg_chan(dev, apdev):
647 """DPP QR Code and authentication exchange with requested different channel"""
648 check_dpp_capab(dev[0])
649 check_dpp_capab(dev[1])
650 conf_id = dev[1].dpp_configurator_add()
651 logger.info("dev0 displays QR Code")
652 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
653 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
654 logger.info("dev1 scans QR Code and initiates DPP Authentication")
655 dev[0].dpp_listen(2412)
656 dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", neg_freq=2462,
657 configurator=conf_id)
658
659 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
660 if ev is None:
661 raise Exception("DPP Authentication Request not sent")
662 if "freq=2412 type=0" not in ev:
663 raise Exception("Unexpected TX data for Authentication Request: " + ev)
664
665 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
666 if ev is None:
667 raise Exception("DPP Authentication Request not received")
668 if "freq=2412 type=0" not in ev:
669 raise Exception("Unexpected RX data for Authentication Request: " + ev)
670
671 ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
672 if ev is None:
673 raise Exception("TX status for DPP Authentication Request not reported")
674 if "freq=2412 result=SUCCESS" not in ev:
675 raise Exception("Unexpected TX status for Authentication Request: " + ev)
676
677 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
678 if ev is None:
679 raise Exception("DPP Authentication Response not sent")
680 if "freq=2462 type=1" not in ev:
681 raise Exception("Unexpected TX data for Authentication Response: " + ev)
682
683 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
684 if ev is None:
685 raise Exception("DPP Authentication Response not received")
686 if "freq=2462 type=1" not in ev:
687 raise Exception("Unexpected RX data for Authentication Response: " + ev)
688
689 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
690 if ev is None:
691 raise Exception("TX status for DPP Authentication Response not reported")
692 if "freq=2462 result=SUCCESS" not in ev:
693 raise Exception("Unexpected TX status for Authentication Response: " + ev)
694
695 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
696 if ev is None:
697 raise Exception("DPP Authentication Confirm not sent")
698 if "freq=2462 type=2" not in ev:
699 raise Exception("Unexpected TX data for Authentication Confirm: " + ev)
700
701 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
702 if ev is None:
703 raise Exception("DPP Authentication Confirm not received")
704 if "freq=2462 type=2" not in ev:
705 raise Exception("Unexpected RX data for Authentication Confirm: " + ev)
706
707 ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
708 if ev is None:
709 raise Exception("TX status for DPP Authentication Confirm not reported")
710 if "freq=2462 result=SUCCESS" not in ev:
711 raise Exception("Unexpected TX status for Authentication Confirm: " + ev)
712
713 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
714 stop_responder=True)
715
716 def test_dpp_config_legacy(dev, apdev):
717 """DPP Config Object for legacy network using passphrase"""
718 check_dpp_capab(dev[1])
719 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
720 dev[1].set("dpp_config_obj_override", conf)
721 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
722 require_conf_success=True)
723
724 def test_dpp_config_legacy_psk_hex(dev, apdev):
725 """DPP Config Object for legacy network using PSK"""
726 check_dpp_capab(dev[1])
727 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"' + 32*"12" + '"}}'
728 dev[1].set("dpp_config_obj_override", conf)
729 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
730 require_conf_success=True)
731
732 def test_dpp_config_fragmentation(dev, apdev):
733 """DPP Config Object for legacy network requiring fragmentation"""
734 check_dpp_capab(dev[1])
735 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
736 dev[1].set("dpp_config_obj_override", conf)
737 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
738 require_conf_success=True)
739
740 def test_dpp_config_legacy_gen(dev, apdev):
741 """Generate DPP Config Object for legacy network"""
742 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
743 init_extra="conf=sta-psk pass=%s" % binascii.hexlify(b"passphrase").decode(),
744 require_conf_success=True)
745
746 def test_dpp_config_legacy_gen_psk(dev, apdev):
747 """Generate DPP Config Object for legacy network (PSK)"""
748 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
749 init_extra="conf=sta-psk psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
750 require_conf_success=True)
751
752 def test_dpp_config_dpp_gen_prime256v1(dev, apdev):
753 """Generate DPP Config Object for DPP network (P-256)"""
754 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
755 init_extra="conf=sta-dpp",
756 require_conf_success=True,
757 configurator=True)
758
759 def test_dpp_config_dpp_gen_secp384r1(dev, apdev):
760 """Generate DPP Config Object for DPP network (P-384)"""
761 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
762 init_extra="conf=sta-dpp",
763 require_conf_success=True,
764 configurator=True)
765
766 def test_dpp_config_dpp_gen_secp521r1(dev, apdev):
767 """Generate DPP Config Object for DPP network (P-521)"""
768 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
769 init_extra="conf=sta-dpp",
770 require_conf_success=True,
771 configurator=True)
772
773 def test_dpp_config_dpp_gen_prime256v1_prime256v1(dev, apdev):
774 """Generate DPP Config Object for DPP network (P-256 + P-256)"""
775 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
776 init_extra="conf=sta-dpp",
777 require_conf_success=True,
778 configurator=True,
779 conf_curve="prime256v1")
780
781 def test_dpp_config_dpp_gen_prime256v1_secp384r1(dev, apdev):
782 """Generate DPP Config Object for DPP network (P-256 + P-384)"""
783 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
784 init_extra="conf=sta-dpp",
785 require_conf_success=True,
786 configurator=True,
787 conf_curve="secp384r1")
788
789 def test_dpp_config_dpp_gen_prime256v1_secp521r1(dev, apdev):
790 """Generate DPP Config Object for DPP network (P-256 + P-521)"""
791 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
792 init_extra="conf=sta-dpp",
793 require_conf_success=True,
794 configurator=True,
795 conf_curve="secp521r1")
796
797 def test_dpp_config_dpp_gen_secp384r1_prime256v1(dev, apdev):
798 """Generate DPP Config Object for DPP network (P-384 + P-256)"""
799 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
800 init_extra="conf=sta-dpp",
801 require_conf_success=True,
802 configurator=True,
803 conf_curve="prime256v1")
804
805 def test_dpp_config_dpp_gen_secp384r1_secp384r1(dev, apdev):
806 """Generate DPP Config Object for DPP network (P-384 + P-384)"""
807 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
808 init_extra="conf=sta-dpp",
809 require_conf_success=True,
810 configurator=True,
811 conf_curve="secp384r1")
812
813 def test_dpp_config_dpp_gen_secp384r1_secp521r1(dev, apdev):
814 """Generate DPP Config Object for DPP network (P-384 + P-521)"""
815 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
816 init_extra="conf=sta-dpp",
817 require_conf_success=True,
818 configurator=True,
819 conf_curve="secp521r1")
820
821 def test_dpp_config_dpp_gen_secp521r1_prime256v1(dev, apdev):
822 """Generate DPP Config Object for DPP network (P-521 + P-256)"""
823 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
824 init_extra="conf=sta-dpp",
825 require_conf_success=True,
826 configurator=True,
827 conf_curve="prime256v1")
828
829 def test_dpp_config_dpp_gen_secp521r1_secp384r1(dev, apdev):
830 """Generate DPP Config Object for DPP network (P-521 + P-384)"""
831 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
832 init_extra="conf=sta-dpp",
833 require_conf_success=True,
834 configurator=True,
835 conf_curve="secp384r1")
836
837 def test_dpp_config_dpp_gen_secp521r1_secp521r1(dev, apdev):
838 """Generate DPP Config Object for DPP network (P-521 + P-521)"""
839 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
840 init_extra="conf=sta-dpp",
841 require_conf_success=True,
842 configurator=True,
843 conf_curve="secp521r1")
844
845 def test_dpp_config_dpp_gen_expiry(dev, apdev):
846 """Generate DPP Config Object for DPP network with expiry value"""
847 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
848 init_extra="conf=sta-dpp expiry=%d" % (time.time() + 1000),
849 require_conf_success=True,
850 configurator=True)
851
852 def test_dpp_config_dpp_gen_expired_key(dev, apdev):
853 """Generate DPP Config Object for DPP network with expiry value"""
854 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
855 init_extra="conf=sta-dpp expiry=%d" % (time.time() - 10),
856 require_conf_failure=True,
857 configurator=True)
858
859 def test_dpp_config_dpp_override_prime256v1(dev, apdev):
860 """DPP Config Object override (P-256)"""
861 check_dpp_capab(dev[0])
862 check_dpp_capab(dev[1])
863 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}'
864 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
865 dev[1].set("dpp_config_obj_override", conf)
866 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
867 require_conf_success=True)
868
869 def test_dpp_config_dpp_override_secp384r1(dev, apdev):
870 """DPP Config Object override (P-384)"""
871 check_dpp_capab(dev[0])
872 check_dpp_capab(dev[1])
873 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJabi1iMndjbjRLM2pGQklkYmhGZkpVTHJTXzdESS0yMWxFQi02R3gxNjl3IiwiYWxnIjoiRVMzODQifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0zODQiLCJ4IjoickdrSGg1UUZsOUtfWjdqYUZkVVhmbThoY1RTRjM1b25Xb1NIRXVsbVNzWW9oX1RXZGpoRjhiVGdiS0ZRN2tBViIsInkiOiJBbU1QVDA5VmFENWpGdzMwTUFKQlp2VkZXeGNlVVlKLXR5blQ0bVJ5N0xOZWxhZ0dEWHpfOExaRlpOU2FaNUdLIn19.Yn_F7m-bbOQ5PlaYQJ9-1qsuqYQ6V-rAv8nWw1COKiCYwwbt3WFBJ8DljY0dPrlg5CHJC4saXwkytpI-CpELW1yUdzYb4Lrun07d20Eo_g10ICyOl5sqQCAUElKMe_Xr","csign":{"kty":"EC","crv":"P-384","x":"dmTyXXiPV2Y8a01fujL-jo08gvzyby23XmzOtzjAiujKQZZgPJsbhfEKrZDlc6ey","y":"H5Z0av5c7bqInxYb2_OOJdNiMhVf3zlcULR0516ZZitOY4U31KhL4wl4KGV7g2XW","kid":"Zn-b2wcn4K3jFBIdbhFfJULrS_7DI-21lEB-6Gx169w"}}}'
874 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
875 dev[1].set("dpp_config_obj_override", conf)
876 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
877 require_conf_success=True)
878
879 def test_dpp_config_dpp_override_secp521r1(dev, apdev):
880 """DPP Config Object override (P-521)"""
881 check_dpp_capab(dev[0])
882 check_dpp_capab(dev[1])
883 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJMZkhKY3hnV2ZKcG1uS2IwenZRT0F2VDB2b0ZKc0JjZnBmYzgxY3Y5ZXFnIiwiYWxnIjoiRVM1MTIifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC01MjEiLCJ4IjoiQVJlUFBrMFNISkRRR2NWbnlmM3lfbTlaQllHNjFJeElIbDN1NkdwRHVhMkU1WVd4TE1BSUtMMnZuUGtlSGFVRXljRmZaZlpYZ2JlNkViUUxMVkRVUm1VUSIsInkiOiJBWUtaYlNwUkFFNjJVYm9YZ2c1ZWRBVENzbEpzTlpwcm9RR1dUcW9Md04weXkzQkVoT3ZRZmZrOWhaR2lKZ295TzFobXFRRVRrS0pXb2tIYTBCQUpLSGZtIn19.ACEZLyPk13cM_OFScpLoCElQ2t1sxq5z2d_W_3_QslTQQe5SFiH_o8ycL4632YLAH4RV0gZcMKKRMtZdHgBYHjkzASDqgY-_aYN2SBmpfl8hw0YdDlUJWX3DJf-ofqNAlTbnGmhpSg69cEAhFn41Xgvx2MdwYcPVncxxESVOtWl5zNLK","csign":{"kty":"EC","crv":"P-521","x":"ADiOI_YJOAipEXHB-SpGl4KqokX8m8h3BVYCc8dgiwssZ061-nIIY3O1SIO6Re4Jjfy53RPgzDG6jitOgOGLtzZs","y":"AZKggKaQi0ExutSpJAU3-lqDV03sBQLA9C7KabfWoAn8qD6Vk4jU0WAJdt-wBBTF9o1nVuiqS2OxMVYrxN4lOz79","kid":"LfHJcxgWfJpmnKb0zvQOAvT0voFJsBcfpfc81cv9eqg"}}}'
884 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
885 dev[1].set("dpp_config_obj_override", conf)
886 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
887 require_conf_success=True)
888
889 def test_dpp_config_override_objects(dev, apdev):
890 """Generate DPP Config Object and override objects)"""
891 check_dpp_capab(dev[1])
892 discovery = '{\n"ssid":"mywifi"\n}'
893 groups = '[\n {"groupId":"home","netRole":"sta"},\n {"groupId":"cottage","netRole":"sta"}\n]'
894 dev[1].set("dpp_discovery_override", discovery)
895 dev[1].set("dpp_groups_override", groups)
896 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
897 init_extra="conf=sta-dpp",
898 require_conf_success=True,
899 configurator=True)
900
901 def build_conf_obj(kty="EC", crv="P-256",
902 x="W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s",
903 y="Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE",
904 kid="TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU",
905 prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}',
906 signed_connector=None,
907 no_signed_connector=False,
908 csign=True):
909 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{'
910 conf += '"akm":"dpp",'
911
912 if signed_connector:
913 conn = signed_connector
914 conf += '"signedConnector":"%s",' % conn
915 elif not no_signed_connector:
916 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
917 sign = "_sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A"
918 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
919 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=') + '.'
920 conn += sign
921 conf += '"signedConnector":"%s",' % conn
922
923 if csign:
924 conf += '"csign":{'
925 if kty:
926 conf += '"kty":"%s",' % kty
927 if crv:
928 conf += '"crv":"%s",' % crv
929 if x:
930 conf += '"x":"%s",' % x
931 if y:
932 conf += '"y":"%s",' % y
933 if kid:
934 conf += '"kid":"%s"' % kid
935 conf = conf.rstrip(',')
936 conf += '}'
937 else:
938 conf = conf.rstrip(',')
939
940 conf += '}}'
941
942 return conf
943
944 def run_dpp_config_error(dev, apdev, conf,
945 skip_net_access_key_mismatch=True,
946 conf_failure=True):
947 check_dpp_capab(dev[0])
948 check_dpp_capab(dev[1])
949 if skip_net_access_key_mismatch:
950 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
951 dev[1].set("dpp_config_obj_override", conf)
952 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
953 require_conf_success=not conf_failure,
954 require_conf_failure=conf_failure)
955
956 def test_dpp_config_jwk_error_no_kty(dev, apdev):
957 """DPP Config Object JWK error - no kty"""
958 run_dpp_config_error(dev, apdev, build_conf_obj(kty=None))
959
960 def test_dpp_config_jwk_error_unexpected_kty(dev, apdev):
961 """DPP Config Object JWK error - unexpected kty"""
962 run_dpp_config_error(dev, apdev, build_conf_obj(kty="unknown"))
963
964 def test_dpp_config_jwk_error_no_crv(dev, apdev):
965 """DPP Config Object JWK error - no crv"""
966 run_dpp_config_error(dev, apdev, build_conf_obj(crv=None))
967
968 def test_dpp_config_jwk_error_unsupported_crv(dev, apdev):
969 """DPP Config Object JWK error - unsupported curve"""
970 run_dpp_config_error(dev, apdev, build_conf_obj(crv="unsupported"))
971
972 def test_dpp_config_jwk_error_no_x(dev, apdev):
973 """DPP Config Object JWK error - no x"""
974 run_dpp_config_error(dev, apdev, build_conf_obj(x=None))
975
976 def test_dpp_config_jwk_error_invalid_x(dev, apdev):
977 """DPP Config Object JWK error - invalid x"""
978 run_dpp_config_error(dev, apdev, build_conf_obj(x="MTIz"))
979
980 def test_dpp_config_jwk_error_no_y(dev, apdev):
981 """DPP Config Object JWK error - no y"""
982 run_dpp_config_error(dev, apdev, build_conf_obj(y=None))
983
984 def test_dpp_config_jwk_error_invalid_y(dev, apdev):
985 """DPP Config Object JWK error - invalid y"""
986 run_dpp_config_error(dev, apdev, build_conf_obj(y="MTIz"))
987
988 def test_dpp_config_jwk_error_invalid_xy(dev, apdev):
989 """DPP Config Object JWK error - invalid x,y"""
990 conf = build_conf_obj(x="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY",
991 y="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY")
992 run_dpp_config_error(dev, apdev, conf)
993
994 def test_dpp_config_jwk_error_no_kid(dev, apdev):
995 """DPP Config Object JWK error - no kid"""
996 # csign kid is optional field, so this results in success
997 run_dpp_config_error(dev, apdev, build_conf_obj(kid=None),
998 conf_failure=False)
999
1000 def test_dpp_config_jws_error_prot_hdr_not_an_object(dev, apdev):
1001 """DPP Config Object JWS error - protected header not an object"""
1002 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr="1"))
1003
1004 def test_dpp_config_jws_error_prot_hdr_no_typ(dev, apdev):
1005 """DPP Config Object JWS error - protected header - no typ"""
1006 prot_hdr = '{"kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1007 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1008
1009 def test_dpp_config_jws_error_prot_hdr_unsupported_typ(dev, apdev):
1010 """DPP Config Object JWS error - protected header - unsupported typ"""
1011 prot_hdr = '{"typ":"unsupported","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1012 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1013
1014 def test_dpp_config_jws_error_prot_hdr_no_alg(dev, apdev):
1015 """DPP Config Object JWS error - protected header - no alg"""
1016 prot_hdr = '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}'
1017 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1018
1019 def test_dpp_config_jws_error_prot_hdr_unexpected_alg(dev, apdev):
1020 """DPP Config Object JWS error - protected header - unexpected alg"""
1021 prot_hdr = '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"unexpected"}'
1022 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1023
1024 def test_dpp_config_jws_error_prot_hdr_no_kid(dev, apdev):
1025 """DPP Config Object JWS error - protected header - no kid"""
1026 prot_hdr = '{"typ":"dppCon","alg":"ES256"}'
1027 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1028
1029 def test_dpp_config_jws_error_prot_hdr_unexpected_kid(dev, apdev):
1030 """DPP Config Object JWS error - protected header - unexpected kid"""
1031 prot_hdr = '{"typ":"dppCon","kid":"MTIz","alg":"ES256"}'
1032 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1033
1034 def test_dpp_config_signed_connector_error_no_dot_1(dev, apdev):
1035 """DPP Config Object signedConnector error - no dot(1)"""
1036 conn = "MTIz"
1037 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1038
1039 def test_dpp_config_signed_connector_error_no_dot_2(dev, apdev):
1040 """DPP Config Object signedConnector error - no dot(2)"""
1041 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz"
1042 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1043
1044 def test_dpp_config_signed_connector_error_unexpected_signature_len(dev, apdev):
1045 """DPP Config Object signedConnector error - unexpected signature length"""
1046 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTIz"
1047 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1048
1049 def test_dpp_config_signed_connector_error_invalid_signature_der(dev, apdev):
1050 """DPP Config Object signedConnector error - invalid signature DER"""
1051 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTI"
1052 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1053
1054 def test_dpp_config_no_csign(dev, apdev):
1055 """DPP Config Object error - no csign"""
1056 run_dpp_config_error(dev, apdev, build_conf_obj(csign=False))
1057
1058 def test_dpp_config_no_signed_connector(dev, apdev):
1059 """DPP Config Object error - no signedConnector"""
1060 run_dpp_config_error(dev, apdev, build_conf_obj(no_signed_connector=True))
1061
1062 def test_dpp_config_unexpected_signed_connector_char(dev, apdev):
1063 """DPP Config Object error - unexpected signedConnector character"""
1064 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector='a\nb'))
1065
1066 def test_dpp_config_root_not_an_object(dev, apdev):
1067 """DPP Config Object error - root not an object"""
1068 conf = "1"
1069 run_dpp_config_error(dev, apdev, conf)
1070
1071 def test_dpp_config_no_wi_fi_tech(dev, apdev):
1072 """DPP Config Object error - no wi-fi_tech"""
1073 conf = "{}"
1074 run_dpp_config_error(dev, apdev, conf)
1075
1076 def test_dpp_config_unsupported_wi_fi_tech(dev, apdev):
1077 """DPP Config Object error - unsupported wi-fi_tech"""
1078 conf = '{"wi-fi_tech":"unsupported"}'
1079 run_dpp_config_error(dev, apdev, conf)
1080
1081 def test_dpp_config_no_discovery(dev, apdev):
1082 """DPP Config Object error - no discovery"""
1083 conf = '{"wi-fi_tech":"infra"}'
1084 run_dpp_config_error(dev, apdev, conf)
1085
1086 def test_dpp_config_no_discovery_ssid(dev, apdev):
1087 """DPP Config Object error - no discovery::ssid"""
1088 conf = '{"wi-fi_tech":"infra","discovery":{}}'
1089 run_dpp_config_error(dev, apdev, conf)
1090
1091 def test_dpp_config_too_long_discovery_ssid(dev, apdev):
1092 """DPP Config Object error - too long discovery::ssid"""
1093 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"%s"}}' % (33*'A')
1094 run_dpp_config_error(dev, apdev, conf)
1095
1096 def test_dpp_config_no_cred(dev, apdev):
1097 """DPP Config Object error - no cred"""
1098 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"}}'
1099 run_dpp_config_error(dev, apdev, conf)
1100
1101 def test_dpp_config_no_cred_akm(dev, apdev):
1102 """DPP Config Object error - no cred::akm"""
1103 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{}}'
1104 run_dpp_config_error(dev, apdev, conf)
1105
1106 def test_dpp_config_unsupported_cred_akm(dev, apdev):
1107 """DPP Config Object error - unsupported cred::akm"""
1108 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"unsupported"}}'
1109 run_dpp_config_error(dev, apdev, conf)
1110
1111 def test_dpp_config_error_legacy_no_pass(dev, apdev):
1112 """DPP Config Object legacy error - no pass/psk"""
1113 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk"}}'
1114 run_dpp_config_error(dev, apdev, conf)
1115
1116 def test_dpp_config_error_legacy_too_short_pass(dev, apdev):
1117 """DPP Config Object legacy error - too short pass/psk"""
1118 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"1"}}'
1119 run_dpp_config_error(dev, apdev, conf)
1120
1121 def test_dpp_config_error_legacy_too_long_pass(dev, apdev):
1122 """DPP Config Object legacy error - too long pass/psk"""
1123 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"%s"}}' % (64*'A')
1124 run_dpp_config_error(dev, apdev, conf)
1125
1126 def test_dpp_config_error_legacy_psk_with_sae(dev, apdev):
1127 """DPP Config Object legacy error - psk_hex with SAE"""
1128 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"sae","psk_hex":"%s"}}' % (32*"12")
1129 run_dpp_config_error(dev, apdev, conf)
1130
1131 def test_dpp_config_error_legacy_no_pass_for_sae(dev, apdev):
1132 """DPP Config Object legacy error - no pass for SAE"""
1133 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk+sae","psk_hex":"%s"}}' % (32*"12")
1134 run_dpp_config_error(dev, apdev, conf)
1135
1136 def test_dpp_config_error_legacy_invalid_psk(dev, apdev):
1137 """DPP Config Object legacy error - invalid psk_hex"""
1138 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (32*"qa")
1139 run_dpp_config_error(dev, apdev, conf)
1140
1141 def test_dpp_config_error_legacy_too_short_psk(dev, apdev):
1142 """DPP Config Object legacy error - too short psk_hex"""
1143 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (31*"12")
1144 run_dpp_config_error(dev, apdev, conf)
1145
1146 def get_der_int_32(val):
1147 a, b = struct.unpack('BB', val[0:2])
1148 if a != 0x02:
1149 raise Exception("Invalid DER encoding of INTEGER")
1150 if b > len(val) - 2:
1151 raise Exception("Invalid length of INTEGER (truncated)")
1152 val = val[2:]
1153 if b == 32:
1154 r = val[0:32]
1155 elif b == 33:
1156 if val[0] != 0:
1157 raise Exception("Too large INTEGER (32)")
1158 r = val[1:33]
1159 elif b < 32:
1160 r = (32 - b) * b'\x00' + val[0:b]
1161 else:
1162 raise Exception("Invalid length of INTEGER (32): %d" % b)
1163 return r, val[b:]
1164
1165 def ecdsa_sign(pkey, message, alg="sha256"):
1166 sign = OpenSSL.crypto.sign(pkey, message, alg)
1167 logger.debug("sign=" + binascii.hexlify(sign).decode())
1168 a, b = struct.unpack('BB', sign[0:2])
1169 if a != 0x30:
1170 raise Exception("Invalid DER encoding of ECDSA signature")
1171 if b != len(sign) - 2:
1172 raise Exception("Invalid length of ECDSA signature")
1173 sign = sign[2:]
1174
1175 r, sign = get_der_int_32(sign)
1176 s, sign = get_der_int_32(sign)
1177 if len(sign) != 0:
1178 raise Exception("Extra data at the end of ECDSA signature")
1179
1180 logger.info("r=" + binascii.hexlify(r).decode())
1181 logger.info("s=" + binascii.hexlify(s).decode())
1182 raw_sign = r + s
1183 return base64.urlsafe_b64encode(raw_sign).decode().rstrip('=')
1184
1185 p256_priv_key = """-----BEGIN EC PRIVATE KEY-----
1186 MHcCAQEEIBVQij9ah629f1pu3tarDQGQvrzHgAkgYd1jHGiLxNajoAoGCCqGSM49
1187 AwEHoUQDQgAEAC9d2/JirKu72F2qLuv5jEFMD1Cqu9EiyGk7cOzn/2DJ51p2mEoW
1188 n03N6XRvTC+G7WPol9Ng97NAM2sK57+F/Q==
1189 -----END EC PRIVATE KEY-----"""
1190 p256_pub_key_x = binascii.unhexlify("002f5ddbf262acabbbd85daa2eebf98c414c0f50aabbd122c8693b70ece7ff60")
1191 p256_pub_key_y = binascii.unhexlify("c9e75a76984a169f4dcde9746f4c2f86ed63e897d360f7b340336b0ae7bf85fd")
1192
1193 def run_dpp_config_connector(dev, apdev, expiry=None, payload=None,
1194 skip_net_access_key_mismatch=True,
1195 conf_failure=True):
1196 if not openssl_imported:
1197 raise HwsimSkip("OpenSSL python method not available")
1198 pkey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
1199 p256_priv_key)
1200 x = base64.urlsafe_b64encode(p256_pub_key_x).decode().rstrip('=')
1201 y = base64.urlsafe_b64encode(p256_pub_key_y).decode().rstrip('=')
1202
1203 pubkey = b'\x04' + p256_pub_key_x + p256_pub_key_y
1204 kid = base64.urlsafe_b64encode(hashlib.sha256(pubkey).digest()).decode().rstrip('=')
1205
1206 prot_hdr = '{"typ":"dppCon","kid":"%s","alg":"ES256"}' % kid
1207
1208 if not payload:
1209 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}'
1210 if expiry:
1211 payload += ',"expiry":"%s"' % expiry
1212 payload += '}'
1213 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
1214 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=')
1215 sign = ecdsa_sign(pkey, conn)
1216 conn += '.' + sign
1217 run_dpp_config_error(dev, apdev,
1218 build_conf_obj(x=x, y=y, signed_connector=conn),
1219 skip_net_access_key_mismatch=skip_net_access_key_mismatch,
1220 conf_failure=conf_failure)
1221
1222 def test_dpp_config_connector_error_ext_sign(dev, apdev):
1223 """DPP Config Object connector error - external signature calculation"""
1224 run_dpp_config_connector(dev, apdev, conf_failure=False)
1225
1226 def test_dpp_config_connector_error_too_short_timestamp(dev, apdev):
1227 """DPP Config Object connector error - too short timestamp"""
1228 run_dpp_config_connector(dev, apdev, expiry="1")
1229
1230 def test_dpp_config_connector_error_invalid_timestamp(dev, apdev):
1231 """DPP Config Object connector error - invalid timestamp"""
1232 run_dpp_config_connector(dev, apdev, expiry=19*"1")
1233
1234 def test_dpp_config_connector_error_invalid_timestamp_date(dev, apdev):
1235 """DPP Config Object connector error - invalid timestamp date"""
1236 run_dpp_config_connector(dev, apdev, expiry="9999-99-99T99:99:99Z")
1237
1238 def test_dpp_config_connector_error_invalid_time_zone(dev, apdev):
1239 """DPP Config Object connector error - invalid time zone"""
1240 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00*")
1241
1242 def test_dpp_config_connector_error_invalid_time_zone_2(dev, apdev):
1243 """DPP Config Object connector error - invalid time zone 2"""
1244 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+")
1245
1246 def test_dpp_config_connector_error_expired_1(dev, apdev):
1247 """DPP Config Object connector error - expired 1"""
1248 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00")
1249
1250 def test_dpp_config_connector_error_expired_2(dev, apdev):
1251 """DPP Config Object connector error - expired 2"""
1252 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00Z")
1253
1254 def test_dpp_config_connector_error_expired_3(dev, apdev):
1255 """DPP Config Object connector error - expired 3"""
1256 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01")
1257
1258 def test_dpp_config_connector_error_expired_4(dev, apdev):
1259 """DPP Config Object connector error - expired 4"""
1260 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01:02")
1261
1262 def test_dpp_config_connector_error_expired_5(dev, apdev):
1263 """DPP Config Object connector error - expired 5"""
1264 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01")
1265
1266 def test_dpp_config_connector_error_expired_6(dev, apdev):
1267 """DPP Config Object connector error - expired 6"""
1268 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01:02")
1269
1270 def test_dpp_config_connector_error_no_groups(dev, apdev):
1271 """DPP Config Object connector error - no groups"""
1272 payload = '{"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1273 run_dpp_config_connector(dev, apdev, payload=payload)
1274
1275 def test_dpp_config_connector_error_empty_groups(dev, apdev):
1276 """DPP Config Object connector error - empty groups"""
1277 payload = '{"groups":[],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1278 run_dpp_config_connector(dev, apdev, payload=payload)
1279
1280 def test_dpp_config_connector_error_missing_group_id(dev, apdev):
1281 """DPP Config Object connector error - missing groupId"""
1282 payload = '{"groups":[{"netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1283 run_dpp_config_connector(dev, apdev, payload=payload)
1284
1285 def test_dpp_config_connector_error_missing_net_role(dev, apdev):
1286 """DPP Config Object connector error - missing netRole"""
1287 payload = '{"groups":[{"groupId":"*"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1288 run_dpp_config_connector(dev, apdev, payload=payload)
1289
1290 def test_dpp_config_connector_error_missing_net_access_key(dev, apdev):
1291 """DPP Config Object connector error - missing netAccessKey"""
1292 payload = '{"groups":[{"groupId":"*","netRole":"sta"}]}'
1293 run_dpp_config_connector(dev, apdev, payload=payload)
1294
1295 def test_dpp_config_connector_error_net_access_key_mismatch(dev, apdev):
1296 """DPP Config Object connector error - netAccessKey mismatch"""
1297 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1298 run_dpp_config_connector(dev, apdev, payload=payload,
1299 skip_net_access_key_mismatch=False)
1300
1301 def test_dpp_gas_timeout(dev, apdev):
1302 """DPP and GAS server timeout for a query"""
1303 check_dpp_capab(dev[0])
1304 check_dpp_capab(dev[1])
1305 logger.info("dev0 displays QR Code")
1306 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1307 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1308
1309 logger.info("dev1 scans QR Code and initiates DPP Authentication")
1310 dev[0].set("ext_mgmt_frame_handling", "1")
1311 dev[0].dpp_listen(2412)
1312
1313 # Force GAS fragmentation
1314 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
1315 dev[1].set("dpp_config_obj_override", conf)
1316
1317 dev[1].dpp_auth_init(uri=uri0)
1318
1319 # DPP Authentication Request
1320 msg = dev[0].mgmt_rx()
1321 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1322 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1323 raise Exception("MGMT_RX_PROCESS failed")
1324
1325 # DPP Authentication Confirmation
1326 msg = dev[0].mgmt_rx()
1327 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1328 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1329 raise Exception("MGMT_RX_PROCESS failed")
1330
1331 wait_auth_success(dev[0], dev[1])
1332
1333 # DPP Configuration Response (GAS Initial Response frame)
1334 msg = dev[0].mgmt_rx()
1335 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1336 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1337 raise Exception("MGMT_RX_PROCESS failed")
1338
1339 # GAS Comeback Response frame
1340 msg = dev[0].mgmt_rx()
1341 # Do not continue to force timeout on GAS server
1342
1343 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
1344 if ev is None:
1345 raise Exception("GAS result not reported (Enrollee)")
1346 if "result=TIMEOUT" not in ev:
1347 raise Exception("Unexpected GAS result (Enrollee): " + ev)
1348 dev[0].set("ext_mgmt_frame_handling", "0")
1349
1350 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=15)
1351 if ev is None:
1352 raise Exception("DPP configuration failure not reported (Configurator)")
1353
1354 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=1)
1355 if ev is None:
1356 raise Exception("DPP configuration failure not reported (Enrollee)")
1357
1358 def test_dpp_akm_sha256(dev, apdev):
1359 """DPP AKM (SHA256)"""
1360 run_dpp_akm(dev, apdev, 32)
1361
1362 def test_dpp_akm_sha384(dev, apdev):
1363 """DPP AKM (SHA384)"""
1364 run_dpp_akm(dev, apdev, 48)
1365
1366 def test_dpp_akm_sha512(dev, apdev):
1367 """DPP AKM (SHA512)"""
1368 run_dpp_akm(dev, apdev, 64)
1369
1370 def run_dpp_akm(dev, apdev, pmk_len):
1371 check_dpp_capab(dev[0])
1372 check_dpp_capab(dev[1])
1373 params = {"ssid": "dpp",
1374 "wpa": "2",
1375 "wpa_key_mgmt": "DPP",
1376 "rsn_pairwise": "CCMP",
1377 "ieee80211w": "2"}
1378 try:
1379 hapd = hostapd.add_ap(apdev[0], params)
1380 except:
1381 raise HwsimSkip("DPP not supported")
1382
1383 id = dev[0].connect("dpp", key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
1384 wait_connect=False)
1385 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=2)
1386 if not ev:
1387 raise Exception("Network mismatch not reported")
1388 dev[0].request("DISCONNECT")
1389 dev[0].dump_monitor()
1390
1391 bssid = hapd.own_addr()
1392 pmkid = 16*'11'
1393 akmp = 2**23
1394 pmk = pmk_len*'22'
1395 cmd = "PMKSA_ADD %d %s %s %s 30240 43200 %d 0" % (id, bssid, pmkid, pmk, akmp)
1396 if "OK" not in dev[0].request(cmd):
1397 raise Exception("PMKSA_ADD failed (wpa_supplicant)")
1398 dev[0].select_network(id, freq="2412")
1399 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=2)
1400 dev[0].request("DISCONNECT")
1401 dev[0].dump_monitor()
1402 if not ev:
1403 raise Exception("Association attempt was not rejected")
1404 if "status_code=53" not in ev:
1405 raise Exception("Unexpected status code: " + ev)
1406
1407 addr = dev[0].own_addr()
1408 cmd = "PMKSA_ADD %s %s %s 0 %d" % (addr, pmkid, pmk, akmp)
1409 if "OK" not in hapd.request(cmd):
1410 raise Exception("PMKSA_ADD failed (hostapd)")
1411
1412 dev[0].select_network(id, freq="2412")
1413 dev[0].wait_connected()
1414 val = dev[0].get_status_field("key_mgmt")
1415 if val != "DPP":
1416 raise Exception("Unexpected key_mgmt: " + val)
1417
1418 params1_csign = "3059301306072a8648ce3d020106082a8648ce3d03010703420004d02e5bd81a120762b5f0f2994777f5d40297238a6c294fd575cdf35fabec44c050a6421c401d98d659fd2ed13c961cc8287944dd3202f516977800d3ab2f39ee"
1419 params1_ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwOHF4TlNYRzRWemdCV3BjVUdNSmc1czNvbElOVFJsRVQ1aERpNkRKY3ZjIiwieSI6IlVhaGFYQXpKRVpRQk1YaHRUQnlZZVlrOWtJYjk5UDA3UV9NcW9TVVZTVEkifX0.a5_nfMVr7Qe1SW0ZL3u6oQRm5NUCYUSfixDAJOUFN3XUfECBZ6E8fm8xjeSfdOytgRidTz0CTlIRjzPQo82dmQ"
1420 params1_ap_netaccesskey = "30770201010420f6531d17f29dfab655b7c9e923478d5a345164c489aadd44a3519c3e9dcc792da00a06082a8648ce3d030107a14403420004d3cab13525c6e15ce0056a5c506309839b37a2520d4d19444f98438ba0c972f751a85a5c0cc911940131786d4c1c9879893d9086fdf4fd3b43f32aa125154932"
1421 params1_sta_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiZWMzR3NqQ3lQMzVBUUZOQUJJdEltQnN4WXVyMGJZX1dES1lfSE9zUGdjNCIsInkiOiJTRS1HVllkdWVnTFhLMU1TQXZNMEx2QWdLREpTNWoyQVhCbE9PMTdUSTRBIn19.PDK9zsGlK-e1pEOmNxVeJfCS8pNeay6ckIS1TXCQsR64AR-9wFPCNVjqOxWvVKltehyMFqVAtOcv0IrjtMJFqQ"
1422 params1_sta_netaccesskey = "30770201010420bc33380c26fd2168b69cd8242ed1df07ba89aa4813f8d4e8523de6ca3f8dd28ba00a06082a8648ce3d030107a1440342000479cdc6b230b23f7e40405340048b48981b3162eaf46d8fd60ca63f1ceb0f81ce484f8655876e7a02d72b531202f3342ef020283252e63d805c194e3b5ed32380"
1423
1424 def test_dpp_network_introduction(dev, apdev):
1425 """DPP network introduction"""
1426 check_dpp_capab(dev[0])
1427 check_dpp_capab(dev[1])
1428
1429 params = {"ssid": "dpp",
1430 "wpa": "2",
1431 "wpa_key_mgmt": "DPP",
1432 "ieee80211w": "2",
1433 "rsn_pairwise": "CCMP",
1434 "dpp_connector": params1_ap_connector,
1435 "dpp_csign": params1_csign,
1436 "dpp_netaccesskey": params1_ap_netaccesskey}
1437 try:
1438 hapd = hostapd.add_ap(apdev[0], params)
1439 except:
1440 raise HwsimSkip("DPP not supported")
1441
1442 id = dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
1443 ieee80211w="2",
1444 dpp_csign=params1_csign,
1445 dpp_connector=params1_sta_connector,
1446 dpp_netaccesskey=params1_sta_netaccesskey)
1447 val = dev[0].get_status_field("key_mgmt")
1448 if val != "DPP":
1449 raise Exception("Unexpected key_mgmt: " + val)
1450
1451 def test_dpp_network_introduction_expired(dev, apdev):
1452 """DPP network introduction with expired netaccesskey"""
1453 check_dpp_capab(dev[0])
1454 check_dpp_capab(dev[1])
1455
1456 params = {"ssid": "dpp",
1457 "wpa": "2",
1458 "wpa_key_mgmt": "DPP",
1459 "ieee80211w": "2",
1460 "rsn_pairwise": "CCMP",
1461 "dpp_connector": params1_ap_connector,
1462 "dpp_csign": params1_csign,
1463 "dpp_netaccesskey": params1_ap_netaccesskey,
1464 "dpp_netaccesskey_expiry": "1565530889"}
1465 try:
1466 hapd = hostapd.add_ap(apdev[0], params)
1467 except:
1468 raise HwsimSkip("DPP not supported")
1469
1470 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
1471 ieee80211w="2",
1472 dpp_csign=params1_csign,
1473 dpp_connector=params1_sta_connector,
1474 dpp_netaccesskey=params1_sta_netaccesskey,
1475 wait_connect=False)
1476 ev = hapd.wait_event(["DPP-RX"], timeout=10)
1477 if ev is None:
1478 raise Exception("No DPP Peer Discovery Request seen")
1479 if "type=5" not in ev:
1480 raise Exception("Unexpected DPP message received: " + ev)
1481 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
1482 dev[0].request("DISCONNECT")
1483 if ev:
1484 raise Exception("Connection reported")
1485
1486 hapd.disable()
1487 hapd.set("dpp_netaccesskey_expiry", "2565530889")
1488 hapd.enable()
1489 dev[0].request("RECONNECT")
1490 dev[0].wait_connected()
1491
1492 def test_dpp_and_sae_akm(dev, apdev):
1493 """DPP and SAE AKMs"""
1494 check_dpp_capab(dev[0])
1495 check_dpp_capab(dev[1])
1496 if "SAE" not in dev[1].get_capability("auth_alg"):
1497 raise HwsimSkip("SAE not supported")
1498
1499 params = {"ssid": "dpp+sae",
1500 "wpa": "2",
1501 "wpa_key_mgmt": "DPP SAE",
1502 "ieee80211w": "2",
1503 "rsn_pairwise": "CCMP",
1504 "sae_password": "sae-password",
1505 "dpp_connector": params1_ap_connector,
1506 "dpp_csign": params1_csign,
1507 "dpp_netaccesskey": params1_ap_netaccesskey}
1508 try:
1509 hapd = hostapd.add_ap(apdev[0], params)
1510 except:
1511 raise HwsimSkip("DPP not supported")
1512
1513 id = dev[0].connect("dpp+sae", key_mgmt="DPP", scan_freq="2412",
1514 ieee80211w="2",
1515 dpp_csign=params1_csign,
1516 dpp_connector=params1_sta_connector,
1517 dpp_netaccesskey=params1_sta_netaccesskey)
1518 val = dev[0].get_status_field("key_mgmt")
1519 if val != "DPP":
1520 raise Exception("Unexpected key_mgmt for DPP: " + val)
1521
1522 dev[1].request("SET sae_groups ")
1523 id = dev[1].connect("dpp+sae", key_mgmt="SAE", scan_freq="2412",
1524 ieee80211w="2", psk="sae-password")
1525 val = dev[1].get_status_field("key_mgmt")
1526 if val != "SAE":
1527 raise Exception("Unexpected key_mgmt for SAE: " + val)
1528
1529 def test_dpp_ap_config(dev, apdev):
1530 """DPP and AP configuration"""
1531 run_dpp_ap_config(dev, apdev)
1532
1533 def test_dpp_ap_config_p256_p256(dev, apdev):
1534 """DPP and AP configuration (P-256 + P-256)"""
1535 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-256")
1536
1537 def test_dpp_ap_config_p256_p384(dev, apdev):
1538 """DPP and AP configuration (P-256 + P-384)"""
1539 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-384")
1540
1541 def test_dpp_ap_config_p256_p521(dev, apdev):
1542 """DPP and AP configuration (P-256 + P-521)"""
1543 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-521")
1544
1545 def test_dpp_ap_config_p384_p256(dev, apdev):
1546 """DPP and AP configuration (P-384 + P-256)"""
1547 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-256")
1548
1549 def test_dpp_ap_config_p384_p384(dev, apdev):
1550 """DPP and AP configuration (P-384 + P-384)"""
1551 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-384")
1552
1553 def test_dpp_ap_config_p384_p521(dev, apdev):
1554 """DPP and AP configuration (P-384 + P-521)"""
1555 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-521")
1556
1557 def test_dpp_ap_config_p521_p256(dev, apdev):
1558 """DPP and AP configuration (P-521 + P-256)"""
1559 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-256")
1560
1561 def test_dpp_ap_config_p521_p384(dev, apdev):
1562 """DPP and AP configuration (P-521 + P-384)"""
1563 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-384")
1564
1565 def test_dpp_ap_config_p521_p521(dev, apdev):
1566 """DPP and AP configuration (P-521 + P-521)"""
1567 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-521")
1568
1569 def test_dpp_ap_config_bp256_bp256(dev, apdev):
1570 """DPP and AP configuration (BP-256 + BP-256)"""
1571 run_dpp_ap_config(dev, apdev, curve="BP-256", conf_curve="BP-256")
1572
1573 def test_dpp_ap_config_bp384_bp384(dev, apdev):
1574 """DPP and AP configuration (BP-384 + BP-384)"""
1575 run_dpp_ap_config(dev, apdev, curve="BP-384", conf_curve="BP-384")
1576
1577 def test_dpp_ap_config_bp512_bp512(dev, apdev):
1578 """DPP and AP configuration (BP-512 + BP-512)"""
1579 run_dpp_ap_config(dev, apdev, curve="BP-512", conf_curve="BP-512")
1580
1581 def test_dpp_ap_config_p256_bp256(dev, apdev):
1582 """DPP and AP configuration (P-256 + BP-256)"""
1583 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="BP-256")
1584
1585 def test_dpp_ap_config_bp256_p256(dev, apdev):
1586 """DPP and AP configuration (BP-256 + P-256)"""
1587 run_dpp_ap_config(dev, apdev, curve="BP-256", conf_curve="P-256")
1588
1589 def test_dpp_ap_config_p521_bp512(dev, apdev):
1590 """DPP and AP configuration (P-521 + BP-512)"""
1591 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="BP-512")
1592
1593 def test_dpp_ap_config_bp512_p521(dev, apdev):
1594 """DPP and AP configuration (BP-512 + P-521)"""
1595 run_dpp_ap_config(dev, apdev, curve="BP-512", conf_curve="P-521")
1596
1597 def test_dpp_ap_config_reconfig_configurator(dev, apdev):
1598 """DPP and AP configuration with Configurator reconfiguration"""
1599 run_dpp_ap_config(dev, apdev, reconf_configurator=True)
1600
1601 def update_hapd_config(hapd):
1602 ev = hapd.wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
1603 if ev is None:
1604 raise Exception("SSID not reported (AP)")
1605 ssid = ev.split(' ')[1]
1606
1607 ev = hapd.wait_event(["DPP-CONNECTOR"], timeout=1)
1608 if ev is None:
1609 raise Exception("Connector not reported (AP)")
1610 connector = ev.split(' ')[1]
1611
1612 ev = hapd.wait_event(["DPP-C-SIGN-KEY"], timeout=1)
1613 if ev is None:
1614 raise Exception("C-sign-key not reported (AP)")
1615 p = ev.split(' ')
1616 csign = p[1]
1617
1618 ev = hapd.wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
1619 if ev is None:
1620 raise Exception("netAccessKey not reported (AP)")
1621 p = ev.split(' ')
1622 net_access_key = p[1]
1623 net_access_key_expiry = p[2] if len(p) > 2 else None
1624
1625 logger.info("Update AP configuration to use key_mgmt=DPP")
1626 hapd.disable()
1627 hapd.set("ssid", ssid)
1628 hapd.set("utf8_ssid", "1")
1629 hapd.set("wpa", "2")
1630 hapd.set("wpa_key_mgmt", "DPP")
1631 hapd.set("ieee80211w", "2")
1632 hapd.set("rsn_pairwise", "CCMP")
1633 hapd.set("dpp_connector", connector)
1634 hapd.set("dpp_csign", csign)
1635 hapd.set("dpp_netaccesskey", net_access_key)
1636 if net_access_key_expiry:
1637 hapd.set("dpp_netaccesskey_expiry", net_access_key_expiry)
1638 hapd.enable()
1639
1640 def run_dpp_ap_config(dev, apdev, curve=None, conf_curve=None,
1641 reconf_configurator=False):
1642 check_dpp_capab(dev[0])
1643 check_dpp_capab(dev[1])
1644 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
1645 check_dpp_capab(hapd)
1646
1647 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
1648 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
1649
1650 conf_id = dev[0].dpp_configurator_add(curve=conf_curve)
1651
1652 if reconf_configurator:
1653 csign = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
1654 if "FAIL" in csign or len(csign) == 0:
1655 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
1656
1657 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
1658 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd)
1659 update_hapd_config(hapd)
1660
1661 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
1662 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1663
1664 if reconf_configurator:
1665 dev[0].dpp_configurator_remove(conf_id)
1666 conf_id = dev[0].dpp_configurator_add(curve=conf_curve, key=csign)
1667
1668 dev[1].dpp_listen(2412)
1669 dev[0].dpp_auth_init(uri=uri1, conf="sta-dpp", configurator=conf_id)
1670 wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1],
1671 stop_responder=True)
1672
1673 ev = dev[1].wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
1674 if ev is None:
1675 raise Exception("SSID not reported")
1676 ssid = ev.split(' ')[1]
1677
1678 ev = dev[1].wait_event(["DPP-CONNECTOR"], timeout=1)
1679 if ev is None:
1680 raise Exception("Connector not reported")
1681 connector = ev.split(' ')[1]
1682
1683 ev = dev[1].wait_event(["DPP-C-SIGN-KEY"], timeout=1)
1684 if ev is None:
1685 raise Exception("C-sign-key not reported")
1686 p = ev.split(' ')
1687 csign = p[1]
1688
1689 ev = dev[1].wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
1690 if ev is None:
1691 raise Exception("netAccessKey not reported")
1692 p = ev.split(' ')
1693 net_access_key = p[1]
1694 net_access_key_expiry = p[2] if len(p) > 2 else None
1695
1696 dev[1].dump_monitor()
1697
1698 id = dev[1].connect(ssid, key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
1699 only_add_network=True)
1700 dev[1].set_network_quoted(id, "dpp_connector", connector)
1701 dev[1].set_network(id, "dpp_csign", csign)
1702 dev[1].set_network(id, "dpp_netaccesskey", net_access_key)
1703 if net_access_key_expiry:
1704 dev[1].set_network(id, "dpp_netaccess_expiry", net_access_key_expiry)
1705
1706 logger.info("Check data connection")
1707 dev[1].select_network(id, freq="2412")
1708 dev[1].wait_connected()
1709
1710 def test_dpp_auto_connect_1(dev, apdev):
1711 """DPP and auto connect (1)"""
1712 try:
1713 run_dpp_auto_connect(dev, apdev, 1)
1714 finally:
1715 dev[0].set("dpp_config_processing", "0")
1716
1717 def test_dpp_auto_connect_2(dev, apdev):
1718 """DPP and auto connect (2)"""
1719 try:
1720 run_dpp_auto_connect(dev, apdev, 2)
1721 finally:
1722 dev[0].set("dpp_config_processing", "0")
1723
1724 def test_dpp_auto_connect_2_connect_cmd(dev, apdev):
1725 """DPP and auto connect (2) using connect_cmd"""
1726 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1727 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
1728 dev_new = [wpas, dev[1]]
1729 try:
1730 run_dpp_auto_connect(dev_new, apdev, 2)
1731 finally:
1732 wpas.set("dpp_config_processing", "0")
1733
1734 def run_dpp_auto_connect(dev, apdev, processing):
1735 check_dpp_capab(dev[0])
1736 check_dpp_capab(dev[1])
1737
1738 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1739 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1740 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1741 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1742
1743 params = {"ssid": "test",
1744 "wpa": "2",
1745 "wpa_key_mgmt": "DPP",
1746 "ieee80211w": "2",
1747 "rsn_pairwise": "CCMP",
1748 "dpp_connector": ap_connector,
1749 "dpp_csign": csign_pub,
1750 "dpp_netaccesskey": ap_netaccesskey}
1751 try:
1752 hapd = hostapd.add_ap(apdev[0], params)
1753 except:
1754 raise HwsimSkip("DPP not supported")
1755
1756 conf_id = dev[1].dpp_configurator_add(key=csign)
1757 dev[0].set("dpp_config_processing", str(processing))
1758 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1759 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1760 dev[0].dpp_listen(2412)
1761 dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", configurator=conf_id)
1762 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
1763 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
1764 if ev is None:
1765 raise Exception("DPP network profile not generated")
1766 id = ev.split(' ')[1]
1767
1768 if processing == 1:
1769 dev[0].select_network(id, freq=2412)
1770
1771 dev[0].wait_connected()
1772 hwsim_utils.test_connectivity(dev[0], hapd)
1773
1774 def test_dpp_auto_connect_legacy(dev, apdev):
1775 """DPP and auto connect (legacy)"""
1776 try:
1777 run_dpp_auto_connect_legacy(dev, apdev)
1778 finally:
1779 dev[0].set("dpp_config_processing", "0")
1780
1781 def test_dpp_auto_connect_legacy_ssid_charset(dev, apdev):
1782 """DPP and auto connect (legacy, ssid_charset)"""
1783 try:
1784 run_dpp_auto_connect_legacy(dev, apdev, ssid_charset=12345)
1785 finally:
1786 dev[0].set("dpp_config_processing", "0")
1787
1788 def test_dpp_auto_connect_legacy_sae_1(dev, apdev):
1789 """DPP and auto connect (legacy SAE)"""
1790 try:
1791 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', psk_sae=True)
1792 finally:
1793 dev[0].set("dpp_config_processing", "0")
1794
1795 def test_dpp_auto_connect_legacy_sae_2(dev, apdev):
1796 """DPP and auto connect (legacy SAE)"""
1797 try:
1798 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', sae_only=True)
1799 finally:
1800 dev[0].set("dpp_config_processing", "0")
1801
1802 def test_dpp_auto_connect_legacy_psk_sae_1(dev, apdev):
1803 """DPP and auto connect (legacy PSK+SAE)"""
1804 try:
1805 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
1806 psk_sae=True)
1807 finally:
1808 dev[0].set("dpp_config_processing", "0")
1809
1810 def test_dpp_auto_connect_legacy_psk_sae_2(dev, apdev):
1811 """DPP and auto connect (legacy PSK+SAE)"""
1812 try:
1813 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
1814 sae_only=True)
1815 finally:
1816 dev[0].set("dpp_config_processing", "0")
1817
1818 def test_dpp_auto_connect_legacy_psk_sae_3(dev, apdev):
1819 """DPP and auto connect (legacy PSK+SAE)"""
1820 try:
1821 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae')
1822 finally:
1823 dev[0].set("dpp_config_processing", "0")
1824
1825 def run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk',
1826 ssid_charset=None,
1827 psk_sae=False, sae_only=False):
1828 check_dpp_capab(dev[0])
1829 check_dpp_capab(dev[1])
1830
1831 params = hostapd.wpa2_params(ssid="dpp-legacy",
1832 passphrase="secret passphrase")
1833 if sae_only:
1834 params['wpa_key_mgmt'] = 'SAE'
1835 params['ieee80211w'] = '2'
1836 elif psk_sae:
1837 params['wpa_key_mgmt'] = 'WPA-PSK SAE'
1838 params['ieee80211w'] = '1'
1839 params['sae_require_mfp'] = '1'
1840
1841 hapd = hostapd.add_ap(apdev[0], params)
1842
1843 dev[0].request("SET sae_groups ")
1844 dev[0].set("dpp_config_processing", "2")
1845 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1846 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1847
1848 dev[0].dpp_listen(2412)
1849 dev[1].dpp_auth_init(uri=uri0, conf=conf, ssid="dpp-legacy",
1850 ssid_charset=ssid_charset,
1851 passphrase="secret passphrase")
1852 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
1853 if ssid_charset:
1854 ev = dev[0].wait_event(["DPP-CONFOBJ-SSID-CHARSET"], timeout=1)
1855 if ev is None:
1856 raise Exception("ssid_charset not reported")
1857 charset = ev.split(' ')[1]
1858 if charset != str(ssid_charset):
1859 raise Exception("Incorrect ssid_charset reported: " + ev)
1860 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
1861 if ev is None:
1862 raise Exception("DPP network profile not generated")
1863 id = ev.split(' ')[1]
1864
1865 dev[0].wait_connected()
1866
1867 def test_dpp_auto_connect_legacy_pmf_required(dev, apdev):
1868 """DPP and auto connect (legacy, PMF required)"""
1869 try:
1870 run_dpp_auto_connect_legacy_pmf_required(dev, apdev)
1871 finally:
1872 dev[0].set("dpp_config_processing", "0")
1873
1874 def run_dpp_auto_connect_legacy_pmf_required(dev, apdev):
1875 check_dpp_capab(dev[0])
1876 check_dpp_capab(dev[1])
1877
1878 params = hostapd.wpa2_params(ssid="dpp-legacy",
1879 passphrase="secret passphrase")
1880 params['wpa_key_mgmt'] = "WPA-PSK-SHA256"
1881 params['ieee80211w'] = "2"
1882 hapd = hostapd.add_ap(apdev[0], params)
1883
1884 dev[0].set("dpp_config_processing", "2")
1885 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1886 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1887 dev[0].dpp_listen(2412)
1888 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", ssid="dpp-legacy",
1889 passphrase="secret passphrase")
1890 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
1891 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
1892 if ev is None:
1893 raise Exception("DPP network profile not generated")
1894 dev[0].wait_connected()
1895
1896 def test_dpp_qr_code_auth_responder_configurator(dev, apdev):
1897 """DPP QR Code and responder as the configurator"""
1898 run_dpp_qr_code_auth_responder_configurator(dev, apdev, "")
1899
1900 def test_dpp_qr_code_auth_responder_configurator_group_id(dev, apdev):
1901 """DPP QR Code and responder as the configurator with group_id)"""
1902 run_dpp_qr_code_auth_responder_configurator(dev, apdev,
1903 " group_id=test-group")
1904
1905 def run_dpp_qr_code_auth_responder_configurator(dev, apdev, extra):
1906 check_dpp_capab(dev[0])
1907 check_dpp_capab(dev[1])
1908 conf_id = dev[0].dpp_configurator_add()
1909 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1910 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1911 dev[0].set("dpp_configurator_params",
1912 " conf=sta-dpp configurator=%d%s" % (conf_id, extra))
1913 dev[0].dpp_listen(2412, role="configurator")
1914 dev[1].dpp_auth_init(uri=uri0, role="enrollee")
1915 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1],
1916 stop_responder=True)
1917
1918 def test_dpp_qr_code_hostapd_init(dev, apdev):
1919 """DPP QR Code and hostapd as initiator"""
1920 check_dpp_capab(dev[0])
1921 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
1922 "channel": "6"})
1923 check_dpp_capab(hapd)
1924 conf_id = dev[0].dpp_configurator_add()
1925 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
1926 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1927 dev[0].set("dpp_configurator_params",
1928 " conf=ap-dpp configurator=%d" % conf_id)
1929 dev[0].dpp_listen(2437, role="configurator")
1930 hapd.dpp_auth_init(uri=uri0, role="enrollee")
1931 wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd,
1932 stop_responder=True)
1933
1934 def test_dpp_qr_code_hostapd_init_offchannel(dev, apdev):
1935 """DPP QR Code and hostapd as initiator (offchannel)"""
1936 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, None)
1937
1938 def test_dpp_qr_code_hostapd_init_offchannel_neg_freq(dev, apdev):
1939 """DPP QR Code and hostapd as initiator (offchannel, neg_freq)"""
1940 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, "neg_freq=2437")
1941
1942 def run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, extra):
1943 check_dpp_capab(dev[0])
1944 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
1945 "channel": "6"})
1946 check_dpp_capab(hapd)
1947 conf_id = dev[0].dpp_configurator_add()
1948 id0 = dev[0].dpp_bootstrap_gen(chan="81/1,81/11", mac=True)
1949 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1950 dev[0].set("dpp_configurator_params",
1951 " conf=ap-dpp configurator=%d" % conf_id)
1952 dev[0].dpp_listen(2462, role="configurator")
1953 hapd.dpp_auth_init(uri=uri0, role="enrollee", extra=extra)
1954 wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd,
1955 stop_responder=True)
1956
1957 def test_dpp_test_vector_p_256(dev, apdev):
1958 """DPP P-256 test vector (mutual auth)"""
1959 check_dpp_capab(dev[0])
1960 check_dpp_capab(dev[1])
1961
1962 # Responder bootstrapping key
1963 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
1964 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107")
1965 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1966
1967 # Responder protocol keypair override
1968 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
1969 dev[0].set("dpp_protocol_key_override",
1970 "30310201010420" + priv + "a00a06082a8648ce3d030107")
1971
1972 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
1973
1974 # Initiator bootstrapping key
1975 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
1976 id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107")
1977 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1978
1979 # Initiator protocol keypair override
1980 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
1981 dev[1].set("dpp_protocol_key_override",
1982 "30310201010420" + priv + "a00a06082a8648ce3d030107")
1983
1984 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
1985
1986 dev[0].dpp_qr_code(uri1)
1987 dev[0].dpp_listen(2462, qr="mutual")
1988 dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412)
1989 wait_auth_success(dev[0], dev[1])
1990
1991 def test_dpp_test_vector_p_256_b(dev, apdev):
1992 """DPP P-256 test vector (Responder-only auth)"""
1993 check_dpp_capab(dev[0])
1994 check_dpp_capab(dev[1])
1995
1996 # Responder bootstrapping key
1997 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
1998 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107")
1999 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2000
2001 # Responder protocol keypair override
2002 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
2003 dev[0].set("dpp_protocol_key_override",
2004 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2005
2006 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
2007
2008 # Initiator bootstrapping key
2009 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
2010 id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107")
2011 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2012
2013 # Initiator protocol keypair override
2014 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
2015 dev[1].set("dpp_protocol_key_override",
2016 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2017
2018 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
2019
2020 dev[0].dpp_listen(2462)
2021 dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412)
2022 wait_auth_success(dev[0], dev[1])
2023
2024 def der_priv_key_p_521(priv):
2025 if len(priv) != 2 * 66:
2026 raise Exception("Unexpected der_priv_key_p_521 parameter: " + priv)
2027 der_prefix = "3081500201010442"
2028 der_postfix = "a00706052b81040023"
2029 return der_prefix + priv + der_postfix
2030
2031 def test_dpp_test_vector_p_521(dev, apdev):
2032 """DPP P-521 test vector (mutual auth)"""
2033 check_dpp_capab(dev[0])
2034 check_dpp_capab(dev[1])
2035
2036 # Responder bootstrapping key
2037 priv = "0061e54f518cdf859735da3dd64c6f72c2f086f41a6fd52915152ea2fe0f24ddaecd8883730c9c9fd82cf7c043a41021696388cf5190b731dd83638bcd56d8b6c743"
2038 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True,
2039 key=der_priv_key_p_521(priv))
2040 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2041
2042 # Responder protocol keypair override
2043 priv = "01d8b7b17cd1b0a33f7c66fb4220999329cdaf4f8b44b2ffadde8ab8ed8abffa9f5358c5b1caae26709ca4fb78e52a4d08f2e4f24111a36a6f440d20a0000ff51597"
2044 dev[0].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
2045
2046 dev[0].set("dpp_nonce_override",
2047 "d749a782012eb0a8595af30b2dfc8d0880d004ebddb55ecc5afbdef18c400e01")
2048
2049 # Initiator bootstrapping key
2050 priv = "0060c10df14af5ef27f6e362d31bdd9eeb44be77a323ba64b08f3f03d58b92cbfe05c182a91660caa081ca344243c47b5aa088bcdf738840eb35f0218b9f26881e02"
2051 id1 = dev[1].dpp_bootstrap_gen(key=der_priv_key_p_521(priv))
2052 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2053
2054 # Initiator protocol keypair override
2055 priv = "019c1c08caaeec38fb931894699b095bc3ab8c1ec7ef0622d2e3eba821477c8c6fca41774f21166ad98aebda37c067d9aa08a8a2e1b5c44c61f2bae02a61f85d9661"
2056 dev[1].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
2057
2058 dev[1].set("dpp_nonce_override",
2059 "de972af3847bec3ba2aedd9f5c21cfdec7bf0bc5fe8b276cbcd0267807fb15b0")
2060
2061 dev[0].dpp_qr_code(uri1)
2062 dev[0].dpp_listen(2462, qr="mutual")
2063 dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412)
2064 wait_auth_success(dev[0], dev[1])
2065
2066 def test_dpp_pkex(dev, apdev):
2067 """DPP and PKEX"""
2068 run_dpp_pkex(dev, apdev)
2069
2070 def test_dpp_pkex_p256(dev, apdev):
2071 """DPP and PKEX (P-256)"""
2072 run_dpp_pkex(dev, apdev, "P-256")
2073
2074 def test_dpp_pkex_p384(dev, apdev):
2075 """DPP and PKEX (P-384)"""
2076 run_dpp_pkex(dev, apdev, "P-384")
2077
2078 def test_dpp_pkex_p521(dev, apdev):
2079 """DPP and PKEX (P-521)"""
2080 run_dpp_pkex(dev, apdev, "P-521")
2081
2082 def test_dpp_pkex_bp256(dev, apdev):
2083 """DPP and PKEX (BP-256)"""
2084 run_dpp_pkex(dev, apdev, "brainpoolP256r1")
2085
2086 def test_dpp_pkex_bp384(dev, apdev):
2087 """DPP and PKEX (BP-384)"""
2088 run_dpp_pkex(dev, apdev, "brainpoolP384r1")
2089
2090 def test_dpp_pkex_bp512(dev, apdev):
2091 """DPP and PKEX (BP-512)"""
2092 run_dpp_pkex(dev, apdev, "brainpoolP512r1")
2093
2094 def test_dpp_pkex_config(dev, apdev):
2095 """DPP and PKEX with initiator as the configurator"""
2096 check_dpp_capab(dev[1])
2097 conf_id = dev[1].dpp_configurator_add()
2098 run_dpp_pkex(dev, apdev,
2099 init_extra="conf=sta-dpp configurator=%d" % (conf_id),
2100 check_config=True)
2101
2102 def test_dpp_pkex_no_identifier(dev, apdev):
2103 """DPP and PKEX without identifier"""
2104 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r=None)
2105
2106 def test_dpp_pkex_identifier_mismatch(dev, apdev):
2107 """DPP and PKEX with different identifiers"""
2108 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r="bar",
2109 expect_no_resp=True)
2110
2111 def test_dpp_pkex_identifier_mismatch2(dev, apdev):
2112 """DPP and PKEX with initiator using identifier and the responder not"""
2113 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r=None,
2114 expect_no_resp=True)
2115
2116 def test_dpp_pkex_identifier_mismatch3(dev, apdev):
2117 """DPP and PKEX with responder using identifier and the initiator not"""
2118 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r="bar",
2119 expect_no_resp=True)
2120
2121 def run_dpp_pkex(dev, apdev, curve=None, init_extra=None, check_config=False,
2122 identifier_i="test", identifier_r="test",
2123 expect_no_resp=False):
2124 check_dpp_capab(dev[0], curve and "brainpool" in curve)
2125 check_dpp_capab(dev[1], curve and "brainpool" in curve)
2126 dev[0].dpp_pkex_resp(2437, identifier=identifier_r, code="secret",
2127 curve=curve)
2128 dev[1].dpp_pkex_init(identifier=identifier_i, code="secret", curve=curve,
2129 extra=init_extra)
2130
2131 if expect_no_resp:
2132 ev = dev[0].wait_event(["DPP-RX"], timeout=10)
2133 if ev is None:
2134 raise Exception("DPP PKEX frame not received")
2135 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=1)
2136 if ev is not None:
2137 raise Exception("DPP authentication succeeded")
2138 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=0.1)
2139 if ev is not None:
2140 raise Exception("DPP authentication succeeded")
2141 return
2142
2143 wait_auth_success(dev[0], dev[1],
2144 configurator=dev[1] if check_config else None,
2145 enrollee=dev[0] if check_config else None)
2146
2147 def test_dpp_pkex_5ghz(dev, apdev):
2148 """DPP and PKEX on 5 GHz"""
2149 try:
2150 dev[0].request("SET country US")
2151 dev[1].request("SET country US")
2152 ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
2153 if ev is None:
2154 ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"],
2155 timeout=1)
2156 run_dpp_pkex_5ghz(dev, apdev)
2157 finally:
2158 dev[0].request("SET country 00")
2159 dev[1].request("SET country 00")
2160 subprocess.call(['iw', 'reg', 'set', '00'])
2161 time.sleep(0.1)
2162
2163 def run_dpp_pkex_5ghz(dev, apdev):
2164 check_dpp_capab(dev[0])
2165 check_dpp_capab(dev[1])
2166 dev[0].dpp_pkex_resp(5745, identifier="test", code="secret")
2167 dev[1].dpp_pkex_init(identifier="test", code="secret")
2168 wait_auth_success(dev[0], dev[1], timeout=20)
2169
2170 def test_dpp_pkex_test_vector(dev, apdev):
2171 """DPP and PKEX (P-256) test vector"""
2172 check_dpp_capab(dev[0])
2173 check_dpp_capab(dev[1])
2174
2175 init_addr = "ac:64:91:f4:52:07"
2176 resp_addr = "6e:5e:ce:6e:f3:dd"
2177
2178 identifier = "joes_key"
2179 code = "thisisreallysecret"
2180
2181 # Initiator bootstrapping private key
2182 init_priv = "5941b51acfc702cdc1c347264beb2920db88eb1a0bf03a211868b1632233c269"
2183
2184 # Responder bootstrapping private key
2185 resp_priv = "2ae8956293f49986b6d0b8169a86805d9232babb5f6813fdfe96f19d59536c60"
2186
2187 # Initiator x/X keypair override
2188 init_x_priv = "8365c5ed93d751bef2d92b410dc6adfd95670889183fac1bd66759ad85c3187a"
2189
2190 # Responder y/Y keypair override
2191 resp_y_priv = "d98faa24d7dd3f592665d71a95c862bfd02c4c48acb0c515a41cbc6e929675ea"
2192
2193 p256_prefix = "30310201010420"
2194 p256_postfix = "a00a06082a8648ce3d030107"
2195
2196 dev[0].set("dpp_pkex_own_mac_override", resp_addr)
2197 dev[0].set("dpp_pkex_peer_mac_override", init_addr)
2198 dev[1].set("dpp_pkex_own_mac_override", init_addr)
2199 dev[1].set("dpp_pkex_peer_mac_override", resp_addr)
2200
2201 # Responder y/Y keypair override
2202 dev[0].set("dpp_pkex_ephemeral_key_override",
2203 p256_prefix + resp_y_priv + p256_postfix)
2204
2205 # Initiator x/X keypair override
2206 dev[1].set("dpp_pkex_ephemeral_key_override",
2207 p256_prefix + init_x_priv + p256_postfix)
2208
2209 dev[0].dpp_pkex_resp(2437, identifier=identifier, code=code,
2210 key=p256_prefix + resp_priv + p256_postfix)
2211 dev[1].dpp_pkex_init(identifier=identifier, code=code,
2212 key=p256_prefix + init_priv + p256_postfix)
2213 wait_auth_success(dev[0], dev[1])
2214
2215 def test_dpp_pkex_code_mismatch(dev, apdev):
2216 """DPP and PKEX with mismatching code"""
2217 check_dpp_capab(dev[0])
2218 check_dpp_capab(dev[1])
2219 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
2220 id1 = dev[1].dpp_pkex_init(identifier="test", code="unknown")
2221 wait_dpp_fail(dev[0], "possible PKEX code mismatch")
2222 dev[0].dump_monitor()
2223 dev[1].dump_monitor()
2224 dev[1].dpp_pkex_init(identifier="test", code="secret", use_id=id1)
2225 wait_auth_success(dev[0], dev[1])
2226
2227 def test_dpp_pkex_code_mismatch_limit(dev, apdev):
2228 """DPP and PKEX with mismatching code limit"""
2229 check_dpp_capab(dev[0])
2230 check_dpp_capab(dev[1])
2231 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
2232
2233 id1 = None
2234 for i in range(5):
2235 dev[0].dump_monitor()
2236 dev[1].dump_monitor()
2237 id1 = dev[1].dpp_pkex_init(identifier="test", code="unknown",
2238 use_id=id1)
2239 wait_dpp_fail(dev[0], "possible PKEX code mismatch")
2240
2241 ev = dev[0].wait_event(["DPP-PKEX-T-LIMIT"], timeout=1)
2242 if ev is None:
2243 raise Exception("PKEX t limit not reported")
2244
2245 def test_dpp_pkex_curve_mismatch(dev, apdev):
2246 """DPP and PKEX with mismatching curve"""
2247 check_dpp_capab(dev[0])
2248 check_dpp_capab(dev[1])
2249 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve="P-256")
2250 dev[1].dpp_pkex_init(identifier="test", code="secret", curve="P-384")
2251 wait_dpp_fail(dev[0], "Mismatching PKEX curve: peer=20 own=19")
2252 wait_dpp_fail(dev[1], "Peer indicated mismatching PKEX group - proposed 19")
2253
2254 def test_dpp_pkex_curve_mismatch_failure(dev, apdev):
2255 """DPP and PKEX with mismatching curve (local failure)"""
2256 run_dpp_pkex_curve_mismatch_failure(dev, apdev, "=dpp_pkex_rx_exchange_req")
2257
2258 def test_dpp_pkex_curve_mismatch_failure2(dev, apdev):
2259 """DPP and PKEX with mismatching curve (local failure 2)"""
2260 run_dpp_pkex_curve_mismatch_failure(dev, apdev,
2261 "dpp_pkex_build_exchange_resp")
2262
2263 def run_dpp_pkex_curve_mismatch_failure(dev, apdev, func):
2264 check_dpp_capab(dev[0])
2265 check_dpp_capab(dev[1])
2266 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve="P-256")
2267
2268 with alloc_fail(dev[0], 1, func):
2269 dev[1].dpp_pkex_init(identifier="test", code="secret", curve="P-384")
2270
2271 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
2272 if ev is None:
2273 raise Exception("Failure not reported (dev 0)")
2274 if "Mismatching PKEX curve: peer=20 own=19" not in ev:
2275 raise Exception("Unexpected result: " + ev)
2276 wait_dpp_fail(dev[0], "Mismatching PKEX curve: peer=20 own=19")
2277
2278 def test_dpp_pkex_exchange_resp_processing_failure(dev, apdev):
2279 """DPP and PKEX with local failure in processing Exchange Resp"""
2280 check_dpp_capab(dev[0])
2281 check_dpp_capab(dev[1])
2282 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
2283
2284 with fail_test(dev[1], 1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_resp"):
2285 dev[1].dpp_pkex_init(identifier="test", code="secret")
2286 wait_fail_trigger(dev[1], "GET_FAIL")
2287
2288 def test_dpp_pkex_commit_reveal_req_processing_failure(dev, apdev):
2289 """DPP and PKEX with local failure in processing Commit Reveal Req"""
2290 check_dpp_capab(dev[0])
2291 check_dpp_capab(dev[1])
2292 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
2293
2294 with alloc_fail(dev[0], 1,
2295 "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"):
2296 dev[1].dpp_pkex_init(identifier="test", code="secret")
2297 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
2298
2299 def test_dpp_pkex_config2(dev, apdev):
2300 """DPP and PKEX with responder as the configurator"""
2301 check_dpp_capab(dev[0])
2302 conf_id = dev[0].dpp_configurator_add()
2303 dev[0].set("dpp_configurator_params",
2304 " conf=sta-dpp configurator=%d" % conf_id)
2305 run_dpp_pkex2(dev, apdev)
2306
2307 def run_dpp_pkex2(dev, apdev, curve=None, init_extra=""):
2308 check_dpp_capab(dev[0])
2309 check_dpp_capab(dev[1])
2310 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve=curve,
2311 listen_role="configurator")
2312 dev[1].dpp_pkex_init(identifier="test", code="secret", role="enrollee",
2313 curve=curve, extra=init_extra)
2314 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1])
2315
2316 def test_dpp_pkex_no_responder(dev, apdev):
2317 """DPP and PKEX with no responder (retry behavior)"""
2318 check_dpp_capab(dev[0])
2319 dev[0].dpp_pkex_init(identifier="test", code="secret")
2320
2321 for i in range(15):
2322 ev = dev[0].wait_event(["DPP-TX ", "DPP-FAIL"], timeout=5)
2323 if ev is None:
2324 raise Exception("DPP PKEX failure not reported")
2325 if "DPP-FAIL" not in ev:
2326 continue
2327 if "No response from PKEX peer" not in ev:
2328 raise Exception("Unexpected failure reason: " + ev)
2329 break
2330
2331 def test_dpp_pkex_after_retry(dev, apdev):
2332 """DPP and PKEX completing after retry"""
2333 check_dpp_capab(dev[0])
2334 dev[0].dpp_pkex_init(identifier="test", code="secret")
2335 time.sleep(0.1)
2336 dev[1].dpp_pkex_resp(2437, identifier="test", code="secret")
2337 wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1],
2338 allow_enrollee_failure=True)
2339
2340 def test_dpp_pkex_hostapd_responder(dev, apdev):
2341 """DPP PKEX with hostapd as responder"""
2342 check_dpp_capab(dev[0])
2343 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
2344 "channel": "6"})
2345 check_dpp_capab(hapd)
2346 hapd.dpp_pkex_resp(2437, identifier="test", code="secret")
2347 conf_id = dev[0].dpp_configurator_add()
2348 dev[0].dpp_pkex_init(identifier="test", code="secret",
2349 extra="conf=ap-dpp configurator=%d" % conf_id)
2350 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
2351 stop_initiator=True)
2352
2353 def test_dpp_pkex_hostapd_initiator(dev, apdev):
2354 """DPP PKEX with hostapd as initiator"""
2355 check_dpp_capab(dev[0])
2356 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
2357 "channel": "6"})
2358 check_dpp_capab(hapd)
2359 conf_id = dev[0].dpp_configurator_add()
2360 dev[0].set("dpp_configurator_params",
2361 " conf=ap-dpp configurator=%d" % conf_id)
2362 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
2363 listen_role="configurator")
2364 hapd.dpp_pkex_init(identifier="test", code="secret", role="enrollee")
2365 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
2366 stop_initiator=True)
2367
2368 def test_dpp_hostapd_configurator(dev, apdev):
2369 """DPP with hostapd as configurator/initiator"""
2370 check_dpp_capab(dev[0])
2371 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
2372 "channel": "1"})
2373 check_dpp_capab(hapd)
2374 conf_id = hapd.dpp_configurator_add()
2375 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
2376 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2377 id1 = hapd.dpp_qr_code(uri0)
2378 res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1)
2379 if "FAIL" in res:
2380 raise Exception("DPP_BOOTSTRAP_INFO failed")
2381 if "type=QRCODE" not in res:
2382 raise Exception("DPP_BOOTSTRAP_INFO did not report correct type")
2383 if "mac_addr=" + dev[0].own_addr() not in res:
2384 raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr")
2385 dev[0].dpp_listen(2412)
2386 hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp")
2387 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0],
2388 stop_responder=True)
2389
2390 def test_dpp_hostapd_configurator_responder(dev, apdev):
2391 """DPP with hostapd as configurator/responder"""
2392 check_dpp_capab(dev[0])
2393 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
2394 "channel": "1"})
2395 check_dpp_capab(hapd)
2396 conf_id = hapd.dpp_configurator_add()
2397 hapd.set("dpp_configurator_params",
2398 " conf=sta-dpp configurator=%d" % conf_id)
2399 id0 = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2400 uri0 = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2401 dev[0].dpp_auth_init(uri=uri0, role="enrollee")
2402 wait_auth_success(hapd, dev[0], configurator=hapd, enrollee=dev[0],
2403 stop_initiator=True)
2404
2405 def test_dpp_own_config(dev, apdev):
2406 """DPP configurator signing own connector"""
2407 try:
2408 run_dpp_own_config(dev, apdev)
2409 finally:
2410 dev[0].set("dpp_config_processing", "0")
2411
2412 def test_dpp_own_config_group_id(dev, apdev):
2413 """DPP configurator signing own connector"""
2414 try:
2415 run_dpp_own_config(dev, apdev, extra=" group_id=test-group")
2416 finally:
2417 dev[0].set("dpp_config_processing", "0")
2418
2419 def test_dpp_own_config_curve_mismatch(dev, apdev):
2420 """DPP configurator signing own connector using mismatching curve"""
2421 try:
2422 run_dpp_own_config(dev, apdev, own_curve="BP-384", expect_failure=True)
2423 finally:
2424 dev[0].set("dpp_config_processing", "0")
2425
2426 def run_dpp_own_config(dev, apdev, own_curve=None, expect_failure=False,
2427 extra=None):
2428 check_dpp_capab(dev[0], own_curve and "BP" in own_curve)
2429 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2430 check_dpp_capab(hapd)
2431 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2432 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
2433 conf_id = dev[0].dpp_configurator_add()
2434 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id,
2435 extra=extra)
2436 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd)
2437 update_hapd_config(hapd)
2438
2439 dev[0].set("dpp_config_processing", "1")
2440 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d%s" % (conf_id, extra)
2441 if own_curve:
2442 cmd += " curve=" + own_curve
2443 res = dev[0].request(cmd)
2444 if "FAIL" in res:
2445 raise Exception("Failed to generate own configuration")
2446
2447 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
2448 if ev is None:
2449 raise Exception("DPP network profile not generated")
2450 id = ev.split(' ')[1]
2451 dev[0].select_network(id, freq="2412")
2452 if expect_failure:
2453 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2454 if ev is not None:
2455 raise Exception("Unexpected connection")
2456 dev[0].request("DISCONNECT")
2457 else:
2458 dev[0].wait_connected()
2459
2460 def test_dpp_own_config_ap(dev, apdev):
2461 """DPP configurator (AP) signing own connector"""
2462 try:
2463 run_dpp_own_config_ap(dev, apdev)
2464 finally:
2465 dev[0].set("dpp_config_processing", "0")
2466
2467 def test_dpp_own_config_ap_group_id(dev, apdev):
2468 """DPP configurator (AP) signing own connector (group_id)"""
2469 try:
2470 run_dpp_own_config_ap(dev, apdev, extra=" group_id=test-group")
2471 finally:
2472 dev[0].set("dpp_config_processing", "0")
2473
2474 def test_dpp_own_config_ap_reconf(dev, apdev):
2475 """DPP configurator (AP) signing own connector and configurator reconf"""
2476 try:
2477 run_dpp_own_config_ap(dev, apdev)
2478 finally:
2479 dev[0].set("dpp_config_processing", "0")
2480
2481 def run_dpp_own_config_ap(dev, apdev, reconf_configurator=False, extra=None):
2482 check_dpp_capab(dev[0])
2483 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2484 check_dpp_capab(hapd)
2485 conf_id = hapd.dpp_configurator_add()
2486 if reconf_configurator:
2487 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
2488 if "FAIL" in csign or len(csign) == 0:
2489 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
2490
2491 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d%s" % (conf_id, extra)
2492 res = hapd.request(cmd)
2493 if "FAIL" in res:
2494 raise Exception("Failed to generate own configuration")
2495 update_hapd_config(hapd)
2496
2497 if reconf_configurator:
2498 hapd.dpp_configurator_remove(conf_id)
2499 conf_id = hapd.dpp_configurator_add(key=csign)
2500
2501 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
2502 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2503 dev[0].set("dpp_config_processing", "2")
2504 dev[0].dpp_listen(2412)
2505 hapd.dpp_auth_init(uri=uri, conf="sta-dpp", configurator=conf_id,
2506 extra=extra)
2507 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0])
2508 dev[0].wait_connected()
2509
2510 def test_dpp_intro_mismatch(dev, apdev):
2511 """DPP network introduction mismatch cases"""
2512 try:
2513 wpas = None
2514 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2515 wpas.interface_add("wlan5")
2516 check_dpp_capab(wpas)
2517 run_dpp_intro_mismatch(dev, apdev, wpas)
2518 finally:
2519 dev[0].set("dpp_config_processing", "0")
2520 dev[2].set("dpp_config_processing", "0")
2521 if wpas:
2522 wpas.set("dpp_config_processing", "0")
2523
2524 def run_dpp_intro_mismatch(dev, apdev, wpas):
2525 check_dpp_capab(dev[0])
2526 check_dpp_capab(dev[1])
2527 check_dpp_capab(dev[2])
2528 logger.info("Start AP in unconfigured state")
2529 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2530 check_dpp_capab(hapd)
2531 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2532 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
2533 logger.info("Provision AP with DPP configuration")
2534 conf_id = dev[1].dpp_configurator_add()
2535 dev[1].set("dpp_groups_override", '[{"groupId":"a","netRole":"ap"}]')
2536 dev[1].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
2537 update_hapd_config(hapd)
2538
2539 logger.info("Provision STA0 with DPP Connector that has mismatching groupId")
2540 dev[0].set("dpp_config_processing", "2")
2541 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
2542 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2543 dev[0].dpp_listen(2412)
2544 dev[1].set("dpp_groups_override", '[{"groupId":"b","netRole":"sta"}]')
2545 dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", configurator=conf_id)
2546 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
2547
2548 logger.info("Provision STA2 with DPP Connector that has mismatching C-sign-key")
2549 dev[2].set("dpp_config_processing", "2")
2550 id2 = dev[2].dpp_bootstrap_gen(chan="81/1", mac=True)
2551 uri2 = dev[2].request("DPP_BOOTSTRAP_GET_URI %d" % id2)
2552 dev[2].dpp_listen(2412)
2553 conf_id_2 = dev[1].dpp_configurator_add()
2554 dev[1].set("dpp_groups_override", '')
2555 dev[1].dpp_auth_init(uri=uri2, conf="sta-dpp", configurator=conf_id_2)
2556 wait_auth_success(dev[2], dev[1], configurator=dev[1], enrollee=dev[2])
2557
2558 logger.info("Provision STA5 with DPP Connector that has mismatching netAccessKey EC group")
2559 wpas.set("dpp_config_processing", "2")
2560 id5 = wpas.dpp_bootstrap_gen(chan="81/1", mac=True, curve="P-521")
2561 uri5 = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id5)
2562 wpas.dpp_listen(2412)
2563 dev[1].set("dpp_groups_override", '')
2564 dev[1].dpp_auth_init(uri=uri5, conf="sta-dpp", configurator=conf_id)
2565 wait_auth_success(wpas, dev[1], configurator=dev[1], enrollee=wpas)
2566
2567 logger.info("Verify network introduction results")
2568 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
2569 if ev is None:
2570 raise Exception("DPP network introduction result not seen on STA0")
2571 if "status=8" not in ev:
2572 raise Exception("Unexpected network introduction result on STA0: " + ev)
2573
2574 ev = dev[2].wait_event(["DPP-INTRO"], timeout=5)
2575 if ev is None:
2576 raise Exception("DPP network introduction result not seen on STA2")
2577 if "status=8" not in ev:
2578 raise Exception("Unexpected network introduction result on STA2: " + ev)
2579
2580 ev = wpas.wait_event(["DPP-INTRO"], timeout=10)
2581 if ev is None:
2582 raise Exception("DPP network introduction result not seen on STA5")
2583 if "status=7" not in ev:
2584 raise Exception("Unexpected network introduction result on STA5: " + ev)
2585
2586 def run_dpp_proto_init(dev, test_dev, test, mutual=False, unicast=True,
2587 listen=True, chan="81/1", init_enrollee=False,
2588 incompatible_roles=False):
2589 check_dpp_capab(dev[0])
2590 check_dpp_capab(dev[1])
2591 dev[test_dev].set("dpp_test", str(test))
2592 if init_enrollee:
2593 conf_id = dev[0].dpp_configurator_add()
2594 else:
2595 conf_id = dev[1].dpp_configurator_add()
2596 id0 = dev[0].dpp_bootstrap_gen(chan=chan, mac=unicast)
2597 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2598
2599 if mutual:
2600 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
2601 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
2602
2603 id0b = dev[0].dpp_qr_code(uri1b)
2604 qr = "mutual"
2605 else:
2606 qr = None
2607
2608 if init_enrollee:
2609 if incompatible_roles:
2610 role = "enrollee"
2611 else:
2612 role = "configurator"
2613 dev[0].set("dpp_configurator_params",
2614 " conf=sta-dpp configurator=%d" % conf_id)
2615 elif incompatible_roles:
2616 role = "enrollee"
2617 else:
2618 role = None
2619
2620 if listen:
2621 dev[0].dpp_listen(2412, qr=qr, role=role)
2622
2623 role = None
2624 configurator = None
2625 conf = None
2626 own = None
2627
2628 if init_enrollee:
2629 role="enrollee"
2630 else:
2631 configurator=conf_id
2632 conf="sta-dpp"
2633 if incompatible_roles:
2634 role="enrollee"
2635 if mutual:
2636 own = id1b
2637 dev[1].dpp_auth_init(uri=uri0, role=role, configurator=configurator,
2638 conf=conf, own=own)
2639
2640 def test_dpp_proto_after_wrapped_data_auth_req(dev, apdev):
2641 """DPP protocol testing - attribute after Wrapped Data in Auth Req"""
2642 run_dpp_proto_init(dev, 1, 1)
2643 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
2644 if ev is None:
2645 raise Exception("DPP Authentication Request not seen")
2646 if "type=0" not in ev or "ignore=invalid-attributes" not in ev:
2647 raise Exception("Unexpected RX info: " + ev)
2648 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
2649 if ev is not None:
2650 raise Exception("Unexpected DPP message seen")
2651
2652 def test_dpp_auth_req_stop_after_ack(dev, apdev):
2653 """DPP initiator stopping after ACK, but no response"""
2654 run_dpp_proto_init(dev, 1, 1, listen=True)
2655 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
2656 if ev is None:
2657 raise Exception("Authentication failure not reported")
2658
2659 def test_dpp_auth_req_retries(dev, apdev):
2660 """DPP initiator retries with no ACK"""
2661 check_dpp_capab(dev[1])
2662 dev[1].set("dpp_init_max_tries", "3")
2663 dev[1].set("dpp_init_retry_time", "1000")
2664 dev[1].set("dpp_resp_wait_time", "100")
2665 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False)
2666
2667 for i in range(3):
2668 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
2669 if ev is None:
2670 raise Exception("Auth Req not sent (%d)" % i)
2671
2672 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
2673 if ev is None:
2674 raise Exception("Authentication failure not reported")
2675
2676 def test_dpp_auth_req_retries_multi_chan(dev, apdev):
2677 """DPP initiator retries with no ACK and multiple channels"""
2678 check_dpp_capab(dev[1])
2679 dev[1].set("dpp_init_max_tries", "3")
2680 dev[1].set("dpp_init_retry_time", "1000")
2681 dev[1].set("dpp_resp_wait_time", "100")
2682 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False,
2683 chan="81/1,81/6,81/11")
2684
2685 for i in range(3 * 3):
2686 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
2687 if ev is None:
2688 raise Exception("Auth Req not sent (%d)" % i)
2689
2690 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
2691 if ev is None:
2692 raise Exception("Authentication failure not reported")
2693
2694 def test_dpp_proto_after_wrapped_data_auth_resp(dev, apdev):
2695 """DPP protocol testing - attribute after Wrapped Data in Auth Resp"""
2696 run_dpp_proto_init(dev, 0, 2)
2697 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
2698 if ev is None:
2699 raise Exception("DPP Authentication Response not seen")
2700 if "type=1" not in ev or "ignore=invalid-attributes" not in ev:
2701 raise Exception("Unexpected RX info: " + ev)
2702 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
2703 if ev is None or "type=0" not in ev:
2704 raise Exception("DPP Authentication Request not seen")
2705 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
2706 if ev is not None:
2707 raise Exception("Unexpected DPP message seen")
2708
2709 def test_dpp_proto_after_wrapped_data_auth_conf(dev, apdev):
2710 """DPP protocol testing - attribute after Wrapped Data in Auth Conf"""
2711 run_dpp_proto_init(dev, 1, 3)
2712 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
2713 if ev is None or "type=0" not in ev:
2714 raise Exception("DPP Authentication Request not seen")
2715 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
2716 if ev is None:
2717 raise Exception("DPP Authentication Confirm not seen")
2718 if "type=2" not in ev or "ignore=invalid-attributes" not in ev:
2719 raise Exception("Unexpected RX info: " + ev)
2720
2721 def test_dpp_proto_after_wrapped_data_conf_req(dev, apdev):
2722 """DPP protocol testing - attribute after Wrapped Data in Conf Req"""
2723 run_dpp_proto_init(dev, 0, 6)
2724 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=10)
2725 if ev is None:
2726 raise Exception("DPP Configuration failure not seen")
2727
2728 def test_dpp_proto_after_wrapped_data_conf_resp(dev, apdev):
2729 """DPP protocol testing - attribute after Wrapped Data in Conf Resp"""
2730 run_dpp_proto_init(dev, 1, 7)
2731 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=10)
2732 if ev is None:
2733 raise Exception("DPP Configuration failure not seen")
2734
2735 def test_dpp_proto_zero_i_capab(dev, apdev):
2736 """DPP protocol testing - zero I-capability in Auth Req"""
2737 run_dpp_proto_init(dev, 1, 8)
2738 wait_dpp_fail(dev[0], "Invalid role in I-capabilities 0x00")
2739 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
2740 if ev is not None:
2741 raise Exception("Unexpected DPP message seen")
2742
2743 def test_dpp_proto_zero_r_capab(dev, apdev):
2744 """DPP protocol testing - zero R-capability in Auth Resp"""
2745 run_dpp_proto_init(dev, 0, 9)
2746 wait_dpp_fail(dev[1], "Unexpected role in R-capabilities 0x00")
2747 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
2748 if ev is None or "type=0" not in ev:
2749 raise Exception("DPP Authentication Request not seen")
2750 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
2751 if ev is not None:
2752 raise Exception("Unexpected DPP message seen")
2753
2754 def run_dpp_proto_auth_req_missing(dev, test, reason, mutual=False):
2755 run_dpp_proto_init(dev, 1, test, mutual=mutual)
2756 wait_dpp_fail(dev[0], reason)
2757 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
2758 if ev is not None:
2759 raise Exception("Unexpected DPP message seen")
2760
2761 def test_dpp_proto_auth_req_no_r_bootstrap_key(dev, apdev):
2762 """DPP protocol testing - no R-bootstrap key in Auth Req"""
2763 run_dpp_proto_auth_req_missing(dev, 10, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2764
2765 def test_dpp_proto_auth_req_invalid_r_bootstrap_key(dev, apdev):
2766 """DPP protocol testing - invalid R-bootstrap key in Auth Req"""
2767 run_dpp_proto_auth_req_missing(dev, 68, "No matching own bootstrapping key found - ignore message")
2768
2769 def test_dpp_proto_auth_req_no_i_bootstrap_key(dev, apdev):
2770 """DPP protocol testing - no I-bootstrap key in Auth Req"""
2771 run_dpp_proto_auth_req_missing(dev, 11, "Missing or invalid required Initiator Bootstrapping Key Hash attribute")
2772
2773 def test_dpp_proto_auth_req_invalid_i_bootstrap_key(dev, apdev):
2774 """DPP protocol testing - invalid I-bootstrap key in Auth Req"""
2775 run_dpp_proto_init(dev, 1, 69, mutual=True)
2776 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
2777 if ev is None:
2778 raise Exception("DPP scan request not seen")
2779 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
2780 if ev is None:
2781 raise Exception("DPP response pending indivation not seen")
2782
2783 def test_dpp_proto_auth_req_no_i_proto_key(dev, apdev):
2784 """DPP protocol testing - no I-proto key in Auth Req"""
2785 run_dpp_proto_auth_req_missing(dev, 12, "Missing required Initiator Protocol Key attribute")
2786
2787 def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
2788 """DPP protocol testing - invalid I-proto key in Auth Req"""
2789 run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
2790
2791 def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
2792 """DPP protocol testing - no I-nonce in Auth Req"""
2793 run_dpp_proto_auth_req_missing(dev, 13, "Missing or invalid I-nonce")
2794
2795 def test_dpp_proto_auth_req_invalid_i_nonce(dev, apdev):
2796 """DPP protocol testing - invalid I-nonce in Auth Req"""
2797 run_dpp_proto_auth_req_missing(dev, 81, "Missing or invalid I-nonce")
2798
2799 def test_dpp_proto_auth_req_no_i_capab(dev, apdev):
2800 """DPP protocol testing - no I-capab in Auth Req"""
2801 run_dpp_proto_auth_req_missing(dev, 14, "Missing or invalid I-capab")
2802
2803 def test_dpp_proto_auth_req_no_wrapped_data(dev, apdev):
2804 """DPP protocol testing - no Wrapped Data in Auth Req"""
2805 run_dpp_proto_auth_req_missing(dev, 15, "Missing or invalid required Wrapped Data attribute")
2806
2807 def run_dpp_proto_auth_resp_missing(dev, test, reason,
2808 incompatible_roles=False):
2809 run_dpp_proto_init(dev, 0, test, mutual=True,
2810 incompatible_roles=incompatible_roles)
2811 if reason is None:
2812 if incompatible_roles:
2813 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
2814 if ev is None:
2815 raise Exception("DPP-NOT-COMPATIBLE not reported")
2816 time.sleep(0.1)
2817 return
2818 wait_dpp_fail(dev[1], reason)
2819 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
2820 if ev is None or "type=0" not in ev:
2821 raise Exception("DPP Authentication Request not seen")
2822 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
2823 if ev is not None:
2824 raise Exception("Unexpected DPP message seen")
2825
2826 def test_dpp_proto_auth_resp_no_status(dev, apdev):
2827 """DPP protocol testing - no Status in Auth Resp"""
2828 run_dpp_proto_auth_resp_missing(dev, 16, "Missing or invalid required DPP Status attribute")
2829
2830 def test_dpp_proto_auth_resp_status_no_status(dev, apdev):
2831 """DPP protocol testing - no Status in Auth Resp(status)"""
2832 run_dpp_proto_auth_resp_missing(dev, 16,
2833 "Missing or invalid required DPP Status attribute",
2834 incompatible_roles=True)
2835
2836 def test_dpp_proto_auth_resp_invalid_status(dev, apdev):
2837 """DPP protocol testing - invalid Status in Auth Resp"""
2838 run_dpp_proto_auth_resp_missing(dev, 74, "Responder reported failure")
2839
2840 def test_dpp_proto_auth_resp_no_r_bootstrap_key(dev, apdev):
2841 """DPP protocol testing - no R-bootstrap key in Auth Resp"""
2842 run_dpp_proto_auth_resp_missing(dev, 17, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2843
2844 def test_dpp_proto_auth_resp_status_no_r_bootstrap_key(dev, apdev):
2845 """DPP protocol testing - no R-bootstrap key in Auth Resp(status)"""
2846 run_dpp_proto_auth_resp_missing(dev, 17,
2847 "Missing or invalid required Responder Bootstrapping Key Hash attribute",
2848 incompatible_roles=True)
2849
2850 def test_dpp_proto_auth_resp_invalid_r_bootstrap_key(dev, apdev):
2851 """DPP protocol testing - invalid R-bootstrap key in Auth Resp"""
2852 run_dpp_proto_auth_resp_missing(dev, 70, "Unexpected Responder Bootstrapping Key Hash value")
2853
2854 def test_dpp_proto_auth_resp_status_invalid_r_bootstrap_key(dev, apdev):
2855 """DPP protocol testing - invalid R-bootstrap key in Auth Resp(status)"""
2856 run_dpp_proto_auth_resp_missing(dev, 70,
2857 "Unexpected Responder Bootstrapping Key Hash value",
2858 incompatible_roles=True)
2859
2860 def test_dpp_proto_auth_resp_no_i_bootstrap_key(dev, apdev):
2861 """DPP protocol testing - no I-bootstrap key in Auth Resp"""
2862 run_dpp_proto_auth_resp_missing(dev, 18, None)
2863
2864 def test_dpp_proto_auth_resp_status_no_i_bootstrap_key(dev, apdev):
2865 """DPP protocol testing - no I-bootstrap key in Auth Resp(status)"""
2866 run_dpp_proto_auth_resp_missing(dev, 18, None, incompatible_roles=True)
2867
2868 def test_dpp_proto_auth_resp_invalid_i_bootstrap_key(dev, apdev):
2869 """DPP protocol testing - invalid I-bootstrap key in Auth Resp"""
2870 run_dpp_proto_auth_resp_missing(dev, 71, "Initiator Bootstrapping Key Hash attribute did not match")
2871
2872 def test_dpp_proto_auth_resp_status_invalid_i_bootstrap_key(dev, apdev):
2873 """DPP protocol testing - invalid I-bootstrap key in Auth Resp(status)"""
2874 run_dpp_proto_auth_resp_missing(dev, 71,
2875 "Initiator Bootstrapping Key Hash attribute did not match",
2876 incompatible_roles=True)
2877
2878 def test_dpp_proto_auth_resp_no_r_proto_key(dev, apdev):
2879 """DPP protocol testing - no R-Proto Key in Auth Resp"""
2880 run_dpp_proto_auth_resp_missing(dev, 19, "Missing required Responder Protocol Key attribute")
2881
2882 def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
2883 """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
2884 run_dpp_proto_auth_resp_missing(dev, 67, "Invalid Responder Protocol Key")
2885
2886 def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
2887 """DPP protocol testing - no R-nonce in Auth Resp"""
2888 run_dpp_proto_auth_resp_missing(dev, 20, "Missing or invalid R-nonce")
2889
2890 def test_dpp_proto_auth_resp_no_i_nonce(dev, apdev):
2891 """DPP protocol testing - no I-nonce in Auth Resp"""
2892 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce")
2893
2894 def test_dpp_proto_auth_resp_status_no_i_nonce(dev, apdev):
2895 """DPP protocol testing - no I-nonce in Auth Resp(status)"""
2896 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce",
2897 incompatible_roles=True)
2898
2899 def test_dpp_proto_auth_resp_no_r_capab(dev, apdev):
2900 """DPP protocol testing - no R-capab in Auth Resp"""
2901 run_dpp_proto_auth_resp_missing(dev, 22, "Missing or invalid R-capabilities")
2902
2903 def test_dpp_proto_auth_resp_no_r_auth(dev, apdev):
2904 """DPP protocol testing - no R-auth in Auth Resp"""
2905 run_dpp_proto_auth_resp_missing(dev, 23, "Missing or invalid Secondary Wrapped Data")
2906
2907 def test_dpp_proto_auth_resp_no_wrapped_data(dev, apdev):
2908 """DPP protocol testing - no Wrapped Data in Auth Resp"""
2909 run_dpp_proto_auth_resp_missing(dev, 24, "Missing or invalid required Wrapped Data attribute")
2910
2911 def test_dpp_proto_auth_resp_i_nonce_mismatch(dev, apdev):
2912 """DPP protocol testing - I-nonce mismatch in Auth Resp"""
2913 run_dpp_proto_init(dev, 0, 30, mutual=True)
2914 wait_dpp_fail(dev[1], "I-nonce mismatch")
2915 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
2916 if ev is None or "type=0" not in ev:
2917 raise Exception("DPP Authentication Request not seen")
2918 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
2919 if ev is not None:
2920 raise Exception("Unexpected DPP message seen")
2921
2922 def test_dpp_proto_auth_resp_incompatible_r_capab(dev, apdev):
2923 """DPP protocol testing - Incompatible R-capab in Auth Resp"""
2924 run_dpp_proto_init(dev, 0, 31, mutual=True)
2925 wait_dpp_fail(dev[1], "Unexpected role in R-capabilities 0x02")
2926 wait_dpp_fail(dev[0], "Peer reported incompatible R-capab role")
2927
2928 def test_dpp_proto_auth_resp_r_auth_mismatch(dev, apdev):
2929 """DPP protocol testing - R-auth mismatch in Auth Resp"""
2930 run_dpp_proto_init(dev, 0, 32, mutual=True)
2931 wait_dpp_fail(dev[1], "Mismatching Responder Authenticating Tag")
2932 wait_dpp_fail(dev[0], "Peer reported authentication failure")
2933
2934 def test_dpp_proto_auth_resp_r_auth_mismatch_failure(dev, apdev):
2935 """DPP protocol testing - Auth Conf RX processing failure"""
2936 with alloc_fail(dev[0], 1, "dpp_auth_conf_rx_failure"):
2937 run_dpp_proto_init(dev, 0, 32, mutual=True)
2938 wait_dpp_fail(dev[0], "Authentication failed")
2939
2940 def test_dpp_proto_auth_resp_r_auth_mismatch_failure2(dev, apdev):
2941 """DPP protocol testing - Auth Conf RX processing failure 2"""
2942 with fail_test(dev[0], 1, "dpp_auth_conf_rx_failure"):
2943 run_dpp_proto_init(dev, 0, 32, mutual=True)
2944 wait_dpp_fail(dev[0], "AES-SIV decryption failed")
2945
2946 def run_dpp_proto_auth_conf_missing(dev, test, reason):
2947 run_dpp_proto_init(dev, 1, test, mutual=True)
2948 if reason is None:
2949 time.sleep(0.1)
2950 return
2951 wait_dpp_fail(dev[0], reason)
2952
2953 def test_dpp_proto_auth_conf_no_status(dev, apdev):
2954 """DPP protocol testing - no Status in Auth Conf"""
2955 run_dpp_proto_auth_conf_missing(dev, 25, "Missing or invalid required DPP Status attribute")
2956
2957 def test_dpp_proto_auth_conf_invalid_status(dev, apdev):
2958 """DPP protocol testing - invalid Status in Auth Conf"""
2959 run_dpp_proto_auth_conf_missing(dev, 75, "Authentication failed")
2960
2961 def test_dpp_proto_auth_conf_no_r_bootstrap_key(dev, apdev):
2962 """DPP protocol testing - no R-bootstrap key in Auth Conf"""
2963 run_dpp_proto_auth_conf_missing(dev, 26, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2964
2965 def test_dpp_proto_auth_conf_invalid_r_bootstrap_key(dev, apdev):
2966 """DPP protocol testing - invalid R-bootstrap key in Auth Conf"""
2967 run_dpp_proto_auth_conf_missing(dev, 72, "Responder Bootstrapping Key Hash mismatch")
2968
2969 def test_dpp_proto_auth_conf_no_i_bootstrap_key(dev, apdev):
2970 """DPP protocol testing - no I-bootstrap key in Auth Conf"""
2971 run_dpp_proto_auth_conf_missing(dev, 27, "Missing Initiator Bootstrapping Key Hash attribute")
2972
2973 def test_dpp_proto_auth_conf_invalid_i_bootstrap_key(dev, apdev):
2974 """DPP protocol testing - invalid I-bootstrap key in Auth Conf"""
2975 run_dpp_proto_auth_conf_missing(dev, 73, "Initiator Bootstrapping Key Hash mismatch")
2976
2977 def test_dpp_proto_auth_conf_no_i_auth(dev, apdev):
2978 """DPP protocol testing - no I-Auth in Auth Conf"""
2979 run_dpp_proto_auth_conf_missing(dev, 28, "Missing or invalid Initiator Authenticating Tag")
2980
2981 def test_dpp_proto_auth_conf_no_wrapped_data(dev, apdev):
2982 """DPP protocol testing - no Wrapped Data in Auth Conf"""
2983 run_dpp_proto_auth_conf_missing(dev, 29, "Missing or invalid required Wrapped Data attribute")
2984
2985 def test_dpp_proto_auth_conf_i_auth_mismatch(dev, apdev):
2986 """DPP protocol testing - I-auth mismatch in Auth Conf"""
2987 run_dpp_proto_init(dev, 1, 33, mutual=True)
2988 wait_dpp_fail(dev[0], "Mismatching Initiator Authenticating Tag")
2989
2990 def test_dpp_proto_auth_conf_replaced_by_resp(dev, apdev):
2991 """DPP protocol testing - Auth Conf replaced by Resp"""
2992 run_dpp_proto_init(dev, 1, 65, mutual=True)
2993 wait_dpp_fail(dev[0], "Unexpected Authentication Response")
2994
2995 def run_dpp_proto_conf_req_missing(dev, test, reason):
2996 run_dpp_proto_init(dev, 0, test)
2997 wait_dpp_fail(dev[1], reason)
2998
2999 def test_dpp_proto_conf_req_no_e_nonce(dev, apdev):
3000 """DPP protocol testing - no E-nonce in Conf Req"""
3001 run_dpp_proto_conf_req_missing(dev, 51,
3002 "Missing or invalid Enrollee Nonce attribute")
3003
3004 def test_dpp_proto_conf_req_invalid_e_nonce(dev, apdev):
3005 """DPP protocol testing - invalid E-nonce in Conf Req"""
3006 run_dpp_proto_conf_req_missing(dev, 83,
3007 "Missing or invalid Enrollee Nonce attribute")
3008
3009 def test_dpp_proto_conf_req_no_config_attr_obj(dev, apdev):
3010 """DPP protocol testing - no Config Attr Obj in Conf Req"""
3011 run_dpp_proto_conf_req_missing(dev, 52,
3012 "Missing or invalid Config Attributes attribute")
3013
3014 def test_dpp_proto_conf_req_invalid_config_attr_obj(dev, apdev):
3015 """DPP protocol testing - invalid Config Attr Obj in Conf Req"""
3016 run_dpp_proto_conf_req_missing(dev, 76,
3017 "Unsupported wi-fi_tech")
3018
3019 def test_dpp_proto_conf_req_no_wrapped_data(dev, apdev):
3020 """DPP protocol testing - no Wrapped Data in Conf Req"""
3021 run_dpp_proto_conf_req_missing(dev, 53,
3022 "Missing or invalid required Wrapped Data attribute")
3023
3024 def run_dpp_proto_conf_resp_missing(dev, test, reason):
3025 run_dpp_proto_init(dev, 1, test)
3026 wait_dpp_fail(dev[0], reason)
3027
3028 def test_dpp_proto_conf_resp_no_e_nonce(dev, apdev):
3029 """DPP protocol testing - no E-nonce in Conf Resp"""
3030 run_dpp_proto_conf_resp_missing(dev, 54,
3031 "Missing or invalid Enrollee Nonce attribute")
3032
3033 def test_dpp_proto_conf_resp_no_config_obj(dev, apdev):
3034 """DPP protocol testing - no Config Object in Conf Resp"""
3035 run_dpp_proto_conf_resp_missing(dev, 55,
3036 "Missing required Configuration Object attribute")
3037
3038 def test_dpp_proto_conf_resp_no_status(dev, apdev):
3039 """DPP protocol testing - no Status in Conf Resp"""
3040 run_dpp_proto_conf_resp_missing(dev, 56,
3041 "Missing or invalid required DPP Status attribute")
3042
3043 def test_dpp_proto_conf_resp_no_wrapped_data(dev, apdev):
3044 """DPP protocol testing - no Wrapped Data in Conf Resp"""
3045 run_dpp_proto_conf_resp_missing(dev, 57,
3046 "Missing or invalid required Wrapped Data attribute")
3047
3048 def test_dpp_proto_conf_resp_invalid_status(dev, apdev):
3049 """DPP protocol testing - invalid Status in Conf Resp"""
3050 run_dpp_proto_conf_resp_missing(dev, 58,
3051 "Configurator rejected configuration")
3052
3053 def test_dpp_proto_conf_resp_e_nonce_mismatch(dev, apdev):
3054 """DPP protocol testing - E-nonce mismatch in Conf Resp"""
3055 run_dpp_proto_conf_resp_missing(dev, 59,
3056 "Enrollee Nonce mismatch")
3057
3058 def test_dpp_proto_stop_at_auth_req(dev, apdev):
3059 """DPP protocol testing - stop when receiving Auth Req"""
3060 run_dpp_proto_init(dev, 0, 87)
3061 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3062 if ev is None:
3063 raise Exception("Authentication init failure not reported")
3064
3065 def test_dpp_proto_stop_at_auth_resp(dev, apdev):
3066 """DPP protocol testing - stop when receiving Auth Resp"""
3067 run_dpp_proto_init(dev, 1, 88)
3068
3069 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3070 if ev is None:
3071 raise Exception("Auth Req TX not seen")
3072
3073 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3074 if ev is None:
3075 raise Exception("Auth Resp TX not seen")
3076
3077 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
3078 if ev is not None:
3079 raise Exception("Unexpected Auth Conf TX")
3080
3081 def test_dpp_proto_stop_at_auth_conf(dev, apdev):
3082 """DPP protocol testing - stop when receiving Auth Conf"""
3083 run_dpp_proto_init(dev, 0, 89, init_enrollee=True)
3084 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=10)
3085 if ev is None:
3086 raise Exception("Enrollee did not start GAS")
3087 ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=10)
3088 if ev is None:
3089 raise Exception("Enrollee did not time out GAS")
3090 if "result=TIMEOUT" not in ev:
3091 raise Exception("Unexpected GAS result: " + ev)
3092
3093 def test_dpp_proto_stop_at_auth_conf_tx(dev, apdev):
3094 """DPP protocol testing - stop when transmitting Auth Conf (Registrar)"""
3095 run_dpp_proto_init(dev, 1, 89, init_enrollee=True)
3096 wait_auth_success(dev[0], dev[1], timeout=10)
3097 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=0.1)
3098 if ev is not None:
3099 raise Exception("Unexpected GAS query")
3100
3101 # There is currently no timeout on GAS server side, so no event to wait for
3102 # in this case.
3103
3104 def test_dpp_proto_stop_at_auth_conf_tx2(dev, apdev):
3105 """DPP protocol testing - stop when transmitting Auth Conf (Enrollee)"""
3106 run_dpp_proto_init(dev, 1, 89)
3107 wait_auth_success(dev[0], dev[1], timeout=10)
3108
3109 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
3110 if ev is None or "result=TIMEOUT" not in ev:
3111 raise Exception("GAS query did not time out")
3112
3113 def test_dpp_proto_stop_at_conf_req(dev, apdev):
3114 """DPP protocol testing - stop when receiving Auth Req"""
3115 run_dpp_proto_init(dev, 1, 90)
3116 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=10)
3117 if ev is None:
3118 raise Exception("Enrollee did not start GAS")
3119 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
3120 if ev is None:
3121 raise Exception("Enrollee did not time out GAS")
3122 if "result=TIMEOUT" not in ev:
3123 raise Exception("Unexpected GAS result: " + ev)
3124
3125 def run_dpp_proto_init_pkex(dev, test_dev, test):
3126 check_dpp_capab(dev[0])
3127 check_dpp_capab(dev[1])
3128 dev[test_dev].set("dpp_test", str(test))
3129 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
3130 dev[1].dpp_pkex_init(identifier="test", code="secret")
3131
3132 def test_dpp_proto_after_wrapped_data_pkex_cr_req(dev, apdev):
3133 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Req"""
3134 run_dpp_proto_init_pkex(dev, 1, 4)
3135 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3136 if ev is None or "type=7" not in ev:
3137 raise Exception("PKEX Exchange Request not seen")
3138 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3139 if ev is None or "type=9" not in ev:
3140 raise Exception("PKEX Commit-Reveal Request not seen")
3141 if "ignore=invalid-attributes" not in ev:
3142 raise Exception("Unexpected RX info: " + ev)
3143
3144 def test_dpp_proto_after_wrapped_data_pkex_cr_resp(dev, apdev):
3145 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Resp"""
3146 run_dpp_proto_init_pkex(dev, 0, 5)
3147 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
3148 if ev is None or "type=8" not in ev:
3149 raise Exception("PKEX Exchange Response not seen")
3150 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
3151 if ev is None or "type=10" not in ev:
3152 raise Exception("PKEX Commit-Reveal Response not seen")
3153 if "ignore=invalid-attributes" not in ev:
3154 raise Exception("Unexpected RX info: " + ev)
3155
3156 def run_dpp_proto_pkex_req_missing(dev, test, reason):
3157 run_dpp_proto_init_pkex(dev, 1, test)
3158 wait_dpp_fail(dev[0], reason)
3159
3160 def run_dpp_proto_pkex_resp_missing(dev, test, reason):
3161 run_dpp_proto_init_pkex(dev, 0, test)
3162 wait_dpp_fail(dev[1], reason)
3163
3164 def test_dpp_proto_pkex_exchange_req_no_finite_cyclic_group(dev, apdev):
3165 """DPP protocol testing - no Finite Cyclic Group in PKEX Exchange Request"""
3166 run_dpp_proto_pkex_req_missing(dev, 34,
3167 "Missing or invalid Finite Cyclic Group attribute")
3168
3169 def test_dpp_proto_pkex_exchange_req_no_encrypted_key(dev, apdev):
3170 """DPP protocol testing - no Encrypted Key in PKEX Exchange Request"""
3171 run_dpp_proto_pkex_req_missing(dev, 35,
3172 "Missing Encrypted Key attribute")
3173
3174 def test_dpp_proto_pkex_exchange_resp_no_status(dev, apdev):
3175 """DPP protocol testing - no Status in PKEX Exchange Response"""
3176 run_dpp_proto_pkex_resp_missing(dev, 36, "No DPP Status attribute")
3177
3178 def test_dpp_proto_pkex_exchange_resp_no_encrypted_key(dev, apdev):
3179 """DPP protocol testing - no Encrypted Key in PKEX Exchange Response"""
3180 run_dpp_proto_pkex_resp_missing(dev, 37, "Missing Encrypted Key attribute")
3181
3182 def test_dpp_proto_pkex_cr_req_no_bootstrap_key(dev, apdev):
3183 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Request"""
3184 run_dpp_proto_pkex_req_missing(dev, 38,
3185 "No valid peer bootstrapping key found")
3186
3187 def test_dpp_proto_pkex_cr_req_no_i_auth_tag(dev, apdev):
3188 """DPP protocol testing - no I-Auth Tag in PKEX Commit-Reveal Request"""
3189 run_dpp_proto_pkex_req_missing(dev, 39, "No valid u (I-Auth tag) found")
3190
3191 def test_dpp_proto_pkex_cr_req_no_wrapped_data(dev, apdev):
3192 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Request"""
3193 run_dpp_proto_pkex_req_missing(dev, 40, "Missing or invalid required Wrapped Data attribute")
3194
3195 def test_dpp_proto_pkex_cr_resp_no_bootstrap_key(dev, apdev):
3196 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Response"""
3197 run_dpp_proto_pkex_resp_missing(dev, 41,
3198 "No valid peer bootstrapping key found")
3199
3200 def test_dpp_proto_pkex_cr_resp_no_r_auth_tag(dev, apdev):
3201 """DPP protocol testing - no R-Auth Tag in PKEX Commit-Reveal Response"""
3202 run_dpp_proto_pkex_resp_missing(dev, 42, "No valid v (R-Auth tag) found")
3203
3204 def test_dpp_proto_pkex_cr_resp_no_wrapped_data(dev, apdev):
3205 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Response"""
3206 run_dpp_proto_pkex_resp_missing(dev, 43, "Missing or invalid required Wrapped Data attribute")
3207
3208 def test_dpp_proto_pkex_exchange_req_invalid_encrypted_key(dev, apdev):
3209 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Request"""
3210 run_dpp_proto_pkex_req_missing(dev, 44,
3211 "Invalid Encrypted Key value")
3212
3213 def test_dpp_proto_pkex_exchange_resp_invalid_encrypted_key(dev, apdev):
3214 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Response"""
3215 run_dpp_proto_pkex_resp_missing(dev, 45,
3216 "Invalid Encrypted Key value")
3217
3218 def test_dpp_proto_pkex_exchange_resp_invalid_status(dev, apdev):
3219 """DPP protocol testing - invalid Status in PKEX Exchange Response"""
3220 run_dpp_proto_pkex_resp_missing(dev, 46,
3221 "PKEX failed (peer indicated failure)")
3222
3223 def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
3224 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
3225 run_dpp_proto_pkex_req_missing(dev, 47,
3226 "Peer bootstrapping key is invalid")
3227
3228 def test_dpp_proto_pkex_cr_resp_invalid_bootstrap_key(dev, apdev):
3229 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Response"""
3230 run_dpp_proto_pkex_resp_missing(dev, 48,
3231 "Peer bootstrapping key is invalid")
3232
3233 def test_dpp_proto_pkex_cr_req_i_auth_tag_mismatch(dev, apdev):
3234 """DPP protocol testing - I-auth tag mismatch in PKEX Commit-Reveal Request"""
3235 run_dpp_proto_pkex_req_missing(dev, 49, "No valid u (I-Auth tag) found")
3236
3237 def test_dpp_proto_pkex_cr_resp_r_auth_tag_mismatch(dev, apdev):
3238 """DPP protocol testing - R-auth tag mismatch in PKEX Commit-Reveal Response"""
3239 run_dpp_proto_pkex_resp_missing(dev, 50, "No valid v (R-Auth tag) found")
3240
3241 def test_dpp_proto_stop_at_pkex_exchange_resp(dev, apdev):
3242 """DPP protocol testing - stop when receiving PKEX Exchange Response"""
3243 run_dpp_proto_init_pkex(dev, 1, 84)
3244
3245 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3246 if ev is None:
3247 raise Exception("PKEX Exchange Req TX not seen")
3248
3249 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3250 if ev is None:
3251 raise Exception("PKEX Exchange Resp not seen")
3252
3253 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
3254 if ev is not None:
3255 raise Exception("Unexpected PKEX CR Req TX")
3256
3257 def test_dpp_proto_stop_at_pkex_cr_req(dev, apdev):
3258 """DPP protocol testing - stop when receiving PKEX CR Request"""
3259 run_dpp_proto_init_pkex(dev, 0, 85)
3260
3261 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3262 if ev is None:
3263 raise Exception("PKEX Exchange Req TX not seen")
3264
3265 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3266 if ev is None:
3267 raise Exception("PKEX Exchange Resp not seen")
3268
3269 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3270 if ev is None:
3271 raise Exception("PKEX CR Req TX not seen")
3272
3273 ev = dev[0].wait_event(["DPP-TX "], timeout=0.1)
3274 if ev is not None:
3275 raise Exception("Unexpected PKEX CR Resp TX")
3276
3277 def test_dpp_proto_stop_at_pkex_cr_resp(dev, apdev):
3278 """DPP protocol testing - stop when receiving PKEX CR Response"""
3279 run_dpp_proto_init_pkex(dev, 1, 86)
3280
3281 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3282 if ev is None:
3283 raise Exception("PKEX Exchange Req TX not seen")
3284
3285 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3286 if ev is None:
3287 raise Exception("PKEX Exchange Resp not seen")
3288
3289 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3290 if ev is None:
3291 raise Exception("PKEX CR Req TX not seen")
3292
3293 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3294 if ev is None:
3295 raise Exception("PKEX CR Resp TX not seen")
3296
3297 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
3298 if ev is not None:
3299 raise Exception("Unexpected Auth Req TX")
3300
3301 def test_dpp_proto_network_introduction(dev, apdev):
3302 """DPP protocol testing - network introduction"""
3303 check_dpp_capab(dev[0])
3304 check_dpp_capab(dev[1])
3305
3306 params = {"ssid": "dpp",
3307 "wpa": "2",
3308 "wpa_key_mgmt": "DPP",
3309 "ieee80211w": "2",
3310 "rsn_pairwise": "CCMP",
3311 "dpp_connector": params1_ap_connector,
3312 "dpp_csign": params1_csign,
3313 "dpp_netaccesskey": params1_ap_netaccesskey}
3314 try:
3315 hapd = hostapd.add_ap(apdev[0], params)
3316 except:
3317 raise HwsimSkip("DPP not supported")
3318
3319 for test in [60, 61, 80, 82]:
3320 dev[0].set("dpp_test", str(test))
3321 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
3322 dpp_csign=params1_csign,
3323 dpp_connector=params1_sta_connector,
3324 dpp_netaccesskey=params1_sta_netaccesskey,
3325 wait_connect=False)
3326
3327 ev = dev[0].wait_event(["DPP-TX "], timeout=10)
3328 if ev is None or "type=5" not in ev:
3329 raise Exception("Peer Discovery Request TX not reported")
3330 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=2)
3331 if ev is None or "result=SUCCESS" not in ev:
3332 raise Exception("Peer Discovery Request TX status not reported")
3333
3334 ev = hapd.wait_event(["DPP-RX"], timeout=10)
3335 if ev is None or "type=5" not in ev:
3336 raise Exception("Peer Discovery Request RX not reported")
3337
3338 if test == 80:
3339 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
3340 if ev is None:
3341 raise Exception("DPP-INTRO not reported for test 80")
3342 if "status=7" not in ev:
3343 raise Exception("Unexpected result in test 80: " + ev)
3344
3345 dev[0].request("REMOVE_NETWORK all")
3346 dev[0].dump_monitor()
3347 hapd.dump_monitor()
3348 dev[0].set("dpp_test", "0")
3349
3350 for test in [62, 63, 64, 77, 78, 79]:
3351 hapd.set("dpp_test", str(test))
3352 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
3353 dpp_csign=params1_csign,
3354 dpp_connector=params1_sta_connector,
3355 dpp_netaccesskey=params1_sta_netaccesskey,
3356 wait_connect=False)
3357
3358 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
3359 if ev is None:
3360 raise Exception("Peer introduction result not reported (test %d)" % test)
3361 if test == 77:
3362 if "fail=transaction_id_mismatch" not in ev:
3363 raise Exception("Connector validation failure not reported")
3364 elif test == 78:
3365 if "status=254" not in ev:
3366 raise Exception("Invalid status value not reported")
3367 elif test == 79:
3368 if "fail=peer_connector_validation_failed" not in ev:
3369 raise Exception("Connector validation failure not reported")
3370 elif "status=" in ev:
3371 raise Exception("Unexpected peer introduction result (test %d): " % test + ev)
3372
3373 dev[0].request("REMOVE_NETWORK all")
3374 dev[0].dump_monitor()
3375 hapd.dump_monitor()
3376 hapd.set("dpp_test", "0")
3377
3378 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
3379 dpp_csign=params1_csign, dpp_connector=params1_sta_connector,
3380 dpp_netaccesskey=params1_sta_netaccesskey)
3381
3382 def test_dpp_qr_code_no_chan_list_unicast(dev, apdev):
3383 """DPP QR Code and no channel list (unicast)"""
3384 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, None)
3385
3386 def test_dpp_qr_code_chan_list_unicast(dev, apdev):
3387 """DPP QR Code and 2.4 GHz channels (unicast)"""
3388 run_dpp_qr_code_chan_list(dev, apdev, True, 2417,
3389 "81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13")
3390
3391 def test_dpp_qr_code_chan_list_unicast2(dev, apdev):
3392 """DPP QR Code and 2.4 GHz channels (unicast 2)"""
3393 run_dpp_qr_code_chan_list(dev, apdev, True, 2417,
3394 "81/1,2,3,4,5,6,7,8,9,10,11,12,13")
3395
3396 def test_dpp_qr_code_chan_list_no_peer_unicast(dev, apdev):
3397 """DPP QR Code and channel list and no peer (unicast)"""
3398 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, "81/1,81/6,81/11",
3399 no_wait=True)
3400 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3401 if ev is None:
3402 raise Exception("Initiation failure not reported")
3403
3404 def test_dpp_qr_code_no_chan_list_broadcast(dev, apdev):
3405 """DPP QR Code and no channel list (broadcast)"""
3406 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, None)
3407
3408 def test_dpp_qr_code_chan_list_broadcast(dev, apdev):
3409 """DPP QR Code and some 2.4 GHz channels (broadcast)"""
3410 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, "81/1,81/6,81/11",
3411 timeout=10)
3412
3413 def run_dpp_qr_code_chan_list(dev, apdev, unicast, listen_freq, chanlist,
3414 no_wait=False, timeout=5):
3415 check_dpp_capab(dev[0])
3416 check_dpp_capab(dev[1])
3417 dev[1].set("dpp_init_max_tries", "3")
3418 dev[1].set("dpp_init_retry_time", "100")
3419 dev[1].set("dpp_resp_wait_time", "1000")
3420
3421 logger.info("dev0 displays QR Code")
3422 id0 = dev[0].dpp_bootstrap_gen(chan=chanlist, mac=unicast)
3423 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3424 logger.info("dev1 scans QR Code and initiates DPP Authentication")
3425 dev[0].dpp_listen(listen_freq)
3426 dev[1].dpp_auth_init(uri=uri0)
3427 if no_wait:
3428 return
3429 wait_auth_success(dev[0], dev[1], timeout=timeout, configurator=dev[1],
3430 enrollee=dev[0], allow_enrollee_failure=True,
3431 stop_responder=True)
3432
3433 def test_dpp_qr_code_chan_list_no_match(dev, apdev):
3434 """DPP QR Code and no matching supported channel"""
3435 check_dpp_capab(dev[0])
3436 check_dpp_capab(dev[1])
3437 id0 = dev[0].dpp_bootstrap_gen(chan="123/123")
3438 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3439 dev[1].dpp_auth_init(uri=uri0, expect_fail=True)
3440
3441 def test_dpp_pkex_alloc_fail(dev, apdev):
3442 """DPP/PKEX and memory allocation failures"""
3443 check_dpp_capab(dev[0])
3444 check_dpp_capab(dev[1])
3445
3446 tests = [(1, "=dpp_keygen_configurator"),
3447 (1, "base64_gen_encode;dpp_keygen_configurator")]
3448 for count, func in tests:
3449 with alloc_fail(dev[1], count, func):
3450 cmd = "DPP_CONFIGURATOR_ADD"
3451 res = dev[1].request(cmd)
3452 if "FAIL" not in res:
3453 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
3454
3455 conf_id = dev[1].dpp_configurator_add()
3456
3457 id0 = None
3458 id1 = None
3459
3460 # Local error cases on the Initiator
3461 tests = [(1, "dpp_get_pubkey_point"),
3462 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_req"),
3463 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_req"),
3464 (1, "dpp_alloc_msg;dpp_auth_build_req"),
3465 (1, "dpp_alloc_msg;dpp_auth_build_conf"),
3466 (1, "dpp_bootstrap_key_hash"),
3467 (1, "dpp_auth_init"),
3468 (1, "=dpp_auth_resp_rx"),
3469 (2, "=dpp_auth_resp_rx"),
3470 (1, "dpp_build_conf_start"),
3471 (1, "dpp_build_conf_obj_dpp"),
3472 (2, "dpp_build_conf_obj_dpp"),
3473 (3, "dpp_build_conf_obj_dpp"),
3474 (4, "dpp_build_conf_obj_dpp"),
3475 (5, "dpp_build_conf_obj_dpp"),
3476 (6, "dpp_build_conf_obj_dpp"),
3477 (7, "dpp_build_conf_obj_dpp"),
3478 (8, "dpp_build_conf_obj_dpp"),
3479 (1, "dpp_conf_req_rx"),
3480 (2, "dpp_conf_req_rx"),
3481 (3, "dpp_conf_req_rx"),
3482 (4, "dpp_conf_req_rx"),
3483 (5, "dpp_conf_req_rx"),
3484 (6, "dpp_conf_req_rx"),
3485 (7, "dpp_conf_req_rx"),
3486 (1, "dpp_pkex_init"),
3487 (2, "dpp_pkex_init"),
3488 (3, "dpp_pkex_init"),
3489 (1, "dpp_pkex_derive_z"),
3490 (1, "=dpp_pkex_rx_commit_reveal_resp"),
3491 (1, "dpp_get_pubkey_point;dpp_build_jwk"),
3492 (2, "dpp_get_pubkey_point;dpp_build_jwk"),
3493 (1, "dpp_get_pubkey_point;dpp_auth_init")]
3494 for count, func in tests:
3495 dev[0].request("DPP_STOP_LISTEN")
3496 dev[1].request("DPP_STOP_LISTEN")
3497 dev[0].dump_monitor()
3498 dev[1].dump_monitor()
3499 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
3500 use_id=id0)
3501
3502 with alloc_fail(dev[1], count, func):
3503 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
3504 use_id=id1,
3505 extra="conf=sta-dpp configurator=%d" % conf_id,
3506 allow_fail=True)
3507 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL", max_iter=100)
3508 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
3509 if ev:
3510 dev[0].request("DPP_STOP_LISTEN")
3511 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
3512
3513 # Local error cases on the Responder
3514 tests = [(1, "dpp_get_pubkey_point"),
3515 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_resp"),
3516 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_resp"),
3517 (1, "dpp_alloc_msg;dpp_auth_build_resp"),
3518 (1, "dpp_get_pubkey_point;dpp_auth_build_resp_ok"),
3519 (1, "=dpp_auth_req_rx"),
3520 (2, "=dpp_auth_req_rx"),
3521 (1, "=dpp_auth_conf_rx"),
3522 (1, "json_parse;dpp_parse_jws_prot_hdr"),
3523 (1, "json_get_member_base64url;dpp_parse_jws_prot_hdr"),
3524 (1, "json_get_member_base64url;dpp_parse_jwk"),
3525 (2, "json_get_member_base64url;dpp_parse_jwk"),
3526 (1, "json_parse;dpp_parse_connector"),
3527 (1, "dpp_parse_jwk;dpp_parse_connector"),
3528 (1, "dpp_parse_jwk;dpp_parse_cred_dpp"),
3529 (1, "dpp_get_pubkey_point;dpp_check_pubkey_match"),
3530 (1, "base64_gen_decode;dpp_process_signed_connector"),
3531 (1, "dpp_parse_jws_prot_hdr;dpp_process_signed_connector"),
3532 (2, "base64_gen_decode;dpp_process_signed_connector"),
3533 (3, "base64_gen_decode;dpp_process_signed_connector"),
3534 (4, "base64_gen_decode;dpp_process_signed_connector"),
3535 (1, "json_parse;dpp_parse_conf_obj"),
3536 (1, "dpp_conf_resp_rx"),
3537 (1, "=dpp_pkex_derive_z"),
3538 (1, "=dpp_pkex_rx_exchange_req"),
3539 (2, "=dpp_pkex_rx_exchange_req"),
3540 (3, "=dpp_pkex_rx_exchange_req"),
3541 (1, "=dpp_pkex_rx_commit_reveal_req"),
3542 (1, "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"),
3543 (1, "dpp_bootstrap_key_hash")]
3544 for count, func in tests:
3545 dev[0].request("DPP_STOP_LISTEN")
3546 dev[1].request("DPP_STOP_LISTEN")
3547 dev[0].dump_monitor()
3548 dev[1].dump_monitor()
3549 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
3550 use_id=id0)
3551
3552 with alloc_fail(dev[0], count, func):
3553 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
3554 use_id=id1,
3555 extra="conf=sta-dpp configurator=%d" % conf_id)
3556 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL", max_iter=100)
3557 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
3558 if ev:
3559 dev[0].request("DPP_STOP_LISTEN")
3560 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
3561
3562 def test_dpp_pkex_test_fail(dev, apdev):
3563 """DPP/PKEX and local failures"""
3564 check_dpp_capab(dev[0])
3565 check_dpp_capab(dev[1])
3566
3567 tests = [(1, "dpp_keygen_configurator")]
3568 for count, func in tests:
3569 with fail_test(dev[1], count, func):
3570 cmd = "DPP_CONFIGURATOR_ADD"
3571 res = dev[1].request(cmd)
3572 if "FAIL" not in res:
3573 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
3574
3575 tests = [(1, "dpp_keygen")]
3576 for count, func in tests:
3577 with fail_test(dev[1], count, func):
3578 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3579 res = dev[1].request(cmd)
3580 if "FAIL" not in res:
3581 raise Exception("Unexpected DPP_BOOTSTRAP_GEN success")
3582
3583 conf_id = dev[1].dpp_configurator_add()
3584
3585 id0 = None
3586 id1 = None
3587
3588 # Local error cases on the Initiator
3589 tests = [(1, "aes_siv_encrypt;dpp_auth_build_req"),
3590 (1, "os_get_random;dpp_auth_init"),
3591 (1, "dpp_derive_k1;dpp_auth_init"),
3592 (1, "dpp_hkdf_expand;dpp_derive_k1;dpp_auth_init"),
3593 (1, "dpp_gen_i_auth;dpp_auth_build_conf"),
3594 (1, "aes_siv_encrypt;dpp_auth_build_conf"),
3595 (1, "dpp_derive_k2;dpp_auth_resp_rx"),
3596 (1, "dpp_hkdf_expand;dpp_derive_k2;dpp_auth_resp_rx"),
3597 (1, "dpp_derive_ke;dpp_auth_resp_rx"),
3598 (1, "dpp_hkdf_expand;dpp_derive_ke;dpp_auth_resp_rx"),
3599 (1, "dpp_gen_r_auth;dpp_auth_resp_rx"),
3600 (1, "aes_siv_encrypt;dpp_build_conf_resp"),
3601 (1, "dpp_pkex_derive_Qi;dpp_pkex_build_exchange_req"),
3602 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_req"),
3603 (1, "hmac_sha256_vector;dpp_pkex_rx_exchange_resp"),
3604 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_resp"),
3605 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_resp"),
3606 (1, "dpp_bootstrap_key_hash")]
3607 for count, func in tests:
3608 dev[0].request("DPP_STOP_LISTEN")
3609 dev[1].request("DPP_STOP_LISTEN")
3610 dev[0].dump_monitor()
3611 dev[1].dump_monitor()
3612 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
3613 use_id=id0)
3614
3615 with fail_test(dev[1], count, func):
3616 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
3617 use_id=id1,
3618 extra="conf=sta-dpp configurator=%d" % conf_id,
3619 allow_fail=True)
3620 wait_fail_trigger(dev[1], "GET_FAIL", max_iter=100)
3621 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
3622 if ev:
3623 dev[0].request("DPP_STOP_LISTEN")
3624 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
3625
3626 # Local error cases on the Responder
3627 tests = [(1, "aes_siv_encrypt;dpp_auth_build_resp"),
3628 (1, "aes_siv_encrypt;dpp_auth_build_resp;dpp_auth_build_resp_ok"),
3629 (1, "os_get_random;dpp_build_conf_req"),
3630 (1, "aes_siv_encrypt;dpp_build_conf_req"),
3631 (1, "os_get_random;dpp_auth_build_resp_ok"),
3632 (1, "dpp_derive_k2;dpp_auth_build_resp_ok"),
3633 (1, "dpp_derive_ke;dpp_auth_build_resp_ok"),
3634 (1, "dpp_gen_r_auth;dpp_auth_build_resp_ok"),
3635 (1, "aes_siv_encrypt;dpp_auth_build_resp_ok"),
3636 (1, "dpp_derive_k1;dpp_auth_req_rx"),
3637 (1, "aes_siv_decrypt;dpp_auth_req_rx"),
3638 (1, "aes_siv_decrypt;dpp_auth_conf_rx"),
3639 (1, "dpp_gen_i_auth;dpp_auth_conf_rx"),
3640 (1, "dpp_check_pubkey_match"),
3641 (1, "aes_siv_decrypt;dpp_conf_resp_rx"),
3642 (1, "hmac_sha256_kdf;dpp_pkex_derive_z"),
3643 (1, "dpp_pkex_derive_Qi;dpp_pkex_rx_exchange_req"),
3644 (1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_req"),
3645 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_resp"),
3646 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_req"),
3647 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req"),
3648 (2, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req")]
3649 for count, func in tests:
3650 dev[0].request("DPP_STOP_LISTEN")
3651 dev[1].request("DPP_STOP_LISTEN")
3652 dev[0].dump_monitor()
3653 dev[1].dump_monitor()
3654 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
3655 use_id=id0)
3656
3657 with fail_test(dev[0], count, func):
3658 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
3659 use_id=id1,
3660 extra="conf=sta-dpp configurator=%d" % conf_id)
3661 wait_fail_trigger(dev[0], "GET_FAIL", max_iter=100)
3662 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
3663 if ev:
3664 dev[0].request("DPP_STOP_LISTEN")
3665 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
3666
3667 def test_dpp_keygen_configurator_error(dev, apdev):
3668 """DPP Configurator keygen error case"""
3669 check_dpp_capab(dev[0])
3670 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD curve=unknown"):
3671 raise Exception("Unexpected success of invalid DPP_CONFIGURATOR_ADD")
3672
3673 def rx_process_frame(dev):
3674 msg = dev.mgmt_rx()
3675 if msg is None:
3676 raise Exception("No management frame RX reported")
3677 if "OK" not in dev.request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
3678 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
3679 raise Exception("MGMT_RX_PROCESS failed")
3680 return msg
3681
3682 def wait_auth_success(responder, initiator, configurator=None, enrollee=None,
3683 allow_enrollee_failure=False,
3684 allow_configurator_failure=False,
3685 require_configurator_failure=False,
3686 timeout=5, stop_responder=False, stop_initiator=False):
3687 res = {}
3688 ev = responder.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout=timeout)
3689 if ev is None or "DPP-AUTH-SUCCESS" not in ev:
3690 raise Exception("DPP authentication did not succeed (Responder)")
3691 ev = initiator.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout=5)
3692 if ev is None or "DPP-AUTH-SUCCESS" not in ev:
3693 raise Exception("DPP authentication did not succeed (Initiator)")
3694 if configurator:
3695 ev = configurator.wait_event(["DPP-CONF-SENT",
3696 "DPP-CONF-FAILED"], timeout=5)
3697 if ev is None:
3698 raise Exception("DPP configuration not completed (Configurator)")
3699 if "DPP-CONF-FAILED" in ev and not allow_configurator_failure:
3700 raise Exception("DPP configuration did not succeed (Configurator")
3701 if "DPP-CONF-SENT" in ev and require_configurator_failure:
3702 raise Exception("DPP configuration succeeded (Configurator)")
3703 if "DPP-CONF-SENT" in ev and "wait_conn_status=1" in ev:
3704 res['wait_conn_status'] = True
3705 if enrollee:
3706 ev = enrollee.wait_event(["DPP-CONF-RECEIVED",
3707 "DPP-CONF-FAILED"], timeout=5)
3708 if ev is None:
3709 raise Exception("DPP configuration not completed (Enrollee)")
3710 if "DPP-CONF-FAILED" in ev and not allow_enrollee_failure:
3711 raise Exception("DPP configuration did not succeed (Enrollee)")
3712 if stop_responder:
3713 responder.request("DPP_STOP_LISTEN")
3714 if stop_initiator:
3715 initiator.request("DPP_STOP_LISTEN")
3716 return res
3717
3718 def wait_conf_completion(configurator, enrollee):
3719 ev = configurator.wait_event(["DPP-CONF-SENT"], timeout=5)
3720 if ev is None:
3721 raise Exception("DPP configuration not completed (Configurator)")
3722 ev = enrollee.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
3723 timeout=5)
3724 if ev is None:
3725 raise Exception("DPP configuration not completed (Enrollee)")
3726
3727 def start_dpp(dev):
3728 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3729 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3730
3731 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
3732 dev[0].set("dpp_config_obj_override", conf)
3733
3734 dev[0].set("ext_mgmt_frame_handling", "1")
3735 dev[0].dpp_listen(2412)
3736 dev[1].dpp_auth_init(uri=uri0, role="enrollee")
3737
3738 def test_dpp_gas_timeout_handling(dev, apdev):
3739 """DPP and GAS timeout handling"""
3740 check_dpp_capab(dev[0])
3741 check_dpp_capab(dev[1])
3742 start_dpp(dev)
3743
3744 # DPP Authentication Request
3745 rx_process_frame(dev[0])
3746
3747 # DPP Authentication Confirmation
3748 rx_process_frame(dev[0])
3749
3750 wait_auth_success(dev[0], dev[1])
3751
3752 # DPP Configuration Request (GAS Initial Request frame)
3753 rx_process_frame(dev[0])
3754
3755 # DPP Configuration Request (GAS Comeback Request frame)
3756 rx_process_frame(dev[0])
3757
3758 # Wait for GAS timeout
3759 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=5)
3760 if ev is None:
3761 raise Exception("DPP configuration not completed (Enrollee)")
3762
3763 def test_dpp_gas_comeback_after_failure(dev, apdev):
3764 """DPP and GAS comeback after failure"""
3765 check_dpp_capab(dev[0])
3766 check_dpp_capab(dev[1])
3767 start_dpp(dev)
3768
3769 # DPP Authentication Request
3770 rx_process_frame(dev[0])
3771
3772 # DPP Authentication Confirmation
3773 rx_process_frame(dev[0])
3774
3775 wait_auth_success(dev[0], dev[1])
3776
3777 # DPP Configuration Request (GAS Initial Request frame)
3778 rx_process_frame(dev[0])
3779
3780 # DPP Configuration Request (GAS Comeback Request frame)
3781 msg = dev[0].mgmt_rx()
3782 frame = binascii.hexlify(msg['frame']).decode()
3783 with alloc_fail(dev[0], 1, "gas_build_comeback_resp;gas_server_handle_rx_comeback_req"):
3784 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3785 raise Exception("MGMT_RX_PROCESS failed")
3786 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
3787 # Try the same frame again - this is expected to fail since the response has
3788 # already been freed.
3789 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3790 raise Exception("MGMT_RX_PROCESS failed")
3791
3792 # DPP Configuration Request (GAS Comeback Request frame retry)
3793 msg = dev[0].mgmt_rx()
3794
3795 def test_dpp_gas(dev, apdev):
3796 """DPP and GAS protocol testing"""
3797 ver0 = check_dpp_capab(dev[0])
3798 ver1 = check_dpp_capab(dev[1])
3799 start_dpp(dev)
3800
3801 # DPP Authentication Request
3802 rx_process_frame(dev[0])
3803
3804 # DPP Authentication Confirmation
3805 rx_process_frame(dev[0])
3806
3807 wait_auth_success(dev[0], dev[1])
3808
3809 # DPP Configuration Request (GAS Initial Request frame)
3810 msg = dev[0].mgmt_rx()
3811
3812 # Protected Dual of GAS Initial Request frame (dropped by GAS server)
3813 if msg == None:
3814 raise Exception("MGMT_RX_PROCESS failed. <Please retry>")
3815 frame = binascii.hexlify(msg['frame'])
3816 frame = frame[0:48] + b"09" + frame[50:]
3817 frame = frame.decode()
3818 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3819 raise Exception("MGMT_RX_PROCESS failed")
3820
3821 with alloc_fail(dev[0], 1, "gas_server_send_resp"):
3822 frame = binascii.hexlify(msg['frame']).decode()
3823 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3824 raise Exception("MGMT_RX_PROCESS failed")
3825 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
3826
3827 with alloc_fail(dev[0], 1, "gas_build_initial_resp;gas_server_send_resp"):
3828 frame = binascii.hexlify(msg['frame']).decode()
3829 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3830 raise Exception("MGMT_RX_PROCESS failed")
3831 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
3832
3833 # Add extra data after Query Request field to trigger
3834 # "GAS: Ignored extra data after Query Request field"
3835 frame = binascii.hexlify(msg['frame']).decode() + "00"
3836 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3837 raise Exception("MGMT_RX_PROCESS failed")
3838
3839 # DPP Configuration Request (GAS Comeback Request frame)
3840 rx_process_frame(dev[0])
3841
3842 # DPP Configuration Request (GAS Comeback Request frame)
3843 rx_process_frame(dev[0])
3844
3845 # DPP Configuration Request (GAS Comeback Request frame)
3846 rx_process_frame(dev[0])
3847
3848 if ver0 >= 2 and ver1 >= 2:
3849 # DPP Configuration Result
3850 rx_process_frame(dev[0])
3851
3852 wait_conf_completion(dev[0], dev[1])
3853
3854 def test_dpp_truncated_attr(dev, apdev):
3855 """DPP and truncated attribute"""
3856 check_dpp_capab(dev[0])
3857 check_dpp_capab(dev[1])
3858 start_dpp(dev)
3859
3860 # DPP Authentication Request
3861 msg = dev[0].mgmt_rx()
3862 frame = msg['frame']
3863
3864 # DPP: Truncated message - not enough room for the attribute - dropped
3865 frame1 = binascii.hexlify(frame[0:36]).decode()
3866 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame1)):
3867 raise Exception("MGMT_RX_PROCESS failed")
3868 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3869 if ev is None or "ignore=invalid-attributes" not in ev:
3870 raise Exception("Invalid attribute error not reported")
3871
3872 # DPP: Unexpected octets (3) after the last attribute
3873 frame2 = binascii.hexlify(frame).decode() + "000000"
3874 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
3875 raise Exception("MGMT_RX_PROCESS failed")
3876 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3877 if ev is None or "ignore=invalid-attributes" not in ev:
3878 raise Exception("Invalid attribute error not reported")
3879
3880 def test_dpp_bootstrap_key_autogen_issues(dev, apdev):
3881 """DPP bootstrap key autogen issues"""
3882 check_dpp_capab(dev[0])
3883 check_dpp_capab(dev[1])
3884
3885 logger.info("dev0 displays QR Code")
3886 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3887 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3888
3889 logger.info("dev1 scans QR Code")
3890 id1 = dev[1].dpp_qr_code(uri0)
3891
3892 logger.info("dev1 initiates DPP Authentication")
3893 dev[0].dpp_listen(2412)
3894 with alloc_fail(dev[1], 1, "dpp_autogen_bootstrap_key"):
3895 dev[1].dpp_auth_init(peer=id1, expect_fail=True)
3896 with alloc_fail(dev[1], 2, "=dpp_autogen_bootstrap_key"):
3897 dev[1].dpp_auth_init(peer=id1, expect_fail=True)
3898 with fail_test(dev[1], 1, "dpp_keygen;dpp_autogen_bootstrap_key"):
3899 dev[1].dpp_auth_init(peer=id1, expect_fail=True)
3900 dev[0].request("DPP_STOP_LISTEN")
3901
3902 def test_dpp_auth_resp_status_failure(dev, apdev):
3903 """DPP and Auth Resp(status) build failure"""
3904 with alloc_fail(dev[0], 1, "dpp_auth_build_resp"):
3905 run_dpp_proto_auth_resp_missing(dev, 99999, None,
3906 incompatible_roles=True)
3907
3908 def test_dpp_auth_resp_aes_siv_issue(dev, apdev):
3909 """DPP Auth Resp AES-SIV issue"""
3910 check_dpp_capab(dev[0])
3911 check_dpp_capab(dev[1])
3912 logger.info("dev0 displays QR Code")
3913 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3914 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3915 logger.info("dev1 scans QR Code and initiates DPP Authentication")
3916 dev[0].dpp_listen(2412)
3917 with fail_test(dev[1], 1, "aes_siv_decrypt;dpp_auth_resp_rx"):
3918 dev[1].dpp_auth_init(uri=uri0)
3919 wait_dpp_fail(dev[1], "AES-SIV decryption failed")
3920 dev[0].request("DPP_STOP_LISTEN")
3921
3922 def test_dpp_invalid_legacy_params(dev, apdev):
3923 """DPP invalid legacy parameters"""
3924 check_dpp_capab(dev[0])
3925 check_dpp_capab(dev[1])
3926 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3927 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3928 # No pass/psk
3929 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", ssid="dpp-legacy",
3930 expect_fail=True)
3931
3932 def test_dpp_invalid_legacy_params2(dev, apdev):
3933 """DPP invalid legacy parameters 2"""
3934 check_dpp_capab(dev[0])
3935 check_dpp_capab(dev[1])
3936 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3937 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3938 dev[0].set("dpp_configurator_params",
3939 " conf=sta-psk ssid=%s" % (binascii.hexlify(b"dpp-legacy").decode()))
3940 dev[0].dpp_listen(2412, role="configurator")
3941 dev[1].dpp_auth_init(uri=uri0, role="enrollee")
3942 # No pass/psk
3943 ev = dev[0].wait_event(["DPP: Failed to set configurator parameters"],
3944 timeout=5)
3945 if ev is None:
3946 raise Exception("DPP configuration failure not reported")
3947
3948 def test_dpp_legacy_params_failure(dev, apdev):
3949 """DPP legacy parameters local failure"""
3950 check_dpp_capab(dev[0])
3951 check_dpp_capab(dev[1])
3952 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3953 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3954 dev[0].dpp_listen(2412)
3955 with alloc_fail(dev[1], 1, "dpp_build_conf_obj_legacy"):
3956 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", passphrase="passphrase",
3957 ssid="dpp-legacy")
3958 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=5)
3959 if ev is None:
3960 raise Exception("DPP configuration failure not reported")
3961
3962 def test_dpp_invalid_configurator_key(dev, apdev):
3963 """DPP invalid configurator key"""
3964 check_dpp_capab(dev[0])
3965
3966 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=aa"):
3967 raise Exception("Invalid key accepted")
3968
3969 with alloc_fail(dev[0], 1, "dpp_keygen_configurator"):
3970 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
3971 raise Exception("Error not reported")
3972
3973 with alloc_fail(dev[0], 1, "dpp_get_pubkey_point;dpp_keygen_configurator"):
3974 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
3975 raise Exception("Error not reported")
3976
3977 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen_configurator"):
3978 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
3979 raise Exception("Error not reported")
3980
3981 with fail_test(dev[0], 1, "dpp_keygen_configurator"):
3982 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
3983 raise Exception("Error not reported")
3984
3985 def test_dpp_own_config_sign_fail(dev, apdev):
3986 """DPP own config signing failure"""
3987 check_dpp_capab(dev[0])
3988 conf_id = dev[0].dpp_configurator_add()
3989 tests = ["",
3990 " ",
3991 " conf=sta-dpp",
3992 " configurator=%d" % conf_id,
3993 " conf=sta-dpp configurator=%d curve=unsupported" % conf_id]
3994 for t in tests:
3995 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_SIGN " + t):
3996 raise Exception("Invalid command accepted: " + t)
3997
3998 def test_dpp_peer_intro_failures(dev, apdev):
3999 """DPP peer introduction failures"""
4000 try:
4001 run_dpp_peer_intro_failures(dev, apdev)
4002 finally:
4003 dev[0].set("dpp_config_processing", "0")
4004
4005 def run_dpp_peer_intro_failures(dev, apdev):
4006 check_dpp_capab(dev[0])
4007 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
4008 check_dpp_capab(hapd)
4009
4010 conf_id = hapd.dpp_configurator_add(key=dpp_key_p256)
4011 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
4012 if "FAIL" in csign or len(csign) == 0:
4013 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
4014
4015 conf_id2 = dev[0].dpp_configurator_add(key=csign)
4016 csign2 = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id2)
4017
4018 if csign != csign2:
4019 raise Exception("Unexpected difference in configurator key")
4020
4021 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d" % conf_id
4022 res = hapd.request(cmd)
4023 if "FAIL" in res:
4024 raise Exception("Failed to generate own configuration")
4025 update_hapd_config(hapd)
4026
4027 dev[0].set("dpp_config_processing", "1")
4028 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
4029 res = dev[0].request(cmd)
4030 if "FAIL" in res:
4031 raise Exception("Failed to generate own configuration")
4032 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
4033 if ev is None:
4034 raise Exception("DPP network profile not generated")
4035 id = ev.split(' ')[1]
4036 dev[0].select_network(id, freq=2412)
4037 dev[0].wait_connected()
4038 dev[0].request("DISCONNECT")
4039 dev[0].wait_disconnected()
4040 dev[0].dump_monitor()
4041
4042 tests = ["eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOltdLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJiVmFMRGlBT09OQmFjcVFVN1pYamFBVEtEMVhhbDVlUExqOUZFZUl3VkN3IiwieSI6Il95c25JR1hTYjBvNEsyMWg0anZmSkZxMHdVNnlPNWp1VUFPd3FuM0dHVHMifX0.WgzZBOJaisWBRxvtXPbVYPXU7OIZxs6sZD-cPOLmJVTIYZKdMkSOMvP5b6si_j61FIrjhm43tmGq1P6cpoxB_g",
4043 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7fV0sIm5ldEFjY2Vzc0tleSI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkJhY3BWSDNpNDBrZklNS0RHa1FFRzhCODBCaEk4cEFmTWpLbzM5NlFZT2ciLCJ5IjoiMjBDYjhDNjRsSjFzQzV2NXlKMnBFZXRRempxMjI4YVV2cHMxNmQ0M3EwQSJ9fQ.dG2y8VvZQJ5hfob8E5F2FAeR7Nd700qstYkxDgA2QfARaNMZ0_SfKfoG-yKXsIZNM-TvGBfACgfhagG9Oaw_Xw",
4044 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJkc2VmcmJWWlhad0RMWHRpLWlObDBBYkFIOXpqeFFKd0R1SUd5NzNuZGU0IiwieSI6IjZFQnExN3cwYW1fZlh1OUQ4UGxWYk9XZ2I3b19DcTUxWHlmSG8wcHJyeDQifX0.caBvdDUtXrhnS61-juVZ_2FQdprepv0yZjC04G4ERvLUpeX7cgu0Hp-A1aFDogP1PEFGpkaEdcAWRQnSSRiIKQ"]
4045 for t in tests:
4046 dev[0].set_network_quoted(id, "dpp_connector", t)
4047 dev[0].select_network(id, freq=2412)
4048 ev = dev[0].wait_event(["DPP-INTRO"], timeout=5)
4049 if ev is None or "status=8" not in ev:
4050 raise Exception("Introduction failure not reported")
4051 dev[0].request("DISCONNECT")
4052 dev[0].dump_monitor()
4053
4054 def test_dpp_peer_intro_local_failures(dev, apdev):
4055 """DPP peer introduction local failures"""
4056 check_dpp_capab(dev[0])
4057 check_dpp_capab(dev[1])
4058
4059 params = {"ssid": "dpp",
4060 "wpa": "2",
4061 "wpa_key_mgmt": "DPP",
4062 "ieee80211w": "2",
4063 "rsn_pairwise": "CCMP",
4064 "dpp_connector": params1_ap_connector,
4065 "dpp_csign": params1_csign,
4066 "dpp_netaccesskey": params1_ap_netaccesskey}
4067 try:
4068 hapd = hostapd.add_ap(apdev[0], params)
4069 except:
4070 raise HwsimSkip("DPP not supported")
4071
4072 tests = ["dpp_derive_pmk",
4073 "dpp_hkdf_expand;dpp_derive_pmk",
4074 "dpp_derive_pmkid"]
4075 for func in tests:
4076 with fail_test(dev[0], 1, func):
4077 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
4078 ieee80211w="2",
4079 dpp_csign=params1_csign,
4080 dpp_connector=params1_sta_connector,
4081 dpp_netaccesskey=params1_sta_netaccesskey,
4082 wait_connect=False)
4083 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
4084 if ev is None or "fail=peer_connector_validation_failed" not in ev:
4085 raise Exception("Introduction failure not reported")
4086 dev[0].request("REMOVE_NETWORK all")
4087 dev[0].dump_monitor()
4088
4089 tests = [(1, "base64_gen_decode;dpp_peer_intro"),
4090 (1, "json_parse;dpp_peer_intro"),
4091 (50, "json_parse;dpp_peer_intro"),
4092 (1, "=dpp_peer_intro"),
4093 (1, "dpp_parse_jwk")]
4094 for count, func in tests:
4095 with alloc_fail(dev[0], count, func):
4096 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
4097 ieee80211w="2",
4098 dpp_csign=params1_csign,
4099 dpp_connector=params1_sta_connector,
4100 dpp_netaccesskey=params1_sta_netaccesskey,
4101 wait_connect=False)
4102 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
4103 if ev is None or "fail=peer_connector_validation_failed" not in ev:
4104 raise Exception("Introduction failure not reported")
4105 dev[0].request("REMOVE_NETWORK all")
4106 dev[0].dump_monitor()
4107
4108 parts = params1_ap_connector.split('.')
4109 for ap_connector in ['.'.join(parts[0:2]), '.'.join(parts[0:1])]:
4110 hapd.set("dpp_connector", ap_connector)
4111 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
4112 ieee80211w="2",
4113 dpp_csign=params1_csign,
4114 dpp_connector=params1_sta_connector,
4115 dpp_netaccesskey=params1_sta_netaccesskey,
4116 wait_connect=False)
4117 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
4118 if ev is None:
4119 raise Exception("No TX status reported")
4120 dev[0].request("REMOVE_NETWORK all")
4121 dev[0].dump_monitor()
4122
4123 hapd.set("dpp_netaccesskey", "00")
4124 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
4125 ieee80211w="2",
4126 dpp_csign=params1_csign,
4127 dpp_connector=params1_sta_connector,
4128 dpp_netaccesskey=params1_sta_netaccesskey,
4129 wait_connect=False)
4130 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
4131 if ev is None:
4132 raise Exception("No TX status reported")
4133 dev[0].request("REMOVE_NETWORK all")
4134 dev[0].dump_monitor()
4135
4136 hapd.set("dpp_csign", "00")
4137 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
4138 ieee80211w="2",
4139 dpp_csign=params1_csign,
4140 dpp_connector=params1_sta_connector,
4141 dpp_netaccesskey=params1_sta_netaccesskey,
4142 wait_connect=False)
4143 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
4144 if ev is None:
4145 raise Exception("No TX status reported")
4146 dev[0].request("REMOVE_NETWORK all")
4147
4148 def run_dpp_configurator_id_unknown(dev):
4149 check_dpp_capab(dev)
4150 conf_id = dev.dpp_configurator_add()
4151 if "FAIL" not in dev.request("DPP_CONFIGURATOR_GET_KEY %d" % (conf_id + 1)):
4152 raise Exception("DPP_CONFIGURATOR_GET_KEY with incorrect id accepted")
4153
4154 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % (conf_id + 1)
4155 if "FAIL" not in dev.request(cmd):
4156 raise Exception("DPP_CONFIGURATOR_SIGN with incorrect id accepted")
4157
4158 def test_dpp_configurator_id_unknown(dev, apdev):
4159 """DPP and unknown configurator id"""
4160 run_dpp_configurator_id_unknown(dev[0])
4161 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
4162 run_dpp_configurator_id_unknown(hapd)
4163
4164 def run_dpp_bootstrap_gen_failures(dev):
4165 check_dpp_capab(dev)
4166
4167 tests = ["type=unsupported",
4168 "type=qrcode chan=-1",
4169 "type=qrcode mac=a",
4170 "type=qrcode key=qq",
4171 "type=qrcode key=",
4172 "type=qrcode info=abc\tdef"]
4173 for t in tests:
4174 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN " + t):
4175 raise Exception("Command accepted unexpectedly")
4176
4177 id = dev.dpp_bootstrap_gen()
4178 uri = dev.request("DPP_BOOTSTRAP_GET_URI %d" % id)
4179 if not uri.startswith("DPP:"):
4180 raise Exception("Could not get URI")
4181 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
4182 raise Exception("Failure not reported")
4183 info = dev.request("DPP_BOOTSTRAP_INFO %d" % id)
4184 if not info.startswith("type=QRCODE"):
4185 raise Exception("Could not get info")
4186 if "FAIL" not in dev.request("DPP_BOOTSTRAP_REMOVE 0"):
4187 raise Exception("Failure not reported")
4188 if "FAIL" in dev.request("DPP_BOOTSTRAP_REMOVE *"):
4189 raise Exception("Failed to remove bootstrap info")
4190 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI %d" % id):
4191 raise Exception("Failure not reported")
4192 if "FAIL" not in dev.request("DPP_BOOTSTRAP_INFO %d" % id):
4193 raise Exception("Failure not reported")
4194
4195 func = "dpp_bootstrap_gen"
4196 with alloc_fail(dev, 1, "=" + func):
4197 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
4198 raise Exception("Command accepted unexpectedly")
4199
4200 with alloc_fail(dev, 2, "=" + func):
4201 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
4202 raise Exception("Command accepted unexpectedly")
4203
4204 with alloc_fail(dev, 1, "get_param"):
4205 dev.request("DPP_BOOTSTRAP_GEN type=qrcode curve=foo")
4206
4207 def test_dpp_bootstrap_gen_failures(dev, apdev):
4208 """DPP_BOOTSTRAP_GEN/REMOVE/GET_URI/INFO error cases"""
4209 run_dpp_bootstrap_gen_failures(dev[0])
4210 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
4211 run_dpp_bootstrap_gen_failures(hapd)
4212
4213 def test_dpp_listen_continue(dev, apdev):
4214 """DPP and continue listen state"""
4215 check_dpp_capab(dev[0])
4216 check_dpp_capab(dev[1])
4217 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4218 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4219 dev[0].dpp_listen(2412)
4220 time.sleep(5.1)
4221 dev[1].dpp_auth_init(uri=uri)
4222 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
4223 allow_enrollee_failure=True, stop_responder=True,
4224 stop_initiator=True)
4225
4226 def test_dpp_network_addition_failure(dev, apdev):
4227 """DPP network addition failure"""
4228 try:
4229 run_dpp_network_addition_failure(dev, apdev)
4230 finally:
4231 dev[0].set("dpp_config_processing", "0")
4232
4233 def run_dpp_network_addition_failure(dev, apdev):
4234 check_dpp_capab(dev[0])
4235 conf_id = dev[0].dpp_configurator_add()
4236 dev[0].set("dpp_config_processing", "1")
4237 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
4238 tests = [(1, "=wpas_dpp_add_network"),
4239 (2, "=wpas_dpp_add_network"),
4240 (3, "=wpas_dpp_add_network"),
4241 (4, "=wpas_dpp_add_network"),
4242 (1, "wpa_config_add_network;wpas_dpp_add_network")]
4243 for count, func in tests:
4244 with alloc_fail(dev[0], count, func):
4245 res = dev[0].request(cmd)
4246 if "OK" in res:
4247 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
4248 if ev is None:
4249 raise Exception("Config object not processed")
4250 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
4251 dev[0].dump_monitor()
4252
4253 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-psk pass=%s configurator=%d" % (binascii.hexlify(b"passphrase").decode(), conf_id)
4254 tests = [(1, "wpa_config_set_quoted;wpas_dpp_add_network")]
4255 for count, func in tests:
4256 with alloc_fail(dev[0], count, func):
4257 res = dev[0].request(cmd)
4258 if "OK" in res:
4259 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
4260 if ev is None:
4261 raise Exception("Config object not processed")
4262 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
4263 dev[0].dump_monitor()
4264
4265 def test_dpp_two_initiators(dev, apdev):
4266 """DPP and two initiators"""
4267 check_dpp_capab(dev[0])
4268 check_dpp_capab(dev[1])
4269 check_dpp_capab(dev[2])
4270 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4271 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4272 dev[0].dpp_listen(2412)
4273 dev[1].dpp_auth_init(uri=uri)
4274 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
4275 if ev is None:
4276 raise Exeption("No DPP Authentication Request seen")
4277 dev[2].dpp_auth_init(uri=uri)
4278 wait_dpp_fail(dev[0],
4279 "DPP-FAIL Already in DPP authentication exchange - ignore new one")
4280
4281 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2)
4282 if ev is None:
4283 raise Exception("DPP configuration result not seen (Enrollee)")
4284 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2)
4285 if ev is None:
4286 raise Exception("DPP configuration result not seen (Responder)")
4287
4288 dev[0].request("DPP_STOP_LISTEN")
4289 dev[1].request("DPP_STOP_LISTEN")
4290 dev[2].request("DPP_STOP_LISTEN")
4291
4292 def test_dpp_conf_file_update(dev, apdev, params):
4293 """DPP provisioning updating wpa_supplicant configuration file"""
4294 config = os.path.join(params['logdir'], 'dpp_conf_file_update.conf')
4295 with open(config, "w") as f:
4296 f.write("update_config=1\n")
4297 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
4298 wpas.interface_add("wlan5", config=config)
4299 wpas.set("dpp_config_processing", "1")
4300 run_dpp_qr_code_auth_unicast([wpas, dev[1]], apdev, None,
4301 init_extra="conf=sta-dpp",
4302 require_conf_success=True,
4303 configurator=True)
4304 wpas.interface_remove("wlan5")
4305
4306 with open(config, "r") as f:
4307 res = f.read()
4308 for i in ["network={", "dpp_connector=", "key_mgmt=DPP", "ieee80211w=2",
4309 "dpp_netaccesskey=", "dpp_csign="]:
4310 if i not in res:
4311 raise Exception("Configuration file missing '%s'" % i)
4312
4313 wpas.interface_add("wlan5", config=config)
4314 if len(wpas.list_networks()) != 1:
4315 raise Exception("Unexpected number of networks")
4316
4317 def test_dpp_duplicated_auth_resp(dev, apdev):
4318 """DPP and duplicated Authentication Response"""
4319 check_dpp_capab(dev[0])
4320 check_dpp_capab(dev[1])
4321 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4322 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4323 dev[0].set("ext_mgmt_frame_handling", "1")
4324 dev[1].set("ext_mgmt_frame_handling", "1")
4325 dev[0].dpp_listen(2412)
4326 dev[1].dpp_auth_init(uri=uri0)
4327
4328 # DPP Authentication Request
4329 rx_process_frame(dev[0])
4330
4331 # DPP Authentication Response
4332 msg = rx_process_frame(dev[1])
4333 frame = binascii.hexlify(msg['frame']).decode()
4334 # Duplicated frame
4335 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
4336 raise Exception("MGMT_RX_PROCESS failed")
4337 # Modified frame - nonzero status
4338 if frame[2*32:2*37] != "0010010000":
4339 raise Exception("Could not find Status attribute")
4340 frame2 = frame[0:2*32] + "0010010001" + frame[2*37:]
4341 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
4342 raise Exception("MGMT_RX_PROCESS failed")
4343 frame2 = frame[0:2*32] + "00100100ff" + frame[2*37:]
4344 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
4345 raise Exception("MGMT_RX_PROCESS failed")
4346
4347 # DPP Authentication Confirmation
4348 rx_process_frame(dev[0])
4349
4350 wait_auth_success(dev[0], dev[1])
4351
4352 # DPP Configuration Request
4353 rx_process_frame(dev[1])
4354
4355 # DPP Configuration Response
4356 rx_process_frame(dev[0])
4357
4358 wait_conf_completion(dev[1], dev[0])
4359
4360 def test_dpp_enrollee_reject_config(dev, apdev):
4361 """DPP and Enrollee rejecting Config Object"""
4362 check_dpp_capab(dev[0])
4363 check_dpp_capab(dev[1])
4364 dev[0].set("dpp_test", "91")
4365 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4366 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4367 dev[0].dpp_listen(2412)
4368 dev[1].dpp_auth_init(uri=uri0, conf="sta-sae", ssid="dpp-legacy",
4369 passphrase="secret passphrase")
4370 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
4371 allow_enrollee_failure=True,
4372 allow_configurator_failure=True)
4373
4374 def test_dpp_enrollee_ap_reject_config(dev, apdev):
4375 """DPP and Enrollee AP rejecting Config Object"""
4376 check_dpp_capab(dev[0])
4377 check_dpp_capab(dev[1])
4378 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
4379 check_dpp_capab(hapd)
4380 hapd.set("dpp_test", "91")
4381 conf_id = dev[0].dpp_configurator_add()
4382 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
4383 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
4384 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
4385 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
4386 allow_enrollee_failure=True,
4387 allow_configurator_failure=True)
4388
4389 def test_dpp_legacy_and_dpp_akm(dev, apdev):
4390 """DPP and provisoning DPP and legacy AKMs"""
4391 try:
4392 run_dpp_legacy_and_dpp_akm(dev, apdev)
4393 finally:
4394 dev[0].set("dpp_config_processing", "0")
4395
4396 def run_dpp_legacy_and_dpp_akm(dev, apdev):
4397 check_dpp_capab(dev[0], min_ver=2)
4398 check_dpp_capab(dev[1], min_ver=2)
4399
4400 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
4401 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
4402 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
4403 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
4404
4405 ssid = "dpp-both"
4406 passphrase = "secret passphrase"
4407 params = {"ssid": ssid,
4408 "wpa": "2",
4409 "wpa_key_mgmt": "DPP WPA-PSK SAE",
4410 "ieee80211w": "1",
4411 "sae_require_mfp": '1',
4412 "rsn_pairwise": "CCMP",
4413 "wpa_passphrase": passphrase,
4414 "dpp_connector": ap_connector,
4415 "dpp_csign": csign_pub,
4416 "dpp_netaccesskey": ap_netaccesskey}
4417 try:
4418 hapd = hostapd.add_ap(apdev[0], params)
4419 except:
4420 raise HwsimSkip("DPP not supported")
4421
4422 dev[0].request("SET sae_groups ")
4423 conf_id = dev[1].dpp_configurator_add(key=csign)
4424 dev[0].set("dpp_config_processing", "1")
4425 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4426 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4427 dev[0].dpp_listen(2412)
4428 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk-sae-dpp", ssid=ssid,
4429 passphrase=passphrase, configurator=conf_id)
4430 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
4431 allow_enrollee_failure=True,
4432 allow_configurator_failure=True)
4433 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
4434 if ev is None:
4435 raise Exception("DPP network profile not generated")
4436 id0 = ev.split(' ')[1]
4437
4438 key_mgmt = dev[0].get_network(id0, "key_mgmt").split(' ')
4439 for m in ["SAE", "WPA-PSK", "DPP"]:
4440 if m not in key_mgmt:
4441 raise Exception("%s missing from key_mgmt" % m)
4442
4443 dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
4444 dev[0].select_network(id0, freq=2412)
4445 dev[0].wait_connected()
4446
4447 dev[0].request("DISCONNECT")
4448 dev[0].wait_disconnected()
4449 hapd.disable()
4450
4451 params = {"ssid": ssid,
4452 "wpa": "2",
4453 "wpa_key_mgmt": "WPA-PSK SAE",
4454 "ieee80211w": "1",
4455 "sae_require_mfp": '1',
4456 "rsn_pairwise": "CCMP",
4457 "wpa_passphrase": passphrase}
4458 hapd2 = hostapd.add_ap(apdev[1], params)
4459
4460 dev[0].request("BSS_FLUSH 0")
4461 dev[0].scan_for_bss(hapd2.own_addr(), freq=2412, force_scan=True,
4462 only_new=True)
4463 dev[0].select_network(id0, freq=2412)
4464 dev[0].wait_connected()
4465
4466 dev[0].request("DISCONNECT")
4467 dev[0].wait_disconnected()
4468
4469 def test_dpp_controller_relay(dev, apdev, params):
4470 """DPP Controller/Relay"""
4471 try:
4472 run_dpp_controller_relay(dev, apdev, params)
4473 finally:
4474 dev[0].set("dpp_config_processing", "0")
4475 dev[1].request("DPP_CONTROLLER_STOP")
4476
4477 def run_dpp_controller_relay(dev, apdev, params):
4478 check_dpp_capab(dev[0])
4479 check_dpp_capab(dev[1])
4480 prefix = "dpp_controller_relay"
4481 cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap")
4482
4483 cmd = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'lo',
4484 '-w', cap_lo, '-s', '2000'],
4485 stderr=open('/dev/null', 'w'))
4486
4487 # Controller
4488 conf_id = dev[1].dpp_configurator_add()
4489 dev[1].set("dpp_configurator_params",
4490 " conf=sta-dpp configurator=%d" % conf_id)
4491 id_c = dev[1].dpp_bootstrap_gen()
4492 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
4493 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
4494 pkhash = None
4495 for line in res.splitlines():
4496 name, value = line.split('=')
4497 if name == "pkhash":
4498 pkhash = value
4499 break
4500 if not pkhash:
4501 raise Exception("Could not fetch public key hash from Controller")
4502 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
4503 raise Exception("Failed to start Controller")
4504
4505 # Relay
4506 params = {"ssid": "unconfigured",
4507 "channel": "6",
4508 "dpp_controller": "ipaddr=127.0.0.1 pkhash=" + pkhash}
4509 relay = hostapd.add_ap(apdev[1], params)
4510 check_dpp_capab(relay)
4511
4512 # Enroll Relay to the network
4513 # TODO: Do this over TCP once direct Enrollee-over-TCP case is supported
4514 id_h = relay.dpp_bootstrap_gen(chan="81/6", mac=True)
4515 uri_r = relay.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
4516 dev[1].dpp_auth_init(uri=uri_r, conf="ap-dpp", configurator=conf_id)
4517 wait_auth_success(relay, dev[1], configurator=dev[1], enrollee=relay)
4518 update_hapd_config(relay)
4519
4520 # Initiate from Enrollee with broadcast DPP Authentication Request
4521 dev[0].set("dpp_config_processing", "2")
4522 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
4523 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0],
4524 allow_enrollee_failure=True,
4525 allow_configurator_failure=True)
4526 dev[0].wait_connected()
4527
4528 time.sleep(0.5)
4529 cmd.terminate()
4530
4531 def test_dpp_tcp(dev, apdev, params):
4532 """DPP over TCP"""
4533 prefix = "dpp_tcp"
4534 cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap")
4535 try:
4536 run_dpp_tcp(dev, apdev, cap_lo)
4537 finally:
4538 dev[1].request("DPP_CONTROLLER_STOP")
4539
4540 def test_dpp_tcp_port(dev, apdev, params):
4541 """DPP over TCP and specified port"""
4542 prefix = "dpp_tcp_port"
4543 cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap")
4544 try:
4545 run_dpp_tcp(dev, apdev, cap_lo, port="23456")
4546 finally:
4547 dev[1].request("DPP_CONTROLLER_STOP")
4548
4549 def run_dpp_tcp(dev, apdev, cap_lo, port=None):
4550 check_dpp_capab(dev[0])
4551 check_dpp_capab(dev[1])
4552
4553 cmd = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'lo',
4554 '-w', cap_lo, '-s', '2000'],
4555 stderr=open('/dev/null', 'w'))
4556 time.sleep(1)
4557
4558 # Controller
4559 conf_id = dev[1].dpp_configurator_add()
4560 dev[1].set("dpp_configurator_params",
4561 " conf=sta-dpp configurator=%d" % conf_id)
4562 id_c = dev[1].dpp_bootstrap_gen()
4563 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
4564 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
4565 pkhash = None
4566 for line in res.splitlines():
4567 name, value = line.split('=')
4568 if name == "pkhash":
4569 pkhash = value
4570 break
4571 if not pkhash:
4572 raise Exception("Could not fetch public key hash from Controller")
4573 req = "DPP_CONTROLLER_START"
4574 if port:
4575 req += " tcp_port=" + port
4576 if "OK" not in dev[1].request(req):
4577 raise Exception("Failed to start Controller")
4578
4579 # Initiate from Enrollee with broadcast DPP Authentication Request
4580 dev[0].dpp_auth_init(uri=uri_c, role="enrollee", tcp_addr="127.0.0.1",
4581 tcp_port=port)
4582 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0],
4583 allow_enrollee_failure=True,
4584 allow_configurator_failure=True)
4585 time.sleep(0.5)
4586 cmd.terminate()
4587
4588 def test_dpp_tcp_controller_start_failure(dev, apdev, params):
4589 """DPP Controller startup failure"""
4590 check_dpp_capab(dev[0])
4591
4592 try:
4593 if "OK" not in dev[0].request("DPP_CONTROLLER_START"):
4594 raise Exception("Could not start Controller")
4595 if "OK" in dev[0].request("DPP_CONTROLLER_START"):
4596 raise Exception("Second Controller start not rejected")
4597 finally:
4598 dev[0].request("DPP_CONTROLLER_STOP")
4599
4600 tests = ["dpp_controller_start",
4601 "eloop_sock_table_add_sock;?eloop_register_sock;dpp_controller_start"]
4602 for func in tests:
4603 with alloc_fail(dev[0], 1, func):
4604 if "FAIL" not in dev[0].request("DPP_CONTROLLER_START"):
4605 raise Exception("Failure not reported during OOM")
4606
4607 def test_dpp_tcp_init_failure(dev, apdev, params):
4608 """DPP TCP init failure"""
4609 check_dpp_capab(dev[0])
4610 check_dpp_capab(dev[1])
4611 id_c = dev[1].dpp_bootstrap_gen()
4612 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
4613 peer = dev[0].dpp_qr_code(uri_c)
4614 tests = ["dpp_tcp_init",
4615 "eloop_sock_table_add_sock;?eloop_register_sock;dpp_tcp_init",
4616 "dpp_tcp_encaps"]
4617 cmd = "DPP_AUTH_INIT peer=%d tcp_addr=127.0.0.1" % peer
4618 for func in tests:
4619 with alloc_fail(dev[0], 1, func):
4620 if "FAIL" not in dev[0].request(cmd):
4621 raise Exception("DPP_AUTH_INIT accepted during OOM")
4622
4623 def test_dpp_controller_rx_failure(dev, apdev, params):
4624 """DPP Controller RX failure"""
4625 check_dpp_capab(dev[0])
4626 check_dpp_capab(dev[1])
4627 try:
4628 run_dpp_controller_rx_failure(dev, apdev)
4629 finally:
4630 dev[0].request("DPP_CONTROLLER_STOP")
4631
4632 def run_dpp_controller_rx_failure(dev, apdev):
4633 if "OK" not in dev[0].request("DPP_CONTROLLER_START"):
4634 raise Exception("Could not start Controller")
4635 id_c = dev[0].dpp_bootstrap_gen()
4636 uri_c = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
4637 peer = dev[1].dpp_qr_code(uri_c)
4638 tests = ["dpp_controller_tcp_cb",
4639 "eloop_sock_table_add_sock;?eloop_register_sock;dpp_controller_tcp_cb",
4640 "dpp_controller_rx",
4641 "dpp_controller_rx_auth_req",
4642 "wpabuf_alloc;=dpp_controller_rx_auth_req"]
4643 cmd = "DPP_AUTH_INIT peer=%d tcp_addr=127.0.0.1" % peer
4644 for func in tests:
4645 with alloc_fail(dev[0], 1, func):
4646 if "OK" not in dev[1].request(cmd):
4647 raise Exception("Failed to initiate TCP connection")
4648 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
4649
4650 def test_dpp_controller_rx_errors(dev, apdev, params):
4651 """DPP Controller RX error cases"""
4652 check_dpp_capab(dev[0])
4653 check_dpp_capab(dev[1])
4654 try:
4655 run_dpp_controller_rx_errors(dev, apdev)
4656 finally:
4657 dev[0].request("DPP_CONTROLLER_STOP")
4658
4659 def run_dpp_controller_rx_errors(dev, apdev):
4660 if "OK" not in dev[0].request("DPP_CONTROLLER_START"):
4661 raise Exception("Could not start Controller")
4662
4663 addr = ("127.0.0.1", 7871)
4664
4665 tests = [b"abc",
4666 b"abcd",
4667 b"\x00\x00\x00\x00",
4668 b"\x00\x00\x00\x01",
4669 b"\x00\x00\x00\x01\x09",
4670 b"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\xff\xff",
4671 b"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\x01\xff",
4672 b"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\x01\x00",
4673 b"\x00\x00\x00\x08\x09\x50\x6f\x9a\x1a\x01\x00\xff",
4674 b"\x00\x00\x00\x01\x0a",
4675 b"\x00\x00\x00\x04\x0a\xff\xff\xff",
4676 b"\x00\x00\x00\x01\x0b",
4677 b"\x00\x00\x00\x08\x0b\xff\xff\xff\xff\xff\xff\xff",
4678 b"\x00\x00\x00\x08\x0b\xff\x00\x00\xff\xff\xff\xff",
4679 b"\x00\x00\x00\x08\x0b\xff\x00\x00\xff\xff\x6c\x00",
4680 b"\x00\x00\x00\x0a\x0b\xff\x00\x00\xff\xff\x6c\x02\xff\xff",
4681 b"\x00\x00\x00\x10\x0b\xff\x00\x00\xff\xff\x6c\x08\xff\xdd\x05\x50\x6f\x9a\x1a\x01",
4682 b"\x00\x00\x00\x12\x0b\xff\x00\x00\xff\xff\x6c\x08\xff\xdd\x05\x50\x6f\x9a\x1a\x01\x00\x00",
4683 b"\x00\x00\x00\x01\xff",
4684 b"\x00\x00\x00\x01\xff\xee"]
4685 #define WLAN_PA_GAS_INITIAL_REQ 10
4686 #define WLAN_PA_GAS_INITIAL_RESP 11
4687
4688 for t in tests:
4689 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM,
4690 socket.IPPROTO_TCP)
4691 sock.settimeout(0.1)
4692 sock.connect(addr)
4693 sock.send(t)
4694 sock.shutdown(1)
4695 try:
4696 sock.recv(10)
4697 except socket.timeout:
4698 pass
4699 sock.close()
4700
4701 def test_dpp_conn_status_success(dev, apdev):
4702 """DPP connection status - success"""
4703 try:
4704 run_dpp_conn_status(dev, apdev)
4705 finally:
4706 dev[0].set("dpp_config_processing", "0")
4707
4708 def test_dpp_conn_status_wrong_passphrase(dev, apdev):
4709 """DPP connection status - wrong passphrase"""
4710 try:
4711 run_dpp_conn_status(dev, apdev, result=2)
4712 finally:
4713 dev[0].set("dpp_config_processing", "0")
4714
4715 def test_dpp_conn_status_no_ap(dev, apdev):
4716 """DPP connection status - no AP"""
4717 try:
4718 run_dpp_conn_status(dev, apdev, result=10)
4719 finally:
4720 dev[0].set("dpp_config_processing", "0")
4721
4722 def test_dpp_conn_status_connector_mismatch(dev, apdev):
4723 """DPP connection status - invalid Connector"""
4724 try:
4725 run_dpp_conn_status(dev, apdev, result=8)
4726 finally:
4727 dev[0].set("dpp_config_processing", "0")
4728
4729 def test_dpp_conn_status_assoc_reject(dev, apdev):
4730 """DPP connection status - association rejection"""
4731 try:
4732 dev[0].request("TEST_ASSOC_IE 30020000")
4733 run_dpp_conn_status(dev, apdev, assoc_reject=True)
4734 finally:
4735 dev[0].set("dpp_config_processing", "0")
4736
4737 def run_dpp_conn_status(dev, apdev, result=0, assoc_reject=False):
4738 check_dpp_capab(dev[0], min_ver=2)
4739 check_dpp_capab(dev[1], min_ver=2)
4740
4741 if result != 10:
4742 if result == 7 or result == 8:
4743 params = {"ssid": "dpp-status",
4744 "wpa": "2",
4745 "wpa_key_mgmt": "DPP",
4746 "ieee80211w": "2",
4747 "rsn_pairwise": "CCMP",
4748 "dpp_connector": params1_ap_connector,
4749 "dpp_csign": params1_csign,
4750 "dpp_netaccesskey": params1_ap_netaccesskey}
4751 else:
4752 if result == 2:
4753 passphrase = "wrong passphrase"
4754 else:
4755 passphrase = "secret passphrase"
4756 params = hostapd.wpa2_params(ssid="dpp-status",
4757 passphrase=passphrase)
4758 try:
4759 hapd = hostapd.add_ap(apdev[0], params)
4760 except:
4761 raise HwsimSkip("DPP not supported")
4762
4763 dev[0].request("SET sae_groups ")
4764 dev[0].set("dpp_config_processing", "2")
4765 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4766 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4767
4768 dev[0].dpp_listen(2412)
4769 if result == 7 or result == 8:
4770 conf = 'sta-dpp'
4771 passphrase = None
4772 configurator = dev[1].dpp_configurator_add()
4773 else:
4774 conf = 'sta-psk'
4775 passphrase = "secret passphrase"
4776 configurator = None
4777 dev[1].dpp_auth_init(uri=uri0, conf=conf, ssid="dpp-status",
4778 passphrase=passphrase, configurator=configurator,
4779 conn_status=True)
4780 res = wait_auth_success(dev[0], dev[1], configurator=dev[1],
4781 enrollee=dev[0])
4782 if 'wait_conn_status' not in res:
4783 raise Exception("Configurator did not request connection status")
4784
4785 if assoc_reject and result == 0:
4786 result = 2
4787 ev = dev[1].wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20)
4788 if ev is None:
4789 raise Exception("No connection status reported")
4790 if "timeout" in ev:
4791 raise Exception("Connection status result timeout")
4792 if "result=%d" % result not in ev:
4793 raise Exception("Unexpected connection status result: " + ev)
4794 if "ssid=dpp-status" not in ev:
4795 raise Exception("SSID not reported")
4796
4797 if result == 0:
4798 dev[0].wait_connected()
4799 if result == 10 and "channel_list=" not in ev:
4800 raise Exception("Channel list not reported for no-AP")
4801
4802 def test_dpp_mud_url(dev, apdev):
4803 """DPP MUD URL"""
4804 check_dpp_capab(dev[0])
4805 try:
4806 dev[0].set("dpp_name", "Test Enrollee")
4807 dev[0].set("dpp_mud_url", "https://example.com/mud")
4808 run_dpp_qr_code_auth_unicast(dev, apdev, None)
4809 finally:
4810 dev[0].set("dpp_mud_url", "")
4811 dev[0].set("dpp_name", "Test")
4812
4813 def test_dpp_mud_url_hostapd(dev, apdev):
4814 """DPP MUD URL from hostapd"""
4815 check_dpp_capab(dev[0])
4816 check_dpp_capab(dev[1])
4817 params = {"ssid": "unconfigured",
4818 "dpp_name": "AP Enrollee",
4819 "dpp_mud_url": "https://example.com/mud"}
4820 hapd = hostapd.add_ap(apdev[0], params)
4821 check_dpp_capab(hapd)
4822
4823 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
4824 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
4825
4826 conf_id = dev[0].dpp_configurator_add()
4827 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
4828 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd)
4829 update_hapd_config(hapd)
4830
4831 def test_dpp_config_save(dev, apdev, params):
4832 """DPP configuration saving"""
4833 config = os.path.join(params['logdir'], 'dpp_config_save.conf')
4834 run_dpp_config_save(dev, apdev, config, "test", '"test"')
4835
4836 def test_dpp_config_save2(dev, apdev, params):
4837 """DPP configuration saving (2)"""
4838 config = os.path.join(params['logdir'], 'dpp_config_save2.conf')
4839 run_dpp_config_save(dev, apdev, config, "\\u0001*", '012a')
4840
4841 def test_dpp_config_save3(dev, apdev, params):
4842 """DPP configuration saving (3)"""
4843 config = os.path.join(params['logdir'], 'dpp_config_save3.conf')
4844 run_dpp_config_save(dev, apdev, config, "\\u0001*\\u00c2\\u00bc\\u00c3\\u009e\\u00c3\\u00bf", '012ac2bcc39ec3bf')
4845
4846 def run_dpp_config_save(dev, apdev, config, conf_ssid, exp_ssid):
4847 with open(config, "w") as f:
4848 f.write("update_config=1\n" +
4849 "dpp_config_processing=1\n")
4850 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
4851 wpas.interface_add("wlan5", config=config)
4852 check_dpp_capab(wpas)
4853 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"' + conf_ssid + '"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
4854 dev[1].set("dpp_config_obj_override", conf)
4855 dpp_dev = [wpas, dev[1]]
4856 run_dpp_qr_code_auth_unicast(dpp_dev, apdev, "prime256v1",
4857 require_conf_success=True)
4858 if "OK" not in wpas.request("SAVE_CONFIG"):
4859 raise Exception("Failed to save configuration file")
4860 with open(config, "r") as f:
4861 data = f.read()
4862 logger.info("Saved configuration:\n" + data)
4863 if 'ssid=' + exp_ssid + '\n' not in data:
4864 raise Exception("SSID not saved")
4865 if 'psk="secret passphrase"' not in data:
4866 raise Exception("Passphtase not saved")
4867
4868 def test_dpp_nfc_uri(dev, apdev):
4869 """DPP bootstrapping via NFC URI record"""
4870 check_dpp_capab(dev[0])
4871 check_dpp_capab(dev[1])
4872
4873 id = dev[0].dpp_bootstrap_gen(type="nfc-uri", chan="81/1", mac=True)
4874 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4875 logger.info("Generated URI: " + uri)
4876 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
4877 logger.info("Bootstrapping info:\n" + info)
4878 if "type=NFC-URI" not in info:
4879 raise Exception("Unexpected bootstrapping info contents")
4880
4881 dev[0].dpp_listen(2412)
4882 conf_id = dev[1].dpp_configurator_add()
4883 dev[1].dpp_auth_init(nfc_uri=uri, configurator=conf_id, conf="sta-dpp")
4884 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
4885
4886 def test_dpp_with_p2p_device(dev, apdev):
4887 """DPP exchange when driver uses a separate P2P Device interface"""
4888 check_dpp_capab(dev[0])
4889 with HWSimRadio(use_p2p_device=True) as (radio, iface):
4890 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
4891 wpas.interface_add(iface)
4892 check_dpp_capab(wpas)
4893 id1 = wpas.dpp_bootstrap_gen(chan="81/1", mac=True)
4894 uri1 = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id1)
4895 wpas.dpp_listen(2412)
4896 time.sleep(7)
4897 dev[0].dpp_auth_init(uri=uri1)
4898 wait_auth_success(wpas, dev[0], configurator=dev[0], enrollee=wpas,
4899 allow_enrollee_failure=True)
Unnamed repository; edit this file 'description' to name the repository.