]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_dpp.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: Use a helper function for DPP_QR_CODE commands
[thirdparty/hostap.git] / tests / hwsim / test_dpp.py
1 # Test cases for Device Provisioning Protocol (DPP)
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import base64
9 import binascii
10 import hashlib
11 import logging
12 logger = logging.getLogger()
13 import os
14 import struct
15 import subprocess
16 import time
17
18 import hostapd
19 import hwsim_utils
20 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger
21 from wpasupplicant import WpaSupplicant
22
23 try:
24 import OpenSSL
25 openssl_imported = True
26 except ImportError:
27 openssl_imported = False
28
29 def check_dpp_capab(dev, brainpool=False):
30 if "UNKNOWN COMMAND" in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
31 raise HwsimSkip("DPP not supported")
32 if brainpool:
33 tls = dev.request("GET tls_library")
34 if not tls.startswith("OpenSSL") or "run=BoringSSL" in tls:
35 raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
36
37 def test_dpp_qr_code_parsing(dev, apdev):
38 """DPP QR Code parsing"""
39 check_dpp_capab(dev[0])
40 id = []
41
42 tests = [ "DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
43 "DPP:C:81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13,82/14,83/1,83/2,83/3,83/4,83/5,83/6,83/7,83/8,83/9,84/5,84/6,84/7,84/8,84/9,84/10,84/11,84/12,84/13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
44 "DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
45 "DPP:I:;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;" ]
46 for uri in tests:
47 id.append(dev[0].dpp_qr_code(uri))
48
49 uri2 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id[-1])
50 if uri != uri2:
51 raise Exception("Returned URI does not match")
52
53 tests = [ "foo",
54 "DPP:",
55 "DPP:;;",
56 "DPP:C:1/2;M:;K;;",
57 "DPP:I:;M:01020304050;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
58 "DPP:K:" + base64.b64encode(b"hello").decode() + ";;",
59 "DPP:K:MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
60 "DPP:K:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANNZaZA4T/kRDjnmpI1ACOJhAuTIIEk2KFOpS6XPpGF+EVr/ao3XemkE0/nzXmGaLzLqTUCJknSdxTnVPeWfCVsCAwEAAQ==;;",
61 "DPP:K:MIIBCjCB0wYHKoZIzj0CATCBxwIBATAkBgcqhkjOPQEBAhkA/////////////////////v//////////MEsEGP////////////////////7//////////AQYZCEFGeWcgOcPp+mrciQwSf643uzBRrmxAxUAMEWub8hCL2TtV5Uo04Eg6uEhltUEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
62 "DPP:I:foo\tbar;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
63 "DPP:C:1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
64 "DPP:C:81/1a;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
65 "DPP:C:1/2000,81/-1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
66 "DPP:C:-1/1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;" ]
67 for t in tests:
68 res = dev[0].request("DPP_QR_CODE " + t)
69 if "FAIL" not in res:
70 raise Exception("Accepted invalid QR Code: " + t)
71
72 logger.info("ID: " + str(id))
73 if id[0] == id[1] or id[0] == id[2] or id[1] == id[2]:
74 raise Exception("Duplicate ID returned")
75
76 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_REMOVE 12345678"):
77 raise Exception("DPP_BOOTSTRAP_REMOVE accepted unexpectedly")
78 if "OK" not in dev[0].request("DPP_BOOTSTRAP_REMOVE %d" % id[1]):
79 raise Exception("DPP_BOOTSTRAP_REMOVE failed")
80
81 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode")
82 if "FAIL" in res:
83 raise Exception("Failed to generate bootstrapping info")
84 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % int(res))
85 logger.info("Generated URI: " + uri)
86
87 dev[0].dpp_qr_code(uri)
88
89 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1,115/36 mac=010203040506 info=foo")
90 if "FAIL" in res:
91 raise Exception("Failed to generate bootstrapping info")
92 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % int(res))
93 logger.info("Generated URI: " + uri)
94
95 dev[0].dpp_qr_code(uri)
96
97 def test_dpp_qr_code_parsing_fail(dev, apdev):
98 """DPP QR Code parsing local failure"""
99 check_dpp_capab(dev[0])
100 with alloc_fail(dev[0], 1, "dpp_parse_uri_info"):
101 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
102 raise Exception("DPP_QR_CODE failure not reported")
103
104 with alloc_fail(dev[0], 1, "dpp_parse_uri_pk"):
105 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
106 raise Exception("DPP_QR_CODE failure not reported")
107
108 with fail_test(dev[0], 1, "dpp_parse_uri_pk"):
109 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
110 raise Exception("DPP_QR_CODE failure not reported")
111
112 with alloc_fail(dev[0], 1, "dpp_parse_uri"):
113 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
114 raise Exception("DPP_QR_CODE failure not reported")
115
116 dpp_key_p256 ="30570201010420777fc55dc51e967c10ec051b91d860b5f1e6c934e48d5daffef98d032c64b170a00a06082a8648ce3d030107a124032200020c804188c7f85beb6e91070d2b3e5e39b90ca77b4d3c5251bc1844d6ca29dcad"
117 dpp_key_p384 = "307402010104302f56fdd83b5345cacb630eb7c22fa5ad5daba37307c95191e2a75756d137003bd8b32dbcb00eb5650c1eb499ecfcaec0a00706052b81040022a13403320003615ec2141b5b77aebb6523f8a012755f9a34405a8398d2ceeeebca7f5ce868bf55056cba4c4ec62fad3ed26dd29e0f23"
118 dpp_key_p521 = "308198020101044200c8010d5357204c252551aaf4e210343111e503fd1dc615b257058997c49b6b643c975226e93be8181cca3d83a7072defd161dfbdf433c19abe1f2ad51867a05761a00706052b81040023a1460344000301cdf3608b1305fe34a1f976095dcf001182b9973354efe156291a66830292f9babd8f412ad462958663e7a75d1d0610abdfc3dd95d40669f7ab3bc001668cfb3b7c"
119 dpp_key_bp256 = "3058020101042057133a676fb60bf2a3e6797e19833c7b0f89dc192ab99ab5fa377ae23a157765a00b06092b2403030208010107a12403220002945d9bf7ce30c9c1ac0ff21ca62b984d5bb80ff69d2be8c9716ab39a10d2caf0"
120 dpp_key_bp384 = "307802010104304902df9f3033a9b7128554c0851dc7127c3573eed150671dae74c0013e9896a9b1c22b6f7d43d8a2ebb7cd474dc55039a00b06092b240303020801010ba13403320003623cb5e68787f351faababf3425161571560add2e6f9a306fcbffb507735bf955bb46dd20ba246b0d5cadce73e5bd6a6"
121 dpp_key_bp512 = "30819802010104405803494226eb7e50bf0e90633f37e7e35d33f5fa502165eeba721d927f9f846caf12e925701d18e123abaaaf4a7edb4fc4de21ce18bc10c4d12e8b3439f74e40a00b06092b240303020801010da144034200033b086ccd47486522d35dc16fbb2229642c2e9e87897d45abbf21f9fb52acb5a6272b31d1b227c3e53720769cc16b4cb181b26cd0d35fe463218aaedf3b6ec00a"
122
123 def test_dpp_qr_code_curves(dev, apdev):
124 """DPP QR Code and supported curves"""
125 check_dpp_capab(dev[0])
126 tests = [ ("prime256v1", dpp_key_p256),
127 ("secp384r1", dpp_key_p384),
128 ("secp521r1", dpp_key_p521) ]
129 for curve, hex in tests:
130 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex)
131 if "FAIL" in id:
132 raise Exception("Failed to set key for " + curve)
133 info = dev[0].request("DPP_BOOTSTRAP_INFO " + id)
134 if "FAIL" in info:
135 raise Exception("Failed to get info for " + curve)
136 if "curve=" + curve not in info:
137 raise Exception("Curve mismatch for " + curve)
138
139 def test_dpp_qr_code_curves_brainpool(dev, apdev):
140 """DPP QR Code and supported Brainpool curves"""
141 check_dpp_capab(dev[0], brainpool=True)
142 tests = [ ("brainpoolP256r1", dpp_key_bp256),
143 ("brainpoolP384r1", dpp_key_bp384),
144 ("brainpoolP512r1", dpp_key_bp512) ]
145 for curve, hex in tests:
146 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex)
147 if "FAIL" in id:
148 raise Exception("Failed to set key for " + curve)
149 info = dev[0].request("DPP_BOOTSTRAP_INFO " + id)
150 if "FAIL" in info:
151 raise Exception("Failed to get info for " + curve)
152 if "curve=" + curve not in info:
153 raise Exception("Curve mismatch for " + curve)
154
155 def test_dpp_qr_code_unsupported_curve(dev, apdev):
156 """DPP QR Code and unsupported curve"""
157 check_dpp_capab(dev[0])
158
159 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode curve=unsupported")
160 if "FAIL" not in id:
161 raise Exception("Unsupported curve accepted")
162
163 tests = [ "30",
164 "305f02010104187f723ed9e1b41979ec5cd02eb82696efc76b40e277661049a00a06082a8648ce3d030101a134033200043f292614dea97c43f500f069e79ae9fb48f8b07369180de5eec8fa2bc9eea5af7a46dc335f52f10cb1c0e9464201d41b" ]
165 for hex in tests:
166 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex)
167 if "FAIL" not in id:
168 raise Exception("Unsupported/invalid curve accepted")
169
170 def test_dpp_qr_code_keygen_fail(dev, apdev):
171 """DPP QR Code and keygen failure"""
172 check_dpp_capab(dev[0])
173
174 with alloc_fail(dev[0], 1, "dpp_bootstrap_key_der;dpp_keygen"):
175 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
176 raise Exception("Failure not reported")
177
178 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen"):
179 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
180 raise Exception("Failure not reported")
181
182 def test_dpp_qr_code_curve_select(dev, apdev):
183 """DPP QR Code and curve selection"""
184 check_dpp_capab(dev[0], brainpool=True)
185 check_dpp_capab(dev[1], brainpool=True)
186
187 addr = dev[0].own_addr().replace(':', '')
188 bi = []
189 for key in [ dpp_key_p256, dpp_key_p384, dpp_key_p521,
190 dpp_key_bp256, dpp_key_bp384, dpp_key_bp512 ]:
191 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr + " key=" + key)
192 if "FAIL" in id:
193 raise Exception("Failed to set key for " + curve)
194 info = dev[0].request("DPP_BOOTSTRAP_INFO " + id)
195 for i in info.splitlines():
196 if '=' in i:
197 name, val = i.split('=')
198 if name == "curve":
199 curve = val
200 break
201 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI " + id)
202 bi.append((curve, uri))
203
204 for curve, uri in bi:
205 logger.info("Curve: " + curve)
206 logger.info("URI: " + uri)
207
208 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
209 raise Exception("Failed to start listen operation")
210
211 res = dev[1].dpp_qr_code(uri)
212 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % res):
213 raise Exception("Failed to initiate DPP Authentication")
214 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
215 if ev is None:
216 raise Exception("DPP authentication did not succeed (Responder)")
217 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
218 if ev is None:
219 raise Exception("DPP authentication did not succeed (Initiator)")
220 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2)
221 if ev is None:
222 raise Exception("DPP configuration result not seen (Enrollee)")
223 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2)
224 if ev is None:
225 raise Exception("DPP configuration result not seen (Responder)")
226 dev[0].request("DPP_STOP_LISTEN")
227 dev[1].request("DPP_STOP_LISTEN")
228 dev[0].dump_monitor()
229 dev[1].dump_monitor()
230
231 def test_dpp_qr_code_auth_broadcast(dev, apdev):
232 """DPP QR Code and authentication exchange (broadcast)"""
233 check_dpp_capab(dev[0])
234 check_dpp_capab(dev[1])
235 logger.info("dev0 displays QR Code")
236 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1")
237 if "FAIL" in res:
238 raise Exception("Failed to generate bootstrapping info")
239 id0 = int(res)
240 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
241
242 logger.info("dev1 scans QR Code")
243 id1 = dev[1].dpp_qr_code(uri0)
244
245 logger.info("dev1 initiates DPP Authentication")
246 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
247 raise Exception("Failed to start listen operation")
248 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % id1):
249 raise Exception("Failed to initiate DPP Authentication")
250 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
251 if ev is None:
252 raise Exception("DPP authentication did not succeed (Responder)")
253 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
254 if ev is None:
255 raise Exception("DPP authentication did not succeed (Initiator)")
256 dev[0].request("DPP_STOP_LISTEN")
257
258 def test_dpp_qr_code_auth_unicast(dev, apdev):
259 """DPP QR Code and authentication exchange (unicast)"""
260 run_dpp_qr_code_auth_unicast(dev, apdev, None)
261
262 def test_dpp_qr_code_auth_unicast_ap_enrollee(dev, apdev):
263 """DPP QR Code and authentication exchange (AP enrollee)"""
264 run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="ap")
265
266 def test_dpp_qr_code_curve_prime256v1(dev, apdev):
267 """DPP QR Code and curve prime256v1"""
268 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1")
269
270 def test_dpp_qr_code_curve_secp384r1(dev, apdev):
271 """DPP QR Code and curve secp384r1"""
272 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1")
273
274 def test_dpp_qr_code_curve_secp521r1(dev, apdev):
275 """DPP QR Code and curve secp521r1"""
276 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1")
277
278 def test_dpp_qr_code_curve_brainpoolP256r1(dev, apdev):
279 """DPP QR Code and curve brainpoolP256r1"""
280 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP256r1")
281
282 def test_dpp_qr_code_curve_brainpoolP384r1(dev, apdev):
283 """DPP QR Code and curve brainpoolP384r1"""
284 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP384r1")
285
286 def test_dpp_qr_code_curve_brainpoolP512r1(dev, apdev):
287 """DPP QR Code and curve brainpoolP512r1"""
288 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP512r1")
289
290 def test_dpp_qr_code_set_key(dev, apdev):
291 """DPP QR Code and fixed bootstrapping key"""
292 run_dpp_qr_code_auth_unicast(dev, apdev, None, key="30770201010420e5143ac74682cc6869a830e8f5301a5fa569130ac329b1d7dd6f2a7495dbcbe1a00a06082a8648ce3d030107a144034200045e13e167c33dbc7d85541e5509600aa8139bbb3e39e25898992c5d01be92039ee2850f17e71506ded0d6b25677441eae249f8e225c68dd15a6354dca54006383")
293
294 def run_dpp_qr_code_auth_unicast(dev, apdev, curve, netrole=None, key=None,
295 require_conf_success=False, init_extra=None,
296 require_conf_failure=False,
297 configurator=False, conf_curve=None):
298 check_dpp_capab(dev[0], curve and "brainpool" in curve)
299 check_dpp_capab(dev[1], curve and "brainpool" in curve)
300 if configurator:
301 logger.info("Create configurator on dev1")
302 cmd = "DPP_CONFIGURATOR_ADD"
303 if conf_curve:
304 cmd += " curve=" + conf_curve
305 res = dev[1].request(cmd)
306 if "FAIL" in res:
307 raise Exception("Failed to add configurator")
308 conf_id = int(res)
309
310 logger.info("dev0 displays QR Code")
311 addr = dev[0].own_addr().replace(':', '')
312 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
313 if curve:
314 cmd += " curve=" + curve
315 if key:
316 cmd += " key=" + key
317 res = dev[0].request(cmd)
318 if "FAIL" in res:
319 raise Exception("Failed to generate bootstrapping info")
320 id0 = int(res)
321 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
322
323 logger.info("dev1 scans QR Code")
324 id1 = dev[1].dpp_qr_code(uri0)
325
326 logger.info("dev1 initiates DPP Authentication")
327 cmd = "DPP_LISTEN 2412"
328 if netrole:
329 cmd += " netrole=" + netrole
330 if "OK" not in dev[0].request(cmd):
331 raise Exception("Failed to start listen operation")
332 cmd = "DPP_AUTH_INIT peer=%d" % id1
333 if init_extra:
334 cmd += " " + init_extra
335 if configurator:
336 cmd += " configurator=%d" % conf_id
337 if "OK" not in dev[1].request(cmd):
338 raise Exception("Failed to initiate DPP Authentication")
339 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
340 if ev is None:
341 raise Exception("DPP authentication did not succeed (Responder)")
342 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
343 if ev is None:
344 raise Exception("DPP authentication did not succeed (Initiator)")
345 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
346 if ev is None:
347 raise Exception("DPP configuration not completed (Configurator)")
348 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
349 if ev is None:
350 raise Exception("DPP configuration not completed (Enrollee)")
351 if require_conf_success:
352 if "DPP-CONF-FAILED" in ev:
353 raise Exception("DPP configuration failed")
354 if require_conf_failure:
355 if "DPP-CONF-SUCCESS" in ev:
356 raise Exception("DPP configuration succeeded unexpectedly")
357 dev[0].request("DPP_STOP_LISTEN")
358 dev[0].dump_monitor()
359 dev[1].dump_monitor()
360
361 def test_dpp_qr_code_auth_mutual(dev, apdev):
362 """DPP QR Code and authentication exchange (mutual)"""
363 check_dpp_capab(dev[0])
364 check_dpp_capab(dev[1])
365 logger.info("dev0 displays QR Code")
366 addr = dev[0].own_addr().replace(':', '')
367 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
368 if "FAIL" in res:
369 raise Exception("Failed to generate bootstrapping info")
370 id0 = int(res)
371 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
372
373 logger.info("dev1 scans QR Code")
374 id1 = dev[1].dpp_qr_code(uri0)
375
376 logger.info("dev1 displays QR Code")
377 addr = dev[1].own_addr().replace(':', '')
378 res = dev[1].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
379 if "FAIL" in res:
380 raise Exception("Failed to generate bootstrapping info")
381 id1b = int(res)
382 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
383
384 logger.info("dev0 scans QR Code")
385 id0b = dev[0].dpp_qr_code(uri1b)
386
387 logger.info("dev1 initiates DPP Authentication")
388 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
389 raise Exception("Failed to start listen operation")
390 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b)):
391 raise Exception("Failed to initiate DPP Authentication")
392
393 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
394 if ev is None:
395 raise Exception("DPP authentication direction not indicated (Initiator)")
396 if "mutual=1" not in ev:
397 raise Exception("Mutual authentication not used")
398
399 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
400 if ev is None:
401 raise Exception("DPP authentication did not succeed (Responder)")
402 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
403 if ev is None:
404 raise Exception("DPP authentication did not succeed (Initiator)")
405 dev[0].request("DPP_STOP_LISTEN")
406
407 def test_dpp_qr_code_auth_mutual2(dev, apdev):
408 """DPP QR Code and authentication exchange (mutual2)"""
409 check_dpp_capab(dev[0])
410 check_dpp_capab(dev[1])
411 logger.info("dev0 displays QR Code")
412 addr = dev[0].own_addr().replace(':', '')
413 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
414 if "FAIL" in res:
415 raise Exception("Failed to generate bootstrapping info")
416 id0 = int(res)
417 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
418
419 logger.info("dev1 scans QR Code")
420 id1 = dev[1].dpp_qr_code(uri0)
421
422 logger.info("dev1 displays QR Code")
423 addr = dev[1].own_addr().replace(':', '')
424 res = dev[1].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
425 if "FAIL" in res:
426 raise Exception("Failed to generate bootstrapping info")
427 id1b = int(res)
428 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
429
430 logger.info("dev1 initiates DPP Authentication")
431 if "OK" not in dev[0].request("DPP_LISTEN 2412 qr=mutual"):
432 raise Exception("Failed to start listen operation")
433 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b)):
434 raise Exception("Failed to initiate DPP Authentication")
435
436 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
437 if ev is None:
438 raise Exception("Pending response not reported")
439 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
440 if ev is None:
441 raise Exception("QR Code scan for mutual authentication not requested")
442
443 logger.info("dev0 scans QR Code")
444 id0b = dev[0].dpp_qr_code(uri1b)
445
446 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
447 if ev is None:
448 raise Exception("DPP authentication direction not indicated (Initiator)")
449 if "mutual=1" not in ev:
450 raise Exception("Mutual authentication not used")
451
452 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
453 if ev is None:
454 raise Exception("DPP authentication did not succeed (Responder)")
455 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
456 if ev is None:
457 raise Exception("DPP authentication did not succeed (Initiator)")
458 dev[0].request("DPP_STOP_LISTEN")
459
460 def test_dpp_qr_code_auth_mutual_p_256(dev, apdev):
461 """DPP QR Code and authentication exchange (mutual, autogen P-256)"""
462 run_dpp_qr_code_auth_mutual(dev, apdev, "P-256")
463
464 def test_dpp_qr_code_auth_mutual_p_384(dev, apdev):
465 """DPP QR Code and authentication exchange (mutual, autogen P-384)"""
466 run_dpp_qr_code_auth_mutual(dev, apdev, "P-384")
467
468 def test_dpp_qr_code_auth_mutual_p_521(dev, apdev):
469 """DPP QR Code and authentication exchange (mutual, autogen P-521)"""
470 run_dpp_qr_code_auth_mutual(dev, apdev, "P-521")
471
472 def test_dpp_qr_code_auth_mutual_bp_256(dev, apdev):
473 """DPP QR Code and authentication exchange (mutual, autogen BP-256)"""
474 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-256")
475
476 def test_dpp_qr_code_auth_mutual_bp_384(dev, apdev):
477 """DPP QR Code and authentication exchange (mutual, autogen BP-384)"""
478 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-384")
479
480 def test_dpp_qr_code_auth_mutual_bp_512(dev, apdev):
481 """DPP QR Code and authentication exchange (mutual, autogen BP-512)"""
482 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-512")
483
484 def run_dpp_qr_code_auth_mutual(dev, apdev, curve):
485 check_dpp_capab(dev[0], curve and "BP-" in curve)
486 check_dpp_capab(dev[1], curve and "BP-" in curve)
487 logger.info("dev0 displays QR Code")
488 addr = dev[0].own_addr().replace(':', '')
489 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
490 cmd += " curve=" + curve
491 res = dev[0].request(cmd)
492 if "FAIL" in res:
493 raise Exception("Failed to generate bootstrapping info")
494 id0 = int(res)
495 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
496
497 logger.info("dev1 scans QR Code")
498 id1 = dev[1].dpp_qr_code(uri0)
499
500 logger.info("dev1 initiates DPP Authentication")
501 if "OK" not in dev[0].request("DPP_LISTEN 2412 qr=mutual"):
502 raise Exception("Failed to start listen operation")
503 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % (id1)):
504 raise Exception("Failed to initiate DPP Authentication")
505
506 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
507 if ev is None:
508 raise Exception("Pending response not reported")
509 uri = ev.split(' ')[1]
510
511 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
512 if ev is None:
513 raise Exception("QR Code scan for mutual authentication not requested")
514
515 logger.info("dev0 scans QR Code")
516 dev[0].dpp_qr_code(uri)
517
518 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
519 if ev is None:
520 raise Exception("DPP authentication direction not indicated (Initiator)")
521 if "mutual=1" not in ev:
522 raise Exception("Mutual authentication not used")
523
524 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
525 if ev is None:
526 raise Exception("DPP authentication did not succeed (Responder)")
527 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
528 if ev is None:
529 raise Exception("DPP authentication did not succeed (Initiator)")
530 dev[0].request("DPP_STOP_LISTEN")
531
532 def test_dpp_auth_resp_retries(dev, apdev):
533 """DPP Authentication Response retries"""
534 check_dpp_capab(dev[0])
535 check_dpp_capab(dev[1])
536 dev[0].set("dpp_resp_max_tries", "3")
537 dev[0].set("dpp_resp_retry_time", "100")
538
539 logger.info("dev0 displays QR Code")
540 addr = dev[0].own_addr().replace(':', '')
541 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
542 if "FAIL" in res:
543 raise Exception("Failed to generate bootstrapping info")
544 id0 = int(res)
545 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
546
547 logger.info("dev1 scans QR Code")
548 id1 = dev[1].dpp_qr_code(uri0)
549
550 logger.info("dev1 displays QR Code")
551 addr = dev[1].own_addr().replace(':', '')
552 res = dev[1].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
553 if "FAIL" in res:
554 raise Exception("Failed to generate bootstrapping info")
555 id1b = int(res)
556 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
557
558 logger.info("dev1 initiates DPP Authentication")
559 if "OK" not in dev[0].request("DPP_LISTEN 2412 qr=mutual"):
560 raise Exception("Failed to start listen operation")
561 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b)):
562 raise Exception("Failed to initiate DPP Authentication")
563
564 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
565 if ev is None:
566 raise Exception("Pending response not reported")
567 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
568 if ev is None:
569 raise Exception("QR Code scan for mutual authentication not requested")
570
571 # Stop Initiator from listening to frames to force retransmission of the
572 # DPP Authentication Response frame with Status=0
573 dev[1].request("DPP_STOP_LISTEN")
574
575 dev[1].dump_monitor()
576 dev[0].dump_monitor()
577
578 logger.info("dev0 scans QR Code")
579 id0b = dev[0].dpp_qr_code(uri1b)
580
581 ev = dev[0].wait_event(["DPP-TX"], timeout=5)
582 if ev is None or "type=1" not in ev:
583 raise Exception("DPP Authentication Response not sent")
584 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
585 if ev is None:
586 raise Exception("TX status for DPP Authentication Response not reported")
587 if "result=no-ACK" not in ev:
588 raise Exception("Unexpected TX status for Authentication Response: " + ev)
589
590 ev = dev[0].wait_event(["DPP-TX"], timeout=15)
591 if ev is None or "type=1" not in ev:
592 raise Exception("DPP Authentication Response retransmission not sent")
593
594 def test_dpp_qr_code_auth_mutual_not_used(dev, apdev):
595 """DPP QR Code and authentication exchange (mutual not used)"""
596 check_dpp_capab(dev[0])
597 check_dpp_capab(dev[1])
598 logger.info("dev0 displays QR Code")
599 addr = dev[0].own_addr().replace(':', '')
600 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
601 if "FAIL" in res:
602 raise Exception("Failed to generate bootstrapping info")
603 id0 = int(res)
604 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
605
606 logger.info("dev1 scans QR Code")
607 id1 = dev[1].dpp_qr_code(uri0)
608
609 logger.info("dev1 displays QR Code")
610 addr = dev[1].own_addr().replace(':', '')
611 res = dev[1].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
612 if "FAIL" in res:
613 raise Exception("Failed to generate bootstrapping info")
614 id1b = int(res)
615 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
616
617 logger.info("dev0 does not scan QR Code")
618
619 logger.info("dev1 initiates DPP Authentication")
620 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
621 raise Exception("Failed to start listen operation")
622 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b)):
623 raise Exception("Failed to initiate DPP Authentication")
624
625 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
626 if ev is None:
627 raise Exception("DPP authentication direction not indicated (Initiator)")
628 if "mutual=0" not in ev:
629 raise Exception("Mutual authentication not used")
630
631 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
632 if ev is None:
633 raise Exception("DPP authentication did not succeed (Responder)")
634 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
635 if ev is None:
636 raise Exception("DPP authentication did not succeed (Initiator)")
637 dev[0].request("DPP_STOP_LISTEN")
638
639 def test_dpp_qr_code_auth_mutual_curve_mismatch(dev, apdev):
640 """DPP QR Code and authentication exchange (mutual/mismatch)"""
641 check_dpp_capab(dev[0])
642 check_dpp_capab(dev[1])
643 logger.info("dev0 displays QR Code")
644 addr = dev[0].own_addr().replace(':', '')
645 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
646 if "FAIL" in res:
647 raise Exception("Failed to generate bootstrapping info")
648 id0 = int(res)
649 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
650
651 logger.info("dev1 scans QR Code")
652 id1 = dev[1].dpp_qr_code(uri0)
653
654 logger.info("dev1 displays QR Code")
655 addr = dev[1].own_addr().replace(':', '')
656 res = dev[1].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr + " curve=secp384r1")
657 if "FAIL" in res:
658 raise Exception("Failed to generate bootstrapping info")
659 id1b = int(res)
660 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
661
662 logger.info("dev0 scans QR Code")
663 id0b = dev[0].dpp_qr_code(uri1b)
664
665 res = dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b))
666 if "FAIL" not in res:
667 raise Exception("DPP_AUTH_INIT accepted unexpectedly")
668
669 def test_dpp_qr_code_auth_hostapd_mutual2(dev, apdev):
670 """DPP QR Code and authentication exchange (hostapd mutual2)"""
671 check_dpp_capab(dev[0])
672 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
673 check_dpp_capab(hapd)
674
675 logger.info("AP displays QR Code")
676 addr = hapd.own_addr().replace(':', '')
677 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
678 res = hapd.request(cmd)
679 if "FAIL" in res:
680 raise Exception("Failed to generate bootstrapping info")
681 id_h = int(res)
682 uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
683
684 logger.info("dev0 scans QR Code")
685 id0 = dev[0].dpp_qr_code(uri_h)
686
687 logger.info("dev0 displays QR Code")
688 addr = dev[0].own_addr().replace(':', '')
689 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
690 if "FAIL" in res:
691 raise Exception("Failed to generate bootstrapping info")
692 id0b = int(res)
693 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b)
694
695 logger.info("dev0 initiates DPP Authentication")
696 if "OK" not in hapd.request("DPP_LISTEN 2412 qr=mutual"):
697 raise Exception("Failed to start listen operation")
698 if "OK" not in dev[0].request("DPP_AUTH_INIT peer=%d own=%d" % (id0, id0b)):
699 raise Exception("Failed to initiate DPP Authentication")
700
701 ev = dev[0].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
702 if ev is None:
703 raise Exception("Pending response not reported")
704 ev = hapd.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
705 if ev is None:
706 raise Exception("QR Code scan for mutual authentication not requested")
707
708 logger.info("AP scans QR Code")
709 hapd.dpp_qr_code(uri0)
710
711 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
712 if ev is None:
713 raise Exception("DPP authentication did not succeed (Responder)")
714 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
715 if ev is None:
716 raise Exception("DPP authentication did not succeed (Initiator)")
717 hapd.request("DPP_STOP_LISTEN")
718
719 def test_dpp_qr_code_listen_continue(dev, apdev):
720 """DPP QR Code and listen operation needing continuation"""
721 check_dpp_capab(dev[0])
722 check_dpp_capab(dev[1])
723 logger.info("dev0 displays QR Code")
724 addr = dev[0].own_addr().replace(':', '')
725 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
726 if "FAIL" in res:
727 raise Exception("Failed to generate bootstrapping info")
728 id0 = int(res)
729 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
730
731 logger.info("dev1 scans QR Code")
732 id1 = dev[1].dpp_qr_code(uri0)
733
734 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
735 raise Exception("Failed to start listen operation")
736 logger.info("Wait for listen to expire and get restarted")
737 time.sleep(5.5)
738 logger.info("dev1 initiates DPP Authentication")
739 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % id1):
740 raise Exception("Failed to initiate DPP Authentication")
741 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
742 if ev is None:
743 raise Exception("DPP authentication did not succeed (Responder)")
744 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
745 if ev is None:
746 raise Exception("DPP authentication did not succeed (Initiator)")
747 dev[0].request("DPP_STOP_LISTEN")
748
749 def test_dpp_qr_code_auth_initiator_enrollee(dev, apdev):
750 """DPP QR Code and authentication exchange (Initiator in Enrollee role)"""
751 check_dpp_capab(dev[0])
752 check_dpp_capab(dev[1])
753 dev[0].request("SET gas_address3 1")
754 dev[1].request("SET gas_address3 1")
755 logger.info("dev0 displays QR Code")
756 addr = dev[0].own_addr().replace(':', '')
757 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
758 if "FAIL" in res:
759 raise Exception("Failed to generate bootstrapping info")
760 id0 = int(res)
761 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
762
763 logger.info("dev1 scans QR Code")
764 id1 = dev[1].dpp_qr_code(uri0)
765
766 logger.info("dev1 initiates DPP Authentication")
767 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
768 raise Exception("Failed to start listen operation")
769 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=enrollee" % id1):
770 raise Exception("Failed to initiate DPP Authentication")
771 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
772 if ev is None:
773 raise Exception("DPP authentication did not succeed (Responder)")
774 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
775 if ev is None:
776 raise Exception("DPP authentication did not succeed (Initiator)")
777
778 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
779 if ev is None:
780 raise Exception("DPP configuration did not succeed (Configurator)")
781 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=5)
782 if ev is None:
783 raise Exception("DPP configuration did not succeed (Enrollee)")
784
785 dev[0].request("DPP_STOP_LISTEN")
786
787 def test_dpp_qr_code_auth_initiator_either_1(dev, apdev):
788 """DPP QR Code and authentication exchange (Initiator in either role)"""
789 run_dpp_qr_code_auth_initiator_either(dev, apdev, None, dev[1], dev[0])
790
791 def test_dpp_qr_code_auth_initiator_either_2(dev, apdev):
792 """DPP QR Code and authentication exchange (Initiator in either role)"""
793 run_dpp_qr_code_auth_initiator_either(dev, apdev, "enrollee",
794 dev[1], dev[0])
795
796 def test_dpp_qr_code_auth_initiator_either_3(dev, apdev):
797 """DPP QR Code and authentication exchange (Initiator in either role)"""
798 run_dpp_qr_code_auth_initiator_either(dev, apdev, "configurator",
799 dev[0], dev[1])
800
801 def run_dpp_qr_code_auth_initiator_either(dev, apdev, resp_role,
802 conf_dev, enrollee_dev):
803 check_dpp_capab(dev[0])
804 check_dpp_capab(dev[1])
805 logger.info("dev0 displays QR Code")
806 addr = dev[0].own_addr().replace(':', '')
807 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
808 if "FAIL" in res:
809 raise Exception("Failed to generate bootstrapping info")
810 id0 = int(res)
811 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
812
813 logger.info("dev1 scans QR Code")
814 id1 = dev[1].dpp_qr_code(uri0)
815
816 logger.info("dev1 initiates DPP Authentication")
817 cmd = "DPP_LISTEN 2412"
818 if resp_role:
819 cmd += " role=" + resp_role
820 if "OK" not in dev[0].request(cmd):
821 raise Exception("Failed to start listen operation")
822 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=either" % id1):
823 raise Exception("Failed to initiate DPP Authentication")
824 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
825 if ev is None:
826 raise Exception("DPP authentication did not succeed (Responder)")
827 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
828 if ev is None:
829 raise Exception("DPP authentication did not succeed (Initiator)")
830
831 ev = conf_dev.wait_event(["DPP-CONF-SENT"], timeout=5)
832 if ev is None:
833 raise Exception("DPP configuration did not succeed (Configurator)")
834 ev = enrollee_dev.wait_event(["DPP-CONF-FAILED"], timeout=5)
835 if ev is None:
836 raise Exception("DPP configuration did not succeed (Enrollee)")
837
838 dev[0].request("DPP_STOP_LISTEN")
839
840 def run_init_incompatible_roles(dev, role="enrollee"):
841 check_dpp_capab(dev[0])
842 check_dpp_capab(dev[1])
843 logger.info("dev0 displays QR Code")
844 addr = dev[0].own_addr().replace(':', '')
845 res = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
846 if "FAIL" in res:
847 raise Exception("Failed to generate bootstrapping info")
848 id0 = int(res)
849 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
850
851 logger.info("dev1 scans QR Code")
852 id1 = dev[1].dpp_qr_code(uri0)
853
854 logger.info("dev1 initiates DPP Authentication")
855 if "OK" not in dev[0].request("DPP_LISTEN 2412 role=%s" % role):
856 raise Exception("Failed to start listen operation")
857 return id1
858
859 def test_dpp_qr_code_auth_incompatible_roles(dev, apdev):
860 """DPP QR Code and authentication exchange (incompatible roles)"""
861 id1 = run_init_incompatible_roles(dev)
862 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=enrollee" % id1):
863 raise Exception("Failed to initiate DPP Authentication")
864 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
865 if ev is None:
866 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
867 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
868 if ev is None:
869 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
870
871 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
872 raise Exception("Failed to initiate DPP Authentication")
873 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
874 if ev is None:
875 raise Exception("DPP authentication did not succeed (Responder)")
876 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
877 if ev is None:
878 raise Exception("DPP authentication did not succeed (Initiator)")
879 dev[0].request("DPP_STOP_LISTEN")
880
881 def test_dpp_qr_code_auth_incompatible_roles2(dev, apdev):
882 """DPP QR Code and authentication exchange (incompatible roles 2)"""
883 id1 = run_init_incompatible_roles(dev, role="configurator")
884 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
885 raise Exception("Failed to initiate DPP Authentication")
886 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
887 if ev is None:
888 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
889 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
890 if ev is None:
891 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
892
893 def test_dpp_qr_code_auth_incompatible_roles_failure(dev, apdev):
894 """DPP QR Code and authentication exchange (incompatible roles failure)"""
895 id1 = run_init_incompatible_roles(dev, role="configurator")
896 with alloc_fail(dev[0], 1, "dpp_auth_build_resp_status"):
897 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
898 raise Exception("Failed to initiate DPP Authentication")
899 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
900 if ev is None:
901 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
902
903 def test_dpp_qr_code_auth_incompatible_roles_failure2(dev, apdev):
904 """DPP QR Code and authentication exchange (incompatible roles failure 2)"""
905 id1 = run_init_incompatible_roles(dev, role="configurator")
906 with alloc_fail(dev[1], 1, "dpp_auth_resp_rx_status"):
907 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
908 raise Exception("Failed to initiate DPP Authentication")
909 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL")
910
911 def test_dpp_qr_code_auth_incompatible_roles_failure3(dev, apdev):
912 """DPP QR Code and authentication exchange (incompatible roles failure 3)"""
913 id1 = run_init_incompatible_roles(dev, role="configurator")
914 with fail_test(dev[1], 1, "dpp_auth_resp_rx_status"):
915 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
916 raise Exception("Failed to initiate DPP Authentication")
917 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
918 if ev is None or "AES-SIV decryption failed" not in ev:
919 raise Exception("AES-SIV decryption failure not reported")
920
921 def test_dpp_qr_code_auth_neg_chan(dev, apdev):
922 """DPP QR Code and authentication exchange with requested different channel"""
923 check_dpp_capab(dev[0])
924 check_dpp_capab(dev[1])
925
926 logger.info("Create configurator on dev1")
927 cmd = "DPP_CONFIGURATOR_ADD"
928 res = dev[1].request(cmd)
929 if "FAIL" in res:
930 raise Exception("Failed to add configurator")
931 conf_id = int(res)
932
933 logger.info("dev0 displays QR Code")
934 addr = dev[0].own_addr().replace(':', '')
935 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
936 res = dev[0].request(cmd)
937 if "FAIL" in res:
938 raise Exception("Failed to generate bootstrapping info")
939 id0 = int(res)
940 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
941
942 logger.info("dev1 scans QR Code")
943 id1 = dev[1].dpp_qr_code(uri0)
944
945 logger.info("dev1 initiates DPP Authentication")
946 cmd = "DPP_LISTEN 2412"
947 if "OK" not in dev[0].request(cmd):
948 raise Exception("Failed to start listen operation")
949 cmd = "DPP_AUTH_INIT peer=%d configurator=%d conf=sta-dpp neg_freq=2462" % (id1, conf_id)
950 if "OK" not in dev[1].request(cmd):
951 raise Exception("Failed to initiate DPP Authentication")
952
953 ev = dev[1].wait_event(["DPP-TX"], timeout=5)
954 if ev is None:
955 raise Exception("DPP Authentication Request not sent")
956 if "freq=2412 type=0" not in ev:
957 raise Exception("Unexpected TX data for Authentication Request: " + ev)
958
959 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
960 if ev is None:
961 raise Exception("DPP Authentication Request not received")
962 if "freq=2412 type=0" not in ev:
963 raise Exception("Unexpected RX data for Authentication Request: " + ev)
964
965 ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
966 if ev is None:
967 raise Exception("TX status for DPP Authentication Request not reported")
968 if "freq=2412 result=SUCCESS" not in ev:
969 raise Exception("Unexpected TX status for Authentication Request: " + ev)
970
971 ev = dev[0].wait_event(["DPP-TX"], timeout=5)
972 if ev is None:
973 raise Exception("DPP Authentication Response not sent")
974 if "freq=2462 type=1" not in ev:
975 raise Exception("Unexpected TX data for Authentication Response: " + ev)
976
977 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
978 if ev is None:
979 raise Exception("DPP Authentication Response not received")
980 if "freq=2462 type=1" not in ev:
981 raise Exception("Unexpected RX data for Authentication Response: " + ev)
982
983 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
984 if ev is None:
985 raise Exception("TX status for DPP Authentication Response not reported")
986 if "freq=2462 result=SUCCESS" not in ev:
987 raise Exception("Unexpected TX status for Authentication Response: " + ev)
988
989 ev = dev[1].wait_event(["DPP-TX"], timeout=5)
990 if ev is None:
991 raise Exception("DPP Authentication Confirm not sent")
992 if "freq=2462 type=2" not in ev:
993 raise Exception("Unexpected TX data for Authentication Confirm: " + ev)
994
995 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
996 if ev is None:
997 raise Exception("DPP Authentication Confirm not received")
998 if "freq=2462 type=2" not in ev:
999 raise Exception("Unexpected RX data for Authentication Confirm: " + ev)
1000
1001 ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
1002 if ev is None:
1003 raise Exception("TX status for DPP Authentication Confirm not reported")
1004 if "freq=2462 result=SUCCESS" not in ev:
1005 raise Exception("Unexpected TX status for Authentication Confirm: " + ev)
1006
1007 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1008 if ev is None:
1009 raise Exception("DPP authentication did not succeed (Responder)")
1010 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1011 if ev is None:
1012 raise Exception("DPP authentication did not succeed (Initiator)")
1013 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
1014 if ev is None:
1015 raise Exception("DPP configuration not completed (Configurator)")
1016 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
1017 if ev is None:
1018 raise Exception("DPP configuration not completed (Enrollee)")
1019 if "DPP-CONF-FAILED" in ev:
1020 raise Exception("DPP configuration failed")
1021 dev[0].request("DPP_STOP_LISTEN")
1022 dev[0].dump_monitor()
1023 dev[1].dump_monitor()
1024
1025 def test_dpp_config_legacy(dev, apdev):
1026 """DPP Config Object for legacy network using passphrase"""
1027 check_dpp_capab(dev[1])
1028 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
1029 dev[1].set("dpp_config_obj_override", conf)
1030 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1031 require_conf_success=True)
1032
1033 def test_dpp_config_legacy_psk_hex(dev, apdev):
1034 """DPP Config Object for legacy network using PSK"""
1035 check_dpp_capab(dev[1])
1036 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"' + 32*"12" + '"}}'
1037 dev[1].set("dpp_config_obj_override", conf)
1038 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1039 require_conf_success=True)
1040
1041 def test_dpp_config_fragmentation(dev, apdev):
1042 """DPP Config Object for legacy network requiring fragmentation"""
1043 check_dpp_capab(dev[1])
1044 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
1045 dev[1].set("dpp_config_obj_override", conf)
1046 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1047 require_conf_success=True)
1048
1049 def test_dpp_config_legacy_gen(dev, apdev):
1050 """Generate DPP Config Object for legacy network"""
1051 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1052 init_extra="conf=sta-psk pass=%s" % binascii.hexlify(b"passphrase").decode(),
1053 require_conf_success=True)
1054
1055 def test_dpp_config_legacy_gen_psk(dev, apdev):
1056 """Generate DPP Config Object for legacy network (PSK)"""
1057 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1058 init_extra="conf=sta-psk psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
1059 require_conf_success=True)
1060
1061 def test_dpp_config_dpp_gen_prime256v1(dev, apdev):
1062 """Generate DPP Config Object for DPP network (P-256)"""
1063 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1064 init_extra="conf=sta-dpp",
1065 require_conf_success=True,
1066 configurator=True)
1067
1068 def test_dpp_config_dpp_gen_secp384r1(dev, apdev):
1069 """Generate DPP Config Object for DPP network (P-384)"""
1070 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
1071 init_extra="conf=sta-dpp",
1072 require_conf_success=True,
1073 configurator=True)
1074
1075 def test_dpp_config_dpp_gen_secp521r1(dev, apdev):
1076 """Generate DPP Config Object for DPP network (P-521)"""
1077 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
1078 init_extra="conf=sta-dpp",
1079 require_conf_success=True,
1080 configurator=True)
1081
1082 def test_dpp_config_dpp_gen_prime256v1_prime256v1(dev, apdev):
1083 """Generate DPP Config Object for DPP network (P-256 + P-256)"""
1084 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1085 init_extra="conf=sta-dpp",
1086 require_conf_success=True,
1087 configurator=True,
1088 conf_curve="prime256v1")
1089
1090 def test_dpp_config_dpp_gen_prime256v1_secp384r1(dev, apdev):
1091 """Generate DPP Config Object for DPP network (P-256 + P-384)"""
1092 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1093 init_extra="conf=sta-dpp",
1094 require_conf_success=True,
1095 configurator=True,
1096 conf_curve="secp384r1")
1097
1098 def test_dpp_config_dpp_gen_prime256v1_secp521r1(dev, apdev):
1099 """Generate DPP Config Object for DPP network (P-256 + P-521)"""
1100 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1101 init_extra="conf=sta-dpp",
1102 require_conf_success=True,
1103 configurator=True,
1104 conf_curve="secp521r1")
1105
1106 def test_dpp_config_dpp_gen_secp384r1_prime256v1(dev, apdev):
1107 """Generate DPP Config Object for DPP network (P-384 + P-256)"""
1108 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
1109 init_extra="conf=sta-dpp",
1110 require_conf_success=True,
1111 configurator=True,
1112 conf_curve="prime256v1")
1113
1114 def test_dpp_config_dpp_gen_secp384r1_secp384r1(dev, apdev):
1115 """Generate DPP Config Object for DPP network (P-384 + P-384)"""
1116 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
1117 init_extra="conf=sta-dpp",
1118 require_conf_success=True,
1119 configurator=True,
1120 conf_curve="secp384r1")
1121
1122 def test_dpp_config_dpp_gen_secp384r1_secp521r1(dev, apdev):
1123 """Generate DPP Config Object for DPP network (P-384 + P-521)"""
1124 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
1125 init_extra="conf=sta-dpp",
1126 require_conf_success=True,
1127 configurator=True,
1128 conf_curve="secp521r1")
1129
1130 def test_dpp_config_dpp_gen_secp521r1_prime256v1(dev, apdev):
1131 """Generate DPP Config Object for DPP network (P-521 + P-256)"""
1132 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
1133 init_extra="conf=sta-dpp",
1134 require_conf_success=True,
1135 configurator=True,
1136 conf_curve="prime256v1")
1137
1138 def test_dpp_config_dpp_gen_secp521r1_secp384r1(dev, apdev):
1139 """Generate DPP Config Object for DPP network (P-521 + P-384)"""
1140 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
1141 init_extra="conf=sta-dpp",
1142 require_conf_success=True,
1143 configurator=True,
1144 conf_curve="secp384r1")
1145
1146 def test_dpp_config_dpp_gen_secp521r1_secp521r1(dev, apdev):
1147 """Generate DPP Config Object for DPP network (P-521 + P-521)"""
1148 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
1149 init_extra="conf=sta-dpp",
1150 require_conf_success=True,
1151 configurator=True,
1152 conf_curve="secp521r1")
1153
1154 def test_dpp_config_dpp_gen_expiry(dev, apdev):
1155 """Generate DPP Config Object for DPP network with expiry value"""
1156 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1157 init_extra="conf=sta-dpp expiry=%d" % (time.time() + 1000),
1158 require_conf_success=True,
1159 configurator=True)
1160
1161 def test_dpp_config_dpp_gen_expired_key(dev, apdev):
1162 """Generate DPP Config Object for DPP network with expiry value"""
1163 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1164 init_extra="conf=sta-dpp expiry=%d" % (time.time() - 10),
1165 require_conf_failure=True,
1166 configurator=True)
1167
1168 def test_dpp_config_dpp_override_prime256v1(dev, apdev):
1169 """DPP Config Object override (P-256)"""
1170 check_dpp_capab(dev[0])
1171 check_dpp_capab(dev[1])
1172 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}'
1173 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
1174 dev[1].set("dpp_config_obj_override", conf)
1175 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1176 require_conf_success=True)
1177
1178 def test_dpp_config_dpp_override_secp384r1(dev, apdev):
1179 """DPP Config Object override (P-384)"""
1180 check_dpp_capab(dev[0])
1181 check_dpp_capab(dev[1])
1182 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJabi1iMndjbjRLM2pGQklkYmhGZkpVTHJTXzdESS0yMWxFQi02R3gxNjl3IiwiYWxnIjoiRVMzODQifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0zODQiLCJ4IjoickdrSGg1UUZsOUtfWjdqYUZkVVhmbThoY1RTRjM1b25Xb1NIRXVsbVNzWW9oX1RXZGpoRjhiVGdiS0ZRN2tBViIsInkiOiJBbU1QVDA5VmFENWpGdzMwTUFKQlp2VkZXeGNlVVlKLXR5blQ0bVJ5N0xOZWxhZ0dEWHpfOExaRlpOU2FaNUdLIn19.Yn_F7m-bbOQ5PlaYQJ9-1qsuqYQ6V-rAv8nWw1COKiCYwwbt3WFBJ8DljY0dPrlg5CHJC4saXwkytpI-CpELW1yUdzYb4Lrun07d20Eo_g10ICyOl5sqQCAUElKMe_Xr","csign":{"kty":"EC","crv":"P-384","x":"dmTyXXiPV2Y8a01fujL-jo08gvzyby23XmzOtzjAiujKQZZgPJsbhfEKrZDlc6ey","y":"H5Z0av5c7bqInxYb2_OOJdNiMhVf3zlcULR0516ZZitOY4U31KhL4wl4KGV7g2XW","kid":"Zn-b2wcn4K3jFBIdbhFfJULrS_7DI-21lEB-6Gx169w"}}}'
1183 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
1184 dev[1].set("dpp_config_obj_override", conf)
1185 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
1186 require_conf_success=True)
1187
1188 def test_dpp_config_dpp_override_secp521r1(dev, apdev):
1189 """DPP Config Object override (P-521)"""
1190 check_dpp_capab(dev[0])
1191 check_dpp_capab(dev[1])
1192 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJMZkhKY3hnV2ZKcG1uS2IwenZRT0F2VDB2b0ZKc0JjZnBmYzgxY3Y5ZXFnIiwiYWxnIjoiRVM1MTIifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC01MjEiLCJ4IjoiQVJlUFBrMFNISkRRR2NWbnlmM3lfbTlaQllHNjFJeElIbDN1NkdwRHVhMkU1WVd4TE1BSUtMMnZuUGtlSGFVRXljRmZaZlpYZ2JlNkViUUxMVkRVUm1VUSIsInkiOiJBWUtaYlNwUkFFNjJVYm9YZ2c1ZWRBVENzbEpzTlpwcm9RR1dUcW9Md04weXkzQkVoT3ZRZmZrOWhaR2lKZ295TzFobXFRRVRrS0pXb2tIYTBCQUpLSGZtIn19.ACEZLyPk13cM_OFScpLoCElQ2t1sxq5z2d_W_3_QslTQQe5SFiH_o8ycL4632YLAH4RV0gZcMKKRMtZdHgBYHjkzASDqgY-_aYN2SBmpfl8hw0YdDlUJWX3DJf-ofqNAlTbnGmhpSg69cEAhFn41Xgvx2MdwYcPVncxxESVOtWl5zNLK","csign":{"kty":"EC","crv":"P-521","x":"ADiOI_YJOAipEXHB-SpGl4KqokX8m8h3BVYCc8dgiwssZ061-nIIY3O1SIO6Re4Jjfy53RPgzDG6jitOgOGLtzZs","y":"AZKggKaQi0ExutSpJAU3-lqDV03sBQLA9C7KabfWoAn8qD6Vk4jU0WAJdt-wBBTF9o1nVuiqS2OxMVYrxN4lOz79","kid":"LfHJcxgWfJpmnKb0zvQOAvT0voFJsBcfpfc81cv9eqg"}}}'
1193 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
1194 dev[1].set("dpp_config_obj_override", conf)
1195 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
1196 require_conf_success=True)
1197
1198 def test_dpp_config_override_objects(dev, apdev):
1199 """Generate DPP Config Object and override objects)"""
1200 check_dpp_capab(dev[1])
1201 discovery = '{\n"ssid":"mywifi"\n}'
1202 groups = '[\n {"groupId":"home","netRole":"sta"},\n {"groupId":"cottage","netRole":"sta"}\n]'
1203 dev[1].set("dpp_discovery_override", discovery)
1204 dev[1].set("dpp_groups_override", groups)
1205 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1206 init_extra="conf=sta-dpp",
1207 require_conf_success=True,
1208 configurator=True)
1209
1210 def build_conf_obj(kty="EC", crv="P-256",
1211 x="W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s",
1212 y="Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE",
1213 kid="TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU",
1214 prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}',
1215 signed_connector=None,
1216 no_signed_connector=False,
1217 csign=True):
1218 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{'
1219 conf += '"akm":"dpp",'
1220
1221 if signed_connector:
1222 conn = signed_connector
1223 conf += '"signedConnector":"%s",' % conn
1224 elif not no_signed_connector:
1225 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1226 sign = "_sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A"
1227 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
1228 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=') + '.'
1229 conn += sign
1230 conf += '"signedConnector":"%s",' % conn
1231
1232 if csign:
1233 conf += '"csign":{'
1234 if kty:
1235 conf += '"kty":"%s",' % kty
1236 if crv:
1237 conf += '"crv":"%s",' % crv
1238 if x:
1239 conf += '"x":"%s",' % x
1240 if y:
1241 conf += '"y":"%s",' % y
1242 if kid:
1243 conf += '"kid":"%s"' % kid
1244 conf = conf.rstrip(',')
1245 conf += '}'
1246 else:
1247 conf = conf.rstrip(',')
1248
1249 conf += '}}'
1250
1251 return conf
1252
1253 def run_dpp_config_error(dev, apdev, conf,
1254 skip_net_access_key_mismatch=True):
1255 check_dpp_capab(dev[0])
1256 check_dpp_capab(dev[1])
1257 if skip_net_access_key_mismatch:
1258 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
1259 dev[1].set("dpp_config_obj_override", conf)
1260 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1261 require_conf_failure=True)
1262
1263 def test_dpp_config_jwk_error_no_kty(dev, apdev):
1264 """DPP Config Object JWK error - no kty"""
1265 run_dpp_config_error(dev, apdev, build_conf_obj(kty=None))
1266
1267 def test_dpp_config_jwk_error_unexpected_kty(dev, apdev):
1268 """DPP Config Object JWK error - unexpected kty"""
1269 run_dpp_config_error(dev, apdev, build_conf_obj(kty="unknown"))
1270
1271 def test_dpp_config_jwk_error_no_crv(dev, apdev):
1272 """DPP Config Object JWK error - no crv"""
1273 run_dpp_config_error(dev, apdev, build_conf_obj(crv=None))
1274
1275 def test_dpp_config_jwk_error_unsupported_crv(dev, apdev):
1276 """DPP Config Object JWK error - unsupported curve"""
1277 run_dpp_config_error(dev, apdev, build_conf_obj(crv="unsupported"))
1278
1279 def test_dpp_config_jwk_error_no_x(dev, apdev):
1280 """DPP Config Object JWK error - no x"""
1281 run_dpp_config_error(dev, apdev, build_conf_obj(x=None))
1282
1283 def test_dpp_config_jwk_error_invalid_x(dev, apdev):
1284 """DPP Config Object JWK error - invalid x"""
1285 run_dpp_config_error(dev, apdev, build_conf_obj(x="MTIz"))
1286
1287 def test_dpp_config_jwk_error_no_y(dev, apdev):
1288 """DPP Config Object JWK error - no y"""
1289 run_dpp_config_error(dev, apdev, build_conf_obj(y=None))
1290
1291 def test_dpp_config_jwk_error_invalid_y(dev, apdev):
1292 """DPP Config Object JWK error - invalid y"""
1293 run_dpp_config_error(dev, apdev, build_conf_obj(y="MTIz"))
1294
1295 def test_dpp_config_jwk_error_invalid_xy(dev, apdev):
1296 """DPP Config Object JWK error - invalid x,y"""
1297 conf = build_conf_obj(x="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY",
1298 y="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY")
1299 run_dpp_config_error(dev, apdev, conf)
1300
1301 def test_dpp_config_jwk_error_no_kid(dev, apdev):
1302 """DPP Config Object JWK error - no kid"""
1303 run_dpp_config_error(dev, apdev, build_conf_obj(kid=None))
1304
1305 def test_dpp_config_jws_error_prot_hdr_not_an_object(dev, apdev):
1306 """DPP Config Object JWS error - protected header not an object"""
1307 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr="1"))
1308
1309 def test_dpp_config_jws_error_prot_hdr_no_typ(dev, apdev):
1310 """DPP Config Object JWS error - protected header - no typ"""
1311 prot_hdr='{"kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1312 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1313
1314 def test_dpp_config_jws_error_prot_hdr_unsupported_typ(dev, apdev):
1315 """DPP Config Object JWS error - protected header - unsupported typ"""
1316 prot_hdr='{"typ":"unsupported","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1317 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1318
1319 def test_dpp_config_jws_error_prot_hdr_no_alg(dev, apdev):
1320 """DPP Config Object JWS error - protected header - no alg"""
1321 prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}'
1322 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1323
1324 def test_dpp_config_jws_error_prot_hdr_unexpected_alg(dev, apdev):
1325 """DPP Config Object JWS error - protected header - unexpected alg"""
1326 prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"unexpected"}'
1327 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1328
1329 def test_dpp_config_jws_error_prot_hdr_no_kid(dev, apdev):
1330 """DPP Config Object JWS error - protected header - no kid"""
1331 prot_hdr='{"typ":"dppCon","alg":"ES256"}'
1332 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1333
1334 def test_dpp_config_jws_error_prot_hdr_unexpected_kid(dev, apdev):
1335 """DPP Config Object JWS error - protected header - unexpected kid"""
1336 prot_hdr='{"typ":"dppCon","kid":"MTIz","alg":"ES256"}'
1337 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1338
1339 def test_dpp_config_signed_connector_error_no_dot_1(dev, apdev):
1340 """DPP Config Object signedConnector error - no dot(1)"""
1341 conn = "MTIz"
1342 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1343
1344 def test_dpp_config_signed_connector_error_no_dot_2(dev, apdev):
1345 """DPP Config Object signedConnector error - no dot(2)"""
1346 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz"
1347 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1348
1349 def test_dpp_config_signed_connector_error_unexpected_signature_len(dev, apdev):
1350 """DPP Config Object signedConnector error - unexpected signature length"""
1351 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTIz"
1352 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1353
1354 def test_dpp_config_signed_connector_error_invalid_signature_der(dev, apdev):
1355 """DPP Config Object signedConnector error - invalid signature DER"""
1356 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTI"
1357 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1358
1359 def test_dpp_config_no_csign(dev, apdev):
1360 """DPP Config Object error - no csign"""
1361 run_dpp_config_error(dev, apdev, build_conf_obj(csign=False))
1362
1363 def test_dpp_config_no_signed_connector(dev, apdev):
1364 """DPP Config Object error - no signedConnector"""
1365 run_dpp_config_error(dev, apdev, build_conf_obj(no_signed_connector=True))
1366
1367 def test_dpp_config_unexpected_signed_connector_char(dev, apdev):
1368 """DPP Config Object error - unexpected signedConnector character"""
1369 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector='a\nb'))
1370
1371 def test_dpp_config_root_not_an_object(dev, apdev):
1372 """DPP Config Object error - root not an object"""
1373 conf = "1"
1374 run_dpp_config_error(dev, apdev, conf)
1375
1376 def test_dpp_config_no_wi_fi_tech(dev, apdev):
1377 """DPP Config Object error - no wi-fi_tech"""
1378 conf = "{}"
1379 run_dpp_config_error(dev, apdev, conf)
1380
1381 def test_dpp_config_unsupported_wi_fi_tech(dev, apdev):
1382 """DPP Config Object error - unsupported wi-fi_tech"""
1383 conf = '{"wi-fi_tech":"unsupported"}'
1384 run_dpp_config_error(dev, apdev, conf)
1385
1386 def test_dpp_config_no_discovery(dev, apdev):
1387 """DPP Config Object error - no discovery"""
1388 conf = '{"wi-fi_tech":"infra"}'
1389 run_dpp_config_error(dev, apdev, conf)
1390
1391 def test_dpp_config_no_discovery_ssid(dev, apdev):
1392 """DPP Config Object error - no discovery::ssid"""
1393 conf = '{"wi-fi_tech":"infra","discovery":{}}'
1394 run_dpp_config_error(dev, apdev, conf)
1395
1396 def test_dpp_config_too_long_discovery_ssid(dev, apdev):
1397 """DPP Config Object error - too long discovery::ssid"""
1398 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"%s"}}' % (33*'A')
1399 run_dpp_config_error(dev, apdev, conf)
1400
1401 def test_dpp_config_no_cred(dev, apdev):
1402 """DPP Config Object error - no cred"""
1403 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"}}'
1404 run_dpp_config_error(dev, apdev, conf)
1405
1406 def test_dpp_config_no_cred_akm(dev, apdev):
1407 """DPP Config Object error - no cred::akm"""
1408 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{}}'
1409 run_dpp_config_error(dev, apdev, conf)
1410
1411 def test_dpp_config_unsupported_cred_akm(dev, apdev):
1412 """DPP Config Object error - unsupported cred::akm"""
1413 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"unsupported"}}'
1414 run_dpp_config_error(dev, apdev, conf)
1415
1416 def test_dpp_config_error_legacy_no_pass(dev, apdev):
1417 """DPP Config Object legacy error - no pass/psk"""
1418 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk"}}'
1419 run_dpp_config_error(dev, apdev, conf)
1420
1421 def test_dpp_config_error_legacy_too_short_pass(dev, apdev):
1422 """DPP Config Object legacy error - too short pass/psk"""
1423 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"1"}}'
1424 run_dpp_config_error(dev, apdev, conf)
1425
1426 def test_dpp_config_error_legacy_too_long_pass(dev, apdev):
1427 """DPP Config Object legacy error - too long pass/psk"""
1428 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"%s"}}' % (64*'A')
1429 run_dpp_config_error(dev, apdev, conf)
1430
1431 def test_dpp_config_error_legacy_psk_with_sae(dev, apdev):
1432 """DPP Config Object legacy error - psk_hex with SAE"""
1433 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"sae","psk_hex":"%s"}}' % (32*"12")
1434 run_dpp_config_error(dev, apdev, conf)
1435
1436 def test_dpp_config_error_legacy_no_pass_for_sae(dev, apdev):
1437 """DPP Config Object legacy error - no pass for SAE"""
1438 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk+sae","psk_hex":"%s"}}' % (32*"12")
1439 run_dpp_config_error(dev, apdev, conf)
1440
1441 def test_dpp_config_error_legacy_invalid_psk(dev, apdev):
1442 """DPP Config Object legacy error - invalid psk_hex"""
1443 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (32*"qa")
1444 run_dpp_config_error(dev, apdev, conf)
1445
1446 def test_dpp_config_error_legacy_too_short_psk(dev, apdev):
1447 """DPP Config Object legacy error - too short psk_hex"""
1448 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (31*"12")
1449 run_dpp_config_error(dev, apdev, conf)
1450
1451 def ecdsa_sign(pkey, message, alg="sha256"):
1452 sign = OpenSSL.crypto.sign(pkey, message, alg)
1453 a,b = struct.unpack('BB', sign[0:2])
1454 if a != 0x30:
1455 raise Exception("Invalid DER encoding of ECDSA signature")
1456 if b != len(sign) - 2:
1457 raise Exception("Invalid length of ECDSA signature")
1458 sign = sign[2:]
1459
1460 a,b = struct.unpack('BB', sign[0:2])
1461 if a != 0x02:
1462 raise Exception("Invalid DER encoding of ECDSA signature r")
1463 if b > len(sign) - 2:
1464 raise Exception("Invalid length of ECDSA signature r")
1465 sign = sign[2:]
1466 if b == 32:
1467 r = sign[0:32]
1468 sign = sign[32:]
1469 elif b == 33:
1470 r = sign[1:33]
1471 sign = sign[33:]
1472 else:
1473 raise Exception("Invalid length of ECDSA signature r")
1474
1475 a,b = struct.unpack('BB', sign[0:2])
1476 if a != 0x02:
1477 raise Exception("Invalid DER encoding of ECDSA signature s")
1478 if b > len(sign) - 2:
1479 raise Exception("Invalid length of ECDSA signature s")
1480 sign = sign[2:]
1481 if b == 32:
1482 s = sign[0:32]
1483 sign = sign[32:]
1484 elif b == 33:
1485 s = sign[1:33]
1486 sign = sign[33:]
1487 else:
1488 raise Exception("Invalid length of ECDSA signature s")
1489 if len(sign) != 0:
1490 raise Exception("Extra data at the end of ECDSA signature")
1491
1492 raw_sign = r + s
1493 return base64.urlsafe_b64encode(raw_sign).decode().rstrip('=')
1494
1495 p256_priv_key = """-----BEGIN EC PRIVATE KEY-----
1496 MHcCAQEEIBVQij9ah629f1pu3tarDQGQvrzHgAkgYd1jHGiLxNajoAoGCCqGSM49
1497 AwEHoUQDQgAEAC9d2/JirKu72F2qLuv5jEFMD1Cqu9EiyGk7cOzn/2DJ51p2mEoW
1498 n03N6XRvTC+G7WPol9Ng97NAM2sK57+F/Q==
1499 -----END EC PRIVATE KEY-----"""
1500 p256_pub_key_x = binascii.unhexlify("002f5ddbf262acabbbd85daa2eebf98c414c0f50aabbd122c8693b70ece7ff60")
1501 p256_pub_key_y = binascii.unhexlify("c9e75a76984a169f4dcde9746f4c2f86ed63e897d360f7b340336b0ae7bf85fd")
1502
1503 def run_dpp_config_connector(dev, apdev, expiry=None, payload=None,
1504 skip_net_access_key_mismatch=True):
1505 if not openssl_imported:
1506 raise HwsimSkip("OpenSSL python method not available")
1507 pkey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
1508 p256_priv_key)
1509 x = base64.urlsafe_b64encode(p256_pub_key_x).decode().rstrip('=')
1510 y = base64.urlsafe_b64encode(p256_pub_key_y).decode().rstrip('=')
1511
1512 pubkey = b'\x04' + p256_pub_key_x + p256_pub_key_y
1513 kid = base64.urlsafe_b64encode(hashlib.sha256(pubkey).digest()).decode().rstrip('=')
1514
1515 prot_hdr = '{"typ":"dppCon","kid":"%s","alg":"ES256"}' % kid
1516
1517 if not payload:
1518 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}'
1519 if expiry:
1520 payload += ',"expiry":"%s"' % expiry
1521 payload += '}'
1522 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
1523 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=')
1524 sign = ecdsa_sign(pkey, conn)
1525 conn += '.' + sign
1526 run_dpp_config_error(dev, apdev,
1527 build_conf_obj(x=x, y=y, signed_connector=conn),
1528 skip_net_access_key_mismatch=skip_net_access_key_mismatch)
1529
1530 def test_dpp_config_connector_error_ext_sign(dev, apdev):
1531 """DPP Config Object connector error - external signature calculation"""
1532 run_dpp_config_connector(dev, apdev)
1533
1534 def test_dpp_config_connector_error_too_short_timestamp(dev, apdev):
1535 """DPP Config Object connector error - too short timestamp"""
1536 run_dpp_config_connector(dev, apdev, expiry="1")
1537
1538 def test_dpp_config_connector_error_invalid_timestamp(dev, apdev):
1539 """DPP Config Object connector error - invalid timestamp"""
1540 run_dpp_config_connector(dev, apdev, expiry=19*"1")
1541
1542 def test_dpp_config_connector_error_invalid_timestamp_date(dev, apdev):
1543 """DPP Config Object connector error - invalid timestamp date"""
1544 run_dpp_config_connector(dev, apdev, expiry="9999-99-99T99:99:99Z")
1545
1546 def test_dpp_config_connector_error_invalid_time_zone(dev, apdev):
1547 """DPP Config Object connector error - invalid time zone"""
1548 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00*")
1549
1550 def test_dpp_config_connector_error_invalid_time_zone_2(dev, apdev):
1551 """DPP Config Object connector error - invalid time zone 2"""
1552 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+")
1553
1554 def test_dpp_config_connector_error_expired_1(dev, apdev):
1555 """DPP Config Object connector error - expired 1"""
1556 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00")
1557
1558 def test_dpp_config_connector_error_expired_2(dev, apdev):
1559 """DPP Config Object connector error - expired 2"""
1560 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00Z")
1561
1562 def test_dpp_config_connector_error_expired_3(dev, apdev):
1563 """DPP Config Object connector error - expired 3"""
1564 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01")
1565
1566 def test_dpp_config_connector_error_expired_4(dev, apdev):
1567 """DPP Config Object connector error - expired 4"""
1568 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01:02")
1569
1570 def test_dpp_config_connector_error_expired_5(dev, apdev):
1571 """DPP Config Object connector error - expired 5"""
1572 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01")
1573
1574 def test_dpp_config_connector_error_expired_6(dev, apdev):
1575 """DPP Config Object connector error - expired 6"""
1576 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01:02")
1577
1578 def test_dpp_config_connector_error_no_groups(dev, apdev):
1579 """DPP Config Object connector error - no groups"""
1580 payload = '{"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1581 run_dpp_config_connector(dev, apdev, payload=payload)
1582
1583 def test_dpp_config_connector_error_empty_groups(dev, apdev):
1584 """DPP Config Object connector error - empty groups"""
1585 payload = '{"groups":[],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1586 run_dpp_config_connector(dev, apdev, payload=payload)
1587
1588 def test_dpp_config_connector_error_missing_group_id(dev, apdev):
1589 """DPP Config Object connector error - missing groupId"""
1590 payload = '{"groups":[{"netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1591 run_dpp_config_connector(dev, apdev, payload=payload)
1592
1593 def test_dpp_config_connector_error_missing_net_role(dev, apdev):
1594 """DPP Config Object connector error - missing netRole"""
1595 payload = '{"groups":[{"groupId":"*"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1596 run_dpp_config_connector(dev, apdev, payload=payload)
1597
1598 def test_dpp_config_connector_error_missing_net_access_key(dev, apdev):
1599 """DPP Config Object connector error - missing netAccessKey"""
1600 payload = '{"groups":[{"groupId":"*","netRole":"sta"}]}'
1601 run_dpp_config_connector(dev, apdev, payload=payload)
1602
1603 def test_dpp_config_connector_error_net_access_key_mismatch(dev, apdev):
1604 """DPP Config Object connector error - netAccessKey mismatch"""
1605 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1606 run_dpp_config_connector(dev, apdev, payload=payload,
1607 skip_net_access_key_mismatch=False)
1608
1609 def test_dpp_gas_timeout(dev, apdev):
1610 """DPP and GAS server timeout for a query"""
1611 check_dpp_capab(dev[0])
1612 check_dpp_capab(dev[1])
1613 logger.info("dev0 displays QR Code")
1614 addr = dev[0].own_addr().replace(':', '')
1615 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
1616 res = dev[0].request(cmd)
1617 if "FAIL" in res:
1618 raise Exception("Failed to generate bootstrapping info")
1619 id0 = int(res)
1620 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1621
1622 logger.info("dev1 scans QR Code")
1623 id1 = dev[1].dpp_qr_code(uri0)
1624
1625 logger.info("dev1 initiates DPP Authentication")
1626 dev[0].set("ext_mgmt_frame_handling", "1")
1627 cmd = "DPP_LISTEN 2412"
1628 if "OK" not in dev[0].request(cmd):
1629 raise Exception("Failed to start listen operation")
1630
1631 # Force GAS fragmentation
1632 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
1633 dev[1].set("dpp_config_obj_override", conf)
1634
1635 cmd = "DPP_AUTH_INIT peer=%d" % id1
1636 if "OK" not in dev[1].request(cmd):
1637 raise Exception("Failed to initiate DPP Authentication")
1638
1639 # DPP Authentication Request
1640 msg = dev[0].mgmt_rx()
1641 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1642 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1643 raise Exception("MGMT_RX_PROCESS failed")
1644
1645 # DPP Authentication Confirmation
1646 msg = dev[0].mgmt_rx()
1647 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1648 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1649 raise Exception("MGMT_RX_PROCESS failed")
1650
1651 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1652 if ev is None:
1653 raise Exception("DPP authentication did not succeed (Responder)")
1654 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1655 if ev is None:
1656 raise Exception("DPP authentication did not succeed (Initiator)")
1657
1658 # DPP Configuration Response (GAS Initial Response frame)
1659 msg = dev[0].mgmt_rx()
1660 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1661 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1662 raise Exception("MGMT_RX_PROCESS failed")
1663
1664 # GAS Comeback Response frame
1665 msg = dev[0].mgmt_rx()
1666 # Do not continue to force timeout on GAS server
1667
1668 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
1669 if ev is None:
1670 raise Exception("GAS result not reported (Enrollee)")
1671 if "result=TIMEOUT" not in ev:
1672 raise Exception("Unexpected GAS result (Enrollee): " + ev)
1673 dev[0].set("ext_mgmt_frame_handling", "0")
1674
1675 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=15)
1676 if ev is None:
1677 raise Exception("DPP configuration failure not reported (Configurator)")
1678
1679 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=1)
1680 if ev is None:
1681 raise Exception("DPP configuration failure not reported (Enrollee)")
1682
1683 def test_dpp_akm_sha256(dev, apdev):
1684 """DPP AKM (SHA256)"""
1685 run_dpp_akm(dev, apdev, 32)
1686
1687 def test_dpp_akm_sha384(dev, apdev):
1688 """DPP AKM (SHA384)"""
1689 run_dpp_akm(dev, apdev, 48)
1690
1691 def test_dpp_akm_sha512(dev, apdev):
1692 """DPP AKM (SHA512)"""
1693 run_dpp_akm(dev, apdev, 64)
1694
1695 def run_dpp_akm(dev, apdev, pmk_len):
1696 check_dpp_capab(dev[0])
1697 check_dpp_capab(dev[1])
1698 params = { "ssid": "dpp",
1699 "wpa": "2",
1700 "wpa_key_mgmt": "DPP",
1701 "rsn_pairwise": "CCMP",
1702 "ieee80211w": "2" }
1703 try:
1704 hapd = hostapd.add_ap(apdev[0], params)
1705 except:
1706 raise HwsimSkip("DPP not supported")
1707
1708 id = dev[0].connect("dpp", key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
1709 wait_connect=False)
1710 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=2)
1711 if not ev:
1712 raise Exception("Network mismatch not reported")
1713 dev[0].request("DISCONNECT")
1714 dev[0].dump_monitor()
1715
1716 bssid = hapd.own_addr()
1717 pmkid = 16*'11'
1718 akmp = 2**23
1719 pmk = pmk_len*'22'
1720 cmd = "PMKSA_ADD %d %s %s %s 30240 43200 %d 0" % (id, bssid, pmkid, pmk, akmp)
1721 if "OK" not in dev[0].request(cmd):
1722 raise Exception("PMKSA_ADD failed (wpa_supplicant)")
1723 dev[0].select_network(id, freq="2412")
1724 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=2)
1725 dev[0].request("DISCONNECT")
1726 dev[0].dump_monitor()
1727 if not ev:
1728 raise Exception("Association attempt was not rejected")
1729 if "status_code=53" not in ev:
1730 raise Exception("Unexpected status code: " + ev)
1731
1732 addr = dev[0].own_addr()
1733 cmd = "PMKSA_ADD %s %s %s 0 %d" % (addr, pmkid, pmk, akmp)
1734 if "OK" not in hapd.request(cmd):
1735 raise Exception("PMKSA_ADD failed (hostapd)")
1736
1737 dev[0].select_network(id, freq="2412")
1738 dev[0].wait_connected()
1739 val = dev[0].get_status_field("key_mgmt")
1740 if val != "DPP":
1741 raise Exception("Unexpected key_mgmt: " + val)
1742
1743 params1_csign = "3059301306072a8648ce3d020106082a8648ce3d03010703420004d02e5bd81a120762b5f0f2994777f5d40297238a6c294fd575cdf35fabec44c050a6421c401d98d659fd2ed13c961cc8287944dd3202f516977800d3ab2f39ee"
1744 params1_ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwOHF4TlNYRzRWemdCV3BjVUdNSmc1czNvbElOVFJsRVQ1aERpNkRKY3ZjIiwieSI6IlVhaGFYQXpKRVpRQk1YaHRUQnlZZVlrOWtJYjk5UDA3UV9NcW9TVVZTVEkifX0.a5_nfMVr7Qe1SW0ZL3u6oQRm5NUCYUSfixDAJOUFN3XUfECBZ6E8fm8xjeSfdOytgRidTz0CTlIRjzPQo82dmQ"
1745 params1_ap_netaccesskey = "30770201010420f6531d17f29dfab655b7c9e923478d5a345164c489aadd44a3519c3e9dcc792da00a06082a8648ce3d030107a14403420004d3cab13525c6e15ce0056a5c506309839b37a2520d4d19444f98438ba0c972f751a85a5c0cc911940131786d4c1c9879893d9086fdf4fd3b43f32aa125154932"
1746 params1_sta_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiZWMzR3NqQ3lQMzVBUUZOQUJJdEltQnN4WXVyMGJZX1dES1lfSE9zUGdjNCIsInkiOiJTRS1HVllkdWVnTFhLMU1TQXZNMEx2QWdLREpTNWoyQVhCbE9PMTdUSTRBIn19.PDK9zsGlK-e1pEOmNxVeJfCS8pNeay6ckIS1TXCQsR64AR-9wFPCNVjqOxWvVKltehyMFqVAtOcv0IrjtMJFqQ"
1747 params1_sta_netaccesskey = "30770201010420bc33380c26fd2168b69cd8242ed1df07ba89aa4813f8d4e8523de6ca3f8dd28ba00a06082a8648ce3d030107a1440342000479cdc6b230b23f7e40405340048b48981b3162eaf46d8fd60ca63f1ceb0f81ce484f8655876e7a02d72b531202f3342ef020283252e63d805c194e3b5ed32380"
1748
1749 def test_dpp_network_introduction(dev, apdev):
1750 """DPP network introduction"""
1751 check_dpp_capab(dev[0])
1752 check_dpp_capab(dev[1])
1753
1754 params = { "ssid": "dpp",
1755 "wpa": "2",
1756 "wpa_key_mgmt": "DPP",
1757 "ieee80211w": "2",
1758 "rsn_pairwise": "CCMP",
1759 "dpp_connector": params1_ap_connector,
1760 "dpp_csign": params1_csign,
1761 "dpp_netaccesskey": params1_ap_netaccesskey }
1762 try:
1763 hapd = hostapd.add_ap(apdev[0], params)
1764 except:
1765 raise HwsimSkip("DPP not supported")
1766
1767 id = dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
1768 ieee80211w="2",
1769 dpp_csign=params1_csign,
1770 dpp_connector=params1_sta_connector,
1771 dpp_netaccesskey=params1_sta_netaccesskey)
1772 val = dev[0].get_status_field("key_mgmt")
1773 if val != "DPP":
1774 raise Exception("Unexpected key_mgmt: " + val)
1775
1776 def test_dpp_and_sae_akm(dev, apdev):
1777 """DPP and SAE AKMs"""
1778 check_dpp_capab(dev[0])
1779 check_dpp_capab(dev[1])
1780 if "SAE" not in dev[1].get_capability("auth_alg"):
1781 raise HwsimSkip("SAE not supported")
1782
1783 params = { "ssid": "dpp+sae",
1784 "wpa": "2",
1785 "wpa_key_mgmt": "DPP SAE",
1786 "ieee80211w": "2",
1787 "rsn_pairwise": "CCMP",
1788 "sae_password": "sae-password",
1789 "dpp_connector": params1_ap_connector,
1790 "dpp_csign": params1_csign,
1791 "dpp_netaccesskey": params1_ap_netaccesskey }
1792 try:
1793 hapd = hostapd.add_ap(apdev[0], params)
1794 except:
1795 raise HwsimSkip("DPP not supported")
1796
1797 id = dev[0].connect("dpp+sae", key_mgmt="DPP", scan_freq="2412",
1798 ieee80211w="2",
1799 dpp_csign=params1_csign,
1800 dpp_connector=params1_sta_connector,
1801 dpp_netaccesskey=params1_sta_netaccesskey)
1802 val = dev[0].get_status_field("key_mgmt")
1803 if val != "DPP":
1804 raise Exception("Unexpected key_mgmt for DPP: " + val)
1805
1806 id = dev[1].connect("dpp+sae", key_mgmt="SAE", scan_freq="2412",
1807 ieee80211w="2", psk="sae-password")
1808 val = dev[1].get_status_field("key_mgmt")
1809 if val != "SAE":
1810 raise Exception("Unexpected key_mgmt for SAE: " + val)
1811
1812 def test_dpp_ap_config(dev, apdev):
1813 """DPP and AP configuration"""
1814 run_dpp_ap_config(dev, apdev)
1815
1816 def test_dpp_ap_config_p256_p256(dev, apdev):
1817 """DPP and AP configuration (P-256 + P-256)"""
1818 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-256")
1819
1820 def test_dpp_ap_config_p256_p384(dev, apdev):
1821 """DPP and AP configuration (P-256 + P-384)"""
1822 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-384")
1823
1824 def test_dpp_ap_config_p256_p521(dev, apdev):
1825 """DPP and AP configuration (P-256 + P-521)"""
1826 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-521")
1827
1828 def test_dpp_ap_config_p384_p256(dev, apdev):
1829 """DPP and AP configuration (P-384 + P-256)"""
1830 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-256")
1831
1832 def test_dpp_ap_config_p384_p384(dev, apdev):
1833 """DPP and AP configuration (P-384 + P-384)"""
1834 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-384")
1835
1836 def test_dpp_ap_config_p384_p521(dev, apdev):
1837 """DPP and AP configuration (P-384 + P-521)"""
1838 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-521")
1839
1840 def test_dpp_ap_config_p521_p256(dev, apdev):
1841 """DPP and AP configuration (P-521 + P-256)"""
1842 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-256")
1843
1844 def test_dpp_ap_config_p521_p384(dev, apdev):
1845 """DPP and AP configuration (P-521 + P-384)"""
1846 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-384")
1847
1848 def test_dpp_ap_config_p521_p521(dev, apdev):
1849 """DPP and AP configuration (P-521 + P-521)"""
1850 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-521")
1851
1852 def test_dpp_ap_config_reconfig_configurator(dev, apdev):
1853 """DPP and AP configuration with Configurator reconfiguration"""
1854 run_dpp_ap_config(dev, apdev, reconf_configurator=True)
1855
1856 def update_hapd_config(hapd):
1857 ev = hapd.wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
1858 if ev is None:
1859 raise Exception("SSID not reported (AP)")
1860 ssid = ev.split(' ')[1]
1861
1862 ev = hapd.wait_event(["DPP-CONNECTOR"], timeout=1)
1863 if ev is None:
1864 raise Exception("Connector not reported (AP)")
1865 connector = ev.split(' ')[1]
1866
1867 ev = hapd.wait_event(["DPP-C-SIGN-KEY"], timeout=1)
1868 if ev is None:
1869 raise Exception("C-sign-key not reported (AP)")
1870 p = ev.split(' ')
1871 csign = p[1]
1872
1873 ev = hapd.wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
1874 if ev is None:
1875 raise Exception("netAccessKey not reported (AP)")
1876 p = ev.split(' ')
1877 net_access_key = p[1]
1878 net_access_key_expiry = p[2] if len(p) > 2 else None
1879
1880 logger.info("Update AP configuration to use key_mgmt=DPP")
1881 hapd.disable()
1882 hapd.set("ssid", ssid)
1883 hapd.set("wpa", "2")
1884 hapd.set("wpa_key_mgmt", "DPP")
1885 hapd.set("ieee80211w", "2")
1886 hapd.set("rsn_pairwise", "CCMP")
1887 hapd.set("dpp_connector", connector)
1888 hapd.set("dpp_csign", csign)
1889 hapd.set("dpp_netaccesskey", net_access_key)
1890 if net_access_key_expiry:
1891 hapd.set("dpp_netaccesskey_expiry", net_access_key_expiry)
1892 hapd.enable()
1893
1894 def run_dpp_ap_config(dev, apdev, curve=None, conf_curve=None,
1895 reconf_configurator=False):
1896 check_dpp_capab(dev[0])
1897 check_dpp_capab(dev[1])
1898 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
1899 check_dpp_capab(hapd)
1900
1901 addr = hapd.own_addr().replace(':', '')
1902 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
1903 if curve:
1904 cmd += " curve=" + curve
1905 res = hapd.request(cmd)
1906 if "FAIL" in res:
1907 raise Exception("Failed to generate bootstrapping info")
1908 id_h = int(res)
1909 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
1910
1911 cmd = "DPP_CONFIGURATOR_ADD"
1912 if conf_curve:
1913 cmd += " curve=" + conf_curve
1914 res = dev[0].request(cmd)
1915 if "FAIL" in res:
1916 raise Exception("Failed to add configurator")
1917 conf_id = int(res)
1918
1919 if reconf_configurator:
1920 csign = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
1921 if "FAIL" in csign or len(csign) == 0:
1922 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
1923
1924 id = dev[0].dpp_qr_code(uri)
1925
1926 cmd = "DPP_AUTH_INIT peer=%d conf=ap-dpp configurator=%d" % (id, conf_id)
1927 if "OK" not in dev[0].request(cmd):
1928 raise Exception("Failed to initiate DPP Authentication")
1929 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1930 if ev is None:
1931 raise Exception("DPP authentication did not succeed (Responder)")
1932 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1933 if ev is None:
1934 raise Exception("DPP authentication did not succeed (Initiator)")
1935 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
1936 if ev is None:
1937 raise Exception("DPP configuration not completed (Configurator)")
1938 ev = hapd.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
1939 if ev is None:
1940 raise Exception("DPP configuration not completed (Enrollee)")
1941 if "DPP-CONF-FAILED" in ev:
1942 raise Exception("DPP configuration failed")
1943
1944 update_hapd_config(hapd)
1945
1946 addr = dev[1].own_addr().replace(':', '')
1947 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
1948 if curve:
1949 cmd += " curve=" + curve
1950 res = dev[1].request(cmd)
1951 if "FAIL" in res:
1952 raise Exception("Failed to generate bootstrapping info")
1953 id1 = int(res)
1954 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1955
1956 id0b = dev[0].dpp_qr_code(uri1)
1957
1958 if reconf_configurator:
1959 res = dev[0].request("DPP_CONFIGURATOR_REMOVE %d" % conf_id)
1960 if "OK" not in res:
1961 raise Exception("DPP_CONFIGURATOR_REMOVE failed")
1962 cmd = "DPP_CONFIGURATOR_ADD"
1963 if conf_curve:
1964 cmd += " curve=" + conf_curve
1965 cmd += " key=" + csign
1966 res = dev[0].request(cmd)
1967 if "FAIL" in res:
1968 raise Exception("Failed to add configurator (reconf)")
1969 conf_id = int(res)
1970
1971 cmd = "DPP_LISTEN 2412"
1972 if "OK" not in dev[1].request(cmd):
1973 raise Exception("Failed to start listen operation")
1974 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id0b, conf_id)
1975 if "OK" not in dev[0].request(cmd):
1976 raise Exception("Failed to initiate DPP Authentication")
1977 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1978 if ev is None:
1979 raise Exception("DPP authentication did not succeed (Responder)")
1980 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1981 if ev is None:
1982 raise Exception("DPP authentication did not succeed (Initiator)")
1983 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
1984 if ev is None:
1985 raise Exception("DPP configuration not completed (Configurator)")
1986 ev = dev[1].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1987 if ev is None:
1988 raise Exception("DPP configuration not completed (Enrollee)")
1989 dev[1].request("DPP_STOP_LISTEN")
1990
1991 ev = dev[1].wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
1992 if ev is None:
1993 raise Exception("SSID not reported")
1994 ssid = ev.split(' ')[1]
1995
1996 ev = dev[1].wait_event(["DPP-CONNECTOR"], timeout=1)
1997 if ev is None:
1998 raise Exception("Connector not reported")
1999 connector = ev.split(' ')[1]
2000
2001 ev = dev[1].wait_event(["DPP-C-SIGN-KEY"], timeout=1)
2002 if ev is None:
2003 raise Exception("C-sign-key not reported")
2004 p = ev.split(' ')
2005 csign = p[1]
2006
2007 ev = dev[1].wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
2008 if ev is None:
2009 raise Exception("netAccessKey not reported")
2010 p = ev.split(' ')
2011 net_access_key = p[1]
2012 net_access_key_expiry = p[2] if len(p) > 2 else None
2013
2014 dev[1].dump_monitor()
2015
2016 id = dev[1].connect(ssid, key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
2017 only_add_network=True)
2018 dev[1].set_network_quoted(id, "dpp_connector", connector)
2019 dev[1].set_network(id, "dpp_csign", csign)
2020 dev[1].set_network(id, "dpp_netaccesskey", net_access_key)
2021 if net_access_key_expiry:
2022 dev[1].set_network(id, "dpp_netaccess_expiry", net_access_key_expiry)
2023
2024 logger.info("Check data connection")
2025 dev[1].select_network(id, freq="2412")
2026 dev[1].wait_connected()
2027
2028 def test_dpp_auto_connect_1(dev, apdev):
2029 """DPP and auto connect (1)"""
2030 try:
2031 run_dpp_auto_connect(dev, apdev, 1)
2032 finally:
2033 dev[0].set("dpp_config_processing", "0")
2034
2035 def test_dpp_auto_connect_2(dev, apdev):
2036 """DPP and auto connect (2)"""
2037 try:
2038 run_dpp_auto_connect(dev, apdev, 2)
2039 finally:
2040 dev[0].set("dpp_config_processing", "0")
2041
2042 def test_dpp_auto_connect_2_connect_cmd(dev, apdev):
2043 """DPP and auto connect (2) using connect_cmd"""
2044 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2045 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
2046 dev_new = [ wpas, dev[1] ]
2047 try:
2048 run_dpp_auto_connect(dev_new, apdev, 2)
2049 finally:
2050 wpas.set("dpp_config_processing", "0")
2051
2052 def run_dpp_auto_connect(dev, apdev, processing):
2053 check_dpp_capab(dev[0])
2054 check_dpp_capab(dev[1])
2055
2056 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2057 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
2058 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
2059 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
2060
2061 params = { "ssid": "test",
2062 "wpa": "2",
2063 "wpa_key_mgmt": "DPP",
2064 "ieee80211w": "2",
2065 "rsn_pairwise": "CCMP",
2066 "dpp_connector": ap_connector,
2067 "dpp_csign": csign_pub,
2068 "dpp_netaccesskey": ap_netaccesskey }
2069 try:
2070 hapd = hostapd.add_ap(apdev[0], params)
2071 except:
2072 raise HwsimSkip("DPP not supported")
2073
2074 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
2075 res = dev[1].request(cmd)
2076 if "FAIL" in res:
2077 raise Exception("DPP_CONFIGURATOR_ADD failed")
2078 conf_id = int(res)
2079
2080 dev[0].set("dpp_config_processing", str(processing))
2081 addr = dev[0].own_addr().replace(':', '')
2082 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
2083 res = dev[0].request(cmd)
2084 if "FAIL" in res:
2085 raise Exception("Failed to generate bootstrapping info")
2086 id0 = int(res)
2087 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2088
2089 id1 = dev[1].dpp_qr_code(uri0)
2090
2091 cmd = "DPP_LISTEN 2412"
2092 if "OK" not in dev[0].request(cmd):
2093 raise Exception("Failed to start listen operation")
2094
2095 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
2096 if "OK" not in dev[1].request(cmd):
2097 raise Exception("Failed to initiate DPP Authentication")
2098 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=10)
2099 if ev is None:
2100 raise Exception("DPP configuration not completed (Configurator)")
2101 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=2)
2102 if ev is None:
2103 raise Exception("DPP configuration not completed (Enrollee)")
2104 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
2105 if ev is None:
2106 raise Exception("DPP network profile not generated")
2107 id = ev.split(' ')[1]
2108
2109 if processing == 1:
2110 dev[0].select_network(id, freq=2412)
2111
2112 dev[0].wait_connected()
2113 hwsim_utils.test_connectivity(dev[0], hapd)
2114
2115 def test_dpp_auto_connect_legacy(dev, apdev):
2116 """DPP and auto connect (legacy)"""
2117 try:
2118 run_dpp_auto_connect_legacy(dev, apdev)
2119 finally:
2120 dev[0].set("dpp_config_processing", "0")
2121
2122 def test_dpp_auto_connect_legacy_sae_1(dev, apdev):
2123 """DPP and auto connect (legacy SAE)"""
2124 try:
2125 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', psk_sae=True)
2126 finally:
2127 dev[0].set("dpp_config_processing", "0")
2128
2129 def test_dpp_auto_connect_legacy_sae_2(dev, apdev):
2130 """DPP and auto connect (legacy SAE)"""
2131 try:
2132 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', sae_only=True)
2133 finally:
2134 dev[0].set("dpp_config_processing", "0")
2135
2136 def test_dpp_auto_connect_legacy_psk_sae_1(dev, apdev):
2137 """DPP and auto connect (legacy PSK+SAE)"""
2138 try:
2139 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
2140 psk_sae=True)
2141 finally:
2142 dev[0].set("dpp_config_processing", "0")
2143
2144 def test_dpp_auto_connect_legacy_psk_sae_2(dev, apdev):
2145 """DPP and auto connect (legacy PSK+SAE)"""
2146 try:
2147 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
2148 sae_only=True)
2149 finally:
2150 dev[0].set("dpp_config_processing", "0")
2151
2152 def test_dpp_auto_connect_legacy_psk_sae_3(dev, apdev):
2153 """DPP and auto connect (legacy PSK+SAE)"""
2154 try:
2155 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae')
2156 finally:
2157 dev[0].set("dpp_config_processing", "0")
2158
2159 def run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk',
2160 psk_sae=False, sae_only=False):
2161 check_dpp_capab(dev[0])
2162 check_dpp_capab(dev[1])
2163
2164 params = hostapd.wpa2_params(ssid="dpp-legacy",
2165 passphrase="secret passphrase")
2166 if sae_only:
2167 params['wpa_key_mgmt'] = 'SAE'
2168 params['ieee80211w'] = '2'
2169 elif psk_sae:
2170 params['wpa_key_mgmt'] = 'WPA-PSK SAE'
2171 params['ieee80211w'] = '1'
2172 params['sae_require_mfp'] = '1'
2173
2174 hapd = hostapd.add_ap(apdev[0], params)
2175
2176 dev[0].set("dpp_config_processing", "2")
2177 addr = dev[0].own_addr().replace(':', '')
2178 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
2179 res = dev[0].request(cmd)
2180 if "FAIL" in res:
2181 raise Exception("Failed to generate bootstrapping info")
2182 id0 = int(res)
2183 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2184
2185 id1 = dev[1].dpp_qr_code(uri0)
2186
2187 cmd = "DPP_LISTEN 2412"
2188 if "OK" not in dev[0].request(cmd):
2189 raise Exception("Failed to start listen operation")
2190
2191 cmd = "DPP_AUTH_INIT peer=%d conf=%s ssid=%s pass=%s" % (id1, conf,
2192 binascii.hexlify(b"dpp-legacy").decode(),
2193 binascii.hexlify(b"secret passphrase").decode())
2194 if "OK" not in dev[1].request(cmd):
2195 raise Exception("Failed to initiate DPP Authentication")
2196 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=10)
2197 if ev is None:
2198 raise Exception("DPP configuration not completed (Configurator)")
2199 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=2)
2200 if ev is None:
2201 raise Exception("DPP configuration not completed (Enrollee)")
2202 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
2203 if ev is None:
2204 raise Exception("DPP network profile not generated")
2205 id = ev.split(' ')[1]
2206
2207 dev[0].wait_connected()
2208
2209 def test_dpp_auto_connect_legacy_pmf_required(dev, apdev):
2210 """DPP and auto connect (legacy, PMF required)"""
2211 try:
2212 run_dpp_auto_connect_legacy_pmf_required(dev, apdev)
2213 finally:
2214 dev[0].set("dpp_config_processing", "0")
2215
2216 def run_dpp_auto_connect_legacy_pmf_required(dev, apdev):
2217 check_dpp_capab(dev[0])
2218 check_dpp_capab(dev[1])
2219
2220 params = hostapd.wpa2_params(ssid="dpp-legacy",
2221 passphrase="secret passphrase")
2222 params['wpa_key_mgmt'] = "WPA-PSK-SHA256"
2223 params['ieee80211w'] = "2"
2224 hapd = hostapd.add_ap(apdev[0], params)
2225
2226 dev[0].set("dpp_config_processing", "2")
2227 addr = dev[0].own_addr().replace(':', '')
2228 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
2229 res = dev[0].request(cmd)
2230 if "FAIL" in res:
2231 raise Exception("Failed to generate bootstrapping info")
2232 id0 = int(res)
2233 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2234
2235 id1 = dev[1].dpp_qr_code(uri0)
2236
2237 cmd = "DPP_LISTEN 2412"
2238 if "OK" not in dev[0].request(cmd):
2239 raise Exception("Failed to start listen operation")
2240
2241 cmd = "DPP_AUTH_INIT peer=%d conf=sta-psk ssid=%s pass=%s" % (id1,
2242 binascii.hexlify(b"dpp-legacy").decode(),
2243 binascii.hexlify(b"secret passphrase").decode())
2244 if "OK" not in dev[1].request(cmd):
2245 raise Exception("Failed to initiate DPP Authentication")
2246 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=10)
2247 if ev is None:
2248 raise Exception("DPP configuration not completed (Configurator)")
2249 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=2)
2250 if ev is None:
2251 raise Exception("DPP configuration not completed (Enrollee)")
2252 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
2253 if ev is None:
2254 raise Exception("DPP network profile not generated")
2255 id = ev.split(' ')[1]
2256
2257 dev[0].wait_connected()
2258
2259 def test_dpp_qr_code_auth_responder_configurator(dev, apdev):
2260 """DPP QR Code and responder as the configurator"""
2261 run_dpp_qr_code_auth_responder_configurator(dev, apdev, "")
2262
2263 def test_dpp_qr_code_auth_responder_configurator_group_id(dev, apdev):
2264 """DPP QR Code and responder as the configurator with group_id)"""
2265 run_dpp_qr_code_auth_responder_configurator(dev, apdev,
2266 " group_id=test-group")
2267
2268 def run_dpp_qr_code_auth_responder_configurator(dev, apdev, extra):
2269 check_dpp_capab(dev[0])
2270 check_dpp_capab(dev[1])
2271 cmd = "DPP_CONFIGURATOR_ADD"
2272 res = dev[0].request(cmd)
2273 if "FAIL" in res:
2274 raise Exception("Failed to add configurator")
2275 conf_id = int(res)
2276
2277 addr = dev[0].own_addr().replace(':', '')
2278 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
2279 res = dev[0].request(cmd)
2280 if "FAIL" in res:
2281 raise Exception("Failed to generate bootstrapping info")
2282 id0 = int(res)
2283 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2284
2285 id1 = dev[1].dpp_qr_code(uri0)
2286
2287 dev[0].set("dpp_configurator_params",
2288 " conf=sta-dpp configurator=%d%s" % (conf_id, extra))
2289 cmd = "DPP_LISTEN 2412 role=configurator"
2290 if "OK" not in dev[0].request(cmd):
2291 raise Exception("Failed to start listen operation")
2292 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
2293 if "OK" not in dev[1].request(cmd):
2294 raise Exception("Failed to initiate DPP Authentication")
2295 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2296 if ev is None:
2297 raise Exception("DPP authentication did not succeed (Responder)")
2298 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2299 if ev is None:
2300 raise Exception("DPP authentication did not succeed (Initiator)")
2301 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
2302 if ev is None:
2303 raise Exception("DPP configuration not completed (Configurator)")
2304 ev = dev[1].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2305 if ev is None:
2306 raise Exception("DPP configuration not completed (Enrollee)")
2307 dev[0].request("DPP_STOP_LISTEN")
2308 dev[0].dump_monitor()
2309 dev[1].dump_monitor()
2310
2311 def test_dpp_qr_code_hostapd_init(dev, apdev):
2312 """DPP QR Code and hostapd as initiator"""
2313 check_dpp_capab(dev[0])
2314 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
2315 "channel": "6" })
2316 check_dpp_capab(hapd)
2317
2318 cmd = "DPP_CONFIGURATOR_ADD"
2319 res = dev[0].request(cmd)
2320 if "FAIL" in res:
2321 raise Exception("Failed to add configurator")
2322 conf_id = int(res)
2323
2324 addr = dev[0].own_addr().replace(':', '')
2325 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/6 mac=" + addr
2326 res = dev[0].request(cmd)
2327 if "FAIL" in res:
2328 raise Exception("Failed to generate bootstrapping info")
2329 id0 = int(res)
2330 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2331
2332 dev[0].set("dpp_configurator_params",
2333 " conf=ap-dpp configurator=%d" % conf_id)
2334 cmd = "DPP_LISTEN 2437 role=configurator"
2335 if "OK" not in dev[0].request(cmd):
2336 raise Exception("Failed to start listen operation")
2337
2338 id1 = hapd.dpp_qr_code(uri0)
2339
2340 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
2341 if "OK" not in hapd.request(cmd):
2342 raise Exception("Failed to initiate DPP Authentication")
2343 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2344 if ev is None:
2345 raise Exception("DPP authentication did not succeed (Responder)")
2346 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2347 if ev is None:
2348 raise Exception("DPP authentication did not succeed (Initiator)")
2349 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
2350 if ev is None:
2351 raise Exception("DPP configuration not completed (Configurator)")
2352 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2353 if ev is None:
2354 raise Exception("DPP configuration not completed (Enrollee)")
2355 dev[0].request("DPP_STOP_LISTEN")
2356 dev[0].dump_monitor()
2357
2358 def test_dpp_qr_code_hostapd_init_offchannel(dev, apdev):
2359 """DPP QR Code and hostapd as initiator (offchannel)"""
2360 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, None)
2361
2362 def test_dpp_qr_code_hostapd_init_offchannel_neg_freq(dev, apdev):
2363 """DPP QR Code and hostapd as initiator (offchannel, neg_freq)"""
2364 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, "neg_freq=2437")
2365
2366 def run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, extra):
2367 check_dpp_capab(dev[0])
2368 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
2369 "channel": "6" })
2370 check_dpp_capab(hapd)
2371
2372 cmd = "DPP_CONFIGURATOR_ADD"
2373 res = dev[0].request(cmd)
2374 if "FAIL" in res:
2375 raise Exception("Failed to add configurator")
2376 conf_id = int(res)
2377
2378 addr = dev[0].own_addr().replace(':', '')
2379 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1,81/11 mac=" + addr
2380 res = dev[0].request(cmd)
2381 if "FAIL" in res:
2382 raise Exception("Failed to generate bootstrapping info")
2383 id0 = int(res)
2384 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2385
2386 dev[0].set("dpp_configurator_params",
2387 " conf=ap-dpp configurator=%d" % conf_id)
2388 cmd = "DPP_LISTEN 2462 role=configurator"
2389 if "OK" not in dev[0].request(cmd):
2390 raise Exception("Failed to start listen operation")
2391
2392 id1 = hapd.dpp_qr_code(uri0)
2393
2394 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
2395 if extra:
2396 cmd += " " + extra
2397 if "OK" not in hapd.request(cmd):
2398 raise Exception("Failed to initiate DPP Authentication")
2399 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2400 if ev is None:
2401 raise Exception("DPP authentication did not succeed (Responder)")
2402 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2403 if ev is None:
2404 raise Exception("DPP authentication did not succeed (Initiator)")
2405 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
2406 if ev is None:
2407 raise Exception("DPP configuration not completed (Configurator)")
2408 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2409 if ev is None:
2410 raise Exception("DPP configuration not completed (Enrollee)")
2411 dev[0].request("DPP_STOP_LISTEN")
2412 dev[0].dump_monitor()
2413
2414 def test_dpp_test_vector_p_256(dev, apdev):
2415 """DPP P-256 test vector (mutual auth)"""
2416 check_dpp_capab(dev[0])
2417 check_dpp_capab(dev[1])
2418
2419 # Responder bootstrapping key
2420 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
2421 addr = dev[0].own_addr().replace(':', '')
2422 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=30310201010420" + priv + "a00a06082a8648ce3d030107"
2423 res = dev[0].request(cmd)
2424 if "FAIL" in res:
2425 raise Exception("Failed to generate bootstrapping info")
2426 id0 = int(res)
2427 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2428
2429 # Responder protocol keypair override
2430 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
2431 dev[0].set("dpp_protocol_key_override",
2432 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2433
2434 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
2435
2436 # Initiator bootstrapping key
2437 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
2438 cmd = "DPP_BOOTSTRAP_GEN type=qrcode key=30310201010420" + priv + "a00a06082a8648ce3d030107"
2439 res = dev[1].request(cmd)
2440 if "FAIL" in res:
2441 raise Exception("Failed to generate bootstrapping info")
2442 id1 = int(res)
2443 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2444
2445 # Initiator protocol keypair override
2446 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
2447 dev[1].set("dpp_protocol_key_override",
2448 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2449
2450 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
2451
2452 id1peer = dev[1].dpp_qr_code(uri0)
2453 id0peer = dev[0].dpp_qr_code(uri1)
2454
2455 cmd = "DPP_LISTEN 2462 qr=mutual"
2456 if "OK" not in dev[0].request(cmd):
2457 raise Exception("Failed to start listen operation")
2458
2459 cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
2460 if "OK" not in dev[1].request(cmd):
2461 raise Exception("Failed to initiate operation")
2462
2463 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2464 if ev is None:
2465 raise Exception("DPP authentication did not succeed (Initiator)")
2466 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2467 if ev is None:
2468 raise Exception("DPP authentication did not succeed (Responder)")
2469
2470 def test_dpp_test_vector_p_256_b(dev, apdev):
2471 """DPP P-256 test vector (Responder-only auth)"""
2472 check_dpp_capab(dev[0])
2473 check_dpp_capab(dev[1])
2474
2475 # Responder bootstrapping key
2476 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
2477 addr = dev[0].own_addr().replace(':', '')
2478 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=30310201010420" + priv + "a00a06082a8648ce3d030107"
2479 res = dev[0].request(cmd)
2480 if "FAIL" in res:
2481 raise Exception("Failed to generate bootstrapping info")
2482 id0 = int(res)
2483 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2484
2485 # Responder protocol keypair override
2486 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
2487 dev[0].set("dpp_protocol_key_override",
2488 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2489
2490 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
2491
2492 # Initiator bootstrapping key
2493 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
2494 cmd = "DPP_BOOTSTRAP_GEN type=qrcode key=30310201010420" + priv + "a00a06082a8648ce3d030107"
2495 res = dev[1].request(cmd)
2496 if "FAIL" in res:
2497 raise Exception("Failed to generate bootstrapping info")
2498 id1 = int(res)
2499 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2500
2501 # Initiator protocol keypair override
2502 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
2503 dev[1].set("dpp_protocol_key_override",
2504 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2505
2506 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
2507
2508 id1peer = dev[1].dpp_qr_code(uri0)
2509
2510 cmd = "DPP_LISTEN 2462"
2511 if "OK" not in dev[0].request(cmd):
2512 raise Exception("Failed to start listen operation")
2513
2514 cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
2515 if "OK" not in dev[1].request(cmd):
2516 raise Exception("Failed to initiate operation")
2517
2518 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2519 if ev is None:
2520 raise Exception("DPP authentication did not succeed (Initiator)")
2521 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2522 if ev is None:
2523 raise Exception("DPP authentication did not succeed (Responder)")
2524
2525 def der_priv_key_p_521(priv):
2526 if len(priv) != 2 * 66:
2527 raise Exception("Unexpected der_priv_key_p_521 parameter: " + priv)
2528 der_prefix = "3081500201010442"
2529 der_postfix = "a00706052b81040023"
2530 return der_prefix + priv + der_postfix
2531
2532 def test_dpp_test_vector_p_521(dev, apdev):
2533 """DPP P-521 test vector (mutual auth)"""
2534 check_dpp_capab(dev[0])
2535 check_dpp_capab(dev[1])
2536
2537 # Responder bootstrapping key
2538 priv = "0061e54f518cdf859735da3dd64c6f72c2f086f41a6fd52915152ea2fe0f24ddaecd8883730c9c9fd82cf7c043a41021696388cf5190b731dd83638bcd56d8b6c743"
2539 addr = dev[0].own_addr().replace(':', '')
2540 #cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=" + der_prefix + priv + der_postfix
2541 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=" + der_priv_key_p_521(priv)
2542 res = dev[0].request(cmd)
2543 if "FAIL" in res:
2544 raise Exception("Failed to generate bootstrapping info")
2545 id0 = int(res)
2546 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2547
2548 # Responder protocol keypair override
2549 priv = "01d8b7b17cd1b0a33f7c66fb4220999329cdaf4f8b44b2ffadde8ab8ed8abffa9f5358c5b1caae26709ca4fb78e52a4d08f2e4f24111a36a6f440d20a0000ff51597"
2550 dev[0].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
2551
2552 dev[0].set("dpp_nonce_override",
2553 "d749a782012eb0a8595af30b2dfc8d0880d004ebddb55ecc5afbdef18c400e01")
2554
2555 # Initiator bootstrapping key
2556 priv = "0060c10df14af5ef27f6e362d31bdd9eeb44be77a323ba64b08f3f03d58b92cbfe05c182a91660caa081ca344243c47b5aa088bcdf738840eb35f0218b9f26881e02"
2557 cmd = "DPP_BOOTSTRAP_GEN type=qrcode key=" + der_priv_key_p_521(priv)
2558 res = dev[1].request(cmd)
2559 if "FAIL" in res:
2560 raise Exception("Failed to generate bootstrapping info")
2561 id1 = int(res)
2562 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2563
2564 # Initiator protocol keypair override
2565 priv = "019c1c08caaeec38fb931894699b095bc3ab8c1ec7ef0622d2e3eba821477c8c6fca41774f21166ad98aebda37c067d9aa08a8a2e1b5c44c61f2bae02a61f85d9661"
2566 dev[1].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
2567
2568 dev[1].set("dpp_nonce_override",
2569 "de972af3847bec3ba2aedd9f5c21cfdec7bf0bc5fe8b276cbcd0267807fb15b0")
2570
2571 id1peer = dev[1].dpp_qr_code(uri0)
2572 id0peer = dev[0].dpp_qr_code(uri1)
2573
2574 cmd = "DPP_LISTEN 2462 qr=mutual"
2575 if "OK" not in dev[0].request(cmd):
2576 raise Exception("Failed to start listen operation")
2577
2578 cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
2579 if "OK" not in dev[1].request(cmd):
2580 raise Exception("Failed to initiate operation")
2581
2582 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2583 if ev is None:
2584 raise Exception("DPP authentication did not succeed (Initiator)")
2585 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2586 if ev is None:
2587 raise Exception("DPP authentication did not succeed (Responder)")
2588
2589 def test_dpp_pkex(dev, apdev):
2590 """DPP and PKEX"""
2591 run_dpp_pkex(dev, apdev)
2592
2593 def test_dpp_pkex_p256(dev, apdev):
2594 """DPP and PKEX (P-256)"""
2595 run_dpp_pkex(dev, apdev, "P-256")
2596
2597 def test_dpp_pkex_p384(dev, apdev):
2598 """DPP and PKEX (P-384)"""
2599 run_dpp_pkex(dev, apdev, "P-384")
2600
2601 def test_dpp_pkex_p521(dev, apdev):
2602 """DPP and PKEX (P-521)"""
2603 run_dpp_pkex(dev, apdev, "P-521")
2604
2605 def test_dpp_pkex_bp256(dev, apdev):
2606 """DPP and PKEX (BP-256)"""
2607 run_dpp_pkex(dev, apdev, "brainpoolP256r1")
2608
2609 def test_dpp_pkex_bp384(dev, apdev):
2610 """DPP and PKEX (BP-384)"""
2611 run_dpp_pkex(dev, apdev, "brainpoolP384r1")
2612
2613 def test_dpp_pkex_bp512(dev, apdev):
2614 """DPP and PKEX (BP-512)"""
2615 run_dpp_pkex(dev, apdev, "brainpoolP512r1")
2616
2617 def test_dpp_pkex_config(dev, apdev):
2618 """DPP and PKEX with initiator as the configurator"""
2619 check_dpp_capab(dev[1])
2620
2621 cmd = "DPP_CONFIGURATOR_ADD"
2622 res = dev[1].request(cmd)
2623 if "FAIL" in res:
2624 raise Exception("Failed to add configurator")
2625 conf_id = int(res)
2626
2627 run_dpp_pkex(dev, apdev,
2628 init_extra="conf=sta-dpp configurator=%d" % (conf_id),
2629 check_config=True)
2630
2631 def test_dpp_pkex_no_identifier(dev, apdev):
2632 """DPP and PKEX without identifier"""
2633 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r=None)
2634
2635 def test_dpp_pkex_identifier_mismatch(dev, apdev):
2636 """DPP and PKEX with different identifiers"""
2637 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r="bar",
2638 expect_no_resp=True)
2639
2640 def test_dpp_pkex_identifier_mismatch2(dev, apdev):
2641 """DPP and PKEX with initiator using identifier and the responder not"""
2642 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r=None,
2643 expect_no_resp=True)
2644
2645 def test_dpp_pkex_identifier_mismatch3(dev, apdev):
2646 """DPP and PKEX with responder using identifier and the initiator not"""
2647 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r="bar",
2648 expect_no_resp=True)
2649
2650 def run_dpp_pkex(dev, apdev, curve=None, init_extra="", check_config=False,
2651 identifier_i="test", identifier_r="test",
2652 expect_no_resp=False):
2653 check_dpp_capab(dev[0], curve and "brainpool" in curve)
2654 check_dpp_capab(dev[1], curve and "brainpool" in curve)
2655
2656 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
2657 if curve:
2658 cmd += " curve=" + curve
2659 res = dev[0].request(cmd)
2660 if "FAIL" in res:
2661 raise Exception("Failed to generate bootstrapping info")
2662 id0 = int(res)
2663
2664 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
2665 if curve:
2666 cmd += " curve=" + curve
2667 res = dev[1].request(cmd)
2668 if "FAIL" in res:
2669 raise Exception("Failed to generate bootstrapping info")
2670 id1 = int(res)
2671
2672 identifier = " identifier=" + identifier_r if identifier_r else ""
2673 cmd = "DPP_PKEX_ADD own=%d%s code=secret" % (id0, identifier)
2674 res = dev[0].request(cmd)
2675 if "FAIL" in res:
2676 raise Exception("Failed to set PKEX data (responder)")
2677 cmd = "DPP_LISTEN 2437"
2678 if "OK" not in dev[0].request(cmd):
2679 raise Exception("Failed to start listen operation")
2680
2681 identifier = " identifier=" + identifier_i if identifier_i else ""
2682 cmd = "DPP_PKEX_ADD own=%d%s init=1 %s code=secret" % (id1, identifier,
2683 init_extra)
2684 res = dev[1].request(cmd)
2685 if "FAIL" in res:
2686 raise Exception("Failed to set PKEX data (initiator)")
2687
2688 if expect_no_resp:
2689 ev = dev[0].wait_event(["DPP-RX"], timeout=10)
2690 if ev is None:
2691 raise Exception("DPP PKEX frame not received")
2692 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=1)
2693 if ev is not None:
2694 raise Exception("DPP authentication succeeded")
2695 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=0.1)
2696 if ev is not None:
2697 raise Exception("DPP authentication succeeded")
2698 return
2699
2700 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2701 if ev is None:
2702 raise Exception("DPP authentication did not succeed (Initiator)")
2703 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2704 if ev is None:
2705 raise Exception("DPP authentication did not succeed (Responder)")
2706
2707 if check_config:
2708 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
2709 if ev is None:
2710 raise Exception("DPP configuration not completed (Configurator)")
2711 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2712 if ev is None:
2713 raise Exception("DPP configuration not completed (Enrollee)")
2714
2715 def test_dpp_pkex_5ghz(dev, apdev):
2716 """DPP and PKEX on 5 GHz"""
2717 try:
2718 dev[0].request("SET country US")
2719 dev[1].request("SET country US")
2720 ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
2721 if ev is None:
2722 ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"],
2723 timeout=1)
2724 run_dpp_pkex_5ghz(dev, apdev)
2725 finally:
2726 dev[0].request("SET country 00")
2727 dev[1].request("SET country 00")
2728 subprocess.call(['iw', 'reg', 'set', '00'])
2729 time.sleep(0.1)
2730
2731 def run_dpp_pkex_5ghz(dev, apdev):
2732 check_dpp_capab(dev[0])
2733 check_dpp_capab(dev[1])
2734
2735 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
2736 res = dev[0].request(cmd)
2737 if "FAIL" in res:
2738 raise Exception("Failed to generate bootstrapping info")
2739 id0 = int(res)
2740
2741 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
2742 res = dev[1].request(cmd)
2743 if "FAIL" in res:
2744 raise Exception("Failed to generate bootstrapping info")
2745 id1 = int(res)
2746
2747 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2748 res = dev[0].request(cmd)
2749 if "FAIL" in res:
2750 raise Exception("Failed to set PKEX data (responder)")
2751 cmd = "DPP_LISTEN 5745"
2752 if "OK" not in dev[0].request(cmd):
2753 raise Exception("Failed to start listen operation")
2754
2755 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % (id1)
2756 res = dev[1].request(cmd)
2757 if "FAIL" in res:
2758 raise Exception("Failed to set PKEX data (initiator)")
2759
2760 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout=20)
2761 if ev is None or "DPP-AUTH-SUCCESS" not in ev:
2762 raise Exception("DPP authentication did not succeed (Initiator)")
2763 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2764 if ev is None:
2765 raise Exception("DPP authentication did not succeed (Responder)")
2766
2767 def test_dpp_pkex_test_vector(dev, apdev):
2768 """DPP and PKEX (P-256) test vector"""
2769 check_dpp_capab(dev[0])
2770 check_dpp_capab(dev[1])
2771
2772 init_addr = "ac:64:91:f4:52:07"
2773 resp_addr = "6e:5e:ce:6e:f3:dd"
2774
2775 identifier = "joes_key"
2776 code = "thisisreallysecret"
2777
2778 # Initiator bootstrapping private key
2779 init_priv = "5941b51acfc702cdc1c347264beb2920db88eb1a0bf03a211868b1632233c269"
2780
2781 # Responder bootstrapping private key
2782 resp_priv = "2ae8956293f49986b6d0b8169a86805d9232babb5f6813fdfe96f19d59536c60"
2783
2784 # Initiator x/X keypair override
2785 init_x_priv = "8365c5ed93d751bef2d92b410dc6adfd95670889183fac1bd66759ad85c3187a"
2786
2787 # Responder y/Y keypair override
2788 resp_y_priv = "d98faa24d7dd3f592665d71a95c862bfd02c4c48acb0c515a41cbc6e929675ea"
2789
2790 p256_prefix = "30310201010420"
2791 p256_postfix = "a00a06082a8648ce3d030107"
2792
2793 dev[0].set("dpp_pkex_own_mac_override", resp_addr)
2794 dev[0].set("dpp_pkex_peer_mac_override", init_addr)
2795 dev[1].set("dpp_pkex_own_mac_override", init_addr)
2796 dev[1].set("dpp_pkex_peer_mac_override", resp_addr)
2797
2798 # Responder bootstrapping key
2799 cmd = "DPP_BOOTSTRAP_GEN type=pkex key=" + p256_prefix + resp_priv + p256_postfix
2800 res = dev[0].request(cmd)
2801 if "FAIL" in res:
2802 raise Exception("Failed to generate bootstrapping info")
2803 id0 = int(res)
2804
2805 # Responder y/Y keypair override
2806 dev[0].set("dpp_pkex_ephemeral_key_override",
2807 p256_prefix + resp_y_priv + p256_postfix)
2808
2809 # Initiator bootstrapping key
2810 cmd = "DPP_BOOTSTRAP_GEN type=pkex key=" + p256_prefix + init_priv + p256_postfix
2811 res = dev[1].request(cmd)
2812 if "FAIL" in res:
2813 raise Exception("Failed to generate bootstrapping info")
2814 id1 = int(res)
2815
2816 # Initiator x/X keypair override
2817 dev[1].set("dpp_pkex_ephemeral_key_override",
2818 p256_prefix + init_x_priv + p256_postfix)
2819
2820 cmd = "DPP_PKEX_ADD own=%d identifier=%s code=%s" % (id0, identifier, code)
2821 res = dev[0].request(cmd)
2822 if "FAIL" in res:
2823 raise Exception("Failed to set PKEX data (responder)")
2824 cmd = "DPP_LISTEN 2437"
2825 if "OK" not in dev[0].request(cmd):
2826 raise Exception("Failed to start listen operation")
2827
2828 cmd = "DPP_PKEX_ADD own=%d identifier=%s init=1 code=%s" % (id1, identifier, code)
2829 res = dev[1].request(cmd)
2830 if "FAIL" in res:
2831 raise Exception("Failed to set PKEX data (initiator)")
2832
2833 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2834 if ev is None:
2835 raise Exception("DPP authentication did not succeed (Initiator)")
2836 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2837 if ev is None:
2838 raise Exception("DPP authentication did not succeed (Responder)")
2839
2840 def test_dpp_pkex_code_mismatch(dev, apdev):
2841 """DPP and PKEX with mismatching code"""
2842 check_dpp_capab(dev[0])
2843 check_dpp_capab(dev[1])
2844
2845 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
2846 res = dev[0].request(cmd)
2847 if "FAIL" in res:
2848 raise Exception("Failed to generate bootstrapping info")
2849 id0 = int(res)
2850
2851 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
2852 res = dev[1].request(cmd)
2853 if "FAIL" in res:
2854 raise Exception("Failed to generate bootstrapping info")
2855 id1 = int(res)
2856
2857 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2858 res = dev[0].request(cmd)
2859 if "FAIL" in res:
2860 raise Exception("Failed to set PKEX data (responder)")
2861 cmd = "DPP_LISTEN 2437"
2862 if "OK" not in dev[0].request(cmd):
2863 raise Exception("Failed to start listen operation")
2864
2865 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=unknown" % id1
2866 res = dev[1].request(cmd)
2867 if "FAIL" in res:
2868 raise Exception("Failed to set PKEX data (initiator)")
2869
2870 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
2871 if ev is None:
2872 raise Exception("Failure not reported")
2873 if "possible PKEX code mismatch" not in ev:
2874 raise Exception("Unexpected result: " + ev)
2875
2876 dev[0].dump_monitor()
2877 dev[1].dump_monitor()
2878
2879 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
2880 res = dev[1].request(cmd)
2881 if "FAIL" in res:
2882 raise Exception("Failed to set PKEX data (initiator, retry)")
2883
2884 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2885 if ev is None:
2886 raise Exception("DPP authentication did not succeed (Initiator, retry)")
2887 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2888 if ev is None:
2889 raise Exception("DPP authentication did not succeed (Responder, retry)")
2890
2891 def test_dpp_pkex_code_mismatch_limit(dev, apdev):
2892 """DPP and PKEX with mismatching code limit"""
2893 check_dpp_capab(dev[0])
2894 check_dpp_capab(dev[1])
2895
2896 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
2897 res = dev[0].request(cmd)
2898 if "FAIL" in res:
2899 raise Exception("Failed to generate bootstrapping info")
2900 id0 = int(res)
2901
2902 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
2903 res = dev[1].request(cmd)
2904 if "FAIL" in res:
2905 raise Exception("Failed to generate bootstrapping info")
2906 id1 = int(res)
2907
2908 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2909 res = dev[0].request(cmd)
2910 if "FAIL" in res:
2911 raise Exception("Failed to set PKEX data (responder)")
2912 cmd = "DPP_LISTEN 2437"
2913 if "OK" not in dev[0].request(cmd):
2914 raise Exception("Failed to start listen operation")
2915
2916 for i in range(5):
2917 dev[0].dump_monitor()
2918 dev[1].dump_monitor()
2919 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=unknown" % id1
2920 res = dev[1].request(cmd)
2921 if "FAIL" in res:
2922 raise Exception("Failed to set PKEX data (initiator)")
2923
2924 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
2925 if ev is None:
2926 raise Exception("Failure not reported")
2927 if "possible PKEX code mismatch" not in ev:
2928 raise Exception("Unexpected result: " + ev)
2929
2930 ev = dev[0].wait_event(["DPP-PKEX-T-LIMIT"], timeout=1)
2931 if ev is None:
2932 raise Exception("PKEX t limit not reported")
2933
2934 def test_dpp_pkex_curve_mismatch(dev, apdev):
2935 """DPP and PKEX with mismatching curve"""
2936 check_dpp_capab(dev[0])
2937 check_dpp_capab(dev[1])
2938
2939 cmd = "DPP_BOOTSTRAP_GEN type=pkex curve=P-256"
2940 res = dev[0].request(cmd)
2941 if "FAIL" in res:
2942 raise Exception("Failed to generate bootstrapping info")
2943 id0 = int(res)
2944
2945 cmd = "DPP_BOOTSTRAP_GEN type=pkex curve=P-384"
2946 res = dev[1].request(cmd)
2947 if "FAIL" in res:
2948 raise Exception("Failed to generate bootstrapping info")
2949 id1 = int(res)
2950
2951 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2952 res = dev[0].request(cmd)
2953 if "FAIL" in res:
2954 raise Exception("Failed to set PKEX data (responder)")
2955 cmd = "DPP_LISTEN 2437"
2956 if "OK" not in dev[0].request(cmd):
2957 raise Exception("Failed to start listen operation")
2958
2959 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
2960 res = dev[1].request(cmd)
2961 if "FAIL" in res:
2962 raise Exception("Failed to set PKEX data (initiator)")
2963
2964 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
2965 if ev is None:
2966 raise Exception("Failure not reported (dev 0)")
2967 if "Mismatching PKEX curve: peer=20 own=19" not in ev:
2968 raise Exception("Unexpected result: " + ev)
2969
2970 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2971 if ev is None:
2972 raise Exception("Failure not reported (dev 1)")
2973 if "Peer indicated mismatching PKEX group - proposed 19" not in ev:
2974 raise Exception("Unexpected result: " + ev)
2975
2976 def test_dpp_pkex_curve_mismatch_failure(dev, apdev):
2977 """DPP and PKEX with mismatching curve (local failure)"""
2978 run_dpp_pkex_curve_mismatch_failure(dev, apdev, "=dpp_pkex_rx_exchange_req")
2979
2980 def test_dpp_pkex_curve_mismatch_failure2(dev, apdev):
2981 """DPP and PKEX with mismatching curve (local failure 2)"""
2982 run_dpp_pkex_curve_mismatch_failure(dev, apdev,
2983 "dpp_pkex_build_exchange_resp")
2984
2985 def run_dpp_pkex_curve_mismatch_failure(dev, apdev, func):
2986 check_dpp_capab(dev[0])
2987 check_dpp_capab(dev[1])
2988
2989 cmd = "DPP_BOOTSTRAP_GEN type=pkex curve=P-256"
2990 res = dev[0].request(cmd)
2991 if "FAIL" in res:
2992 raise Exception("Failed to generate bootstrapping info")
2993 id0 = int(res)
2994
2995 cmd = "DPP_BOOTSTRAP_GEN type=pkex curve=P-384"
2996 res = dev[1].request(cmd)
2997 if "FAIL" in res:
2998 raise Exception("Failed to generate bootstrapping info")
2999 id1 = int(res)
3000
3001 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
3002 res = dev[0].request(cmd)
3003 if "FAIL" in res:
3004 raise Exception("Failed to set PKEX data (responder)")
3005 cmd = "DPP_LISTEN 2437"
3006 if "OK" not in dev[0].request(cmd):
3007 raise Exception("Failed to start listen operation")
3008
3009 with alloc_fail(dev[0], 1, func):
3010 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
3011 res = dev[1].request(cmd)
3012 if "FAIL" in res:
3013 raise Exception("Failed to set PKEX data (initiator)")
3014
3015 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3016 if ev is None:
3017 raise Exception("Failure not reported (dev 0)")
3018 if "Mismatching PKEX curve: peer=20 own=19" not in ev:
3019 raise Exception("Unexpected result: " + ev)
3020
3021 def test_dpp_pkex_exchange_resp_processing_failure(dev, apdev):
3022 """DPP and PKEX with local failure in processing Exchange Resp"""
3023 check_dpp_capab(dev[0])
3024 check_dpp_capab(dev[1])
3025
3026 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3027 res = dev[0].request(cmd)
3028 if "FAIL" in res:
3029 raise Exception("Failed to generate bootstrapping info")
3030 id0 = int(res)
3031
3032 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3033 res = dev[1].request(cmd)
3034 if "FAIL" in res:
3035 raise Exception("Failed to generate bootstrapping info")
3036 id1 = int(res)
3037
3038 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
3039 res = dev[0].request(cmd)
3040 if "FAIL" in res:
3041 raise Exception("Failed to set PKEX data (responder)")
3042 cmd = "DPP_LISTEN 2437"
3043 if "OK" not in dev[0].request(cmd):
3044 raise Exception("Failed to start listen operation")
3045
3046 with fail_test(dev[1], 1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_resp"):
3047 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
3048 res = dev[1].request(cmd)
3049 if "FAIL" in res:
3050 raise Exception("Failed to set PKEX data (initiator)")
3051 wait_fail_trigger(dev[1], "GET_FAIL")
3052
3053 def test_dpp_pkex_commit_reveal_req_processing_failure(dev, apdev):
3054 """DPP and PKEX with local failure in processing Commit Reveal Req"""
3055 check_dpp_capab(dev[0])
3056 check_dpp_capab(dev[1])
3057
3058 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3059 res = dev[0].request(cmd)
3060 if "FAIL" in res:
3061 raise Exception("Failed to generate bootstrapping info")
3062 id0 = int(res)
3063
3064 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3065 res = dev[1].request(cmd)
3066 if "FAIL" in res:
3067 raise Exception("Failed to generate bootstrapping info")
3068 id1 = int(res)
3069
3070 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
3071 res = dev[0].request(cmd)
3072 if "FAIL" in res:
3073 raise Exception("Failed to set PKEX data (responder)")
3074 cmd = "DPP_LISTEN 2437"
3075 if "OK" not in dev[0].request(cmd):
3076 raise Exception("Failed to start listen operation")
3077
3078 with alloc_fail(dev[0], 1,
3079 "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"):
3080 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
3081 res = dev[1].request(cmd)
3082 if "FAIL" in res:
3083 raise Exception("Failed to set PKEX data (initiator)")
3084 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
3085
3086 def test_dpp_pkex_config2(dev, apdev):
3087 """DPP and PKEX with responder as the configurator"""
3088 check_dpp_capab(dev[0])
3089
3090 cmd = "DPP_CONFIGURATOR_ADD"
3091 res = dev[0].request(cmd)
3092 if "FAIL" in res:
3093 raise Exception("Failed to add configurator")
3094 conf_id = int(res)
3095
3096 dev[0].set("dpp_configurator_params",
3097 " conf=sta-dpp configurator=%d" % conf_id)
3098 run_dpp_pkex2(dev, apdev)
3099
3100 def run_dpp_pkex2(dev, apdev, curve=None, init_extra=""):
3101 check_dpp_capab(dev[0])
3102 check_dpp_capab(dev[1])
3103
3104 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3105 if curve:
3106 cmd += " curve=" + curve
3107 res = dev[0].request(cmd)
3108 if "FAIL" in res:
3109 raise Exception("Failed to generate bootstrapping info")
3110 id0 = int(res)
3111
3112 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3113 if curve:
3114 cmd += " curve=" + curve
3115 res = dev[1].request(cmd)
3116 if "FAIL" in res:
3117 raise Exception("Failed to generate bootstrapping info")
3118 id1 = int(res)
3119
3120 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
3121 res = dev[0].request(cmd)
3122 if "FAIL" in res:
3123 raise Exception("Failed to set PKEX data (responder)")
3124 cmd = "DPP_LISTEN 2437 role=configurator"
3125 if "OK" not in dev[0].request(cmd):
3126 raise Exception("Failed to start listen operation")
3127
3128 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 role=enrollee %s code=secret" % (id1, init_extra)
3129 res = dev[1].request(cmd)
3130 if "FAIL" in res:
3131 raise Exception("Failed to set PKEX data (initiator)")
3132
3133 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3134 if ev is None:
3135 raise Exception("DPP authentication did not succeed (Initiator)")
3136 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3137 if ev is None:
3138 raise Exception("DPP authentication did not succeed (Responder)")
3139
3140 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
3141 if ev is None:
3142 raise Exception("DPP configuration not completed (Configurator)")
3143 ev = dev[1].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3144 if ev is None:
3145 raise Exception("DPP configuration not completed (Enrollee)")
3146
3147 def test_dpp_pkex_no_responder(dev, apdev):
3148 """DPP and PKEX with no responder (retry behavior)"""
3149 check_dpp_capab(dev[0])
3150
3151 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3152 res = dev[0].request(cmd)
3153 if "FAIL" in res:
3154 raise Exception("Failed to generate bootstrapping info")
3155 id0 = int(res)
3156
3157 cmd = "DPP_PKEX_ADD own=%d init=1 identifier=test code=secret" % (id0)
3158 res = dev[0].request(cmd)
3159 if "FAIL" in res:
3160 raise Exception("Failed to set PKEX data (initiator)")
3161
3162 for i in range(15):
3163 ev = dev[0].wait_event(["DPP-TX ", "DPP-FAIL"], timeout=5)
3164 if ev is None:
3165 raise Exception("DPP PKEX failure not reported")
3166 if "DPP-FAIL" not in ev:
3167 continue
3168 if "No response from PKEX peer" not in ev:
3169 raise Exception("Unexpected failure reason: " + ev)
3170 break
3171
3172 def test_dpp_pkex_after_retry(dev, apdev):
3173 """DPP and PKEX completing after retry"""
3174 check_dpp_capab(dev[0])
3175
3176 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3177 res = dev[0].request(cmd)
3178 if "FAIL" in res:
3179 raise Exception("Failed to generate bootstrapping info")
3180 id0 = int(res)
3181
3182 cmd = "DPP_PKEX_ADD own=%d init=1 identifier=test code=secret" % (id0)
3183 res = dev[0].request(cmd)
3184 if "FAIL" in res:
3185 raise Exception("Failed to set PKEX data (initiator)")
3186
3187 time.sleep(0.1)
3188 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3189 res = dev[1].request(cmd)
3190 if "FAIL" in res:
3191 raise Exception("Failed to generate bootstrapping info")
3192 id1 = int(res)
3193
3194 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
3195 res = dev[1].request(cmd)
3196 if "FAIL" in res:
3197 raise Exception("Failed to set PKEX data (responder)")
3198 cmd = "DPP_LISTEN 2437"
3199 if "OK" not in dev[1].request(cmd):
3200 raise Exception("Failed to start listen operation")
3201
3202 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=10)
3203 if ev is None:
3204 raise Exception("DPP authentication did not succeed (Responder)")
3205 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3206 if ev is None:
3207 raise Exception("DPP authentication did not succeed (Initiator)")
3208 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
3209 if ev is None:
3210 raise Exception("DPP configuration not completed (Configurator)")
3211 # Ignore Enrollee result since configurator was not set here
3212
3213 def test_dpp_pkex_hostapd_responder(dev, apdev):
3214 """DPP PKEX with hostapd as responder"""
3215 check_dpp_capab(dev[0])
3216 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
3217 "channel": "6" })
3218 check_dpp_capab(hapd)
3219
3220 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3221 res = hapd.request(cmd)
3222 if "FAIL" in res:
3223 raise Exception("Failed to generate bootstrapping info (hostapd)")
3224 id_h = int(res)
3225
3226 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id_h)
3227 res = hapd.request(cmd)
3228 if "FAIL" in res:
3229 raise Exception("Failed to set PKEX data (responder/hostapd)")
3230
3231 cmd = "DPP_CONFIGURATOR_ADD"
3232 res = dev[0].request(cmd)
3233 if "FAIL" in res:
3234 raise Exception("Failed to add configurator")
3235 conf_id = int(res)
3236
3237 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3238 res = dev[0].request(cmd)
3239 if "FAIL" in res:
3240 raise Exception("Failed to generate bootstrapping info (wpa_supplicant)")
3241 id0 = int(res)
3242
3243 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=ap-dpp configurator=%d code=secret" % (id0, conf_id)
3244 res = dev[0].request(cmd)
3245 if "FAIL" in res:
3246 raise Exception("Failed to set PKEX data (initiator/wpa_supplicant)")
3247
3248 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3249 if ev is None:
3250 raise Exception("DPP authentication did not succeed (Initiator)")
3251 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3252 if ev is None:
3253 raise Exception("DPP authentication did not succeed (Responder)")
3254 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
3255 if ev is None:
3256 raise Exception("DPP configuration not completed (Configurator)")
3257 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3258 if ev is None:
3259 raise Exception("DPP configuration not completed (Enrollee)")
3260 dev[0].request("DPP_STOP_LISTEN")
3261 dev[0].dump_monitor()
3262
3263 def test_dpp_pkex_hostapd_initiator(dev, apdev):
3264 """DPP PKEX with hostapd as initiator"""
3265 check_dpp_capab(dev[0])
3266 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
3267 "channel": "6" })
3268 check_dpp_capab(hapd)
3269
3270 cmd = "DPP_CONFIGURATOR_ADD"
3271 res = dev[0].request(cmd)
3272 if "FAIL" in res:
3273 raise Exception("Failed to add configurator")
3274 conf_id = int(res)
3275
3276 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3277 res = dev[0].request(cmd)
3278 if "FAIL" in res:
3279 raise Exception("Failed to generate bootstrapping info (wpa_supplicant)")
3280 id0 = int(res)
3281
3282 dev[0].set("dpp_configurator_params",
3283 " conf=ap-dpp configurator=%d" % conf_id)
3284
3285 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
3286 res = dev[0].request(cmd)
3287 if "FAIL" in res:
3288 raise Exception("Failed to set PKEX data (responder/wpa_supplicant)")
3289
3290 cmd = "DPP_LISTEN 2437 role=configurator"
3291 if "OK" not in dev[0].request(cmd):
3292 raise Exception("Failed to start listen operation")
3293
3294 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3295 res = hapd.request(cmd)
3296 if "FAIL" in res:
3297 raise Exception("Failed to generate bootstrapping info (hostapd)")
3298 id_h = int(res)
3299
3300 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 role=enrollee code=secret" % (id_h)
3301 res = hapd.request(cmd)
3302 if "FAIL" in res:
3303 raise Exception("Failed to set PKEX data (initiator/hostapd)")
3304
3305 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3306 if ev is None:
3307 raise Exception("DPP authentication did not succeed (Initiator)")
3308 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3309 if ev is None:
3310 raise Exception("DPP authentication did not succeed (Responder)")
3311 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
3312 if ev is None:
3313 raise Exception("DPP configuration not completed (Configurator)")
3314 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3315 if ev is None:
3316 raise Exception("DPP configuration not completed (Enrollee)")
3317 dev[0].request("DPP_STOP_LISTEN")
3318 dev[0].dump_monitor()
3319
3320 def test_dpp_hostapd_configurator(dev, apdev):
3321 """DPP with hostapd as configurator/initiator"""
3322 check_dpp_capab(dev[0])
3323 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
3324 "channel": "1" })
3325 check_dpp_capab(hapd)
3326
3327 cmd = "DPP_CONFIGURATOR_ADD"
3328 res = hapd.request(cmd)
3329 if "FAIL" in res:
3330 raise Exception("Failed to add configurator")
3331 conf_id = int(res)
3332
3333 addr = dev[0].own_addr().replace(':', '')
3334 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
3335 res = dev[0].request(cmd)
3336 if "FAIL" in res:
3337 raise Exception("Failed to generate bootstrapping info")
3338 id0 = int(res)
3339 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3340
3341 id1 = hapd.dpp_qr_code(uri0)
3342
3343 res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id0)
3344 if "FAIL" in res:
3345 raise Exception("DPP_BOOTSTRAP_INFO failed")
3346 if "type=QRCODE" not in res:
3347 raise Exception("DPP_BOOTSTRAP_INFO did not report correct type")
3348 if "mac_addr=" + dev[0].own_addr() not in res:
3349 raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr")
3350
3351 cmd = "DPP_LISTEN 2412"
3352 if "OK" not in dev[0].request(cmd):
3353 raise Exception("Failed to start listen operation")
3354 cmd = "DPP_AUTH_INIT peer=%d configurator=%d conf=sta-dpp" % (id1, conf_id)
3355 if "OK" not in hapd.request(cmd):
3356 raise Exception("Failed to initiate DPP Authentication")
3357
3358 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3359 if ev is None:
3360 raise Exception("DPP authentication did not succeed (Responder)")
3361 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3362 if ev is None:
3363 raise Exception("DPP authentication did not succeed (Initiator)")
3364 ev = hapd.wait_event(["DPP-CONF-SENT"], timeout=5)
3365 if ev is None:
3366 raise Exception("DPP configuration not completed (Configurator)")
3367 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3368 if ev is None:
3369 raise Exception("DPP configuration not completed (Enrollee)")
3370 dev[0].request("DPP_STOP_LISTEN")
3371 dev[0].dump_monitor()
3372
3373 def test_dpp_hostapd_configurator_responder(dev, apdev):
3374 """DPP with hostapd as configurator/responder"""
3375 check_dpp_capab(dev[0])
3376 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
3377 "channel": "1" })
3378 check_dpp_capab(hapd)
3379
3380 cmd = "DPP_CONFIGURATOR_ADD"
3381 res = hapd.request(cmd)
3382 if "FAIL" in res:
3383 raise Exception("Failed to add configurator")
3384 conf_id = int(res)
3385
3386 hapd.set("dpp_configurator_params",
3387 " conf=sta-dpp configurator=%d" % conf_id)
3388
3389 addr = hapd.own_addr().replace(':', '')
3390 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
3391 res = hapd.request(cmd)
3392 if "FAIL" in res:
3393 raise Exception("Failed to generate bootstrapping info")
3394 id0 = int(res)
3395 uri0 = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3396
3397 id1 = dev[0].dpp_qr_code(uri0)
3398
3399 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % (id1)
3400 if "OK" not in dev[0].request(cmd):
3401 raise Exception("Failed to initiate DPP Authentication")
3402
3403 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3404 if ev is None:
3405 raise Exception("DPP authentication did not succeed (Responder)")
3406 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3407 if ev is None:
3408 raise Exception("DPP authentication did not succeed (Initiator)")
3409 ev = hapd.wait_event(["DPP-CONF-SENT"], timeout=5)
3410 if ev is None:
3411 raise Exception("DPP configuration not completed (Configurator)")
3412 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3413 if ev is None:
3414 raise Exception("DPP configuration not completed (Enrollee)")
3415 dev[0].request("DPP_STOP_LISTEN")
3416 dev[0].dump_monitor()
3417
3418 def test_dpp_own_config(dev, apdev):
3419 """DPP configurator signing own connector"""
3420 try:
3421 run_dpp_own_config(dev, apdev)
3422 finally:
3423 dev[0].set("dpp_config_processing", "0")
3424
3425 def test_dpp_own_config_group_id(dev, apdev):
3426 """DPP configurator signing own connector"""
3427 try:
3428 run_dpp_own_config(dev, apdev, extra=" group_id=test-group")
3429 finally:
3430 dev[0].set("dpp_config_processing", "0")
3431
3432 def test_dpp_own_config_curve_mismatch(dev, apdev):
3433 """DPP configurator signing own connector using mismatching curve"""
3434 try:
3435 run_dpp_own_config(dev, apdev, own_curve="BP-384", expect_failure=True)
3436 finally:
3437 dev[0].set("dpp_config_processing", "0")
3438
3439 def run_dpp_own_config(dev, apdev, own_curve=None, expect_failure=False,
3440 extra=""):
3441 check_dpp_capab(dev[0], own_curve and "BP" in own_curve)
3442 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
3443 check_dpp_capab(hapd)
3444
3445 addr = hapd.own_addr().replace(':', '')
3446 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
3447 res = hapd.request(cmd)
3448 if "FAIL" in res:
3449 raise Exception("Failed to generate bootstrapping info")
3450 id_h = int(res)
3451 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
3452
3453 cmd = "DPP_CONFIGURATOR_ADD"
3454 res = dev[0].request(cmd)
3455 if "FAIL" in res:
3456 raise Exception("Failed to add configurator")
3457 conf_id = int(res)
3458
3459 id = dev[0].dpp_qr_code(uri)
3460
3461 cmd = "DPP_AUTH_INIT peer=%d conf=ap-dpp configurator=%d%s" % (id, conf_id, extra)
3462 if "OK" not in dev[0].request(cmd):
3463 raise Exception("Failed to initiate DPP Authentication")
3464 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3465 if ev is None:
3466 raise Exception("DPP authentication did not succeed (Responder)")
3467 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3468 if ev is None:
3469 raise Exception("DPP authentication did not succeed (Initiator)")
3470 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
3471 if ev is None:
3472 raise Exception("DPP configuration not completed (Configurator)")
3473 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3474 if ev is None:
3475 raise Exception("DPP configuration not completed (Enrollee)")
3476
3477 update_hapd_config(hapd)
3478
3479 dev[0].set("dpp_config_processing", "1")
3480 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d%s" % (conf_id, extra)
3481 if own_curve:
3482 cmd += " curve=" + own_curve
3483 res = dev[0].request(cmd)
3484 if "FAIL" in res:
3485 raise Exception("Failed to generate own configuration")
3486
3487 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
3488 if ev is None:
3489 raise Exception("DPP network profile not generated")
3490 id = ev.split(' ')[1]
3491 dev[0].select_network(id, freq="2412")
3492 if expect_failure:
3493 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
3494 if ev is not None:
3495 raise Exception("Unexpected connection")
3496 dev[0].request("DISCONNECT")
3497 else:
3498 dev[0].wait_connected()
3499
3500 def test_dpp_own_config_ap(dev, apdev):
3501 """DPP configurator (AP) signing own connector"""
3502 try:
3503 run_dpp_own_config_ap(dev, apdev)
3504 finally:
3505 dev[0].set("dpp_config_processing", "0")
3506
3507 def test_dpp_own_config_ap_group_id(dev, apdev):
3508 """DPP configurator (AP) signing own connector (group_id)"""
3509 try:
3510 run_dpp_own_config_ap(dev, apdev, extra=" group_id=test-group")
3511 finally:
3512 dev[0].set("dpp_config_processing", "0")
3513
3514 def test_dpp_own_config_ap_reconf(dev, apdev):
3515 """DPP configurator (AP) signing own connector and configurator reconf"""
3516 try:
3517 run_dpp_own_config_ap(dev, apdev)
3518 finally:
3519 dev[0].set("dpp_config_processing", "0")
3520
3521 def run_dpp_own_config_ap(dev, apdev, reconf_configurator=False, extra=""):
3522 check_dpp_capab(dev[0])
3523 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
3524 check_dpp_capab(hapd)
3525
3526 cmd = "DPP_CONFIGURATOR_ADD"
3527 res = hapd.request(cmd)
3528 if "FAIL" in res:
3529 raise Exception("Failed to add configurator")
3530 conf_id = int(res)
3531
3532 if reconf_configurator:
3533 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
3534 if "FAIL" in csign or len(csign) == 0:
3535 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
3536
3537 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d%s" % (conf_id, extra)
3538 res = hapd.request(cmd)
3539 if "FAIL" in res:
3540 raise Exception("Failed to generate own configuration")
3541 update_hapd_config(hapd)
3542
3543 if reconf_configurator:
3544 res = hapd.request("DPP_CONFIGURATOR_REMOVE %d" % conf_id)
3545 if "OK" not in res:
3546 raise Exception("DPP_CONFIGURATOR_REMOVE failed")
3547 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
3548 res = hapd.request(cmd)
3549 if "FAIL" in res:
3550 raise Exception("Failed to add configurator (reconf)")
3551 conf_id = int(res)
3552
3553 addr = dev[0].own_addr().replace(':', '')
3554 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
3555 res = dev[0].request(cmd)
3556 if "FAIL" in res:
3557 raise Exception("Failed to generate bootstrapping info")
3558 id = int(res)
3559 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
3560
3561 id = hapd.dpp_qr_code(uri)
3562
3563 dev[0].set("dpp_config_processing", "2")
3564 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
3565 raise Exception("Failed to start listen operation")
3566 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d%s" % (id, conf_id, extra)
3567 if "OK" not in hapd.request(cmd):
3568 raise Exception("Failed to initiate DPP Authentication")
3569 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3570 if ev is None:
3571 raise Exception("DPP authentication did not succeed (Initiator)")
3572 ev = hapd.wait_event(["DPP-CONF-SENT"], timeout=5)
3573 if ev is None:
3574 raise Exception("DPP configuration not completed (Configurator)")
3575 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
3576 if ev is None:
3577 raise Exception("DPP configuration not completed (Enrollee)")
3578 if "DPP-CONF-RECEIVED" not in ev:
3579 raise Exception("DPP configuration failed (Enrollee)")
3580
3581 dev[0].wait_connected()
3582
3583 def test_dpp_intro_mismatch(dev, apdev):
3584 """DPP network introduction mismatch cases"""
3585 try:
3586 wpas = None
3587 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
3588 wpas.interface_add("wlan5")
3589 check_dpp_capab(wpas)
3590 run_dpp_intro_mismatch(dev, apdev, wpas)
3591 finally:
3592 dev[0].set("dpp_config_processing", "0")
3593 dev[2].set("dpp_config_processing", "0")
3594 if wpas:
3595 wpas.set("dpp_config_processing", "0")
3596
3597 def run_dpp_intro_mismatch(dev, apdev, wpas):
3598 check_dpp_capab(dev[0])
3599 check_dpp_capab(dev[1])
3600 check_dpp_capab(dev[2])
3601
3602 logger.info("Start AP in unconfigured state")
3603 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
3604 check_dpp_capab(hapd)
3605
3606 addr = hapd.own_addr().replace(':', '')
3607 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
3608 res = hapd.request(cmd)
3609 if "FAIL" in res:
3610 raise Exception("Failed to generate bootstrapping info")
3611 id_h = int(res)
3612 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
3613
3614 logger.info("Provision AP with DPP configuration")
3615 res = dev[1].request("DPP_CONFIGURATOR_ADD")
3616 if "FAIL" in res:
3617 raise Exception("Failed to add configurator")
3618 conf_id = int(res)
3619
3620 id = dev[1].dpp_qr_code(uri)
3621
3622 dev[1].set("dpp_groups_override", '[{"groupId":"a","netRole":"ap"}]')
3623 cmd = "DPP_AUTH_INIT peer=%d conf=ap-dpp configurator=%d" % (id, conf_id)
3624 if "OK" not in dev[1].request(cmd):
3625 raise Exception("Failed to initiate DPP Authentication")
3626 update_hapd_config(hapd)
3627
3628 logger.info("Provision STA0 with DPP Connector that has mismatching groupId")
3629 dev[0].set("dpp_config_processing", "2")
3630 addr = dev[0].own_addr().replace(':', '')
3631 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
3632 res = dev[0].request(cmd)
3633 if "FAIL" in res:
3634 raise Exception("Failed to generate bootstrapping info")
3635 id0 = int(res)
3636 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3637
3638 id1 = dev[1].dpp_qr_code(uri0)
3639
3640 cmd = "DPP_LISTEN 2412"
3641 if "OK" not in dev[0].request(cmd):
3642 raise Exception("Failed to start listen operation")
3643
3644 dev[1].set("dpp_groups_override", '[{"groupId":"b","netRole":"sta"}]')
3645 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
3646 if "OK" not in dev[1].request(cmd):
3647 raise Exception("Failed to initiate DPP Authentication")
3648 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
3649 if ev is None:
3650 raise Exception("DPP configuration not completed (Configurator for STA0)")
3651 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3652 if ev is None:
3653 raise Exception("DPP configuration not completed (Enrollee STA0)")
3654
3655 logger.info("Provision STA2 with DPP Connector that has mismatching C-sign-key")
3656 dev[2].set("dpp_config_processing", "2")
3657 addr = dev[2].own_addr().replace(':', '')
3658 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
3659 res = dev[2].request(cmd)
3660 if "FAIL" in res:
3661 raise Exception("Failed to generate bootstrapping info")
3662 id2 = int(res)
3663 uri2 = dev[2].request("DPP_BOOTSTRAP_GET_URI %d" % id2)
3664
3665 id1 = dev[1].dpp_qr_code(uri2)
3666
3667 cmd = "DPP_LISTEN 2412"
3668 if "OK" not in dev[2].request(cmd):
3669 raise Exception("Failed to start listen operation")
3670
3671 res = dev[1].request("DPP_CONFIGURATOR_ADD")
3672 if "FAIL" in res:
3673 raise Exception("Failed to add configurator")
3674 conf_id_2 = int(res)
3675 dev[1].set("dpp_groups_override", '')
3676 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id_2)
3677 if "OK" not in dev[1].request(cmd):
3678 raise Exception("Failed to initiate DPP Authentication")
3679 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
3680 if ev is None:
3681 raise Exception("DPP configuration not completed (Configurator for STA2)")
3682 ev = dev[2].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3683 if ev is None:
3684 raise Exception("DPP configuration not completed (Enrollee STA2)")
3685
3686 logger.info("Provision STA5 with DPP Connector that has mismatching netAccessKey EC group")
3687 wpas.set("dpp_config_processing", "2")
3688 addr = wpas.own_addr().replace(':', '')
3689 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
3690 cmd += " curve=P-521"
3691 res = wpas.request(cmd)
3692 if "FAIL" in res:
3693 raise Exception("Failed to generate bootstrapping info")
3694 id5 = int(res)
3695 uri5 = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id5)
3696
3697 id1 = dev[1].dpp_qr_code(uri5)
3698
3699 cmd = "DPP_LISTEN 2412"
3700 if "OK" not in wpas.request(cmd):
3701 raise Exception("Failed to start listen operation")
3702
3703 dev[1].set("dpp_groups_override", '')
3704 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
3705 if "OK" not in dev[1].request(cmd):
3706 raise Exception("Failed to initiate DPP Authentication")
3707 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
3708 if ev is None:
3709 raise Exception("DPP configuration not completed (Configurator for STA0)")
3710 ev = wpas.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3711 if ev is None:
3712 raise Exception("DPP configuration not completed (Enrollee STA5)")
3713
3714 logger.info("Verify network introduction results")
3715 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
3716 if ev is None:
3717 raise Exception("DPP network introduction result not seen on STA0")
3718 if "status=8" not in ev:
3719 raise Exception("Unexpected network introduction result on STA0: " + ev)
3720
3721 ev = dev[2].wait_event(["DPP-INTRO"], timeout=5)
3722 if ev is None:
3723 raise Exception("DPP network introduction result not seen on STA2")
3724 if "status=8" not in ev:
3725 raise Exception("Unexpected network introduction result on STA2: " + ev)
3726
3727 ev = wpas.wait_event(["DPP-INTRO"], timeout=10)
3728 if ev is None:
3729 raise Exception("DPP network introduction result not seen on STA5")
3730 if "status=7" not in ev:
3731 raise Exception("Unexpected network introduction result on STA5: " + ev)
3732
3733 def run_dpp_proto_init(dev, test_dev, test, mutual=False, unicast=True,
3734 listen=True, chan="81/1", init_enrollee=False,
3735 incompatible_roles=False):
3736 check_dpp_capab(dev[0])
3737 check_dpp_capab(dev[1])
3738 dev[test_dev].set("dpp_test", str(test))
3739
3740 cmd = "DPP_CONFIGURATOR_ADD"
3741 if init_enrollee:
3742 res = dev[0].request(cmd)
3743 else:
3744 res = dev[1].request(cmd)
3745 if "FAIL" in res:
3746 raise Exception("Failed to add configurator")
3747 conf_id = int(res)
3748
3749 addr = dev[0].own_addr().replace(':', '')
3750 cmd = "DPP_BOOTSTRAP_GEN type=qrcode"
3751 if chan:
3752 cmd += " chan=" + chan
3753 if unicast:
3754 cmd += " mac=" + addr
3755 res = dev[0].request(cmd)
3756 if "FAIL" in res:
3757 raise Exception("Failed to generate bootstrapping info")
3758 id0 = int(res)
3759 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3760
3761 id1 = dev[1].dpp_qr_code(uri0)
3762
3763 if mutual:
3764 addr = dev[1].own_addr().replace(':', '')
3765 res = dev[1].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
3766 if "FAIL" in res:
3767 raise Exception("Failed to generate bootstrapping info")
3768 id1b = int(res)
3769 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
3770
3771 id0b = dev[0].dpp_qr_code(uri1b)
3772
3773 cmd = "DPP_LISTEN 2412 qr=mutual"
3774 else:
3775 cmd = "DPP_LISTEN 2412"
3776
3777 if init_enrollee:
3778 if incompatible_roles:
3779 cmd += " role=enrollee"
3780 else:
3781 cmd += " role=configurator"
3782 dev[0].set("dpp_configurator_params",
3783 " conf=sta-dpp configurator=%d" % conf_id)
3784 elif incompatible_roles:
3785 cmd += " role=enrollee"
3786
3787 if listen:
3788 if "OK" not in dev[0].request(cmd):
3789 raise Exception("Failed to start listen operation")
3790
3791 if init_enrollee:
3792 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % (id1)
3793 else:
3794 cmd = "DPP_AUTH_INIT peer=%d configurator=%d conf=sta-dpp" % (id1, conf_id)
3795 if incompatible_roles:
3796 cmd += " role=enrollee"
3797 if mutual:
3798 cmd += " own=%d" % id1b
3799 if "OK" not in dev[1].request(cmd):
3800 raise Exception("Failed to initiate DPP Authentication")
3801
3802 def test_dpp_proto_after_wrapped_data_auth_req(dev, apdev):
3803 """DPP protocol testing - attribute after Wrapped Data in Auth Req"""
3804 run_dpp_proto_init(dev, 1, 1)
3805 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3806 if ev is None:
3807 raise Exception("DPP Authentication Request not seen")
3808 if "type=0" not in ev or "ignore=invalid-attributes" not in ev:
3809 raise Exception("Unexpected RX info: " + ev)
3810 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
3811 if ev is not None:
3812 raise Exception("Unexpected DPP message seen")
3813
3814 def test_dpp_auth_req_stop_after_ack(dev, apdev):
3815 """DPP initiator stopping after ACK, but no response"""
3816 run_dpp_proto_init(dev, 1, 1, listen=True)
3817 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3818 if ev is None:
3819 raise Exception("Authentication failure not reported")
3820
3821 def test_dpp_auth_req_retries(dev, apdev):
3822 """DPP initiator retries with no ACK"""
3823 check_dpp_capab(dev[1])
3824 dev[1].set("dpp_init_max_tries", "3")
3825 dev[1].set("dpp_init_retry_time", "1000")
3826 dev[1].set("dpp_resp_wait_time", "100")
3827 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False)
3828
3829 for i in range(3):
3830 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3831 if ev is None:
3832 raise Exception("Auth Req not sent (%d)" % i)
3833
3834 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3835 if ev is None:
3836 raise Exception("Authentication failure not reported")
3837
3838 def test_dpp_auth_req_retries_multi_chan(dev, apdev):
3839 """DPP initiator retries with no ACK and multiple channels"""
3840 check_dpp_capab(dev[1])
3841 dev[1].set("dpp_init_max_tries", "3")
3842 dev[1].set("dpp_init_retry_time", "1000")
3843 dev[1].set("dpp_resp_wait_time", "100")
3844 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False,
3845 chan="81/1,81/6,81/11")
3846
3847 for i in range(3 * 3):
3848 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3849 if ev is None:
3850 raise Exception("Auth Req not sent (%d)" % i)
3851
3852 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3853 if ev is None:
3854 raise Exception("Authentication failure not reported")
3855
3856 def test_dpp_proto_after_wrapped_data_auth_resp(dev, apdev):
3857 """DPP protocol testing - attribute after Wrapped Data in Auth Resp"""
3858 run_dpp_proto_init(dev, 0, 2)
3859 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
3860 if ev is None:
3861 raise Exception("DPP Authentication Response not seen")
3862 if "type=1" not in ev or "ignore=invalid-attributes" not in ev:
3863 raise Exception("Unexpected RX info: " + ev)
3864 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
3865 if ev is None or "type=0" not in ev:
3866 raise Exception("DPP Authentication Request not seen")
3867 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
3868 if ev is not None:
3869 raise Exception("Unexpected DPP message seen")
3870
3871 def test_dpp_proto_after_wrapped_data_auth_conf(dev, apdev):
3872 """DPP protocol testing - attribute after Wrapped Data in Auth Conf"""
3873 run_dpp_proto_init(dev, 1, 3)
3874 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3875 if ev is None or "type=0" not in ev:
3876 raise Exception("DPP Authentication Request not seen")
3877 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3878 if ev is None:
3879 raise Exception("DPP Authentication Confirm not seen")
3880 if "type=2" not in ev or "ignore=invalid-attributes" not in ev:
3881 raise Exception("Unexpected RX info: " + ev)
3882
3883 def test_dpp_proto_after_wrapped_data_conf_req(dev, apdev):
3884 """DPP protocol testing - attribute after Wrapped Data in Conf Req"""
3885 run_dpp_proto_init(dev, 0, 6)
3886 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=10)
3887 if ev is None:
3888 raise Exception("DPP Configuration failure not seen")
3889
3890 def test_dpp_proto_after_wrapped_data_conf_resp(dev, apdev):
3891 """DPP protocol testing - attribute after Wrapped Data in Conf Resp"""
3892 run_dpp_proto_init(dev, 1, 7)
3893 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=10)
3894 if ev is None:
3895 raise Exception("DPP Configuration failure not seen")
3896
3897 def test_dpp_proto_zero_i_capab(dev, apdev):
3898 """DPP protocol testing - zero I-capability in Auth Req"""
3899 run_dpp_proto_init(dev, 1, 8)
3900 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3901 if ev is None:
3902 raise Exception("DPP failure not seen")
3903 if "Invalid role in I-capabilities 0x00" not in ev:
3904 raise Exception("Unexpected failure: " + ev)
3905 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
3906 if ev is not None:
3907 raise Exception("Unexpected DPP message seen")
3908
3909 def test_dpp_proto_zero_r_capab(dev, apdev):
3910 """DPP protocol testing - zero R-capability in Auth Resp"""
3911 run_dpp_proto_init(dev, 0, 9)
3912 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
3913 if ev is None:
3914 raise Exception("DPP failure not seen")
3915 if "Unexpected role in R-capabilities 0x00" not in ev:
3916 raise Exception("Unexpected failure: " + ev)
3917 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
3918 if ev is None or "type=0" not in ev:
3919 raise Exception("DPP Authentication Request not seen")
3920 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
3921 if ev is not None:
3922 raise Exception("Unexpected DPP message seen")
3923
3924 def run_dpp_proto_auth_req_missing(dev, test, reason, mutual=False):
3925 run_dpp_proto_init(dev, 1, test, mutual=mutual)
3926 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3927 if ev is None:
3928 raise Exception("DPP failure not seen")
3929 if reason not in ev:
3930 raise Exception("Unexpected failure: " + ev)
3931 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
3932 if ev is not None:
3933 raise Exception("Unexpected DPP message seen")
3934
3935 def test_dpp_proto_auth_req_no_r_bootstrap_key(dev, apdev):
3936 """DPP protocol testing - no R-bootstrap key in Auth Req"""
3937 run_dpp_proto_auth_req_missing(dev, 10, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
3938
3939 def test_dpp_proto_auth_req_invalid_r_bootstrap_key(dev, apdev):
3940 """DPP protocol testing - invalid R-bootstrap key in Auth Req"""
3941 run_dpp_proto_auth_req_missing(dev, 68, "No matching own bootstrapping key found - ignore message")
3942
3943 def test_dpp_proto_auth_req_no_i_bootstrap_key(dev, apdev):
3944 """DPP protocol testing - no I-bootstrap key in Auth Req"""
3945 run_dpp_proto_auth_req_missing(dev, 11, "Missing or invalid required Initiator Bootstrapping Key Hash attribute")
3946
3947 def test_dpp_proto_auth_req_invalid_i_bootstrap_key(dev, apdev):
3948 """DPP protocol testing - invalid I-bootstrap key in Auth Req"""
3949 run_dpp_proto_init(dev, 1, 69, mutual=True)
3950 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
3951 if ev is None:
3952 raise Exception("DPP scan request not seen")
3953 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
3954 if ev is None:
3955 raise Exception("DPP response pending indivation not seen")
3956
3957 def test_dpp_proto_auth_req_no_i_proto_key(dev, apdev):
3958 """DPP protocol testing - no I-proto key in Auth Req"""
3959 run_dpp_proto_auth_req_missing(dev, 12, "Missing required Initiator Protocol Key attribute")
3960
3961 def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
3962 """DPP protocol testing - invalid I-proto key in Auth Req"""
3963 run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
3964
3965 def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
3966 """DPP protocol testing - no I-nonce in Auth Req"""
3967 run_dpp_proto_auth_req_missing(dev, 13, "Missing or invalid I-nonce")
3968
3969 def test_dpp_proto_auth_req_invalid_i_nonce(dev, apdev):
3970 """DPP protocol testing - invalid I-nonce in Auth Req"""
3971 run_dpp_proto_auth_req_missing(dev, 81, "Missing or invalid I-nonce")
3972
3973 def test_dpp_proto_auth_req_no_i_capab(dev, apdev):
3974 """DPP protocol testing - no I-capab in Auth Req"""
3975 run_dpp_proto_auth_req_missing(dev, 14, "Missing or invalid I-capab")
3976
3977 def test_dpp_proto_auth_req_no_wrapped_data(dev, apdev):
3978 """DPP protocol testing - no Wrapped Data in Auth Req"""
3979 run_dpp_proto_auth_req_missing(dev, 15, "Missing or invalid required Wrapped Data attribute")
3980
3981 def run_dpp_proto_auth_resp_missing(dev, test, reason,
3982 incompatible_roles=False):
3983 run_dpp_proto_init(dev, 0, test, mutual=True,
3984 incompatible_roles=incompatible_roles)
3985 if reason is None:
3986 time.sleep(0.1)
3987 return
3988 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
3989 if ev is None:
3990 raise Exception("DPP failure not seen")
3991 if reason not in ev:
3992 raise Exception("Unexpected failure: " + ev)
3993 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
3994 if ev is None or "type=0" not in ev:
3995 raise Exception("DPP Authentication Request not seen")
3996 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
3997 if ev is not None:
3998 raise Exception("Unexpected DPP message seen")
3999
4000 def test_dpp_proto_auth_resp_no_status(dev, apdev):
4001 """DPP protocol testing - no Status in Auth Resp"""
4002 run_dpp_proto_auth_resp_missing(dev, 16, "Missing or invalid required DPP Status attribute")
4003
4004 def test_dpp_proto_auth_resp_status_no_status(dev, apdev):
4005 """DPP protocol testing - no Status in Auth Resp(status)"""
4006 run_dpp_proto_auth_resp_missing(dev, 16,
4007 "Missing or invalid required DPP Status attribute",
4008 incompatible_roles=True)
4009
4010 def test_dpp_proto_auth_resp_invalid_status(dev, apdev):
4011 """DPP protocol testing - invalid Status in Auth Resp"""
4012 run_dpp_proto_auth_resp_missing(dev, 74, "Responder reported failure")
4013
4014 def test_dpp_proto_auth_resp_no_r_bootstrap_key(dev, apdev):
4015 """DPP protocol testing - no R-bootstrap key in Auth Resp"""
4016 run_dpp_proto_auth_resp_missing(dev, 17, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
4017
4018 def test_dpp_proto_auth_resp_status_no_r_bootstrap_key(dev, apdev):
4019 """DPP protocol testing - no R-bootstrap key in Auth Resp(status)"""
4020 run_dpp_proto_auth_resp_missing(dev, 17,
4021 "Missing or invalid required Responder Bootstrapping Key Hash attribute",
4022 incompatible_roles=True)
4023
4024 def test_dpp_proto_auth_resp_invalid_r_bootstrap_key(dev, apdev):
4025 """DPP protocol testing - invalid R-bootstrap key in Auth Resp"""
4026 run_dpp_proto_auth_resp_missing(dev, 70, "Unexpected Responder Bootstrapping Key Hash value")
4027
4028 def test_dpp_proto_auth_resp_status_invalid_r_bootstrap_key(dev, apdev):
4029 """DPP protocol testing - invalid R-bootstrap key in Auth Resp(status)"""
4030 run_dpp_proto_auth_resp_missing(dev, 70,
4031 "Unexpected Responder Bootstrapping Key Hash value",
4032 incompatible_roles=True)
4033
4034 def test_dpp_proto_auth_resp_no_i_bootstrap_key(dev, apdev):
4035 """DPP protocol testing - no I-bootstrap key in Auth Resp"""
4036 run_dpp_proto_auth_resp_missing(dev, 18, None)
4037
4038 def test_dpp_proto_auth_resp_status_no_i_bootstrap_key(dev, apdev):
4039 """DPP protocol testing - no I-bootstrap key in Auth Resp(status)"""
4040 run_dpp_proto_auth_resp_missing(dev, 18, None, incompatible_roles=True)
4041
4042 def test_dpp_proto_auth_resp_invalid_i_bootstrap_key(dev, apdev):
4043 """DPP protocol testing - invalid I-bootstrap key in Auth Resp"""
4044 run_dpp_proto_auth_resp_missing(dev, 71, "Initiator Bootstrapping Key Hash attribute did not match")
4045
4046 def test_dpp_proto_auth_resp_status_invalid_i_bootstrap_key(dev, apdev):
4047 """DPP protocol testing - invalid I-bootstrap key in Auth Resp(status)"""
4048 run_dpp_proto_auth_resp_missing(dev, 71,
4049 "Initiator Bootstrapping Key Hash attribute did not match",
4050 incompatible_roles=True)
4051
4052 def test_dpp_proto_auth_resp_no_r_proto_key(dev, apdev):
4053 """DPP protocol testing - no R-Proto Key in Auth Resp"""
4054 run_dpp_proto_auth_resp_missing(dev, 19, "Missing required Responder Protocol Key attribute")
4055
4056 def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
4057 """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
4058 run_dpp_proto_auth_resp_missing(dev, 67, "Invalid Responder Protocol Key")
4059
4060 def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
4061 """DPP protocol testing - no R-nonce in Auth Resp"""
4062 run_dpp_proto_auth_resp_missing(dev, 20, "Missing or invalid R-nonce")
4063
4064 def test_dpp_proto_auth_resp_no_i_nonce(dev, apdev):
4065 """DPP protocol testing - no I-nonce in Auth Resp"""
4066 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce")
4067
4068 def test_dpp_proto_auth_resp_status_no_i_nonce(dev, apdev):
4069 """DPP protocol testing - no I-nonce in Auth Resp(status)"""
4070 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce",
4071 incompatible_roles=True)
4072
4073 def test_dpp_proto_auth_resp_no_r_capab(dev, apdev):
4074 """DPP protocol testing - no R-capab in Auth Resp"""
4075 run_dpp_proto_auth_resp_missing(dev, 22, "Missing or invalid R-capabilities")
4076
4077 def test_dpp_proto_auth_resp_no_r_auth(dev, apdev):
4078 """DPP protocol testing - no R-auth in Auth Resp"""
4079 run_dpp_proto_auth_resp_missing(dev, 23, "Missing or invalid Secondary Wrapped Data")
4080
4081 def test_dpp_proto_auth_resp_no_wrapped_data(dev, apdev):
4082 """DPP protocol testing - no Wrapped Data in Auth Resp"""
4083 run_dpp_proto_auth_resp_missing(dev, 24, "Missing or invalid required Wrapped Data attribute")
4084
4085 def test_dpp_proto_auth_resp_i_nonce_mismatch(dev, apdev):
4086 """DPP protocol testing - I-nonce mismatch in Auth Resp"""
4087 run_dpp_proto_init(dev, 0, 30, mutual=True)
4088 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
4089 if ev is None:
4090 raise Exception("DPP failure not seen")
4091 if "I-nonce mismatch" not in ev:
4092 raise Exception("Unexpected failure: " + ev)
4093 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
4094 if ev is None or "type=0" not in ev:
4095 raise Exception("DPP Authentication Request not seen")
4096 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
4097 if ev is not None:
4098 raise Exception("Unexpected DPP message seen")
4099
4100 def test_dpp_proto_auth_resp_incompatible_r_capab(dev, apdev):
4101 """DPP protocol testing - Incompatible R-capab in Auth Resp"""
4102 run_dpp_proto_init(dev, 0, 31, mutual=True)
4103 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
4104 if ev is None:
4105 raise Exception("DPP failure not seen")
4106 if "Unexpected role in R-capabilities 0x02" not in ev:
4107 raise Exception("Unexpected failure: " + ev)
4108 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4109 if ev is None:
4110 raise Exception("DPP failure not seen")
4111 if "Peer reported incompatible R-capab role" not in ev:
4112 raise Exception("Unexpected failure: " + ev)
4113
4114 def test_dpp_proto_auth_resp_r_auth_mismatch(dev, apdev):
4115 """DPP protocol testing - R-auth mismatch in Auth Resp"""
4116 run_dpp_proto_init(dev, 0, 32, mutual=True)
4117 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
4118 if ev is None:
4119 raise Exception("DPP failure not seen")
4120 if "Mismatching Responder Authenticating Tag" not in ev:
4121 raise Exception("Unexpected failure: " + ev)
4122 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4123 if ev is None:
4124 raise Exception("DPP failure not seen")
4125 if "Peer reported authentication failure" not in ev:
4126 raise Exception("Unexpected failure: " + ev)
4127
4128 def test_dpp_proto_auth_resp_r_auth_mismatch_failure(dev, apdev):
4129 """DPP protocol testing - Auth Conf RX processing failure"""
4130 with alloc_fail(dev[0], 1, "dpp_auth_conf_rx_failure"):
4131 run_dpp_proto_init(dev, 0, 32, mutual=True)
4132 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4133 if ev is None:
4134 raise Exception("DPP failure not seen")
4135 if "Authentication failed" not in ev:
4136 raise Exception("Unexpected failure: " + ev)
4137
4138 def test_dpp_proto_auth_resp_r_auth_mismatch_failure2(dev, apdev):
4139 """DPP protocol testing - Auth Conf RX processing failure 2"""
4140 with fail_test(dev[0], 1, "dpp_auth_conf_rx_failure"):
4141 run_dpp_proto_init(dev, 0, 32, mutual=True)
4142 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4143 if ev is None:
4144 raise Exception("DPP failure not seen")
4145 if "AES-SIV decryption failed" not in ev:
4146 raise Exception("Unexpected failure: " + ev)
4147
4148 def run_dpp_proto_auth_conf_missing(dev, test, reason):
4149 run_dpp_proto_init(dev, 1, test, mutual=True)
4150 if reason is None:
4151 time.sleep(0.1)
4152 return
4153 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4154 if ev is None:
4155 raise Exception("DPP failure not seen")
4156 if reason not in ev:
4157 raise Exception("Unexpected failure: " + ev)
4158
4159 def test_dpp_proto_auth_conf_no_status(dev, apdev):
4160 """DPP protocol testing - no Status in Auth Conf"""
4161 run_dpp_proto_auth_conf_missing(dev, 25, "Missing or invalid required DPP Status attribute")
4162
4163 def test_dpp_proto_auth_conf_invalid_status(dev, apdev):
4164 """DPP protocol testing - invalid Status in Auth Conf"""
4165 run_dpp_proto_auth_conf_missing(dev, 75, "Authentication failed")
4166
4167 def test_dpp_proto_auth_conf_no_r_bootstrap_key(dev, apdev):
4168 """DPP protocol testing - no R-bootstrap key in Auth Conf"""
4169 run_dpp_proto_auth_conf_missing(dev, 26, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
4170
4171 def test_dpp_proto_auth_conf_invalid_r_bootstrap_key(dev, apdev):
4172 """DPP protocol testing - invalid R-bootstrap key in Auth Conf"""
4173 run_dpp_proto_auth_conf_missing(dev, 72, "Responder Bootstrapping Key Hash mismatch")
4174
4175 def test_dpp_proto_auth_conf_no_i_bootstrap_key(dev, apdev):
4176 """DPP protocol testing - no I-bootstrap key in Auth Conf"""
4177 run_dpp_proto_auth_conf_missing(dev, 27, "Missing Initiator Bootstrapping Key Hash attribute")
4178
4179 def test_dpp_proto_auth_conf_invalid_i_bootstrap_key(dev, apdev):
4180 """DPP protocol testing - invalid I-bootstrap key in Auth Conf"""
4181 run_dpp_proto_auth_conf_missing(dev, 73, "Initiator Bootstrapping Key Hash mismatch")
4182
4183 def test_dpp_proto_auth_conf_no_i_auth(dev, apdev):
4184 """DPP protocol testing - no I-Auth in Auth Conf"""
4185 run_dpp_proto_auth_conf_missing(dev, 28, "Missing or invalid Initiator Authenticating Tag")
4186
4187 def test_dpp_proto_auth_conf_no_wrapped_data(dev, apdev):
4188 """DPP protocol testing - no Wrapped Data in Auth Conf"""
4189 run_dpp_proto_auth_conf_missing(dev, 29, "Missing or invalid required Wrapped Data attribute")
4190
4191 def test_dpp_proto_auth_conf_i_auth_mismatch(dev, apdev):
4192 """DPP protocol testing - I-auth mismatch in Auth Conf"""
4193 run_dpp_proto_init(dev, 1, 33, mutual=True)
4194 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4195 if ev is None:
4196 raise Exception("DPP failure not seen")
4197 if "Mismatching Initiator Authenticating Tag" not in ev:
4198 raise Excception("Unexpected failure: " + ev)
4199
4200 def test_dpp_proto_auth_conf_replaced_by_resp(dev, apdev):
4201 """DPP protocol testing - Auth Conf replaced by Resp"""
4202 run_dpp_proto_init(dev, 1, 65, mutual=True)
4203 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4204 if ev is None:
4205 raise Exception("DPP failure not seen")
4206 if "Unexpected Authentication Response" not in ev:
4207 raise Excception("Unexpected failure: " + ev)
4208
4209 def run_dpp_proto_conf_req_missing(dev, test, reason):
4210 run_dpp_proto_init(dev, 0, test)
4211 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
4212 if ev is None:
4213 raise Exception("DPP failure not seen")
4214 if reason not in ev:
4215 raise Exception("Unexpected failure: " + ev)
4216
4217 def test_dpp_proto_conf_req_no_e_nonce(dev, apdev):
4218 """DPP protocol testing - no E-nonce in Conf Req"""
4219 run_dpp_proto_conf_req_missing(dev, 51,
4220 "Missing or invalid Enrollee Nonce attribute")
4221
4222 def test_dpp_proto_conf_req_invalid_e_nonce(dev, apdev):
4223 """DPP protocol testing - invalid E-nonce in Conf Req"""
4224 run_dpp_proto_conf_req_missing(dev, 83,
4225 "Missing or invalid Enrollee Nonce attribute")
4226
4227 def test_dpp_proto_conf_req_no_config_attr_obj(dev, apdev):
4228 """DPP protocol testing - no Config Attr Obj in Conf Req"""
4229 run_dpp_proto_conf_req_missing(dev, 52,
4230 "Missing or invalid Config Attributes attribute")
4231
4232 def test_dpp_proto_conf_req_invalid_config_attr_obj(dev, apdev):
4233 """DPP protocol testing - invalid Config Attr Obj in Conf Req"""
4234 run_dpp_proto_conf_req_missing(dev, 76,
4235 "Unsupported wi-fi_tech")
4236
4237 def test_dpp_proto_conf_req_no_wrapped_data(dev, apdev):
4238 """DPP protocol testing - no Wrapped Data in Conf Req"""
4239 run_dpp_proto_conf_req_missing(dev, 53,
4240 "Missing or invalid required Wrapped Data attribute")
4241
4242 def run_dpp_proto_conf_resp_missing(dev, test, reason):
4243 run_dpp_proto_init(dev, 1, test)
4244 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4245 if ev is None:
4246 raise Exception("DPP failure not seen")
4247 if reason not in ev:
4248 raise Exception("Unexpected failure: " + ev)
4249
4250 def test_dpp_proto_conf_resp_no_e_nonce(dev, apdev):
4251 """DPP protocol testing - no E-nonce in Conf Resp"""
4252 run_dpp_proto_conf_resp_missing(dev, 54,
4253 "Missing or invalid Enrollee Nonce attribute")
4254
4255 def test_dpp_proto_conf_resp_no_config_obj(dev, apdev):
4256 """DPP protocol testing - no Config Object in Conf Resp"""
4257 run_dpp_proto_conf_resp_missing(dev, 55,
4258 "Missing required Configuration Object attribute")
4259
4260 def test_dpp_proto_conf_resp_no_status(dev, apdev):
4261 """DPP protocol testing - no Status in Conf Resp"""
4262 run_dpp_proto_conf_resp_missing(dev, 56,
4263 "Missing or invalid required DPP Status attribute")
4264
4265 def test_dpp_proto_conf_resp_no_wrapped_data(dev, apdev):
4266 """DPP protocol testing - no Wrapped Data in Conf Resp"""
4267 run_dpp_proto_conf_resp_missing(dev, 57,
4268 "Missing or invalid required Wrapped Data attribute")
4269
4270 def test_dpp_proto_conf_resp_invalid_status(dev, apdev):
4271 """DPP protocol testing - invalid Status in Conf Resp"""
4272 run_dpp_proto_conf_resp_missing(dev, 58,
4273 "Configurator rejected configuration")
4274
4275 def test_dpp_proto_conf_resp_e_nonce_mismatch(dev, apdev):
4276 """DPP protocol testing - E-nonce mismatch in Conf Resp"""
4277 run_dpp_proto_conf_resp_missing(dev, 59,
4278 "Enrollee Nonce mismatch")
4279
4280 def test_dpp_proto_stop_at_auth_req(dev, apdev):
4281 """DPP protocol testing - stop when receiving Auth Req"""
4282 run_dpp_proto_init(dev, 0, 87)
4283 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
4284 if ev is None:
4285 raise Exception("Authentication init failure not reported")
4286
4287 def test_dpp_proto_stop_at_auth_resp(dev, apdev):
4288 """DPP protocol testing - stop when receiving Auth Resp"""
4289 run_dpp_proto_init(dev, 1, 88)
4290
4291 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4292 if ev is None:
4293 raise Exception("Auth Req TX not seen")
4294
4295 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
4296 if ev is None:
4297 raise Exception("Auth Resp TX not seen")
4298
4299 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
4300 if ev is not None:
4301 raise Exception("Unexpected Auth Conf TX")
4302
4303 def test_dpp_proto_stop_at_auth_conf(dev, apdev):
4304 """DPP protocol testing - stop when receiving Auth Conf"""
4305 run_dpp_proto_init(dev, 0, 89, init_enrollee=True)
4306 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=10)
4307 if ev is None:
4308 raise Exception("Enrollee did not start GAS")
4309 ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=10)
4310 if ev is None:
4311 raise Exception("Enrollee did not time out GAS")
4312 if "result=TIMEOUT" not in ev:
4313 raise Exception("Unexpected GAS result: " + ev)
4314
4315 def test_dpp_proto_stop_at_auth_conf_tx(dev, apdev):
4316 """DPP protocol testing - stop when transmitting Auth Conf (Registrar)"""
4317 run_dpp_proto_init(dev, 1, 89, init_enrollee=True)
4318 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=10)
4319 if ev is None:
4320 raise Exception("Authentication did not succeed (Initiator)")
4321 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
4322 if ev is None:
4323 raise Exception("Authentication did not succeed (Responder)")
4324 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=0.1)
4325 if ev is not None:
4326 raise Exception("Unexpected GAS query")
4327
4328 # There is currently no timeout on GAS server side, so no event to wait for
4329 # in this case.
4330
4331 def test_dpp_proto_stop_at_auth_conf_tx2(dev, apdev):
4332 """DPP protocol testing - stop when transmitting Auth Conf (Enrollee)"""
4333 run_dpp_proto_init(dev, 1, 89)
4334 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=10)
4335 if ev is None:
4336 raise Exception("Authentication did not succeed (Initiator)")
4337 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
4338 if ev is None:
4339 raise Exception("Authentication did not succeed (Responder)")
4340
4341 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
4342 if ev is None or "result=TIMEOUT" not in ev:
4343 raise Exception("GAS query did not time out")
4344
4345 def test_dpp_proto_stop_at_conf_req(dev, apdev):
4346 """DPP protocol testing - stop when receiving Auth Req"""
4347 run_dpp_proto_init(dev, 1, 90)
4348 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=10)
4349 if ev is None:
4350 raise Exception("Enrollee did not start GAS")
4351 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
4352 if ev is None:
4353 raise Exception("Enrollee did not time out GAS")
4354 if "result=TIMEOUT" not in ev:
4355 raise Exception("Unexpected GAS result: " + ev)
4356
4357 def run_dpp_proto_init_pkex(dev, test_dev, test):
4358 check_dpp_capab(dev[0])
4359 check_dpp_capab(dev[1])
4360 dev[test_dev].set("dpp_test", str(test))
4361
4362 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
4363 res = dev[0].request(cmd)
4364 if "FAIL" in res:
4365 raise Exception("Failed to generate bootstrapping info")
4366 id0 = int(res)
4367
4368 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
4369 res = dev[1].request(cmd)
4370 if "FAIL" in res:
4371 raise Exception("Failed to generate bootstrapping info")
4372 id1 = int(res)
4373
4374 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4375 res = dev[0].request(cmd)
4376 if "FAIL" in res:
4377 raise Exception("Failed to set PKEX data (responder)")
4378 cmd = "DPP_LISTEN 2437"
4379 if "OK" not in dev[0].request(cmd):
4380 raise Exception("Failed to start listen operation")
4381
4382 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
4383 res = dev[1].request(cmd)
4384 if "FAIL" in res:
4385 raise Exception("Failed to set PKEX data (initiator)")
4386
4387 def test_dpp_proto_after_wrapped_data_pkex_cr_req(dev, apdev):
4388 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Req"""
4389 run_dpp_proto_init_pkex(dev, 1, 4)
4390 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
4391 if ev is None or "type=7" not in ev:
4392 raise Exception("PKEX Exchange Request not seen")
4393 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
4394 if ev is None or "type=9" not in ev:
4395 raise Exception("PKEX Commit-Reveal Request not seen")
4396 if "ignore=invalid-attributes" not in ev:
4397 raise Exception("Unexpected RX info: " + ev)
4398
4399 def test_dpp_proto_after_wrapped_data_pkex_cr_resp(dev, apdev):
4400 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Resp"""
4401 run_dpp_proto_init_pkex(dev, 0, 5)
4402 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
4403 if ev is None or "type=8" not in ev:
4404 raise Exception("PKEX Exchange Response not seen")
4405 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
4406 if ev is None or "type=10" not in ev:
4407 raise Exception("PKEX Commit-Reveal Response not seen")
4408 if "ignore=invalid-attributes" not in ev:
4409 raise Exception("Unexpected RX info: " + ev)
4410
4411 def run_dpp_proto_pkex_req_missing(dev, test, reason):
4412 run_dpp_proto_init_pkex(dev, 1, test)
4413 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4414 if ev is None:
4415 raise Exception("DPP failure not seen")
4416 if reason not in ev:
4417 raise Exception("Unexpected failure: " + ev)
4418
4419 def run_dpp_proto_pkex_resp_missing(dev, test, reason):
4420 run_dpp_proto_init_pkex(dev, 0, test)
4421 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
4422 if ev is None:
4423 raise Exception("DPP failure not seen")
4424 if reason not in ev:
4425 raise Exception("Unexpected failure: " + ev)
4426
4427 def test_dpp_proto_pkex_exchange_req_no_finite_cyclic_group(dev, apdev):
4428 """DPP protocol testing - no Finite Cyclic Group in PKEX Exchange Request"""
4429 run_dpp_proto_pkex_req_missing(dev, 34,
4430 "Missing or invalid Finite Cyclic Group attribute")
4431
4432 def test_dpp_proto_pkex_exchange_req_no_encrypted_key(dev, apdev):
4433 """DPP protocol testing - no Encrypted Key in PKEX Exchange Request"""
4434 run_dpp_proto_pkex_req_missing(dev, 35,
4435 "Missing Encrypted Key attribute")
4436
4437 def test_dpp_proto_pkex_exchange_resp_no_status(dev, apdev):
4438 """DPP protocol testing - no Status in PKEX Exchange Response"""
4439 run_dpp_proto_pkex_resp_missing(dev, 36, "No DPP Status attribute")
4440
4441 def test_dpp_proto_pkex_exchange_resp_no_encrypted_key(dev, apdev):
4442 """DPP protocol testing - no Encrypted Key in PKEX Exchange Response"""
4443 run_dpp_proto_pkex_resp_missing(dev, 37, "Missing Encrypted Key attribute")
4444
4445 def test_dpp_proto_pkex_cr_req_no_bootstrap_key(dev, apdev):
4446 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Request"""
4447 run_dpp_proto_pkex_req_missing(dev, 38,
4448 "No valid peer bootstrapping key found")
4449
4450 def test_dpp_proto_pkex_cr_req_no_i_auth_tag(dev, apdev):
4451 """DPP protocol testing - no I-Auth Tag in PKEX Commit-Reveal Request"""
4452 run_dpp_proto_pkex_req_missing(dev, 39, "No valid u (I-Auth tag) found")
4453
4454 def test_dpp_proto_pkex_cr_req_no_wrapped_data(dev, apdev):
4455 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Request"""
4456 run_dpp_proto_pkex_req_missing(dev, 40, "Missing or invalid required Wrapped Data attribute")
4457
4458 def test_dpp_proto_pkex_cr_resp_no_bootstrap_key(dev, apdev):
4459 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Response"""
4460 run_dpp_proto_pkex_resp_missing(dev, 41,
4461 "No valid peer bootstrapping key found")
4462
4463 def test_dpp_proto_pkex_cr_resp_no_r_auth_tag(dev, apdev):
4464 """DPP protocol testing - no R-Auth Tag in PKEX Commit-Reveal Response"""
4465 run_dpp_proto_pkex_resp_missing(dev, 42, "No valid v (R-Auth tag) found")
4466
4467 def test_dpp_proto_pkex_cr_resp_no_wrapped_data(dev, apdev):
4468 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Response"""
4469 run_dpp_proto_pkex_resp_missing(dev, 43, "Missing or invalid required Wrapped Data attribute")
4470
4471 def test_dpp_proto_pkex_exchange_req_invalid_encrypted_key(dev, apdev):
4472 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Request"""
4473 run_dpp_proto_pkex_req_missing(dev, 44,
4474 "Invalid Encrypted Key value")
4475
4476 def test_dpp_proto_pkex_exchange_resp_invalid_encrypted_key(dev, apdev):
4477 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Response"""
4478 run_dpp_proto_pkex_resp_missing(dev, 45,
4479 "Invalid Encrypted Key value")
4480
4481 def test_dpp_proto_pkex_exchange_resp_invalid_status(dev, apdev):
4482 """DPP protocol testing - invalid Status in PKEX Exchange Response"""
4483 run_dpp_proto_pkex_resp_missing(dev, 46,
4484 "PKEX failed (peer indicated failure)")
4485
4486 def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
4487 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
4488 run_dpp_proto_pkex_req_missing(dev, 47,
4489 "Peer bootstrapping key is invalid")
4490
4491 def test_dpp_proto_pkex_cr_resp_invalid_bootstrap_key(dev, apdev):
4492 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Response"""
4493 run_dpp_proto_pkex_resp_missing(dev, 48,
4494 "Peer bootstrapping key is invalid")
4495
4496 def test_dpp_proto_pkex_cr_req_i_auth_tag_mismatch(dev, apdev):
4497 """DPP protocol testing - I-auth tag mismatch in PKEX Commit-Reveal Request"""
4498 run_dpp_proto_pkex_req_missing(dev, 49, "No valid u (I-Auth tag) found")
4499
4500 def test_dpp_proto_pkex_cr_resp_r_auth_tag_mismatch(dev, apdev):
4501 """DPP protocol testing - R-auth tag mismatch in PKEX Commit-Reveal Response"""
4502 run_dpp_proto_pkex_resp_missing(dev, 50, "No valid v (R-Auth tag) found")
4503
4504 def test_dpp_proto_stop_at_pkex_exchange_resp(dev, apdev):
4505 """DPP protocol testing - stop when receiving PKEX Exchange Response"""
4506 run_dpp_proto_init_pkex(dev, 1, 84)
4507
4508 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4509 if ev is None:
4510 raise Exception("PKEX Exchange Req TX not seen")
4511
4512 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
4513 if ev is None:
4514 raise Exception("PKEX Exchange Resp not seen")
4515
4516 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
4517 if ev is not None:
4518 raise Exception("Unexpected PKEX CR Req TX")
4519
4520 def test_dpp_proto_stop_at_pkex_cr_req(dev, apdev):
4521 """DPP protocol testing - stop when receiving PKEX CR Request"""
4522 run_dpp_proto_init_pkex(dev, 0, 85)
4523
4524 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4525 if ev is None:
4526 raise Exception("PKEX Exchange Req TX not seen")
4527
4528 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
4529 if ev is None:
4530 raise Exception("PKEX Exchange Resp not seen")
4531
4532 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4533 if ev is None:
4534 raise Exception("PKEX CR Req TX not seen")
4535
4536 ev = dev[0].wait_event(["DPP-TX "], timeout=0.1)
4537 if ev is not None:
4538 raise Exception("Unexpected PKEX CR Resp TX")
4539
4540 def test_dpp_proto_stop_at_pkex_cr_resp(dev, apdev):
4541 """DPP protocol testing - stop when receiving PKEX CR Response"""
4542 run_dpp_proto_init_pkex(dev, 1, 86)
4543
4544 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4545 if ev is None:
4546 raise Exception("PKEX Exchange Req TX not seen")
4547
4548 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
4549 if ev is None:
4550 raise Exception("PKEX Exchange Resp not seen")
4551
4552 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4553 if ev is None:
4554 raise Exception("PKEX CR Req TX not seen")
4555
4556 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
4557 if ev is None:
4558 raise Exception("PKEX CR Resp TX not seen")
4559
4560 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
4561 if ev is not None:
4562 raise Exception("Unexpected Auth Req TX")
4563
4564 def test_dpp_proto_network_introduction(dev, apdev):
4565 """DPP protocol testing - network introduction"""
4566 check_dpp_capab(dev[0])
4567 check_dpp_capab(dev[1])
4568
4569 params = { "ssid": "dpp",
4570 "wpa": "2",
4571 "wpa_key_mgmt": "DPP",
4572 "ieee80211w": "2",
4573 "rsn_pairwise": "CCMP",
4574 "dpp_connector": params1_ap_connector,
4575 "dpp_csign": params1_csign,
4576 "dpp_netaccesskey": params1_ap_netaccesskey }
4577 try:
4578 hapd = hostapd.add_ap(apdev[0], params)
4579 except:
4580 raise HwsimSkip("DPP not supported")
4581
4582 for test in [ 60, 61, 80, 82 ]:
4583 dev[0].set("dpp_test", str(test))
4584 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
4585 dpp_csign=params1_csign,
4586 dpp_connector=params1_sta_connector,
4587 dpp_netaccesskey=params1_sta_netaccesskey,
4588 wait_connect=False)
4589
4590 ev = dev[0].wait_event(["DPP-TX"], timeout=10)
4591 if ev is None or "type=5" not in ev:
4592 raise Exception("Peer Discovery Request TX not reported")
4593 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=2)
4594 if ev is None or "result=SUCCESS" not in ev:
4595 raise Exception("Peer Discovery Request TX status not reported")
4596
4597 ev = hapd.wait_event(["DPP-RX"], timeout=10)
4598 if ev is None or "type=5" not in ev:
4599 raise Exception("Peer Discovery Request RX not reported")
4600
4601 if test == 80:
4602 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
4603 if ev is None:
4604 raise Exception("DPP-INTRO not reported for test 80")
4605 if "status=7" not in ev:
4606 raise Exception("Unexpected result in test 80: " + ev)
4607
4608 dev[0].request("REMOVE_NETWORK all")
4609 dev[0].dump_monitor()
4610 hapd.dump_monitor()
4611 dev[0].set("dpp_test", "0")
4612
4613 for test in [ 62, 63, 64, 77, 78, 79 ]:
4614 hapd.set("dpp_test", str(test))
4615 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
4616 dpp_csign=params1_csign,
4617 dpp_connector=params1_sta_connector,
4618 dpp_netaccesskey=params1_sta_netaccesskey,
4619 wait_connect=False)
4620
4621 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
4622 if ev is None:
4623 raise Exception("Peer introduction result not reported (test %d)" % test)
4624 if test == 77:
4625 if "fail=transaction_id_mismatch" not in ev:
4626 raise Exception("Connector validation failure not reported")
4627 elif test == 78:
4628 if "status=254" not in ev:
4629 raise Exception("Invalid status value not reported")
4630 elif test == 79:
4631 if "fail=peer_connector_validation_failed" not in ev:
4632 raise Exception("Connector validation failure not reported")
4633 elif "status=" in ev:
4634 raise Exception("Unexpected peer introduction result (test %d): " % test + ev)
4635
4636 dev[0].request("REMOVE_NETWORK all")
4637 dev[0].dump_monitor()
4638 hapd.dump_monitor()
4639 hapd.set("dpp_test", "0")
4640
4641 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
4642 dpp_csign=params1_csign, dpp_connector=params1_sta_connector,
4643 dpp_netaccesskey=params1_sta_netaccesskey)
4644
4645 def test_dpp_qr_code_no_chan_list_unicast(dev, apdev):
4646 """DPP QR Code and no channel list (unicast)"""
4647 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, None)
4648
4649 def test_dpp_qr_code_chan_list_unicast(dev, apdev):
4650 """DPP QR Code and 2.4 GHz channels (unicast)"""
4651 run_dpp_qr_code_chan_list(dev, apdev, True, 2417,
4652 "81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13")
4653
4654 def test_dpp_qr_code_chan_list_no_peer_unicast(dev, apdev):
4655 """DPP QR Code and channel list and no peer (unicast)"""
4656 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, "81/1,81/6,81/11",
4657 no_wait=True)
4658 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
4659 if ev is None:
4660 raise Exception("Initiation failure not reported")
4661
4662 def test_dpp_qr_code_no_chan_list_broadcast(dev, apdev):
4663 """DPP QR Code and no channel list (broadcast)"""
4664 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, None)
4665
4666 def test_dpp_qr_code_chan_list_broadcast(dev, apdev):
4667 """DPP QR Code and some 2.4 GHz channels (broadcast)"""
4668 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, "81/1,81/6,81/11",
4669 timeout=10)
4670
4671 def run_dpp_qr_code_chan_list(dev, apdev, unicast, listen_freq, chanlist,
4672 no_wait=False, timeout=5):
4673 check_dpp_capab(dev[0])
4674 check_dpp_capab(dev[1])
4675 dev[1].set("dpp_init_max_tries", "3")
4676 dev[1].set("dpp_init_retry_time", "100")
4677 dev[1].set("dpp_resp_wait_time", "1000")
4678
4679 logger.info("dev0 displays QR Code")
4680 cmd = "DPP_BOOTSTRAP_GEN type=qrcode"
4681 if chanlist:
4682 cmd += " chan=" + chanlist
4683 if unicast:
4684 addr = dev[0].own_addr().replace(':', '')
4685 cmd += " mac=" + addr
4686 res = dev[0].request(cmd)
4687 if "FAIL" in res:
4688 raise Exception("Failed to generate bootstrapping info")
4689 id0 = int(res)
4690 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4691
4692 logger.info("dev1 scans QR Code")
4693 id1 = dev[1].dpp_qr_code(uri0)
4694
4695 logger.info("dev1 initiates DPP Authentication")
4696 cmd = "DPP_LISTEN %d" % listen_freq
4697 if "OK" not in dev[0].request(cmd):
4698 raise Exception("Failed to start listen operation")
4699 cmd = "DPP_AUTH_INIT peer=%d" % id1
4700 if "OK" not in dev[1].request(cmd):
4701 raise Exception("Failed to initiate DPP Authentication")
4702 if no_wait:
4703 return
4704 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=timeout)
4705 if ev is None:
4706 raise Exception("DPP authentication did not succeed (Responder)")
4707 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
4708 if ev is None:
4709 raise Exception("DPP authentication did not succeed (Initiator)")
4710 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
4711 if ev is None:
4712 raise Exception("DPP configuration not completed (Enrollee)")
4713 dev[0].request("DPP_STOP_LISTEN")
4714 dev[0].dump_monitor()
4715 dev[1].dump_monitor()
4716
4717 def test_dpp_qr_code_chan_list_no_match(dev, apdev):
4718 """DPP QR Code and no matching supported channel"""
4719 check_dpp_capab(dev[0])
4720 check_dpp_capab(dev[1])
4721
4722 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=123/123"
4723 res = dev[0].request(cmd)
4724 if "FAIL" in res:
4725 raise Exception("Failed to generate bootstrapping info")
4726 id0 = int(res)
4727 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4728
4729 id1 = dev[1].dpp_qr_code(uri0)
4730
4731 cmd = "DPP_AUTH_INIT peer=%d" % id1
4732 if "FAIL" not in dev[1].request(cmd):
4733 raise Exception("DPP Authentication started unexpectedly")
4734
4735 def test_dpp_pkex_alloc_fail(dev, apdev):
4736 """DPP/PKEX and memory allocation failures"""
4737 check_dpp_capab(dev[0])
4738 check_dpp_capab(dev[1])
4739
4740 tests = [ (1, "=dpp_keygen_configurator"),
4741 (1, "base64_gen_encode;dpp_keygen_configurator") ]
4742 for count, func in tests:
4743 with alloc_fail(dev[1], count, func):
4744 cmd = "DPP_CONFIGURATOR_ADD"
4745 res = dev[1].request(cmd)
4746 if "FAIL" not in res:
4747 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
4748
4749 cmd = "DPP_CONFIGURATOR_ADD"
4750 res = dev[1].request(cmd)
4751 if "FAIL" in res:
4752 raise Exception("Failed to add configurator")
4753 conf_id = int(res)
4754
4755 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
4756 res = dev[0].request(cmd)
4757 if "FAIL" in res:
4758 raise Exception("Failed to generate bootstrapping info")
4759 id0 = int(res)
4760
4761 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
4762 res = dev[1].request(cmd)
4763 if "FAIL" in res:
4764 raise Exception("Failed to generate bootstrapping info")
4765 id1 = int(res)
4766
4767 # Local error cases on the Initiator
4768 tests = [ (1, "dpp_get_pubkey_point"),
4769 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_req"),
4770 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_req"),
4771 (1, "dpp_alloc_msg;dpp_auth_build_req"),
4772 (1, "dpp_alloc_msg;dpp_auth_build_conf"),
4773 (1, "dpp_bootstrap_key_hash"),
4774 (1, "dpp_auth_init"),
4775 (1, "=dpp_auth_resp_rx"),
4776 (2, "=dpp_auth_resp_rx"),
4777 (1, "dpp_build_conf_start"),
4778 (1, "dpp_build_conf_obj_dpp"),
4779 (2, "dpp_build_conf_obj_dpp"),
4780 (3, "dpp_build_conf_obj_dpp"),
4781 (4, "dpp_build_conf_obj_dpp"),
4782 (5, "dpp_build_conf_obj_dpp"),
4783 (6, "dpp_build_conf_obj_dpp"),
4784 (7, "dpp_build_conf_obj_dpp"),
4785 (8, "dpp_build_conf_obj_dpp"),
4786 (1, "dpp_conf_req_rx"),
4787 (2, "dpp_conf_req_rx"),
4788 (3, "dpp_conf_req_rx"),
4789 (4, "dpp_conf_req_rx"),
4790 (5, "dpp_conf_req_rx"),
4791 (6, "dpp_conf_req_rx"),
4792 (7, "dpp_conf_req_rx"),
4793 (1, "dpp_pkex_init"),
4794 (2, "dpp_pkex_init"),
4795 (3, "dpp_pkex_init"),
4796 (1, "dpp_pkex_derive_z"),
4797 (1, "=dpp_pkex_rx_commit_reveal_resp"),
4798 (1, "dpp_get_pubkey_point;dpp_build_jwk"),
4799 (2, "dpp_get_pubkey_point;dpp_build_jwk"),
4800 (1, "dpp_get_pubkey_point;dpp_auth_init") ]
4801 for count, func in tests:
4802 dev[0].request("DPP_STOP_LISTEN")
4803 dev[1].request("DPP_STOP_LISTEN")
4804 dev[0].dump_monitor()
4805 dev[1].dump_monitor()
4806
4807 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4808 res = dev[0].request(cmd)
4809 if "FAIL" in res:
4810 raise Exception("Failed to set PKEX data (responder)")
4811 cmd = "DPP_LISTEN 2437"
4812 if "OK" not in dev[0].request(cmd):
4813 raise Exception("Failed to start listen operation")
4814
4815 with alloc_fail(dev[1], count, func):
4816 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=sta-dpp configurator=%d code=secret" % (id1, conf_id)
4817 dev[1].request(cmd)
4818 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL", max_iter=100)
4819 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
4820 if ev:
4821 dev[0].request("DPP_STOP_LISTEN")
4822 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
4823
4824 # Local error cases on the Responder
4825 tests = [ (1, "dpp_get_pubkey_point"),
4826 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_resp"),
4827 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_resp"),
4828 (1, "dpp_alloc_msg;dpp_auth_build_resp"),
4829 (1, "dpp_get_pubkey_point;dpp_auth_build_resp_ok"),
4830 (1, "=dpp_auth_req_rx"),
4831 (2, "=dpp_auth_req_rx"),
4832 (1, "=dpp_auth_conf_rx"),
4833 (1, "json_parse;dpp_parse_jws_prot_hdr"),
4834 (1, "json_get_member_base64url;dpp_parse_jws_prot_hdr"),
4835 (1, "json_get_member_base64url;dpp_parse_jwk"),
4836 (2, "json_get_member_base64url;dpp_parse_jwk"),
4837 (1, "json_parse;dpp_parse_connector"),
4838 (1, "dpp_parse_jwk;dpp_parse_connector"),
4839 (1, "dpp_parse_jwk;dpp_parse_cred_dpp"),
4840 (1, "dpp_get_pubkey_point;dpp_check_pubkey_match"),
4841 (1, "base64_gen_decode;dpp_process_signed_connector"),
4842 (1, "dpp_parse_jws_prot_hdr;dpp_process_signed_connector"),
4843 (2, "base64_gen_decode;dpp_process_signed_connector"),
4844 (3, "base64_gen_decode;dpp_process_signed_connector"),
4845 (4, "base64_gen_decode;dpp_process_signed_connector"),
4846 (1, "json_parse;dpp_parse_conf_obj"),
4847 (1, "dpp_conf_resp_rx"),
4848 (1, "=dpp_pkex_derive_z"),
4849 (1, "=dpp_pkex_rx_exchange_req"),
4850 (2, "=dpp_pkex_rx_exchange_req"),
4851 (3, "=dpp_pkex_rx_exchange_req"),
4852 (1, "=dpp_pkex_rx_commit_reveal_req"),
4853 (1, "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"),
4854 (1, "dpp_bootstrap_key_hash") ]
4855 for count, func in tests:
4856 dev[0].request("DPP_STOP_LISTEN")
4857 dev[1].request("DPP_STOP_LISTEN")
4858 dev[0].dump_monitor()
4859 dev[1].dump_monitor()
4860
4861 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4862 res = dev[0].request(cmd)
4863 if "FAIL" in res:
4864 raise Exception("Failed to set PKEX data (responder)")
4865 cmd = "DPP_LISTEN 2437"
4866 if "OK" not in dev[0].request(cmd):
4867 raise Exception("Failed to start listen operation")
4868
4869 with alloc_fail(dev[0], count, func):
4870 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=sta-dpp configurator=%d code=secret" % (id1, conf_id)
4871 dev[1].request(cmd)
4872 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL", max_iter=100)
4873 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
4874 if ev:
4875 dev[0].request("DPP_STOP_LISTEN")
4876 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
4877
4878 def test_dpp_pkex_test_fail(dev, apdev):
4879 """DPP/PKEX and local failures"""
4880 check_dpp_capab(dev[0])
4881 check_dpp_capab(dev[1])
4882
4883 tests = [ (1, "dpp_keygen_configurator") ]
4884 for count, func in tests:
4885 with fail_test(dev[1], count, func):
4886 cmd = "DPP_CONFIGURATOR_ADD"
4887 res = dev[1].request(cmd)
4888 if "FAIL" not in res:
4889 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
4890
4891 tests = [ (1, "dpp_keygen") ]
4892 for count, func in tests:
4893 with fail_test(dev[1], count, func):
4894 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
4895 res = dev[1].request(cmd)
4896 if "FAIL" not in res:
4897 raise Exception("Unexpected DPP_BOOTSTRAP_GEN success")
4898
4899 cmd = "DPP_CONFIGURATOR_ADD"
4900 res = dev[1].request(cmd)
4901 if "FAIL" in res:
4902 raise Exception("Failed to add configurator")
4903 conf_id = int(res)
4904
4905 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
4906 res = dev[0].request(cmd)
4907 if "FAIL" in res:
4908 raise Exception("Failed to generate bootstrapping info")
4909 id0 = int(res)
4910
4911 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
4912 res = dev[1].request(cmd)
4913 if "FAIL" in res:
4914 raise Exception("Failed to generate bootstrapping info")
4915 id1 = int(res)
4916
4917 # Local error cases on the Initiator
4918 tests = [ (1, "aes_siv_encrypt;dpp_auth_build_req"),
4919 (1, "os_get_random;dpp_auth_init"),
4920 (1, "dpp_derive_k1;dpp_auth_init"),
4921 (1, "dpp_hkdf_expand;dpp_derive_k1;dpp_auth_init"),
4922 (1, "dpp_gen_i_auth;dpp_auth_build_conf"),
4923 (1, "aes_siv_encrypt;dpp_auth_build_conf"),
4924 (1, "dpp_derive_k2;dpp_auth_resp_rx"),
4925 (1, "dpp_hkdf_expand;dpp_derive_k2;dpp_auth_resp_rx"),
4926 (1, "dpp_derive_ke;dpp_auth_resp_rx"),
4927 (1, "dpp_hkdf_expand;dpp_derive_ke;dpp_auth_resp_rx"),
4928 (1, "dpp_gen_r_auth;dpp_auth_resp_rx"),
4929 (1, "aes_siv_encrypt;dpp_build_conf_resp"),
4930 (1, "dpp_pkex_derive_Qi;dpp_pkex_build_exchange_req"),
4931 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_req"),
4932 (1, "hmac_sha256_vector;dpp_pkex_rx_exchange_resp"),
4933 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_resp"),
4934 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_resp"),
4935 (1, "dpp_bootstrap_key_hash") ]
4936 for count, func in tests:
4937 dev[0].request("DPP_STOP_LISTEN")
4938 dev[1].request("DPP_STOP_LISTEN")
4939 dev[0].dump_monitor()
4940 dev[1].dump_monitor()
4941
4942 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4943 res = dev[0].request(cmd)
4944 if "FAIL" in res:
4945 raise Exception("Failed to set PKEX data (responder)")
4946 cmd = "DPP_LISTEN 2437"
4947 if "OK" not in dev[0].request(cmd):
4948 raise Exception("Failed to start listen operation")
4949
4950 with fail_test(dev[1], count, func):
4951 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=sta-dpp configurator=%d code=secret" % (id1, conf_id)
4952 dev[1].request(cmd)
4953 wait_fail_trigger(dev[1], "GET_FAIL", max_iter=100)
4954 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
4955 if ev:
4956 dev[0].request("DPP_STOP_LISTEN")
4957 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
4958
4959 # Local error cases on the Responder
4960 tests = [ (1, "aes_siv_encrypt;dpp_auth_build_resp"),
4961 (1, "aes_siv_encrypt;dpp_auth_build_resp;dpp_auth_build_resp_ok"),
4962 (1, "os_get_random;dpp_build_conf_req"),
4963 (1, "aes_siv_encrypt;dpp_build_conf_req"),
4964 (1, "os_get_random;dpp_auth_build_resp_ok"),
4965 (1, "dpp_derive_k2;dpp_auth_build_resp_ok"),
4966 (1, "dpp_derive_ke;dpp_auth_build_resp_ok"),
4967 (1, "dpp_gen_r_auth;dpp_auth_build_resp_ok"),
4968 (1, "aes_siv_encrypt;dpp_auth_build_resp_ok"),
4969 (1, "dpp_derive_k1;dpp_auth_req_rx"),
4970 (1, "aes_siv_decrypt;dpp_auth_req_rx"),
4971 (1, "aes_siv_decrypt;dpp_auth_conf_rx"),
4972 (1, "dpp_gen_i_auth;dpp_auth_conf_rx"),
4973 (1, "dpp_check_pubkey_match"),
4974 (1, "aes_siv_decrypt;dpp_conf_resp_rx"),
4975 (1, "hmac_sha256_kdf;dpp_pkex_derive_z"),
4976 (1, "dpp_pkex_derive_Qi;dpp_pkex_rx_exchange_req"),
4977 (1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_req"),
4978 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_resp"),
4979 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_req"),
4980 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req"),
4981 (2, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req") ]
4982 for count, func in tests:
4983 dev[0].request("DPP_STOP_LISTEN")
4984 dev[1].request("DPP_STOP_LISTEN")
4985 dev[0].dump_monitor()
4986 dev[1].dump_monitor()
4987
4988 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4989 res = dev[0].request(cmd)
4990 if "FAIL" in res:
4991 raise Exception("Failed to set PKEX data (responder)")
4992 cmd = "DPP_LISTEN 2437"
4993 if "OK" not in dev[0].request(cmd):
4994 raise Exception("Failed to start listen operation")
4995
4996 with fail_test(dev[0], count, func):
4997 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=sta-dpp configurator=%d code=secret" % (id1, conf_id)
4998 dev[1].request(cmd)
4999 wait_fail_trigger(dev[0], "GET_FAIL", max_iter=100)
5000 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
5001 if ev:
5002 dev[0].request("DPP_STOP_LISTEN")
5003 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
5004
5005 def test_dpp_keygen_configurator_error(dev, apdev):
5006 """DPP Configurator keygen error case"""
5007 check_dpp_capab(dev[0])
5008 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD curve=unknown"):
5009 raise Exception("Unexpected success of invalid DPP_CONFIGURATOR_ADD")
5010
5011 def rx_process_frame(dev):
5012 msg = dev.mgmt_rx()
5013 if "OK" not in dev.request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
5014 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
5015 raise Exception("MGMT_RX_PROCESS failed")
5016
5017 def wait_auth_success(responder, initiator):
5018 ev = responder.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
5019 if ev is None:
5020 raise Exception("DPP authentication did not succeed (Responder)")
5021 ev = initiator.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
5022 if ev is None:
5023 raise Exception("DPP authentication did not succeed (Initiator)")
5024
5025 def wait_conf_completion(configurator, enrollee):
5026 ev = configurator.wait_event(["DPP-CONF-SENT"], timeout=5)
5027 if ev is None:
5028 raise Exception("DPP configuration not completed (Configurator)")
5029 ev = enrollee.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
5030 timeout=5)
5031 if ev is None:
5032 raise Exception("DPP configuration not completed (Enrollee)")
5033
5034 def start_dpp(dev):
5035 addr = dev[0].own_addr().replace(':', '')
5036 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
5037 res = dev[0].request(cmd)
5038 if "FAIL" in res:
5039 raise Exception("Failed to generate bootstrapping info")
5040 id0 = int(res)
5041 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
5042
5043 id1 = dev[1].dpp_qr_code(uri0)
5044
5045 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
5046 dev[0].set("dpp_config_obj_override", conf)
5047
5048 dev[0].set("ext_mgmt_frame_handling", "1")
5049 cmd = "DPP_LISTEN 2412"
5050 if "OK" not in dev[0].request(cmd):
5051 raise Exception("Failed to start listen operation")
5052 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
5053 if "OK" not in dev[1].request(cmd):
5054 raise Exception("Failed to initiate DPP Authentication")
5055
5056 def test_dpp_gas_timeout_handling(dev, apdev):
5057 """DPP and GAS timeout handling"""
5058 check_dpp_capab(dev[0])
5059 check_dpp_capab(dev[1])
5060 start_dpp(dev)
5061
5062 # DPP Authentication Request
5063 rx_process_frame(dev[0])
5064
5065 # DPP Authentication Confirmation
5066 rx_process_frame(dev[0])
5067
5068 wait_auth_success(dev[0], dev[1])
5069
5070 # DPP Configuration Request (GAS Initial Request frame)
5071 rx_process_frame(dev[0])
5072
5073 # DPP Configuration Request (GAS Comeback Request frame)
5074 rx_process_frame(dev[0])
5075
5076 # Wait for GAS timeout
5077 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=5)
5078 if ev is None:
5079 raise Exception("DPP configuration not completed (Enrollee)")
5080
5081 def test_dpp_gas_comeback_after_failure(dev, apdev):
5082 """DPP and GAS comeback after failure"""
5083 check_dpp_capab(dev[0])
5084 check_dpp_capab(dev[1])
5085 start_dpp(dev)
5086
5087 # DPP Authentication Request
5088 rx_process_frame(dev[0])
5089
5090 # DPP Authentication Confirmation
5091 rx_process_frame(dev[0])
5092
5093 wait_auth_success(dev[0], dev[1])
5094
5095 # DPP Configuration Request (GAS Initial Request frame)
5096 rx_process_frame(dev[0])
5097
5098 # DPP Configuration Request (GAS Comeback Request frame)
5099 msg = dev[0].mgmt_rx()
5100 frame = binascii.hexlify(msg['frame']).decode()
5101 with alloc_fail(dev[0], 1, "gas_build_comeback_resp;gas_server_handle_rx_comeback_req"):
5102 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
5103 raise Exception("MGMT_RX_PROCESS failed")
5104 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
5105 # Try the same frame again - this is expected to fail since the response has
5106 # already been freed.
5107 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
5108 raise Exception("MGMT_RX_PROCESS failed")
5109
5110 # DPP Configuration Request (GAS Comeback Request frame retry)
5111 msg = dev[0].mgmt_rx()
5112
5113 def test_dpp_gas(dev, apdev):
5114 """DPP and GAS protocol testing"""
5115 check_dpp_capab(dev[0])
5116 check_dpp_capab(dev[1])
5117 start_dpp(dev)
5118
5119 # DPP Authentication Request
5120 rx_process_frame(dev[0])
5121
5122 # DPP Authentication Confirmation
5123 rx_process_frame(dev[0])
5124
5125 wait_auth_success(dev[0], dev[1])
5126
5127 # DPP Configuration Request (GAS Initial Request frame)
5128 msg = dev[0].mgmt_rx()
5129
5130 # Protected Dual of GAS Initial Request frame (dropped by GAS server)
5131 if msg == None:
5132 raise Exception("MGMT_RX_PROCESS failed. <Please retry>")
5133 frame = binascii.hexlify(msg['frame'])
5134 frame = frame[0:48] + b"09" + frame[50:]
5135 frame = frame.decode()
5136 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
5137 raise Exception("MGMT_RX_PROCESS failed")
5138
5139 with alloc_fail(dev[0], 1, "gas_server_send_resp"):
5140 frame = binascii.hexlify(msg['frame']).decode()
5141 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
5142 raise Exception("MGMT_RX_PROCESS failed")
5143 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
5144
5145 with alloc_fail(dev[0], 1, "gas_build_initial_resp;gas_server_send_resp"):
5146 frame = binascii.hexlify(msg['frame']).decode()
5147 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
5148 raise Exception("MGMT_RX_PROCESS failed")
5149 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
5150
5151 # Add extra data after Query Request field to trigger
5152 # "GAS: Ignored extra data after Query Request field"
5153 frame = binascii.hexlify(msg['frame']).decode() + "00"
5154 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
5155 raise Exception("MGMT_RX_PROCESS failed")
5156
5157 # DPP Configuration Request (GAS Comeback Request frame)
5158 rx_process_frame(dev[0])
5159
5160 # DPP Configuration Request (GAS Comeback Request frame)
5161 rx_process_frame(dev[0])
5162
5163 # DPP Configuration Request (GAS Comeback Request frame)
5164 rx_process_frame(dev[0])
5165
5166 wait_conf_completion(dev[0], dev[1])
5167
5168 def test_dpp_truncated_attr(dev, apdev):
5169 """DPP and truncated attribute"""
5170 check_dpp_capab(dev[0])
5171 check_dpp_capab(dev[1])
5172 start_dpp(dev)
5173
5174 # DPP Authentication Request
5175 msg = dev[0].mgmt_rx()
5176 frame = msg['frame']
5177
5178 # DPP: Truncated message - not enough room for the attribute - dropped
5179 frame1 = binascii.hexlify(frame[0:36]).decode()
5180 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame1)):
5181 raise Exception("MGMT_RX_PROCESS failed")
5182 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
5183 if ev is None or "ignore=invalid-attributes" not in ev:
5184 raise Exception("Invalid attribute error not reported")
5185
5186 # DPP: Unexpected octets (3) after the last attribute
5187 frame2 = binascii.hexlify(frame).decode() + "000000"
5188 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
5189 raise Exception("MGMT_RX_PROCESS failed")
5190 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
5191 if ev is None or "ignore=invalid-attributes" not in ev:
5192 raise Exception("Invalid attribute error not reported")
5193
5194 def test_dpp_bootstrap_key_autogen_issues(dev, apdev):
5195 """DPP bootstrap key autogen issues"""
5196 check_dpp_capab(dev[0])
5197 check_dpp_capab(dev[1])
5198
5199 logger.info("dev0 displays QR Code")
5200 addr = dev[0].own_addr().replace(':', '')
5201 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
5202 res = dev[0].request(cmd)
5203 if "FAIL" in res:
5204 raise Exception("Failed to generate bootstrapping info")
5205 id0 = int(res)
5206 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
5207
5208 logger.info("dev1 scans QR Code")
5209 id1 = dev[1].dpp_qr_code(uri0)
5210
5211 logger.info("dev1 initiates DPP Authentication")
5212 cmd = "DPP_LISTEN 2412"
5213 if "OK" not in dev[0].request(cmd):
5214 raise Exception("Failed to start listen operation")
5215 with alloc_fail(dev[1], 1, "dpp_autogen_bootstrap_key"):
5216 cmd = "DPP_AUTH_INIT peer=%d" % id1
5217 if "FAIL" not in dev[1].request(cmd):
5218 raise Exception("Failure not reported")
5219 with alloc_fail(dev[1], 2, "=dpp_autogen_bootstrap_key"):
5220 cmd = "DPP_AUTH_INIT peer=%d" % id1
5221 if "FAIL" not in dev[1].request(cmd):
5222 raise Exception("Failure not reported")
5223 with fail_test(dev[1], 1, "dpp_keygen;dpp_autogen_bootstrap_key"):
5224 cmd = "DPP_AUTH_INIT peer=%d" % id1
5225 if "FAIL" not in dev[1].request(cmd):
5226 raise Exception("Failure not reported")
5227 dev[0].request("DPP_STOP_LISTEN")
5228
5229 def test_dpp_auth_resp_status_failure(dev, apdev):
5230 """DPP and Auth Resp(status) build failure"""
5231 with alloc_fail(dev[0], 1, "dpp_auth_build_resp"):
5232 run_dpp_proto_auth_resp_missing(dev, 99999, None,
5233 incompatible_roles=True)
5234
5235 def test_dpp_auth_resp_aes_siv_issue(dev, apdev):
5236 """DPP Auth Resp AES-SIV issue"""
5237 check_dpp_capab(dev[0])
5238 check_dpp_capab(dev[1])
5239
5240 logger.info("dev0 displays QR Code")
5241 addr = dev[0].own_addr().replace(':', '')
5242 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
5243 res = dev[0].request(cmd)
5244 if "FAIL" in res:
5245 raise Exception("Failed to generate bootstrapping info")
5246 id0 = int(res)
5247 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
5248
5249 logger.info("dev1 scans QR Code")
5250 id1 = dev[1].dpp_qr_code(uri0)
5251
5252 logger.info("dev1 initiates DPP Authentication")
5253 cmd = "DPP_LISTEN 2412"
5254 if "OK" not in dev[0].request(cmd):
5255 raise Exception("Failed to start listen operation")
5256 cmd = "DPP_AUTH_INIT peer=%d" % id1
5257 with fail_test(dev[1], 1, "aes_siv_decrypt;dpp_auth_resp_rx"):
5258 if "OK" not in dev[1].request(cmd):
5259 raise Exception("Failed to initiate DPP Authentication")
5260 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
5261 if ev is None or "AES-SIV decryption failed" not in ev:
5262 raise Exception("AES-SIV decryption failure not reported")
5263 dev[0].request("DPP_STOP_LISTEN")
5264
5265 def test_dpp_invalid_legacy_params(dev, apdev):
5266 """DPP invalid legacy parameters"""
5267 check_dpp_capab(dev[0])
5268 check_dpp_capab(dev[1])
5269
5270 addr = dev[0].own_addr().replace(':', '')
5271 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
5272 res = dev[0].request(cmd)
5273 if "FAIL" in res:
5274 raise Exception("Failed to generate bootstrapping info")
5275 id0 = int(res)
5276 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
5277
5278 id1 = dev[1].dpp_qr_code(uri0)
5279
5280 # No pass/psk
5281 cmd = "DPP_AUTH_INIT peer=%d conf=sta-psk ssid=%s" % (id1, binascii.hexlify(b"dpp-legacy").decode())
5282 if "FAIL" not in dev[1].request(cmd):
5283 raise Exception("Invalid command not rejected")
5284
5285 def test_dpp_invalid_legacy_params2(dev, apdev):
5286 """DPP invalid legacy parameters 2"""
5287 check_dpp_capab(dev[0])
5288 check_dpp_capab(dev[1])
5289
5290 addr = dev[0].own_addr().replace(':', '')
5291 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
5292 res = dev[0].request(cmd)
5293 if "FAIL" in res:
5294 raise Exception("Failed to generate bootstrapping info")
5295 id0 = int(res)
5296 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
5297
5298 id1 = dev[1].dpp_qr_code(uri0)
5299
5300 dev[0].set("dpp_configurator_params",
5301 " conf=sta-psk ssid=%s" % (binascii.hexlify(b"dpp-legacy").decode()))
5302 cmd = "DPP_LISTEN 2412 role=configurator"
5303 if "OK" not in dev[0].request(cmd):
5304 raise Exception("Failed to start listen operation")
5305
5306 # No pass/psk
5307 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
5308 if "OK" not in dev[1].request(cmd):
5309 raise Exception("Failed to initiate DPP Authentication")
5310 ev = dev[0].wait_event(["DPP: Failed to set configurator parameters"],
5311 timeout=5)
5312 if ev is None:
5313 raise Exception("DPP configuration failure not reported")
5314
5315 def test_dpp_legacy_params_failure(dev, apdev):
5316 """DPP legacy parameters local failure"""
5317 check_dpp_capab(dev[0])
5318 check_dpp_capab(dev[1])
5319
5320 addr = dev[0].own_addr().replace(':', '')
5321 cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr
5322 res = dev[0].request(cmd)
5323 if "FAIL" in res:
5324 raise Exception("Failed to generate bootstrapping info")
5325 id0 = int(res)
5326 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
5327
5328 id1 = dev[1].dpp_qr_code(uri0)
5329
5330 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
5331 raise Exception("Failed to start listen operation")
5332
5333 cmd = "DPP_AUTH_INIT peer=%d conf=sta-psk pass=%s ssid=%s" % (id1,
5334 binascii.hexlify(b"passphrase").decode(),
5335 binascii.hexlify(b"dpp-legacy").decode())
5336 with alloc_fail(dev[1], 1, "dpp_build_conf_obj_legacy"):
5337 if "OK" not in dev[1].request(cmd):
5338 raise Exception("Failed to initiate DPP")
5339 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=5)
5340 if ev is None:
5341 raise Exception("DPP configuration failure not reported")
5342
5343 def test_dpp_invalid_configurator_key(dev, apdev):
5344 """DPP invalid configurator key"""
5345 check_dpp_capab(dev[0])
5346
5347 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=aa"):
5348 raise Exception("Invalid key accepted")
5349
5350 with alloc_fail(dev[0], 1, "dpp_keygen_configurator"):
5351 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
5352 raise Exception("Error not reported")
5353
5354 with alloc_fail(dev[0], 1, "dpp_get_pubkey_point;dpp_keygen_configurator"):
5355 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
5356 raise Exception("Error not reported")
5357
5358 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen_configurator"):
5359 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
5360 raise Exception("Error not reported")
5361
5362 with fail_test(dev[0], 1, "dpp_keygen_configurator"):
5363 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
5364 raise Exception("Error not reported")
5365
5366 def test_dpp_own_config_sign_fail(dev, apdev):
5367 """DPP own config signing failure"""
5368 check_dpp_capab(dev[0])
5369 res = dev[0].request("DPP_CONFIGURATOR_ADD")
5370 if "FAIL" in res:
5371 raise Exception("Failed to add configurator")
5372 conf_id = int(res)
5373 tests = [ "",
5374 " ",
5375 " conf=sta-dpp",
5376 " configurator=%d" % conf_id,
5377 " conf=sta-dpp configurator=%d curve=unsupported" % conf_id ]
5378 for t in tests:
5379 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_SIGN " + t):
5380 raise Exception("Invalid command accepted: " + t)
5381
5382 def test_dpp_peer_intro_failures(dev, apdev):
5383 """DPP peer introduction failures"""
5384 try:
5385 run_dpp_peer_intro_failures(dev, apdev)
5386 finally:
5387 dev[0].set("dpp_config_processing", "0")
5388
5389 def run_dpp_peer_intro_failures(dev, apdev):
5390 check_dpp_capab(dev[0])
5391 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
5392 check_dpp_capab(hapd)
5393
5394 res = hapd.request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256)
5395 if "FAIL" in res:
5396 raise Exception("Failed to add configurator")
5397 conf_id = int(res)
5398 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
5399 if "FAIL" in csign or len(csign) == 0:
5400 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
5401
5402 res = dev[0].request("DPP_CONFIGURATOR_ADD key=" + csign)
5403 if "FAIL" in res:
5404 raise Exception("Failed to add configurator")
5405 conf_id2 = int(res)
5406 csign2 = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id2)
5407
5408 if csign != csign2:
5409 raise Exception("Unexpected difference in configurator key")
5410
5411 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d" % conf_id
5412 res = hapd.request(cmd)
5413 if "FAIL" in res:
5414 raise Exception("Failed to generate own configuration")
5415 update_hapd_config(hapd)
5416
5417 dev[0].set("dpp_config_processing", "1")
5418 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
5419 res = dev[0].request(cmd)
5420 if "FAIL" in res:
5421 raise Exception("Failed to generate own configuration")
5422 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
5423 if ev is None:
5424 raise Exception("DPP network profile not generated")
5425 id = ev.split(' ')[1]
5426 dev[0].select_network(id, freq=2412)
5427 dev[0].wait_connected()
5428 dev[0].request("DISCONNECT")
5429 dev[0].wait_disconnected()
5430 dev[0].dump_monitor()
5431
5432 tests = [ "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOltdLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJiVmFMRGlBT09OQmFjcVFVN1pYamFBVEtEMVhhbDVlUExqOUZFZUl3VkN3IiwieSI6Il95c25JR1hTYjBvNEsyMWg0anZmSkZxMHdVNnlPNWp1VUFPd3FuM0dHVHMifX0.WgzZBOJaisWBRxvtXPbVYPXU7OIZxs6sZD-cPOLmJVTIYZKdMkSOMvP5b6si_j61FIrjhm43tmGq1P6cpoxB_g",
5433 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7fV0sIm5ldEFjY2Vzc0tleSI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkJhY3BWSDNpNDBrZklNS0RHa1FFRzhCODBCaEk4cEFmTWpLbzM5NlFZT2ciLCJ5IjoiMjBDYjhDNjRsSjFzQzV2NXlKMnBFZXRRempxMjI4YVV2cHMxNmQ0M3EwQSJ9fQ.dG2y8VvZQJ5hfob8E5F2FAeR7Nd700qstYkxDgA2QfARaNMZ0_SfKfoG-yKXsIZNM-TvGBfACgfhagG9Oaw_Xw",
5434 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJkc2VmcmJWWlhad0RMWHRpLWlObDBBYkFIOXpqeFFKd0R1SUd5NzNuZGU0IiwieSI6IjZFQnExN3cwYW1fZlh1OUQ4UGxWYk9XZ2I3b19DcTUxWHlmSG8wcHJyeDQifX0.caBvdDUtXrhnS61-juVZ_2FQdprepv0yZjC04G4ERvLUpeX7cgu0Hp-A1aFDogP1PEFGpkaEdcAWRQnSSRiIKQ" ]
5435 for t in tests:
5436 dev[0].set_network_quoted(id, "dpp_connector", t)
5437 dev[0].select_network(id, freq=2412)
5438 ev = dev[0].wait_event(["DPP-INTRO"], timeout=5)
5439 if ev is None or "status=8" not in ev:
5440 raise Exception("Introduction failure not reported")
5441 dev[0].request("DISCONNECT")
5442 dev[0].dump_monitor()
5443
5444 def test_dpp_peer_intro_local_failures(dev, apdev):
5445 """DPP peer introduction local failures"""
5446 check_dpp_capab(dev[0])
5447 check_dpp_capab(dev[1])
5448
5449 params = { "ssid": "dpp",
5450 "wpa": "2",
5451 "wpa_key_mgmt": "DPP",
5452 "ieee80211w": "2",
5453 "rsn_pairwise": "CCMP",
5454 "dpp_connector": params1_ap_connector,
5455 "dpp_csign": params1_csign,
5456 "dpp_netaccesskey": params1_ap_netaccesskey }
5457 try:
5458 hapd = hostapd.add_ap(apdev[0], params)
5459 except:
5460 raise HwsimSkip("DPP not supported")
5461
5462 tests = [ "dpp_derive_pmk",
5463 "dpp_hkdf_expand;dpp_derive_pmk",
5464 "dpp_derive_pmkid" ]
5465 for func in tests:
5466 with fail_test(dev[0], 1, func):
5467 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5468 ieee80211w="2",
5469 dpp_csign=params1_csign,
5470 dpp_connector=params1_sta_connector,
5471 dpp_netaccesskey=params1_sta_netaccesskey,
5472 wait_connect=False)
5473 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
5474 if ev is None or "fail=peer_connector_validation_failed" not in ev:
5475 raise Exception("Introduction failure not reported")
5476 dev[0].request("REMOVE_NETWORK all")
5477 dev[0].dump_monitor()
5478
5479 tests = [ (1, "base64_gen_decode;dpp_peer_intro"),
5480 (1, "json_parse;dpp_peer_intro"),
5481 (50, "json_parse;dpp_peer_intro"),
5482 (1, "=dpp_peer_intro"),
5483 (1, "dpp_parse_jwk") ]
5484 for count,func in tests:
5485 with alloc_fail(dev[0], count, func):
5486 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5487 ieee80211w="2",
5488 dpp_csign=params1_csign,
5489 dpp_connector=params1_sta_connector,
5490 dpp_netaccesskey=params1_sta_netaccesskey,
5491 wait_connect=False)
5492 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
5493 if ev is None or "fail=peer_connector_validation_failed" not in ev:
5494 raise Exception("Introduction failure not reported")
5495 dev[0].request("REMOVE_NETWORK all")
5496 dev[0].dump_monitor()
5497
5498 parts = params1_ap_connector.split('.')
5499 for ap_connector in [ '.'.join(parts[0:2]), '.'.join(parts[0:1]) ]:
5500 hapd.set("dpp_connector", ap_connector)
5501 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5502 ieee80211w="2",
5503 dpp_csign=params1_csign,
5504 dpp_connector=params1_sta_connector,
5505 dpp_netaccesskey=params1_sta_netaccesskey,
5506 wait_connect=False)
5507 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
5508 if ev is None:
5509 raise Exception("No TX status reported")
5510 dev[0].request("REMOVE_NETWORK all")
5511 dev[0].dump_monitor()
5512
5513 hapd.set("dpp_netaccesskey", "00")
5514 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5515 ieee80211w="2",
5516 dpp_csign=params1_csign,
5517 dpp_connector=params1_sta_connector,
5518 dpp_netaccesskey=params1_sta_netaccesskey,
5519 wait_connect=False)
5520 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
5521 if ev is None:
5522 raise Exception("No TX status reported")
5523 dev[0].request("REMOVE_NETWORK all")
5524 dev[0].dump_monitor()
5525
5526 hapd.set("dpp_csign", "00")
5527 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5528 ieee80211w="2",
5529 dpp_csign=params1_csign,
5530 dpp_connector=params1_sta_connector,
5531 dpp_netaccesskey=params1_sta_netaccesskey,
5532 wait_connect=False)
5533 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
5534 if ev is None:
5535 raise Exception("No TX status reported")
5536 dev[0].request("REMOVE_NETWORK all")
5537 dev[0].dump_monitor()
5538
5539 def run_dpp_configurator_id_unknown(dev):
5540 check_dpp_capab(dev)
5541 res = dev.request("DPP_CONFIGURATOR_ADD")
5542 if "FAIL" in res:
5543 raise Exception("Failed to add configurator")
5544 conf_id = int(res)
5545 if "FAIL" not in dev.request("DPP_CONFIGURATOR_GET_KEY %d" % (conf_id + 1)):
5546 raise Exception("DPP_CONFIGURATOR_GET_KEY with incorrect id accepted")
5547
5548 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % (conf_id + 1)
5549 if "FAIL" not in dev.request(cmd):
5550 raise Exception("DPP_CONFIGURATOR_SIGN with incorrect id accepted")
5551
5552 def test_dpp_configurator_id_unknown(dev, apdev):
5553 """DPP and unknown configurator id"""
5554 run_dpp_configurator_id_unknown(dev[0])
5555 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
5556 run_dpp_configurator_id_unknown(hapd)
5557
5558 def run_dpp_bootstrap_gen_failures(dev, hostapd):
5559 check_dpp_capab(dev)
5560
5561 tests = [ "type=unsupported",
5562 "type=qrcode chan=-1",
5563 "type=qrcode mac=a",
5564 "type=qrcode key=qq",
5565 "type=qrcode key=",
5566 "type=qrcode info=abc\tdef" ]
5567 for t in tests:
5568 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN " + t):
5569 raise Exception("Command accepted unexpectedly")
5570
5571 id = dev.request("DPP_BOOTSTRAP_GEN type=qrcode")
5572 if "FAIL" in id:
5573 raise Exception("Failed to generate bootstrap info")
5574 uri = dev.request("DPP_BOOTSTRAP_GET_URI " + id)
5575 if not uri.startswith("DPP:"):
5576 raise Exception("Could not get URI")
5577 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
5578 raise Exception("Failure not reported")
5579 info = dev.request("DPP_BOOTSTRAP_INFO " + id)
5580 if not info.startswith("type=QRCODE"):
5581 raise Exception("Could not get info")
5582 if "FAIL" not in dev.request("DPP_BOOTSTRAP_REMOVE 0"):
5583 raise Exception("Failure not reported")
5584 if "FAIL" in dev.request("DPP_BOOTSTRAP_REMOVE *"):
5585 raise Exception("Failed to remove bootstrap info")
5586 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI " + id):
5587 raise Exception("Failure not reported")
5588 if "FAIL" not in dev.request("DPP_BOOTSTRAP_INFO " + id):
5589 raise Exception("Failure not reported")
5590
5591 func = "hostapd_dpp_bootstrap_gen" if hostapd else "wpas_dpp_bootstrap_gen"
5592 with alloc_fail(dev, 1, "=" + func):
5593 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
5594 raise Exception("Command accepted unexpectedly")
5595
5596 with alloc_fail(dev, 2, "=" + func):
5597 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
5598 raise Exception("Command accepted unexpectedly")
5599
5600 with alloc_fail(dev, 1, "get_param"):
5601 dev.request("DPP_BOOTSTRAP_GEN type=qrcode curve=foo")
5602
5603 def test_dpp_bootstrap_gen_failures(dev, apdev):
5604 """DPP_BOOTSTRAP_GEN/REMOVE/GET_URI/INFO error cases"""
5605 run_dpp_bootstrap_gen_failures(dev[0], False)
5606 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
5607 run_dpp_bootstrap_gen_failures(hapd, True)
5608
5609 def test_dpp_listen_continue(dev, apdev):
5610 """DPP and continue listen state"""
5611 check_dpp_capab(dev[0])
5612 check_dpp_capab(dev[1])
5613
5614 addr = dev[0].own_addr().replace(':', '')
5615 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
5616 if "FAIL" in id:
5617 raise Exception("Failed to set key for " + curve)
5618 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI " + id)
5619
5620 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
5621 raise Exception("Failed to start listen operation")
5622 time.sleep(5.1)
5623
5624 id = dev[1].dpp_qr_code(uri)
5625 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % id):
5626 raise Exception("Failed to initiate DPP Authentication")
5627 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2)
5628 if ev is None:
5629 raise Exception("DPP configuration result not seen (Enrollee)")
5630 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2)
5631 if ev is None:
5632 raise Exception("DPP configuration result not seen (Responder)")
5633 dev[0].request("DPP_STOP_LISTEN")
5634 dev[1].request("DPP_STOP_LISTEN")
5635
5636 def test_dpp_network_addition_failure(dev, apdev):
5637 """DPP network addition failure"""
5638 try:
5639 run_dpp_network_addition_failure(dev, apdev)
5640 finally:
5641 dev[0].set("dpp_config_processing", "0")
5642
5643 def run_dpp_network_addition_failure(dev, apdev):
5644 check_dpp_capab(dev[0])
5645
5646 res = dev[0].request("DPP_CONFIGURATOR_ADD")
5647 if "FAIL" in res:
5648 raise Exception("Failed to add configurator")
5649 conf_id = int(res)
5650
5651 dev[0].set("dpp_config_processing", "1")
5652 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
5653 tests = [ (1, "=wpas_dpp_add_network"),
5654 (2, "=wpas_dpp_add_network"),
5655 (3, "=wpas_dpp_add_network"),
5656 (4, "=wpas_dpp_add_network"),
5657 (1, "wpa_config_add_network;wpas_dpp_add_network") ]
5658 for count,func in tests:
5659 with alloc_fail(dev[0], count, func):
5660 res = dev[0].request(cmd)
5661 if "FAIL" in res:
5662 raise Exception("Failed to generate own configuration")
5663 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
5664 if ev is None:
5665 raise Exception("Config object not processed")
5666 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
5667 dev[0].dump_monitor()
5668
5669 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-psk pass=%s configurator=%d" % (binascii.hexlify(b"passphrase").decode(), conf_id)
5670 tests = [ (1, "wpa_config_set_quoted;wpas_dpp_add_network") ]
5671 for count,func in tests:
5672 with alloc_fail(dev[0], count, func):
5673 res = dev[0].request(cmd)
5674 if "FAIL" in res:
5675 raise Exception("Failed to generate own configuration")
5676 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
5677 if ev is None:
5678 raise Exception("Config object not processed")
5679 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
5680 dev[0].dump_monitor()
5681
5682 def test_dpp_two_initiators(dev, apdev):
5683 """DPP and two initiators"""
5684 check_dpp_capab(dev[0])
5685 check_dpp_capab(dev[1])
5686 check_dpp_capab(dev[2])
5687
5688 addr = dev[0].own_addr().replace(':', '')
5689 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode chan=81/1 mac=" + addr)
5690 if "FAIL" in id:
5691 raise Exception("Failed to set key for " + curve)
5692 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI " + id)
5693
5694 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
5695 raise Exception("Failed to start listen operation")
5696
5697 id1 = dev[1].dpp_qr_code(uri)
5698 id2 = dev[2].dpp_qr_code(uri)
5699
5700 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % id1):
5701 raise Exception("Failed to initiate DPP Authentication")
5702 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
5703 if ev is None:
5704 raise Exeption("No DPP Authentication Request seen")
5705 if "OK" not in dev[2].request("DPP_AUTH_INIT peer=%d" % id2):
5706 raise Exception("Failed to initiate DPP Authentication (2)")
5707
5708 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
5709 if ev is None:
5710 raise Exeption("No DPP failure seen")
5711 if "DPP-FAIL Already in DPP authentication exchange - ignore new one" not in ev:
5712 raise Exception("Second DPP authentication exchange not reported as ignored")
5713
5714 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2)
5715 if ev is None:
5716 raise Exception("DPP configuration result not seen (Enrollee)")
5717 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2)
5718 if ev is None:
5719 raise Exception("DPP configuration result not seen (Responder)")
5720
5721 dev[0].request("DPP_STOP_LISTEN")
5722 dev[1].request("DPP_STOP_LISTEN")
5723 dev[2].request("DPP_STOP_LISTEN")
5724
5725 def test_dpp_conf_file_update(dev, apdev, params):
5726 """DPP provisioning updating wpa_supplicant configuration file"""
5727 config = os.path.join(params['logdir'], 'dpp_conf_file_update.conf')
5728 with open(config, "w") as f:
5729 f.write("update_config=1\n")
5730 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
5731 wpas.interface_add("wlan5", config=config)
5732 wpas.set("dpp_config_processing", "1")
5733 run_dpp_qr_code_auth_unicast([ wpas, dev[1] ], apdev, None,
5734 init_extra="conf=sta-dpp",
5735 require_conf_success=True,
5736 configurator=True)
5737 wpas.interface_remove("wlan5")
5738
5739 with open(config, "r") as f:
5740 res = f.read()
5741 for i in [ "network={", "dpp_connector=", "key_mgmt=DPP", "ieee80211w=2",
5742 "dpp_netaccesskey=", "dpp_csign=" ]:
5743 if i not in res:
5744 raise Exception("Configuration file missing '%s'" % i)
5745
5746 wpas.interface_add("wlan5", config=config)
5747 if len(wpas.list_networks()) != 1:
5748 raise Exception("Unexpected number of networks")
Unnamed repository; edit this file 'description' to name the repository.