]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_dpp.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: DPP over TCP using Controller/Relay
[thirdparty/hostap.git] / tests / hwsim / test_dpp.py
1 # Test cases for Device Provisioning Protocol (DPP)
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import base64
9 import binascii
10 import hashlib
11 import logging
12 logger = logging.getLogger()
13 import os
14 import struct
15 import subprocess
16 import time
17
18 import hostapd
19 import hwsim_utils
20 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger
21 from wpasupplicant import WpaSupplicant
22
23 try:
24 import OpenSSL
25 openssl_imported = True
26 except ImportError:
27 openssl_imported = False
28
29 def check_dpp_capab(dev, brainpool=False, min_ver=1):
30 if "UNKNOWN COMMAND" in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
31 raise HwsimSkip("DPP not supported")
32 if brainpool:
33 tls = dev.request("GET tls_library")
34 if not tls.startswith("OpenSSL") or "run=BoringSSL" in tls:
35 raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
36 capa = dev.request("GET_CAPABILITY dpp")
37 ver = 1
38 if capa.startswith("DPP="):
39 ver = int(capa[4:])
40 if ver < min_ver:
41 raise HwsimSkip("DPP version %d not supported" % min_ver)
42 return ver
43
44 def wait_dpp_fail(dev, expected=None):
45 ev = dev.wait_event(["DPP-FAIL"], timeout=5)
46 if ev is None:
47 raise Exception("Failure not reported")
48 if expected and expected not in ev:
49 raise Exception("Unexpected result: " + ev)
50
51 def test_dpp_qr_code_parsing(dev, apdev):
52 """DPP QR Code parsing"""
53 check_dpp_capab(dev[0])
54 id = []
55
56 tests = ["DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
57 "DPP:C:81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13,82/14,83/1,83/2,83/3,83/4,83/5,83/6,83/7,83/8,83/9,84/5,84/6,84/7,84/8,84/9,84/10,84/11,84/12,84/13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
58 "DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
59 "DPP:I:;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"]
60 for uri in tests:
61 id.append(dev[0].dpp_qr_code(uri))
62
63 uri2 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id[-1])
64 if uri != uri2:
65 raise Exception("Returned URI does not match")
66
67 tests = ["foo",
68 "DPP:",
69 "DPP:;;",
70 "DPP:C:1/2;M:;K;;",
71 "DPP:I:;M:01020304050;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
72 "DPP:K:" + base64.b64encode(b"hello").decode() + ";;",
73 "DPP:K:MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
74 "DPP:K:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANNZaZA4T/kRDjnmpI1ACOJhAuTIIEk2KFOpS6XPpGF+EVr/ao3XemkE0/nzXmGaLzLqTUCJknSdxTnVPeWfCVsCAwEAAQ==;;",
75 "DPP:K:MIIBCjCB0wYHKoZIzj0CATCBxwIBATAkBgcqhkjOPQEBAhkA/////////////////////v//////////MEsEGP////////////////////7//////////AQYZCEFGeWcgOcPp+mrciQwSf643uzBRrmxAxUAMEWub8hCL2TtV5Uo04Eg6uEhltUEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
76 "DPP:I:foo\tbar;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
77 "DPP:C:1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
78 "DPP:C:81/1a;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
79 "DPP:C:1/2000,81/-1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
80 "DPP:C:-1/1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;"]
81 for t in tests:
82 res = dev[0].request("DPP_QR_CODE " + t)
83 if "FAIL" not in res:
84 raise Exception("Accepted invalid QR Code: " + t)
85
86 logger.info("ID: " + str(id))
87 if id[0] == id[1] or id[0] == id[2] or id[1] == id[2]:
88 raise Exception("Duplicate ID returned")
89
90 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_REMOVE 12345678"):
91 raise Exception("DPP_BOOTSTRAP_REMOVE accepted unexpectedly")
92 if "OK" not in dev[0].request("DPP_BOOTSTRAP_REMOVE %d" % id[1]):
93 raise Exception("DPP_BOOTSTRAP_REMOVE failed")
94
95 id = dev[0].dpp_bootstrap_gen()
96 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
97 logger.info("Generated URI: " + uri)
98
99 dev[0].dpp_qr_code(uri)
100
101 id = dev[0].dpp_bootstrap_gen(chan="81/1,115/36", mac="010203040506",
102 info="foo")
103 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
104 logger.info("Generated URI: " + uri)
105
106 dev[0].dpp_qr_code(uri)
107
108 def test_dpp_qr_code_parsing_fail(dev, apdev):
109 """DPP QR Code parsing local failure"""
110 check_dpp_capab(dev[0])
111 with alloc_fail(dev[0], 1, "dpp_parse_uri_info"):
112 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
113 raise Exception("DPP_QR_CODE failure not reported")
114
115 with alloc_fail(dev[0], 1, "dpp_parse_uri_pk"):
116 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
117 raise Exception("DPP_QR_CODE failure not reported")
118
119 with fail_test(dev[0], 1, "dpp_parse_uri_pk"):
120 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
121 raise Exception("DPP_QR_CODE failure not reported")
122
123 with alloc_fail(dev[0], 1, "dpp_parse_uri"):
124 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
125 raise Exception("DPP_QR_CODE failure not reported")
126
127 dpp_key_p256 = "30570201010420777fc55dc51e967c10ec051b91d860b5f1e6c934e48d5daffef98d032c64b170a00a06082a8648ce3d030107a124032200020c804188c7f85beb6e91070d2b3e5e39b90ca77b4d3c5251bc1844d6ca29dcad"
128 dpp_key_p384 = "307402010104302f56fdd83b5345cacb630eb7c22fa5ad5daba37307c95191e2a75756d137003bd8b32dbcb00eb5650c1eb499ecfcaec0a00706052b81040022a13403320003615ec2141b5b77aebb6523f8a012755f9a34405a8398d2ceeeebca7f5ce868bf55056cba4c4ec62fad3ed26dd29e0f23"
129 dpp_key_p521 = "308198020101044200c8010d5357204c252551aaf4e210343111e503fd1dc615b257058997c49b6b643c975226e93be8181cca3d83a7072defd161dfbdf433c19abe1f2ad51867a05761a00706052b81040023a1460344000301cdf3608b1305fe34a1f976095dcf001182b9973354efe156291a66830292f9babd8f412ad462958663e7a75d1d0610abdfc3dd95d40669f7ab3bc001668cfb3b7c"
130 dpp_key_bp256 = "3058020101042057133a676fb60bf2a3e6797e19833c7b0f89dc192ab99ab5fa377ae23a157765a00b06092b2403030208010107a12403220002945d9bf7ce30c9c1ac0ff21ca62b984d5bb80ff69d2be8c9716ab39a10d2caf0"
131 dpp_key_bp384 = "307802010104304902df9f3033a9b7128554c0851dc7127c3573eed150671dae74c0013e9896a9b1c22b6f7d43d8a2ebb7cd474dc55039a00b06092b240303020801010ba13403320003623cb5e68787f351faababf3425161571560add2e6f9a306fcbffb507735bf955bb46dd20ba246b0d5cadce73e5bd6a6"
132 dpp_key_bp512 = "30819802010104405803494226eb7e50bf0e90633f37e7e35d33f5fa502165eeba721d927f9f846caf12e925701d18e123abaaaf4a7edb4fc4de21ce18bc10c4d12e8b3439f74e40a00b06092b240303020801010da144034200033b086ccd47486522d35dc16fbb2229642c2e9e87897d45abbf21f9fb52acb5a6272b31d1b227c3e53720769cc16b4cb181b26cd0d35fe463218aaedf3b6ec00a"
133
134 def test_dpp_qr_code_curves(dev, apdev):
135 """DPP QR Code and supported curves"""
136 check_dpp_capab(dev[0])
137 tests = [("prime256v1", dpp_key_p256),
138 ("secp384r1", dpp_key_p384),
139 ("secp521r1", dpp_key_p521)]
140 for curve, hex in tests:
141 id = dev[0].dpp_bootstrap_gen(key=hex)
142 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
143 if "FAIL" in info:
144 raise Exception("Failed to get info for " + curve)
145 if "curve=" + curve not in info:
146 raise Exception("Curve mismatch for " + curve)
147
148 def test_dpp_qr_code_curves_brainpool(dev, apdev):
149 """DPP QR Code and supported Brainpool curves"""
150 check_dpp_capab(dev[0], brainpool=True)
151 tests = [("brainpoolP256r1", dpp_key_bp256),
152 ("brainpoolP384r1", dpp_key_bp384),
153 ("brainpoolP512r1", dpp_key_bp512)]
154 for curve, hex in tests:
155 id = dev[0].dpp_bootstrap_gen(key=hex)
156 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
157 if "FAIL" in info:
158 raise Exception("Failed to get info for " + curve)
159 if "curve=" + curve not in info:
160 raise Exception("Curve mismatch for " + curve)
161
162 def test_dpp_qr_code_unsupported_curve(dev, apdev):
163 """DPP QR Code and unsupported curve"""
164 check_dpp_capab(dev[0])
165
166 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode curve=unsupported")
167 if "FAIL" not in id:
168 raise Exception("Unsupported curve accepted")
169
170 tests = ["30",
171 "305f02010104187f723ed9e1b41979ec5cd02eb82696efc76b40e277661049a00a06082a8648ce3d030101a134033200043f292614dea97c43f500f069e79ae9fb48f8b07369180de5eec8fa2bc9eea5af7a46dc335f52f10cb1c0e9464201d41b"]
172 for hex in tests:
173 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex)
174 if "FAIL" not in id:
175 raise Exception("Unsupported/invalid curve accepted")
176
177 def test_dpp_qr_code_keygen_fail(dev, apdev):
178 """DPP QR Code and keygen failure"""
179 check_dpp_capab(dev[0])
180
181 with alloc_fail(dev[0], 1, "dpp_bootstrap_key_der;dpp_keygen"):
182 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
183 raise Exception("Failure not reported")
184
185 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen"):
186 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
187 raise Exception("Failure not reported")
188
189 def test_dpp_qr_code_curve_select(dev, apdev):
190 """DPP QR Code and curve selection"""
191 check_dpp_capab(dev[0], brainpool=True)
192 check_dpp_capab(dev[1], brainpool=True)
193
194 bi = []
195 for key in [dpp_key_p256, dpp_key_p384, dpp_key_p521,
196 dpp_key_bp256, dpp_key_bp384, dpp_key_bp512]:
197 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, key=key)
198 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
199 for i in info.splitlines():
200 if '=' in i:
201 name, val = i.split('=')
202 if name == "curve":
203 curve = val
204 break
205 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
206 bi.append((curve, uri))
207
208 for curve, uri in bi:
209 logger.info("Curve: " + curve)
210 logger.info("URI: " + uri)
211
212 dev[0].dpp_listen(2412)
213 dev[1].dpp_auth_init(uri=uri)
214 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
215 allow_enrollee_failure=True, stop_responder=True,
216 stop_initiator=True)
217
218 def test_dpp_qr_code_auth_broadcast(dev, apdev):
219 """DPP QR Code and authentication exchange (broadcast)"""
220 check_dpp_capab(dev[0])
221 check_dpp_capab(dev[1])
222 logger.info("dev0 displays QR Code")
223 id0 = dev[0].dpp_bootstrap_gen(chan="81/1")
224 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
225 logger.info("dev1 scans QR Code and initiates DPP Authentication")
226 dev[0].dpp_listen(2412)
227 dev[1].dpp_auth_init(uri=uri0)
228 wait_auth_success(dev[0], dev[1], stop_responder=True)
229
230 def test_dpp_qr_code_auth_unicast(dev, apdev):
231 """DPP QR Code and authentication exchange (unicast)"""
232 run_dpp_qr_code_auth_unicast(dev, apdev, None)
233
234 def test_dpp_qr_code_auth_unicast_ap_enrollee(dev, apdev):
235 """DPP QR Code and authentication exchange (AP enrollee)"""
236 run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="ap")
237
238 def test_dpp_qr_code_curve_prime256v1(dev, apdev):
239 """DPP QR Code and curve prime256v1"""
240 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1")
241
242 def test_dpp_qr_code_curve_secp384r1(dev, apdev):
243 """DPP QR Code and curve secp384r1"""
244 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1")
245
246 def test_dpp_qr_code_curve_secp521r1(dev, apdev):
247 """DPP QR Code and curve secp521r1"""
248 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1")
249
250 def test_dpp_qr_code_curve_brainpoolP256r1(dev, apdev):
251 """DPP QR Code and curve brainpoolP256r1"""
252 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP256r1")
253
254 def test_dpp_qr_code_curve_brainpoolP384r1(dev, apdev):
255 """DPP QR Code and curve brainpoolP384r1"""
256 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP384r1")
257
258 def test_dpp_qr_code_curve_brainpoolP512r1(dev, apdev):
259 """DPP QR Code and curve brainpoolP512r1"""
260 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP512r1")
261
262 def test_dpp_qr_code_set_key(dev, apdev):
263 """DPP QR Code and fixed bootstrapping key"""
264 run_dpp_qr_code_auth_unicast(dev, apdev, None, key="30770201010420e5143ac74682cc6869a830e8f5301a5fa569130ac329b1d7dd6f2a7495dbcbe1a00a06082a8648ce3d030107a144034200045e13e167c33dbc7d85541e5509600aa8139bbb3e39e25898992c5d01be92039ee2850f17e71506ded0d6b25677441eae249f8e225c68dd15a6354dca54006383")
265
266 def run_dpp_qr_code_auth_unicast(dev, apdev, curve, netrole=None, key=None,
267 require_conf_success=False, init_extra=None,
268 require_conf_failure=False,
269 configurator=False, conf_curve=None):
270 check_dpp_capab(dev[0], curve and "brainpool" in curve)
271 check_dpp_capab(dev[1], curve and "brainpool" in curve)
272 if configurator:
273 conf_id = dev[1].dpp_configurator_add(curve=conf_curve)
274 else:
275 conf_id = None
276
277 logger.info("dev0 displays QR Code")
278 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve, key=key)
279 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
280
281 logger.info("dev1 scans QR Code and initiates DPP Authentication")
282 dev[0].dpp_listen(2412, netrole=netrole)
283 dev[1].dpp_auth_init(uri=uri0, extra=init_extra, configurator=conf_id)
284 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
285 allow_enrollee_failure=True,
286 allow_configurator_failure=not require_conf_success,
287 require_configurator_failure=require_conf_failure,
288 stop_responder=True)
289
290 def test_dpp_qr_code_auth_mutual(dev, apdev):
291 """DPP QR Code and authentication exchange (mutual)"""
292 check_dpp_capab(dev[0])
293 check_dpp_capab(dev[1])
294 logger.info("dev0 displays QR Code")
295 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
296 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
297
298 logger.info("dev1 displays QR Code")
299 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
300 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
301
302 logger.info("dev0 scans QR Code")
303 id0b = dev[0].dpp_qr_code(uri1b)
304
305 logger.info("dev1 scans QR Code and initiates DPP Authentication")
306 dev[0].dpp_listen(2412)
307 dev[1].dpp_auth_init(uri=uri0, own=id1b)
308
309 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
310 if ev is None:
311 raise Exception("DPP authentication direction not indicated (Initiator)")
312 if "mutual=1" not in ev:
313 raise Exception("Mutual authentication not used")
314
315 wait_auth_success(dev[0], dev[1], stop_responder=True)
316
317 def test_dpp_qr_code_auth_mutual2(dev, apdev):
318 """DPP QR Code and authentication exchange (mutual2)"""
319 check_dpp_capab(dev[0])
320 check_dpp_capab(dev[1])
321 logger.info("dev0 displays QR Code")
322 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
323 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
324
325 logger.info("dev1 displays QR Code")
326 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
327 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
328
329 logger.info("dev1 scans QR Code and initiates DPP Authentication")
330 dev[0].dpp_listen(2412, qr="mutual")
331 dev[1].dpp_auth_init(uri=uri0, own=id1b)
332
333 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
334 if ev is None:
335 raise Exception("Pending response not reported")
336 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
337 if ev is None:
338 raise Exception("QR Code scan for mutual authentication not requested")
339
340 logger.info("dev0 scans QR Code")
341 id0b = dev[0].dpp_qr_code(uri1b)
342
343 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
344 if ev is None:
345 raise Exception("DPP authentication direction not indicated (Initiator)")
346 if "mutual=1" not in ev:
347 raise Exception("Mutual authentication not used")
348
349 wait_auth_success(dev[0], dev[1], stop_responder=True)
350
351 def test_dpp_qr_code_auth_mutual_p_256(dev, apdev):
352 """DPP QR Code and authentication exchange (mutual, autogen P-256)"""
353 run_dpp_qr_code_auth_mutual(dev, apdev, "P-256")
354
355 def test_dpp_qr_code_auth_mutual_p_384(dev, apdev):
356 """DPP QR Code and authentication exchange (mutual, autogen P-384)"""
357 run_dpp_qr_code_auth_mutual(dev, apdev, "P-384")
358
359 def test_dpp_qr_code_auth_mutual_p_521(dev, apdev):
360 """DPP QR Code and authentication exchange (mutual, autogen P-521)"""
361 run_dpp_qr_code_auth_mutual(dev, apdev, "P-521")
362
363 def test_dpp_qr_code_auth_mutual_bp_256(dev, apdev):
364 """DPP QR Code and authentication exchange (mutual, autogen BP-256)"""
365 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-256")
366
367 def test_dpp_qr_code_auth_mutual_bp_384(dev, apdev):
368 """DPP QR Code and authentication exchange (mutual, autogen BP-384)"""
369 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-384")
370
371 def test_dpp_qr_code_auth_mutual_bp_512(dev, apdev):
372 """DPP QR Code and authentication exchange (mutual, autogen BP-512)"""
373 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-512")
374
375 def run_dpp_qr_code_auth_mutual(dev, apdev, curve):
376 check_dpp_capab(dev[0], curve and "BP-" in curve)
377 check_dpp_capab(dev[1], curve and "BP-" in curve)
378 logger.info("dev0 displays QR Code")
379 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
380 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
381 logger.info("dev1 scans QR Code and initiates DPP Authentication")
382 dev[0].dpp_listen(2412, qr="mutual")
383 dev[1].dpp_auth_init(uri=uri0)
384
385 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
386 if ev is None:
387 raise Exception("Pending response not reported")
388 uri = ev.split(' ')[1]
389
390 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
391 if ev is None:
392 raise Exception("QR Code scan for mutual authentication not requested")
393
394 logger.info("dev0 scans QR Code")
395 dev[0].dpp_qr_code(uri)
396
397 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
398 if ev is None:
399 raise Exception("DPP authentication direction not indicated (Initiator)")
400 if "mutual=1" not in ev:
401 raise Exception("Mutual authentication not used")
402
403 wait_auth_success(dev[0], dev[1], stop_responder=True)
404
405 def test_dpp_auth_resp_retries(dev, apdev):
406 """DPP Authentication Response retries"""
407 check_dpp_capab(dev[0])
408 check_dpp_capab(dev[1])
409 dev[0].set("dpp_resp_max_tries", "3")
410 dev[0].set("dpp_resp_retry_time", "100")
411
412 logger.info("dev0 displays QR Code")
413 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
414 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
415 logger.info("dev1 displays QR Code")
416 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
417 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
418 logger.info("dev1 scans QR Code and initiates DPP Authentication")
419 dev[0].dpp_listen(2412, qr="mutual")
420 dev[1].dpp_auth_init(uri=uri0, own=id1b)
421
422 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
423 if ev is None:
424 raise Exception("Pending response not reported")
425 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
426 if ev is None:
427 raise Exception("QR Code scan for mutual authentication not requested")
428
429 # Stop Initiator from listening to frames to force retransmission of the
430 # DPP Authentication Response frame with Status=0
431 dev[1].request("DPP_STOP_LISTEN")
432
433 dev[1].dump_monitor()
434 dev[0].dump_monitor()
435
436 logger.info("dev0 scans QR Code")
437 id0b = dev[0].dpp_qr_code(uri1b)
438
439 ev = dev[0].wait_event(["DPP-TX"], timeout=5)
440 if ev is None or "type=1" not in ev:
441 raise Exception("DPP Authentication Response not sent")
442 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
443 if ev is None:
444 raise Exception("TX status for DPP Authentication Response not reported")
445 if "result=no-ACK" not in ev:
446 raise Exception("Unexpected TX status for Authentication Response: " + ev)
447
448 ev = dev[0].wait_event(["DPP-TX"], timeout=15)
449 if ev is None or "type=1" not in ev:
450 raise Exception("DPP Authentication Response retransmission not sent")
451
452 def test_dpp_qr_code_auth_mutual_not_used(dev, apdev):
453 """DPP QR Code and authentication exchange (mutual not used)"""
454 check_dpp_capab(dev[0])
455 check_dpp_capab(dev[1])
456 logger.info("dev0 displays QR Code")
457 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
458 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
459 logger.info("dev1 displays QR Code")
460 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
461 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
462 logger.info("dev0 does not scan QR Code")
463 logger.info("dev1 scans QR Code and initiates DPP Authentication")
464 dev[0].dpp_listen(2412)
465 dev[1].dpp_auth_init(uri=uri0, own=id1b)
466
467 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
468 if ev is None:
469 raise Exception("DPP authentication direction not indicated (Initiator)")
470 if "mutual=0" not in ev:
471 raise Exception("Mutual authentication not used")
472
473 wait_auth_success(dev[0], dev[1], stop_responder=True)
474
475 def test_dpp_qr_code_auth_mutual_curve_mismatch(dev, apdev):
476 """DPP QR Code and authentication exchange (mutual/mismatch)"""
477 check_dpp_capab(dev[0])
478 check_dpp_capab(dev[1])
479 logger.info("dev0 displays QR Code")
480 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
481 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
482 logger.info("dev1 displays QR Code")
483 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve="secp384r1")
484 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
485 logger.info("dev0 scans QR Code")
486 id0b = dev[0].dpp_qr_code(uri1b)
487 logger.info("dev1 scans QR Code")
488 dev[1].dpp_auth_init(uri=uri0, own=id1b, expect_fail=True)
489
490 def test_dpp_qr_code_auth_hostapd_mutual2(dev, apdev):
491 """DPP QR Code and authentication exchange (hostapd mutual2)"""
492 check_dpp_capab(dev[0])
493 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
494 check_dpp_capab(hapd)
495 logger.info("AP displays QR Code")
496 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
497 uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
498 logger.info("dev0 displays QR Code")
499 id0b = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
500 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b)
501 logger.info("dev0 scans QR Code and initiates DPP Authentication")
502 hapd.dpp_listen(2412, qr="mutual")
503 dev[0].dpp_auth_init(uri=uri_h, own=id0b)
504
505 ev = dev[0].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
506 if ev is None:
507 raise Exception("Pending response not reported")
508 ev = hapd.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
509 if ev is None:
510 raise Exception("QR Code scan for mutual authentication not requested")
511
512 logger.info("AP scans QR Code")
513 hapd.dpp_qr_code(uri0)
514
515 wait_auth_success(hapd, dev[0], stop_responder=True)
516
517 def test_dpp_qr_code_listen_continue(dev, apdev):
518 """DPP QR Code and listen operation needing continuation"""
519 check_dpp_capab(dev[0])
520 check_dpp_capab(dev[1])
521 logger.info("dev0 displays QR Code")
522 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
523 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
524 dev[0].dpp_listen(2412)
525 logger.info("Wait for listen to expire and get restarted")
526 time.sleep(5.5)
527 logger.info("dev1 scans QR Code and initiates DPP Authentication")
528 dev[1].dpp_auth_init(uri=uri0)
529 wait_auth_success(dev[0], dev[1], stop_responder=True)
530
531 def test_dpp_qr_code_auth_initiator_enrollee(dev, apdev):
532 """DPP QR Code and authentication exchange (Initiator in Enrollee role)"""
533 try:
534 run_dpp_qr_code_auth_initiator_enrollee(dev, apdev)
535 finally:
536 dev[0].set("gas_address3", "0")
537 dev[1].set("gas_address3", "0")
538
539 def run_dpp_qr_code_auth_initiator_enrollee(dev, apdev):
540 check_dpp_capab(dev[0])
541 check_dpp_capab(dev[1])
542 dev[0].request("SET gas_address3 1")
543 dev[1].request("SET gas_address3 1")
544 logger.info("dev0 displays QR Code")
545 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
546 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
547 logger.info("dev1 scans QR Code and initiates DPP Authentication")
548 dev[0].dpp_listen(2412)
549 dev[1].dpp_auth_init(uri=uri0, role="enrollee")
550 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1],
551 allow_enrollee_failure=True, stop_responder=True)
552
553 def test_dpp_qr_code_auth_initiator_either_1(dev, apdev):
554 """DPP QR Code and authentication exchange (Initiator in either role)"""
555 run_dpp_qr_code_auth_initiator_either(dev, apdev, None, dev[1], dev[0])
556
557 def test_dpp_qr_code_auth_initiator_either_2(dev, apdev):
558 """DPP QR Code and authentication exchange (Initiator in either role)"""
559 run_dpp_qr_code_auth_initiator_either(dev, apdev, "enrollee",
560 dev[1], dev[0])
561
562 def test_dpp_qr_code_auth_initiator_either_3(dev, apdev):
563 """DPP QR Code and authentication exchange (Initiator in either role)"""
564 run_dpp_qr_code_auth_initiator_either(dev, apdev, "configurator",
565 dev[0], dev[1])
566
567 def run_dpp_qr_code_auth_initiator_either(dev, apdev, resp_role,
568 conf_dev, enrollee_dev):
569 check_dpp_capab(dev[0])
570 check_dpp_capab(dev[1])
571 logger.info("dev0 displays QR Code")
572 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
573 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
574 logger.info("dev1 scans QR Code and initiates DPP Authentication")
575 dev[0].dpp_listen(2412, role=resp_role)
576 dev[1].dpp_auth_init(uri=uri0, role="either")
577 wait_auth_success(dev[0], dev[1], configurator=conf_dev,
578 enrollee=enrollee_dev, allow_enrollee_failure=True,
579 stop_responder=True)
580
581 def run_init_incompatible_roles(dev, role="enrollee"):
582 check_dpp_capab(dev[0])
583 check_dpp_capab(dev[1])
584 logger.info("dev0 displays QR Code")
585 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
586 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
587
588 logger.info("dev1 scans QR Code")
589 id1 = dev[1].dpp_qr_code(uri0)
590
591 logger.info("dev1 initiates DPP Authentication")
592 dev[0].dpp_listen(2412, role=role)
593 return id1
594
595 def test_dpp_qr_code_auth_incompatible_roles(dev, apdev):
596 """DPP QR Code and authentication exchange (incompatible roles)"""
597 id1 = run_init_incompatible_roles(dev)
598 dev[1].dpp_auth_init(peer=id1, role="enrollee")
599 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
600 if ev is None:
601 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
602 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
603 if ev is None:
604 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
605 dev[1].dpp_auth_init(peer=id1, role="configurator")
606 wait_auth_success(dev[0], dev[1], stop_responder=True)
607
608 def test_dpp_qr_code_auth_incompatible_roles2(dev, apdev):
609 """DPP QR Code and authentication exchange (incompatible roles 2)"""
610 id1 = run_init_incompatible_roles(dev, role="configurator")
611 dev[1].dpp_auth_init(peer=id1, role="configurator")
612 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
613 if ev is None:
614 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
615 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
616 if ev is None:
617 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
618
619 def test_dpp_qr_code_auth_incompatible_roles_failure(dev, apdev):
620 """DPP QR Code and authentication exchange (incompatible roles failure)"""
621 id1 = run_init_incompatible_roles(dev, role="configurator")
622 with alloc_fail(dev[0], 1, "dpp_auth_build_resp_status"):
623 dev[1].dpp_auth_init(peer=id1, role="configurator")
624 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
625 if ev is None:
626 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
627
628 def test_dpp_qr_code_auth_incompatible_roles_failure2(dev, apdev):
629 """DPP QR Code and authentication exchange (incompatible roles failure 2)"""
630 id1 = run_init_incompatible_roles(dev, role="configurator")
631 with alloc_fail(dev[1], 1, "dpp_auth_resp_rx_status"):
632 dev[1].dpp_auth_init(peer=id1, role="configurator")
633 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL")
634
635 def test_dpp_qr_code_auth_incompatible_roles_failure3(dev, apdev):
636 """DPP QR Code and authentication exchange (incompatible roles failure 3)"""
637 id1 = run_init_incompatible_roles(dev, role="configurator")
638 with fail_test(dev[1], 1, "dpp_auth_resp_rx_status"):
639 dev[1].dpp_auth_init(peer=id1, role="configurator")
640 wait_dpp_fail(dev[1], "AES-SIV decryption failed")
641
642 def test_dpp_qr_code_auth_neg_chan(dev, apdev):
643 """DPP QR Code and authentication exchange with requested different channel"""
644 check_dpp_capab(dev[0])
645 check_dpp_capab(dev[1])
646 conf_id = dev[1].dpp_configurator_add()
647 logger.info("dev0 displays QR Code")
648 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
649 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
650 logger.info("dev1 scans QR Code and initiates DPP Authentication")
651 dev[0].dpp_listen(2412)
652 dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", neg_freq=2462,
653 configurator=conf_id)
654
655 ev = dev[1].wait_event(["DPP-TX"], timeout=5)
656 if ev is None:
657 raise Exception("DPP Authentication Request not sent")
658 if "freq=2412 type=0" not in ev:
659 raise Exception("Unexpected TX data for Authentication Request: " + ev)
660
661 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
662 if ev is None:
663 raise Exception("DPP Authentication Request not received")
664 if "freq=2412 type=0" not in ev:
665 raise Exception("Unexpected RX data for Authentication Request: " + ev)
666
667 ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
668 if ev is None:
669 raise Exception("TX status for DPP Authentication Request not reported")
670 if "freq=2412 result=SUCCESS" not in ev:
671 raise Exception("Unexpected TX status for Authentication Request: " + ev)
672
673 ev = dev[0].wait_event(["DPP-TX"], timeout=5)
674 if ev is None:
675 raise Exception("DPP Authentication Response not sent")
676 if "freq=2462 type=1" not in ev:
677 raise Exception("Unexpected TX data for Authentication Response: " + ev)
678
679 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
680 if ev is None:
681 raise Exception("DPP Authentication Response not received")
682 if "freq=2462 type=1" not in ev:
683 raise Exception("Unexpected RX data for Authentication Response: " + ev)
684
685 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
686 if ev is None:
687 raise Exception("TX status for DPP Authentication Response not reported")
688 if "freq=2462 result=SUCCESS" not in ev:
689 raise Exception("Unexpected TX status for Authentication Response: " + ev)
690
691 ev = dev[1].wait_event(["DPP-TX"], timeout=5)
692 if ev is None:
693 raise Exception("DPP Authentication Confirm not sent")
694 if "freq=2462 type=2" not in ev:
695 raise Exception("Unexpected TX data for Authentication Confirm: " + ev)
696
697 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
698 if ev is None:
699 raise Exception("DPP Authentication Confirm not received")
700 if "freq=2462 type=2" not in ev:
701 raise Exception("Unexpected RX data for Authentication Confirm: " + ev)
702
703 ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
704 if ev is None:
705 raise Exception("TX status for DPP Authentication Confirm not reported")
706 if "freq=2462 result=SUCCESS" not in ev:
707 raise Exception("Unexpected TX status for Authentication Confirm: " + ev)
708
709 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
710 stop_responder=True)
711
712 def test_dpp_config_legacy(dev, apdev):
713 """DPP Config Object for legacy network using passphrase"""
714 check_dpp_capab(dev[1])
715 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
716 dev[1].set("dpp_config_obj_override", conf)
717 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
718 require_conf_success=True)
719
720 def test_dpp_config_legacy_psk_hex(dev, apdev):
721 """DPP Config Object for legacy network using PSK"""
722 check_dpp_capab(dev[1])
723 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"' + 32*"12" + '"}}'
724 dev[1].set("dpp_config_obj_override", conf)
725 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
726 require_conf_success=True)
727
728 def test_dpp_config_fragmentation(dev, apdev):
729 """DPP Config Object for legacy network requiring fragmentation"""
730 check_dpp_capab(dev[1])
731 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
732 dev[1].set("dpp_config_obj_override", conf)
733 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
734 require_conf_success=True)
735
736 def test_dpp_config_legacy_gen(dev, apdev):
737 """Generate DPP Config Object for legacy network"""
738 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
739 init_extra="conf=sta-psk pass=%s" % binascii.hexlify(b"passphrase").decode(),
740 require_conf_success=True)
741
742 def test_dpp_config_legacy_gen_psk(dev, apdev):
743 """Generate DPP Config Object for legacy network (PSK)"""
744 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
745 init_extra="conf=sta-psk psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
746 require_conf_success=True)
747
748 def test_dpp_config_dpp_gen_prime256v1(dev, apdev):
749 """Generate DPP Config Object for DPP network (P-256)"""
750 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
751 init_extra="conf=sta-dpp",
752 require_conf_success=True,
753 configurator=True)
754
755 def test_dpp_config_dpp_gen_secp384r1(dev, apdev):
756 """Generate DPP Config Object for DPP network (P-384)"""
757 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
758 init_extra="conf=sta-dpp",
759 require_conf_success=True,
760 configurator=True)
761
762 def test_dpp_config_dpp_gen_secp521r1(dev, apdev):
763 """Generate DPP Config Object for DPP network (P-521)"""
764 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
765 init_extra="conf=sta-dpp",
766 require_conf_success=True,
767 configurator=True)
768
769 def test_dpp_config_dpp_gen_prime256v1_prime256v1(dev, apdev):
770 """Generate DPP Config Object for DPP network (P-256 + P-256)"""
771 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
772 init_extra="conf=sta-dpp",
773 require_conf_success=True,
774 configurator=True,
775 conf_curve="prime256v1")
776
777 def test_dpp_config_dpp_gen_prime256v1_secp384r1(dev, apdev):
778 """Generate DPP Config Object for DPP network (P-256 + P-384)"""
779 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
780 init_extra="conf=sta-dpp",
781 require_conf_success=True,
782 configurator=True,
783 conf_curve="secp384r1")
784
785 def test_dpp_config_dpp_gen_prime256v1_secp521r1(dev, apdev):
786 """Generate DPP Config Object for DPP network (P-256 + P-521)"""
787 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
788 init_extra="conf=sta-dpp",
789 require_conf_success=True,
790 configurator=True,
791 conf_curve="secp521r1")
792
793 def test_dpp_config_dpp_gen_secp384r1_prime256v1(dev, apdev):
794 """Generate DPP Config Object for DPP network (P-384 + P-256)"""
795 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
796 init_extra="conf=sta-dpp",
797 require_conf_success=True,
798 configurator=True,
799 conf_curve="prime256v1")
800
801 def test_dpp_config_dpp_gen_secp384r1_secp384r1(dev, apdev):
802 """Generate DPP Config Object for DPP network (P-384 + P-384)"""
803 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
804 init_extra="conf=sta-dpp",
805 require_conf_success=True,
806 configurator=True,
807 conf_curve="secp384r1")
808
809 def test_dpp_config_dpp_gen_secp384r1_secp521r1(dev, apdev):
810 """Generate DPP Config Object for DPP network (P-384 + P-521)"""
811 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
812 init_extra="conf=sta-dpp",
813 require_conf_success=True,
814 configurator=True,
815 conf_curve="secp521r1")
816
817 def test_dpp_config_dpp_gen_secp521r1_prime256v1(dev, apdev):
818 """Generate DPP Config Object for DPP network (P-521 + P-256)"""
819 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
820 init_extra="conf=sta-dpp",
821 require_conf_success=True,
822 configurator=True,
823 conf_curve="prime256v1")
824
825 def test_dpp_config_dpp_gen_secp521r1_secp384r1(dev, apdev):
826 """Generate DPP Config Object for DPP network (P-521 + P-384)"""
827 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
828 init_extra="conf=sta-dpp",
829 require_conf_success=True,
830 configurator=True,
831 conf_curve="secp384r1")
832
833 def test_dpp_config_dpp_gen_secp521r1_secp521r1(dev, apdev):
834 """Generate DPP Config Object for DPP network (P-521 + P-521)"""
835 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
836 init_extra="conf=sta-dpp",
837 require_conf_success=True,
838 configurator=True,
839 conf_curve="secp521r1")
840
841 def test_dpp_config_dpp_gen_expiry(dev, apdev):
842 """Generate DPP Config Object for DPP network with expiry value"""
843 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
844 init_extra="conf=sta-dpp expiry=%d" % (time.time() + 1000),
845 require_conf_success=True,
846 configurator=True)
847
848 def test_dpp_config_dpp_gen_expired_key(dev, apdev):
849 """Generate DPP Config Object for DPP network with expiry value"""
850 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
851 init_extra="conf=sta-dpp expiry=%d" % (time.time() - 10),
852 require_conf_failure=True,
853 configurator=True)
854
855 def test_dpp_config_dpp_override_prime256v1(dev, apdev):
856 """DPP Config Object override (P-256)"""
857 check_dpp_capab(dev[0])
858 check_dpp_capab(dev[1])
859 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}'
860 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
861 dev[1].set("dpp_config_obj_override", conf)
862 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
863 require_conf_success=True)
864
865 def test_dpp_config_dpp_override_secp384r1(dev, apdev):
866 """DPP Config Object override (P-384)"""
867 check_dpp_capab(dev[0])
868 check_dpp_capab(dev[1])
869 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJabi1iMndjbjRLM2pGQklkYmhGZkpVTHJTXzdESS0yMWxFQi02R3gxNjl3IiwiYWxnIjoiRVMzODQifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0zODQiLCJ4IjoickdrSGg1UUZsOUtfWjdqYUZkVVhmbThoY1RTRjM1b25Xb1NIRXVsbVNzWW9oX1RXZGpoRjhiVGdiS0ZRN2tBViIsInkiOiJBbU1QVDA5VmFENWpGdzMwTUFKQlp2VkZXeGNlVVlKLXR5blQ0bVJ5N0xOZWxhZ0dEWHpfOExaRlpOU2FaNUdLIn19.Yn_F7m-bbOQ5PlaYQJ9-1qsuqYQ6V-rAv8nWw1COKiCYwwbt3WFBJ8DljY0dPrlg5CHJC4saXwkytpI-CpELW1yUdzYb4Lrun07d20Eo_g10ICyOl5sqQCAUElKMe_Xr","csign":{"kty":"EC","crv":"P-384","x":"dmTyXXiPV2Y8a01fujL-jo08gvzyby23XmzOtzjAiujKQZZgPJsbhfEKrZDlc6ey","y":"H5Z0av5c7bqInxYb2_OOJdNiMhVf3zlcULR0516ZZitOY4U31KhL4wl4KGV7g2XW","kid":"Zn-b2wcn4K3jFBIdbhFfJULrS_7DI-21lEB-6Gx169w"}}}'
870 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
871 dev[1].set("dpp_config_obj_override", conf)
872 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
873 require_conf_success=True)
874
875 def test_dpp_config_dpp_override_secp521r1(dev, apdev):
876 """DPP Config Object override (P-521)"""
877 check_dpp_capab(dev[0])
878 check_dpp_capab(dev[1])
879 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJMZkhKY3hnV2ZKcG1uS2IwenZRT0F2VDB2b0ZKc0JjZnBmYzgxY3Y5ZXFnIiwiYWxnIjoiRVM1MTIifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC01MjEiLCJ4IjoiQVJlUFBrMFNISkRRR2NWbnlmM3lfbTlaQllHNjFJeElIbDN1NkdwRHVhMkU1WVd4TE1BSUtMMnZuUGtlSGFVRXljRmZaZlpYZ2JlNkViUUxMVkRVUm1VUSIsInkiOiJBWUtaYlNwUkFFNjJVYm9YZ2c1ZWRBVENzbEpzTlpwcm9RR1dUcW9Md04weXkzQkVoT3ZRZmZrOWhaR2lKZ295TzFobXFRRVRrS0pXb2tIYTBCQUpLSGZtIn19.ACEZLyPk13cM_OFScpLoCElQ2t1sxq5z2d_W_3_QslTQQe5SFiH_o8ycL4632YLAH4RV0gZcMKKRMtZdHgBYHjkzASDqgY-_aYN2SBmpfl8hw0YdDlUJWX3DJf-ofqNAlTbnGmhpSg69cEAhFn41Xgvx2MdwYcPVncxxESVOtWl5zNLK","csign":{"kty":"EC","crv":"P-521","x":"ADiOI_YJOAipEXHB-SpGl4KqokX8m8h3BVYCc8dgiwssZ061-nIIY3O1SIO6Re4Jjfy53RPgzDG6jitOgOGLtzZs","y":"AZKggKaQi0ExutSpJAU3-lqDV03sBQLA9C7KabfWoAn8qD6Vk4jU0WAJdt-wBBTF9o1nVuiqS2OxMVYrxN4lOz79","kid":"LfHJcxgWfJpmnKb0zvQOAvT0voFJsBcfpfc81cv9eqg"}}}'
880 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
881 dev[1].set("dpp_config_obj_override", conf)
882 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
883 require_conf_success=True)
884
885 def test_dpp_config_override_objects(dev, apdev):
886 """Generate DPP Config Object and override objects)"""
887 check_dpp_capab(dev[1])
888 discovery = '{\n"ssid":"mywifi"\n}'
889 groups = '[\n {"groupId":"home","netRole":"sta"},\n {"groupId":"cottage","netRole":"sta"}\n]'
890 dev[1].set("dpp_discovery_override", discovery)
891 dev[1].set("dpp_groups_override", groups)
892 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
893 init_extra="conf=sta-dpp",
894 require_conf_success=True,
895 configurator=True)
896
897 def build_conf_obj(kty="EC", crv="P-256",
898 x="W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s",
899 y="Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE",
900 kid="TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU",
901 prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}',
902 signed_connector=None,
903 no_signed_connector=False,
904 csign=True):
905 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{'
906 conf += '"akm":"dpp",'
907
908 if signed_connector:
909 conn = signed_connector
910 conf += '"signedConnector":"%s",' % conn
911 elif not no_signed_connector:
912 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
913 sign = "_sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A"
914 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
915 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=') + '.'
916 conn += sign
917 conf += '"signedConnector":"%s",' % conn
918
919 if csign:
920 conf += '"csign":{'
921 if kty:
922 conf += '"kty":"%s",' % kty
923 if crv:
924 conf += '"crv":"%s",' % crv
925 if x:
926 conf += '"x":"%s",' % x
927 if y:
928 conf += '"y":"%s",' % y
929 if kid:
930 conf += '"kid":"%s"' % kid
931 conf = conf.rstrip(',')
932 conf += '}'
933 else:
934 conf = conf.rstrip(',')
935
936 conf += '}}'
937
938 return conf
939
940 def run_dpp_config_error(dev, apdev, conf,
941 skip_net_access_key_mismatch=True):
942 check_dpp_capab(dev[0])
943 check_dpp_capab(dev[1])
944 if skip_net_access_key_mismatch:
945 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
946 dev[1].set("dpp_config_obj_override", conf)
947 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
948 require_conf_failure=True)
949
950 def test_dpp_config_jwk_error_no_kty(dev, apdev):
951 """DPP Config Object JWK error - no kty"""
952 run_dpp_config_error(dev, apdev, build_conf_obj(kty=None))
953
954 def test_dpp_config_jwk_error_unexpected_kty(dev, apdev):
955 """DPP Config Object JWK error - unexpected kty"""
956 run_dpp_config_error(dev, apdev, build_conf_obj(kty="unknown"))
957
958 def test_dpp_config_jwk_error_no_crv(dev, apdev):
959 """DPP Config Object JWK error - no crv"""
960 run_dpp_config_error(dev, apdev, build_conf_obj(crv=None))
961
962 def test_dpp_config_jwk_error_unsupported_crv(dev, apdev):
963 """DPP Config Object JWK error - unsupported curve"""
964 run_dpp_config_error(dev, apdev, build_conf_obj(crv="unsupported"))
965
966 def test_dpp_config_jwk_error_no_x(dev, apdev):
967 """DPP Config Object JWK error - no x"""
968 run_dpp_config_error(dev, apdev, build_conf_obj(x=None))
969
970 def test_dpp_config_jwk_error_invalid_x(dev, apdev):
971 """DPP Config Object JWK error - invalid x"""
972 run_dpp_config_error(dev, apdev, build_conf_obj(x="MTIz"))
973
974 def test_dpp_config_jwk_error_no_y(dev, apdev):
975 """DPP Config Object JWK error - no y"""
976 run_dpp_config_error(dev, apdev, build_conf_obj(y=None))
977
978 def test_dpp_config_jwk_error_invalid_y(dev, apdev):
979 """DPP Config Object JWK error - invalid y"""
980 run_dpp_config_error(dev, apdev, build_conf_obj(y="MTIz"))
981
982 def test_dpp_config_jwk_error_invalid_xy(dev, apdev):
983 """DPP Config Object JWK error - invalid x,y"""
984 conf = build_conf_obj(x="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY",
985 y="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY")
986 run_dpp_config_error(dev, apdev, conf)
987
988 def test_dpp_config_jwk_error_no_kid(dev, apdev):
989 """DPP Config Object JWK error - no kid"""
990 run_dpp_config_error(dev, apdev, build_conf_obj(kid=None))
991
992 def test_dpp_config_jws_error_prot_hdr_not_an_object(dev, apdev):
993 """DPP Config Object JWS error - protected header not an object"""
994 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr="1"))
995
996 def test_dpp_config_jws_error_prot_hdr_no_typ(dev, apdev):
997 """DPP Config Object JWS error - protected header - no typ"""
998 prot_hdr = '{"kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
999 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1000
1001 def test_dpp_config_jws_error_prot_hdr_unsupported_typ(dev, apdev):
1002 """DPP Config Object JWS error - protected header - unsupported typ"""
1003 prot_hdr = '{"typ":"unsupported","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1004 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1005
1006 def test_dpp_config_jws_error_prot_hdr_no_alg(dev, apdev):
1007 """DPP Config Object JWS error - protected header - no alg"""
1008 prot_hdr = '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}'
1009 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1010
1011 def test_dpp_config_jws_error_prot_hdr_unexpected_alg(dev, apdev):
1012 """DPP Config Object JWS error - protected header - unexpected alg"""
1013 prot_hdr = '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"unexpected"}'
1014 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1015
1016 def test_dpp_config_jws_error_prot_hdr_no_kid(dev, apdev):
1017 """DPP Config Object JWS error - protected header - no kid"""
1018 prot_hdr = '{"typ":"dppCon","alg":"ES256"}'
1019 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1020
1021 def test_dpp_config_jws_error_prot_hdr_unexpected_kid(dev, apdev):
1022 """DPP Config Object JWS error - protected header - unexpected kid"""
1023 prot_hdr = '{"typ":"dppCon","kid":"MTIz","alg":"ES256"}'
1024 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1025
1026 def test_dpp_config_signed_connector_error_no_dot_1(dev, apdev):
1027 """DPP Config Object signedConnector error - no dot(1)"""
1028 conn = "MTIz"
1029 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1030
1031 def test_dpp_config_signed_connector_error_no_dot_2(dev, apdev):
1032 """DPP Config Object signedConnector error - no dot(2)"""
1033 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz"
1034 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1035
1036 def test_dpp_config_signed_connector_error_unexpected_signature_len(dev, apdev):
1037 """DPP Config Object signedConnector error - unexpected signature length"""
1038 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTIz"
1039 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1040
1041 def test_dpp_config_signed_connector_error_invalid_signature_der(dev, apdev):
1042 """DPP Config Object signedConnector error - invalid signature DER"""
1043 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTI"
1044 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1045
1046 def test_dpp_config_no_csign(dev, apdev):
1047 """DPP Config Object error - no csign"""
1048 run_dpp_config_error(dev, apdev, build_conf_obj(csign=False))
1049
1050 def test_dpp_config_no_signed_connector(dev, apdev):
1051 """DPP Config Object error - no signedConnector"""
1052 run_dpp_config_error(dev, apdev, build_conf_obj(no_signed_connector=True))
1053
1054 def test_dpp_config_unexpected_signed_connector_char(dev, apdev):
1055 """DPP Config Object error - unexpected signedConnector character"""
1056 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector='a\nb'))
1057
1058 def test_dpp_config_root_not_an_object(dev, apdev):
1059 """DPP Config Object error - root not an object"""
1060 conf = "1"
1061 run_dpp_config_error(dev, apdev, conf)
1062
1063 def test_dpp_config_no_wi_fi_tech(dev, apdev):
1064 """DPP Config Object error - no wi-fi_tech"""
1065 conf = "{}"
1066 run_dpp_config_error(dev, apdev, conf)
1067
1068 def test_dpp_config_unsupported_wi_fi_tech(dev, apdev):
1069 """DPP Config Object error - unsupported wi-fi_tech"""
1070 conf = '{"wi-fi_tech":"unsupported"}'
1071 run_dpp_config_error(dev, apdev, conf)
1072
1073 def test_dpp_config_no_discovery(dev, apdev):
1074 """DPP Config Object error - no discovery"""
1075 conf = '{"wi-fi_tech":"infra"}'
1076 run_dpp_config_error(dev, apdev, conf)
1077
1078 def test_dpp_config_no_discovery_ssid(dev, apdev):
1079 """DPP Config Object error - no discovery::ssid"""
1080 conf = '{"wi-fi_tech":"infra","discovery":{}}'
1081 run_dpp_config_error(dev, apdev, conf)
1082
1083 def test_dpp_config_too_long_discovery_ssid(dev, apdev):
1084 """DPP Config Object error - too long discovery::ssid"""
1085 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"%s"}}' % (33*'A')
1086 run_dpp_config_error(dev, apdev, conf)
1087
1088 def test_dpp_config_no_cred(dev, apdev):
1089 """DPP Config Object error - no cred"""
1090 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"}}'
1091 run_dpp_config_error(dev, apdev, conf)
1092
1093 def test_dpp_config_no_cred_akm(dev, apdev):
1094 """DPP Config Object error - no cred::akm"""
1095 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{}}'
1096 run_dpp_config_error(dev, apdev, conf)
1097
1098 def test_dpp_config_unsupported_cred_akm(dev, apdev):
1099 """DPP Config Object error - unsupported cred::akm"""
1100 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"unsupported"}}'
1101 run_dpp_config_error(dev, apdev, conf)
1102
1103 def test_dpp_config_error_legacy_no_pass(dev, apdev):
1104 """DPP Config Object legacy error - no pass/psk"""
1105 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk"}}'
1106 run_dpp_config_error(dev, apdev, conf)
1107
1108 def test_dpp_config_error_legacy_too_short_pass(dev, apdev):
1109 """DPP Config Object legacy error - too short pass/psk"""
1110 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"1"}}'
1111 run_dpp_config_error(dev, apdev, conf)
1112
1113 def test_dpp_config_error_legacy_too_long_pass(dev, apdev):
1114 """DPP Config Object legacy error - too long pass/psk"""
1115 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"%s"}}' % (64*'A')
1116 run_dpp_config_error(dev, apdev, conf)
1117
1118 def test_dpp_config_error_legacy_psk_with_sae(dev, apdev):
1119 """DPP Config Object legacy error - psk_hex with SAE"""
1120 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"sae","psk_hex":"%s"}}' % (32*"12")
1121 run_dpp_config_error(dev, apdev, conf)
1122
1123 def test_dpp_config_error_legacy_no_pass_for_sae(dev, apdev):
1124 """DPP Config Object legacy error - no pass for SAE"""
1125 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk+sae","psk_hex":"%s"}}' % (32*"12")
1126 run_dpp_config_error(dev, apdev, conf)
1127
1128 def test_dpp_config_error_legacy_invalid_psk(dev, apdev):
1129 """DPP Config Object legacy error - invalid psk_hex"""
1130 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (32*"qa")
1131 run_dpp_config_error(dev, apdev, conf)
1132
1133 def test_dpp_config_error_legacy_too_short_psk(dev, apdev):
1134 """DPP Config Object legacy error - too short psk_hex"""
1135 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (31*"12")
1136 run_dpp_config_error(dev, apdev, conf)
1137
1138 def get_der_int_32(val):
1139 a, b = struct.unpack('BB', val[0:2])
1140 if a != 0x02:
1141 raise Exception("Invalid DER encoding of INTEGER")
1142 if b > len(val) - 2:
1143 raise Exception("Invalid length of INTEGER (truncated)")
1144 val = val[2:]
1145 if b == 32:
1146 r = val[0:32]
1147 elif b == 33:
1148 if val[0] != 0:
1149 raise Exception("Too large INTEGER (32)")
1150 r = val[1:33]
1151 elif b < 32:
1152 r = (32 - b) * b'\x00' + val[0:b]
1153 else:
1154 raise Exception("Invalid length of INTEGER (32): %d" % b)
1155 return r, val[b:]
1156
1157 def ecdsa_sign(pkey, message, alg="sha256"):
1158 sign = OpenSSL.crypto.sign(pkey, message, alg)
1159 logger.debug("sign=" + binascii.hexlify(sign).decode())
1160 a, b = struct.unpack('BB', sign[0:2])
1161 if a != 0x30:
1162 raise Exception("Invalid DER encoding of ECDSA signature")
1163 if b != len(sign) - 2:
1164 raise Exception("Invalid length of ECDSA signature")
1165 sign = sign[2:]
1166
1167 r, sign = get_der_int_32(sign)
1168 s, sign = get_der_int_32(sign)
1169 if len(sign) != 0:
1170 raise Exception("Extra data at the end of ECDSA signature")
1171
1172 logger.info("r=" + binascii.hexlify(r).decode())
1173 logger.info("s=" + binascii.hexlify(s).decode())
1174 raw_sign = r + s
1175 return base64.urlsafe_b64encode(raw_sign).decode().rstrip('=')
1176
1177 p256_priv_key = """-----BEGIN EC PRIVATE KEY-----
1178 MHcCAQEEIBVQij9ah629f1pu3tarDQGQvrzHgAkgYd1jHGiLxNajoAoGCCqGSM49
1179 AwEHoUQDQgAEAC9d2/JirKu72F2qLuv5jEFMD1Cqu9EiyGk7cOzn/2DJ51p2mEoW
1180 n03N6XRvTC+G7WPol9Ng97NAM2sK57+F/Q==
1181 -----END EC PRIVATE KEY-----"""
1182 p256_pub_key_x = binascii.unhexlify("002f5ddbf262acabbbd85daa2eebf98c414c0f50aabbd122c8693b70ece7ff60")
1183 p256_pub_key_y = binascii.unhexlify("c9e75a76984a169f4dcde9746f4c2f86ed63e897d360f7b340336b0ae7bf85fd")
1184
1185 def run_dpp_config_connector(dev, apdev, expiry=None, payload=None,
1186 skip_net_access_key_mismatch=True):
1187 if not openssl_imported:
1188 raise HwsimSkip("OpenSSL python method not available")
1189 pkey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
1190 p256_priv_key)
1191 x = base64.urlsafe_b64encode(p256_pub_key_x).decode().rstrip('=')
1192 y = base64.urlsafe_b64encode(p256_pub_key_y).decode().rstrip('=')
1193
1194 pubkey = b'\x04' + p256_pub_key_x + p256_pub_key_y
1195 kid = base64.urlsafe_b64encode(hashlib.sha256(pubkey).digest()).decode().rstrip('=')
1196
1197 prot_hdr = '{"typ":"dppCon","kid":"%s","alg":"ES256"}' % kid
1198
1199 if not payload:
1200 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}'
1201 if expiry:
1202 payload += ',"expiry":"%s"' % expiry
1203 payload += '}'
1204 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
1205 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=')
1206 sign = ecdsa_sign(pkey, conn)
1207 conn += '.' + sign
1208 run_dpp_config_error(dev, apdev,
1209 build_conf_obj(x=x, y=y, signed_connector=conn),
1210 skip_net_access_key_mismatch=skip_net_access_key_mismatch)
1211
1212 def test_dpp_config_connector_error_ext_sign(dev, apdev):
1213 """DPP Config Object connector error - external signature calculation"""
1214 run_dpp_config_connector(dev, apdev)
1215
1216 def test_dpp_config_connector_error_too_short_timestamp(dev, apdev):
1217 """DPP Config Object connector error - too short timestamp"""
1218 run_dpp_config_connector(dev, apdev, expiry="1")
1219
1220 def test_dpp_config_connector_error_invalid_timestamp(dev, apdev):
1221 """DPP Config Object connector error - invalid timestamp"""
1222 run_dpp_config_connector(dev, apdev, expiry=19*"1")
1223
1224 def test_dpp_config_connector_error_invalid_timestamp_date(dev, apdev):
1225 """DPP Config Object connector error - invalid timestamp date"""
1226 run_dpp_config_connector(dev, apdev, expiry="9999-99-99T99:99:99Z")
1227
1228 def test_dpp_config_connector_error_invalid_time_zone(dev, apdev):
1229 """DPP Config Object connector error - invalid time zone"""
1230 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00*")
1231
1232 def test_dpp_config_connector_error_invalid_time_zone_2(dev, apdev):
1233 """DPP Config Object connector error - invalid time zone 2"""
1234 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+")
1235
1236 def test_dpp_config_connector_error_expired_1(dev, apdev):
1237 """DPP Config Object connector error - expired 1"""
1238 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00")
1239
1240 def test_dpp_config_connector_error_expired_2(dev, apdev):
1241 """DPP Config Object connector error - expired 2"""
1242 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00Z")
1243
1244 def test_dpp_config_connector_error_expired_3(dev, apdev):
1245 """DPP Config Object connector error - expired 3"""
1246 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01")
1247
1248 def test_dpp_config_connector_error_expired_4(dev, apdev):
1249 """DPP Config Object connector error - expired 4"""
1250 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01:02")
1251
1252 def test_dpp_config_connector_error_expired_5(dev, apdev):
1253 """DPP Config Object connector error - expired 5"""
1254 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01")
1255
1256 def test_dpp_config_connector_error_expired_6(dev, apdev):
1257 """DPP Config Object connector error - expired 6"""
1258 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01:02")
1259
1260 def test_dpp_config_connector_error_no_groups(dev, apdev):
1261 """DPP Config Object connector error - no groups"""
1262 payload = '{"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1263 run_dpp_config_connector(dev, apdev, payload=payload)
1264
1265 def test_dpp_config_connector_error_empty_groups(dev, apdev):
1266 """DPP Config Object connector error - empty groups"""
1267 payload = '{"groups":[],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1268 run_dpp_config_connector(dev, apdev, payload=payload)
1269
1270 def test_dpp_config_connector_error_missing_group_id(dev, apdev):
1271 """DPP Config Object connector error - missing groupId"""
1272 payload = '{"groups":[{"netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1273 run_dpp_config_connector(dev, apdev, payload=payload)
1274
1275 def test_dpp_config_connector_error_missing_net_role(dev, apdev):
1276 """DPP Config Object connector error - missing netRole"""
1277 payload = '{"groups":[{"groupId":"*"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1278 run_dpp_config_connector(dev, apdev, payload=payload)
1279
1280 def test_dpp_config_connector_error_missing_net_access_key(dev, apdev):
1281 """DPP Config Object connector error - missing netAccessKey"""
1282 payload = '{"groups":[{"groupId":"*","netRole":"sta"}]}'
1283 run_dpp_config_connector(dev, apdev, payload=payload)
1284
1285 def test_dpp_config_connector_error_net_access_key_mismatch(dev, apdev):
1286 """DPP Config Object connector error - netAccessKey mismatch"""
1287 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1288 run_dpp_config_connector(dev, apdev, payload=payload,
1289 skip_net_access_key_mismatch=False)
1290
1291 def test_dpp_gas_timeout(dev, apdev):
1292 """DPP and GAS server timeout for a query"""
1293 check_dpp_capab(dev[0])
1294 check_dpp_capab(dev[1])
1295 logger.info("dev0 displays QR Code")
1296 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1297 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1298
1299 logger.info("dev1 scans QR Code and initiates DPP Authentication")
1300 dev[0].set("ext_mgmt_frame_handling", "1")
1301 dev[0].dpp_listen(2412)
1302
1303 # Force GAS fragmentation
1304 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
1305 dev[1].set("dpp_config_obj_override", conf)
1306
1307 dev[1].dpp_auth_init(uri=uri0)
1308
1309 # DPP Authentication Request
1310 msg = dev[0].mgmt_rx()
1311 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1312 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1313 raise Exception("MGMT_RX_PROCESS failed")
1314
1315 # DPP Authentication Confirmation
1316 msg = dev[0].mgmt_rx()
1317 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1318 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1319 raise Exception("MGMT_RX_PROCESS failed")
1320
1321 wait_auth_success(dev[0], dev[1])
1322
1323 # DPP Configuration Response (GAS Initial Response frame)
1324 msg = dev[0].mgmt_rx()
1325 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1326 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1327 raise Exception("MGMT_RX_PROCESS failed")
1328
1329 # GAS Comeback Response frame
1330 msg = dev[0].mgmt_rx()
1331 # Do not continue to force timeout on GAS server
1332
1333 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
1334 if ev is None:
1335 raise Exception("GAS result not reported (Enrollee)")
1336 if "result=TIMEOUT" not in ev:
1337 raise Exception("Unexpected GAS result (Enrollee): " + ev)
1338 dev[0].set("ext_mgmt_frame_handling", "0")
1339
1340 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=15)
1341 if ev is None:
1342 raise Exception("DPP configuration failure not reported (Configurator)")
1343
1344 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=1)
1345 if ev is None:
1346 raise Exception("DPP configuration failure not reported (Enrollee)")
1347
1348 def test_dpp_akm_sha256(dev, apdev):
1349 """DPP AKM (SHA256)"""
1350 run_dpp_akm(dev, apdev, 32)
1351
1352 def test_dpp_akm_sha384(dev, apdev):
1353 """DPP AKM (SHA384)"""
1354 run_dpp_akm(dev, apdev, 48)
1355
1356 def test_dpp_akm_sha512(dev, apdev):
1357 """DPP AKM (SHA512)"""
1358 run_dpp_akm(dev, apdev, 64)
1359
1360 def run_dpp_akm(dev, apdev, pmk_len):
1361 check_dpp_capab(dev[0])
1362 check_dpp_capab(dev[1])
1363 params = {"ssid": "dpp",
1364 "wpa": "2",
1365 "wpa_key_mgmt": "DPP",
1366 "rsn_pairwise": "CCMP",
1367 "ieee80211w": "2"}
1368 try:
1369 hapd = hostapd.add_ap(apdev[0], params)
1370 except:
1371 raise HwsimSkip("DPP not supported")
1372
1373 id = dev[0].connect("dpp", key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
1374 wait_connect=False)
1375 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=2)
1376 if not ev:
1377 raise Exception("Network mismatch not reported")
1378 dev[0].request("DISCONNECT")
1379 dev[0].dump_monitor()
1380
1381 bssid = hapd.own_addr()
1382 pmkid = 16*'11'
1383 akmp = 2**23
1384 pmk = pmk_len*'22'
1385 cmd = "PMKSA_ADD %d %s %s %s 30240 43200 %d 0" % (id, bssid, pmkid, pmk, akmp)
1386 if "OK" not in dev[0].request(cmd):
1387 raise Exception("PMKSA_ADD failed (wpa_supplicant)")
1388 dev[0].select_network(id, freq="2412")
1389 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=2)
1390 dev[0].request("DISCONNECT")
1391 dev[0].dump_monitor()
1392 if not ev:
1393 raise Exception("Association attempt was not rejected")
1394 if "status_code=53" not in ev:
1395 raise Exception("Unexpected status code: " + ev)
1396
1397 addr = dev[0].own_addr()
1398 cmd = "PMKSA_ADD %s %s %s 0 %d" % (addr, pmkid, pmk, akmp)
1399 if "OK" not in hapd.request(cmd):
1400 raise Exception("PMKSA_ADD failed (hostapd)")
1401
1402 dev[0].select_network(id, freq="2412")
1403 dev[0].wait_connected()
1404 val = dev[0].get_status_field("key_mgmt")
1405 if val != "DPP":
1406 raise Exception("Unexpected key_mgmt: " + val)
1407
1408 params1_csign = "3059301306072a8648ce3d020106082a8648ce3d03010703420004d02e5bd81a120762b5f0f2994777f5d40297238a6c294fd575cdf35fabec44c050a6421c401d98d659fd2ed13c961cc8287944dd3202f516977800d3ab2f39ee"
1409 params1_ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwOHF4TlNYRzRWemdCV3BjVUdNSmc1czNvbElOVFJsRVQ1aERpNkRKY3ZjIiwieSI6IlVhaGFYQXpKRVpRQk1YaHRUQnlZZVlrOWtJYjk5UDA3UV9NcW9TVVZTVEkifX0.a5_nfMVr7Qe1SW0ZL3u6oQRm5NUCYUSfixDAJOUFN3XUfECBZ6E8fm8xjeSfdOytgRidTz0CTlIRjzPQo82dmQ"
1410 params1_ap_netaccesskey = "30770201010420f6531d17f29dfab655b7c9e923478d5a345164c489aadd44a3519c3e9dcc792da00a06082a8648ce3d030107a14403420004d3cab13525c6e15ce0056a5c506309839b37a2520d4d19444f98438ba0c972f751a85a5c0cc911940131786d4c1c9879893d9086fdf4fd3b43f32aa125154932"
1411 params1_sta_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiZWMzR3NqQ3lQMzVBUUZOQUJJdEltQnN4WXVyMGJZX1dES1lfSE9zUGdjNCIsInkiOiJTRS1HVllkdWVnTFhLMU1TQXZNMEx2QWdLREpTNWoyQVhCbE9PMTdUSTRBIn19.PDK9zsGlK-e1pEOmNxVeJfCS8pNeay6ckIS1TXCQsR64AR-9wFPCNVjqOxWvVKltehyMFqVAtOcv0IrjtMJFqQ"
1412 params1_sta_netaccesskey = "30770201010420bc33380c26fd2168b69cd8242ed1df07ba89aa4813f8d4e8523de6ca3f8dd28ba00a06082a8648ce3d030107a1440342000479cdc6b230b23f7e40405340048b48981b3162eaf46d8fd60ca63f1ceb0f81ce484f8655876e7a02d72b531202f3342ef020283252e63d805c194e3b5ed32380"
1413
1414 def test_dpp_network_introduction(dev, apdev):
1415 """DPP network introduction"""
1416 check_dpp_capab(dev[0])
1417 check_dpp_capab(dev[1])
1418
1419 params = {"ssid": "dpp",
1420 "wpa": "2",
1421 "wpa_key_mgmt": "DPP",
1422 "ieee80211w": "2",
1423 "rsn_pairwise": "CCMP",
1424 "dpp_connector": params1_ap_connector,
1425 "dpp_csign": params1_csign,
1426 "dpp_netaccesskey": params1_ap_netaccesskey}
1427 try:
1428 hapd = hostapd.add_ap(apdev[0], params)
1429 except:
1430 raise HwsimSkip("DPP not supported")
1431
1432 id = dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
1433 ieee80211w="2",
1434 dpp_csign=params1_csign,
1435 dpp_connector=params1_sta_connector,
1436 dpp_netaccesskey=params1_sta_netaccesskey)
1437 val = dev[0].get_status_field("key_mgmt")
1438 if val != "DPP":
1439 raise Exception("Unexpected key_mgmt: " + val)
1440
1441 def test_dpp_and_sae_akm(dev, apdev):
1442 """DPP and SAE AKMs"""
1443 check_dpp_capab(dev[0])
1444 check_dpp_capab(dev[1])
1445 if "SAE" not in dev[1].get_capability("auth_alg"):
1446 raise HwsimSkip("SAE not supported")
1447
1448 params = {"ssid": "dpp+sae",
1449 "wpa": "2",
1450 "wpa_key_mgmt": "DPP SAE",
1451 "ieee80211w": "2",
1452 "rsn_pairwise": "CCMP",
1453 "sae_password": "sae-password",
1454 "dpp_connector": params1_ap_connector,
1455 "dpp_csign": params1_csign,
1456 "dpp_netaccesskey": params1_ap_netaccesskey}
1457 try:
1458 hapd = hostapd.add_ap(apdev[0], params)
1459 except:
1460 raise HwsimSkip("DPP not supported")
1461
1462 id = dev[0].connect("dpp+sae", key_mgmt="DPP", scan_freq="2412",
1463 ieee80211w="2",
1464 dpp_csign=params1_csign,
1465 dpp_connector=params1_sta_connector,
1466 dpp_netaccesskey=params1_sta_netaccesskey)
1467 val = dev[0].get_status_field("key_mgmt")
1468 if val != "DPP":
1469 raise Exception("Unexpected key_mgmt for DPP: " + val)
1470
1471 id = dev[1].connect("dpp+sae", key_mgmt="SAE", scan_freq="2412",
1472 ieee80211w="2", psk="sae-password")
1473 val = dev[1].get_status_field("key_mgmt")
1474 if val != "SAE":
1475 raise Exception("Unexpected key_mgmt for SAE: " + val)
1476
1477 def test_dpp_ap_config(dev, apdev):
1478 """DPP and AP configuration"""
1479 run_dpp_ap_config(dev, apdev)
1480
1481 def test_dpp_ap_config_p256_p256(dev, apdev):
1482 """DPP and AP configuration (P-256 + P-256)"""
1483 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-256")
1484
1485 def test_dpp_ap_config_p256_p384(dev, apdev):
1486 """DPP and AP configuration (P-256 + P-384)"""
1487 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-384")
1488
1489 def test_dpp_ap_config_p256_p521(dev, apdev):
1490 """DPP and AP configuration (P-256 + P-521)"""
1491 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-521")
1492
1493 def test_dpp_ap_config_p384_p256(dev, apdev):
1494 """DPP and AP configuration (P-384 + P-256)"""
1495 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-256")
1496
1497 def test_dpp_ap_config_p384_p384(dev, apdev):
1498 """DPP and AP configuration (P-384 + P-384)"""
1499 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-384")
1500
1501 def test_dpp_ap_config_p384_p521(dev, apdev):
1502 """DPP and AP configuration (P-384 + P-521)"""
1503 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-521")
1504
1505 def test_dpp_ap_config_p521_p256(dev, apdev):
1506 """DPP and AP configuration (P-521 + P-256)"""
1507 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-256")
1508
1509 def test_dpp_ap_config_p521_p384(dev, apdev):
1510 """DPP and AP configuration (P-521 + P-384)"""
1511 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-384")
1512
1513 def test_dpp_ap_config_p521_p521(dev, apdev):
1514 """DPP and AP configuration (P-521 + P-521)"""
1515 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-521")
1516
1517 def test_dpp_ap_config_bp256_bp256(dev, apdev):
1518 """DPP and AP configuration (BP-256 + BP-256)"""
1519 run_dpp_ap_config(dev, apdev, curve="BP-256", conf_curve="BP-256")
1520
1521 def test_dpp_ap_config_bp384_bp384(dev, apdev):
1522 """DPP and AP configuration (BP-384 + BP-384)"""
1523 run_dpp_ap_config(dev, apdev, curve="BP-384", conf_curve="BP-384")
1524
1525 def test_dpp_ap_config_bp512_bp512(dev, apdev):
1526 """DPP and AP configuration (BP-512 + BP-512)"""
1527 run_dpp_ap_config(dev, apdev, curve="BP-512", conf_curve="BP-512")
1528
1529 def test_dpp_ap_config_p256_bp256(dev, apdev):
1530 """DPP and AP configuration (P-256 + BP-256)"""
1531 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="BP-256")
1532
1533 def test_dpp_ap_config_bp256_p256(dev, apdev):
1534 """DPP and AP configuration (BP-256 + P-256)"""
1535 run_dpp_ap_config(dev, apdev, curve="BP-256", conf_curve="P-256")
1536
1537 def test_dpp_ap_config_p521_bp512(dev, apdev):
1538 """DPP and AP configuration (P-521 + BP-512)"""
1539 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="BP-512")
1540
1541 def test_dpp_ap_config_bp512_p521(dev, apdev):
1542 """DPP and AP configuration (BP-512 + P-521)"""
1543 run_dpp_ap_config(dev, apdev, curve="BP-512", conf_curve="P-521")
1544
1545 def test_dpp_ap_config_reconfig_configurator(dev, apdev):
1546 """DPP and AP configuration with Configurator reconfiguration"""
1547 run_dpp_ap_config(dev, apdev, reconf_configurator=True)
1548
1549 def update_hapd_config(hapd):
1550 ev = hapd.wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
1551 if ev is None:
1552 raise Exception("SSID not reported (AP)")
1553 ssid = ev.split(' ')[1]
1554
1555 ev = hapd.wait_event(["DPP-CONNECTOR"], timeout=1)
1556 if ev is None:
1557 raise Exception("Connector not reported (AP)")
1558 connector = ev.split(' ')[1]
1559
1560 ev = hapd.wait_event(["DPP-C-SIGN-KEY"], timeout=1)
1561 if ev is None:
1562 raise Exception("C-sign-key not reported (AP)")
1563 p = ev.split(' ')
1564 csign = p[1]
1565
1566 ev = hapd.wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
1567 if ev is None:
1568 raise Exception("netAccessKey not reported (AP)")
1569 p = ev.split(' ')
1570 net_access_key = p[1]
1571 net_access_key_expiry = p[2] if len(p) > 2 else None
1572
1573 logger.info("Update AP configuration to use key_mgmt=DPP")
1574 hapd.disable()
1575 hapd.set("ssid", ssid)
1576 hapd.set("wpa", "2")
1577 hapd.set("wpa_key_mgmt", "DPP")
1578 hapd.set("ieee80211w", "2")
1579 hapd.set("rsn_pairwise", "CCMP")
1580 hapd.set("dpp_connector", connector)
1581 hapd.set("dpp_csign", csign)
1582 hapd.set("dpp_netaccesskey", net_access_key)
1583 if net_access_key_expiry:
1584 hapd.set("dpp_netaccesskey_expiry", net_access_key_expiry)
1585 hapd.enable()
1586
1587 def run_dpp_ap_config(dev, apdev, curve=None, conf_curve=None,
1588 reconf_configurator=False):
1589 check_dpp_capab(dev[0])
1590 check_dpp_capab(dev[1])
1591 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
1592 check_dpp_capab(hapd)
1593
1594 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
1595 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
1596
1597 conf_id = dev[0].dpp_configurator_add(curve=conf_curve)
1598
1599 if reconf_configurator:
1600 csign = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
1601 if "FAIL" in csign or len(csign) == 0:
1602 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
1603
1604 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
1605 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd)
1606 update_hapd_config(hapd)
1607
1608 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
1609 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1610
1611 if reconf_configurator:
1612 dev[0].dpp_configurator_remove(conf_id)
1613 conf_id = dev[0].dpp_configurator_add(curve=conf_curve, key=csign)
1614
1615 dev[1].dpp_listen(2412)
1616 dev[0].dpp_auth_init(uri=uri1, conf="sta-dpp", configurator=conf_id)
1617 wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1],
1618 stop_responder=True)
1619
1620 ev = dev[1].wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
1621 if ev is None:
1622 raise Exception("SSID not reported")
1623 ssid = ev.split(' ')[1]
1624
1625 ev = dev[1].wait_event(["DPP-CONNECTOR"], timeout=1)
1626 if ev is None:
1627 raise Exception("Connector not reported")
1628 connector = ev.split(' ')[1]
1629
1630 ev = dev[1].wait_event(["DPP-C-SIGN-KEY"], timeout=1)
1631 if ev is None:
1632 raise Exception("C-sign-key not reported")
1633 p = ev.split(' ')
1634 csign = p[1]
1635
1636 ev = dev[1].wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
1637 if ev is None:
1638 raise Exception("netAccessKey not reported")
1639 p = ev.split(' ')
1640 net_access_key = p[1]
1641 net_access_key_expiry = p[2] if len(p) > 2 else None
1642
1643 dev[1].dump_monitor()
1644
1645 id = dev[1].connect(ssid, key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
1646 only_add_network=True)
1647 dev[1].set_network_quoted(id, "dpp_connector", connector)
1648 dev[1].set_network(id, "dpp_csign", csign)
1649 dev[1].set_network(id, "dpp_netaccesskey", net_access_key)
1650 if net_access_key_expiry:
1651 dev[1].set_network(id, "dpp_netaccess_expiry", net_access_key_expiry)
1652
1653 logger.info("Check data connection")
1654 dev[1].select_network(id, freq="2412")
1655 dev[1].wait_connected()
1656
1657 def test_dpp_auto_connect_1(dev, apdev):
1658 """DPP and auto connect (1)"""
1659 try:
1660 run_dpp_auto_connect(dev, apdev, 1)
1661 finally:
1662 dev[0].set("dpp_config_processing", "0")
1663
1664 def test_dpp_auto_connect_2(dev, apdev):
1665 """DPP and auto connect (2)"""
1666 try:
1667 run_dpp_auto_connect(dev, apdev, 2)
1668 finally:
1669 dev[0].set("dpp_config_processing", "0")
1670
1671 def test_dpp_auto_connect_2_connect_cmd(dev, apdev):
1672 """DPP and auto connect (2) using connect_cmd"""
1673 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1674 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
1675 dev_new = [wpas, dev[1]]
1676 try:
1677 run_dpp_auto_connect(dev_new, apdev, 2)
1678 finally:
1679 wpas.set("dpp_config_processing", "0")
1680
1681 def run_dpp_auto_connect(dev, apdev, processing):
1682 check_dpp_capab(dev[0])
1683 check_dpp_capab(dev[1])
1684
1685 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1686 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1687 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1688 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1689
1690 params = {"ssid": "test",
1691 "wpa": "2",
1692 "wpa_key_mgmt": "DPP",
1693 "ieee80211w": "2",
1694 "rsn_pairwise": "CCMP",
1695 "dpp_connector": ap_connector,
1696 "dpp_csign": csign_pub,
1697 "dpp_netaccesskey": ap_netaccesskey}
1698 try:
1699 hapd = hostapd.add_ap(apdev[0], params)
1700 except:
1701 raise HwsimSkip("DPP not supported")
1702
1703 conf_id = dev[1].dpp_configurator_add(key=csign)
1704 dev[0].set("dpp_config_processing", str(processing))
1705 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1706 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1707 dev[0].dpp_listen(2412)
1708 dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", configurator=conf_id)
1709 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
1710 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
1711 if ev is None:
1712 raise Exception("DPP network profile not generated")
1713 id = ev.split(' ')[1]
1714
1715 if processing == 1:
1716 dev[0].select_network(id, freq=2412)
1717
1718 dev[0].wait_connected()
1719 hwsim_utils.test_connectivity(dev[0], hapd)
1720
1721 def test_dpp_auto_connect_legacy(dev, apdev):
1722 """DPP and auto connect (legacy)"""
1723 try:
1724 run_dpp_auto_connect_legacy(dev, apdev)
1725 finally:
1726 dev[0].set("dpp_config_processing", "0")
1727
1728 def test_dpp_auto_connect_legacy_sae_1(dev, apdev):
1729 """DPP and auto connect (legacy SAE)"""
1730 try:
1731 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', psk_sae=True)
1732 finally:
1733 dev[0].set("dpp_config_processing", "0")
1734
1735 def test_dpp_auto_connect_legacy_sae_2(dev, apdev):
1736 """DPP and auto connect (legacy SAE)"""
1737 try:
1738 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', sae_only=True)
1739 finally:
1740 dev[0].set("dpp_config_processing", "0")
1741
1742 def test_dpp_auto_connect_legacy_psk_sae_1(dev, apdev):
1743 """DPP and auto connect (legacy PSK+SAE)"""
1744 try:
1745 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
1746 psk_sae=True)
1747 finally:
1748 dev[0].set("dpp_config_processing", "0")
1749
1750 def test_dpp_auto_connect_legacy_psk_sae_2(dev, apdev):
1751 """DPP and auto connect (legacy PSK+SAE)"""
1752 try:
1753 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
1754 sae_only=True)
1755 finally:
1756 dev[0].set("dpp_config_processing", "0")
1757
1758 def test_dpp_auto_connect_legacy_psk_sae_3(dev, apdev):
1759 """DPP and auto connect (legacy PSK+SAE)"""
1760 try:
1761 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae')
1762 finally:
1763 dev[0].set("dpp_config_processing", "0")
1764
1765 def run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk',
1766 psk_sae=False, sae_only=False):
1767 check_dpp_capab(dev[0])
1768 check_dpp_capab(dev[1])
1769
1770 params = hostapd.wpa2_params(ssid="dpp-legacy",
1771 passphrase="secret passphrase")
1772 if sae_only:
1773 params['wpa_key_mgmt'] = 'SAE'
1774 params['ieee80211w'] = '2'
1775 elif psk_sae:
1776 params['wpa_key_mgmt'] = 'WPA-PSK SAE'
1777 params['ieee80211w'] = '1'
1778 params['sae_require_mfp'] = '1'
1779
1780 hapd = hostapd.add_ap(apdev[0], params)
1781
1782 dev[0].set("dpp_config_processing", "2")
1783 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1784 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1785
1786 dev[0].dpp_listen(2412)
1787 dev[1].dpp_auth_init(uri=uri0, conf=conf, ssid="dpp-legacy",
1788 passphrase="secret passphrase")
1789 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
1790 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
1791 if ev is None:
1792 raise Exception("DPP network profile not generated")
1793 id = ev.split(' ')[1]
1794
1795 dev[0].wait_connected()
1796
1797 def test_dpp_auto_connect_legacy_pmf_required(dev, apdev):
1798 """DPP and auto connect (legacy, PMF required)"""
1799 try:
1800 run_dpp_auto_connect_legacy_pmf_required(dev, apdev)
1801 finally:
1802 dev[0].set("dpp_config_processing", "0")
1803
1804 def run_dpp_auto_connect_legacy_pmf_required(dev, apdev):
1805 check_dpp_capab(dev[0])
1806 check_dpp_capab(dev[1])
1807
1808 params = hostapd.wpa2_params(ssid="dpp-legacy",
1809 passphrase="secret passphrase")
1810 params['wpa_key_mgmt'] = "WPA-PSK-SHA256"
1811 params['ieee80211w'] = "2"
1812 hapd = hostapd.add_ap(apdev[0], params)
1813
1814 dev[0].set("dpp_config_processing", "2")
1815 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1816 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1817 dev[0].dpp_listen(2412)
1818 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", ssid="dpp-legacy",
1819 passphrase="secret passphrase")
1820 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
1821 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
1822 if ev is None:
1823 raise Exception("DPP network profile not generated")
1824 dev[0].wait_connected()
1825
1826 def test_dpp_qr_code_auth_responder_configurator(dev, apdev):
1827 """DPP QR Code and responder as the configurator"""
1828 run_dpp_qr_code_auth_responder_configurator(dev, apdev, "")
1829
1830 def test_dpp_qr_code_auth_responder_configurator_group_id(dev, apdev):
1831 """DPP QR Code and responder as the configurator with group_id)"""
1832 run_dpp_qr_code_auth_responder_configurator(dev, apdev,
1833 " group_id=test-group")
1834
1835 def run_dpp_qr_code_auth_responder_configurator(dev, apdev, extra):
1836 check_dpp_capab(dev[0])
1837 check_dpp_capab(dev[1])
1838 conf_id = dev[0].dpp_configurator_add()
1839 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1840 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1841 dev[0].set("dpp_configurator_params",
1842 " conf=sta-dpp configurator=%d%s" % (conf_id, extra))
1843 dev[0].dpp_listen(2412, role="configurator")
1844 dev[1].dpp_auth_init(uri=uri0, role="enrollee")
1845 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1],
1846 stop_responder=True)
1847
1848 def test_dpp_qr_code_hostapd_init(dev, apdev):
1849 """DPP QR Code and hostapd as initiator"""
1850 check_dpp_capab(dev[0])
1851 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
1852 "channel": "6"})
1853 check_dpp_capab(hapd)
1854 conf_id = dev[0].dpp_configurator_add()
1855 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
1856 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1857 dev[0].set("dpp_configurator_params",
1858 " conf=ap-dpp configurator=%d" % conf_id)
1859 dev[0].dpp_listen(2437, role="configurator")
1860 hapd.dpp_auth_init(uri=uri0, role="enrollee")
1861 wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd,
1862 stop_responder=True)
1863
1864 def test_dpp_qr_code_hostapd_init_offchannel(dev, apdev):
1865 """DPP QR Code and hostapd as initiator (offchannel)"""
1866 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, None)
1867
1868 def test_dpp_qr_code_hostapd_init_offchannel_neg_freq(dev, apdev):
1869 """DPP QR Code and hostapd as initiator (offchannel, neg_freq)"""
1870 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, "neg_freq=2437")
1871
1872 def run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, extra):
1873 check_dpp_capab(dev[0])
1874 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
1875 "channel": "6"})
1876 check_dpp_capab(hapd)
1877 conf_id = dev[0].dpp_configurator_add()
1878 id0 = dev[0].dpp_bootstrap_gen(chan="81/1,81/11", mac=True)
1879 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1880 dev[0].set("dpp_configurator_params",
1881 " conf=ap-dpp configurator=%d" % conf_id)
1882 dev[0].dpp_listen(2462, role="configurator")
1883 hapd.dpp_auth_init(uri=uri0, role="enrollee", extra=extra)
1884 wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd,
1885 stop_responder=True)
1886
1887 def test_dpp_test_vector_p_256(dev, apdev):
1888 """DPP P-256 test vector (mutual auth)"""
1889 check_dpp_capab(dev[0])
1890 check_dpp_capab(dev[1])
1891
1892 # Responder bootstrapping key
1893 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
1894 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107")
1895 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1896
1897 # Responder protocol keypair override
1898 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
1899 dev[0].set("dpp_protocol_key_override",
1900 "30310201010420" + priv + "a00a06082a8648ce3d030107")
1901
1902 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
1903
1904 # Initiator bootstrapping key
1905 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
1906 id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107")
1907 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1908
1909 # Initiator protocol keypair override
1910 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
1911 dev[1].set("dpp_protocol_key_override",
1912 "30310201010420" + priv + "a00a06082a8648ce3d030107")
1913
1914 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
1915
1916 dev[0].dpp_qr_code(uri1)
1917 dev[0].dpp_listen(2462, qr="mutual")
1918 dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412)
1919 wait_auth_success(dev[0], dev[1])
1920
1921 def test_dpp_test_vector_p_256_b(dev, apdev):
1922 """DPP P-256 test vector (Responder-only auth)"""
1923 check_dpp_capab(dev[0])
1924 check_dpp_capab(dev[1])
1925
1926 # Responder bootstrapping key
1927 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
1928 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107")
1929 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1930
1931 # Responder protocol keypair override
1932 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
1933 dev[0].set("dpp_protocol_key_override",
1934 "30310201010420" + priv + "a00a06082a8648ce3d030107")
1935
1936 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
1937
1938 # Initiator bootstrapping key
1939 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
1940 id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107")
1941 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1942
1943 # Initiator protocol keypair override
1944 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
1945 dev[1].set("dpp_protocol_key_override",
1946 "30310201010420" + priv + "a00a06082a8648ce3d030107")
1947
1948 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
1949
1950 dev[0].dpp_listen(2462)
1951 dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412)
1952 wait_auth_success(dev[0], dev[1])
1953
1954 def der_priv_key_p_521(priv):
1955 if len(priv) != 2 * 66:
1956 raise Exception("Unexpected der_priv_key_p_521 parameter: " + priv)
1957 der_prefix = "3081500201010442"
1958 der_postfix = "a00706052b81040023"
1959 return der_prefix + priv + der_postfix
1960
1961 def test_dpp_test_vector_p_521(dev, apdev):
1962 """DPP P-521 test vector (mutual auth)"""
1963 check_dpp_capab(dev[0])
1964 check_dpp_capab(dev[1])
1965
1966 # Responder bootstrapping key
1967 priv = "0061e54f518cdf859735da3dd64c6f72c2f086f41a6fd52915152ea2fe0f24ddaecd8883730c9c9fd82cf7c043a41021696388cf5190b731dd83638bcd56d8b6c743"
1968 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True,
1969 key=der_priv_key_p_521(priv))
1970 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1971
1972 # Responder protocol keypair override
1973 priv = "01d8b7b17cd1b0a33f7c66fb4220999329cdaf4f8b44b2ffadde8ab8ed8abffa9f5358c5b1caae26709ca4fb78e52a4d08f2e4f24111a36a6f440d20a0000ff51597"
1974 dev[0].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
1975
1976 dev[0].set("dpp_nonce_override",
1977 "d749a782012eb0a8595af30b2dfc8d0880d004ebddb55ecc5afbdef18c400e01")
1978
1979 # Initiator bootstrapping key
1980 priv = "0060c10df14af5ef27f6e362d31bdd9eeb44be77a323ba64b08f3f03d58b92cbfe05c182a91660caa081ca344243c47b5aa088bcdf738840eb35f0218b9f26881e02"
1981 id1 = dev[1].dpp_bootstrap_gen(key=der_priv_key_p_521(priv))
1982 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1983
1984 # Initiator protocol keypair override
1985 priv = "019c1c08caaeec38fb931894699b095bc3ab8c1ec7ef0622d2e3eba821477c8c6fca41774f21166ad98aebda37c067d9aa08a8a2e1b5c44c61f2bae02a61f85d9661"
1986 dev[1].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
1987
1988 dev[1].set("dpp_nonce_override",
1989 "de972af3847bec3ba2aedd9f5c21cfdec7bf0bc5fe8b276cbcd0267807fb15b0")
1990
1991 dev[0].dpp_qr_code(uri1)
1992 dev[0].dpp_listen(2462, qr="mutual")
1993 dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412)
1994 wait_auth_success(dev[0], dev[1])
1995
1996 def test_dpp_pkex(dev, apdev):
1997 """DPP and PKEX"""
1998 run_dpp_pkex(dev, apdev)
1999
2000 def test_dpp_pkex_p256(dev, apdev):
2001 """DPP and PKEX (P-256)"""
2002 run_dpp_pkex(dev, apdev, "P-256")
2003
2004 def test_dpp_pkex_p384(dev, apdev):
2005 """DPP and PKEX (P-384)"""
2006 run_dpp_pkex(dev, apdev, "P-384")
2007
2008 def test_dpp_pkex_p521(dev, apdev):
2009 """DPP and PKEX (P-521)"""
2010 run_dpp_pkex(dev, apdev, "P-521")
2011
2012 def test_dpp_pkex_bp256(dev, apdev):
2013 """DPP and PKEX (BP-256)"""
2014 run_dpp_pkex(dev, apdev, "brainpoolP256r1")
2015
2016 def test_dpp_pkex_bp384(dev, apdev):
2017 """DPP and PKEX (BP-384)"""
2018 run_dpp_pkex(dev, apdev, "brainpoolP384r1")
2019
2020 def test_dpp_pkex_bp512(dev, apdev):
2021 """DPP and PKEX (BP-512)"""
2022 run_dpp_pkex(dev, apdev, "brainpoolP512r1")
2023
2024 def test_dpp_pkex_config(dev, apdev):
2025 """DPP and PKEX with initiator as the configurator"""
2026 check_dpp_capab(dev[1])
2027 conf_id = dev[1].dpp_configurator_add()
2028 run_dpp_pkex(dev, apdev,
2029 init_extra="conf=sta-dpp configurator=%d" % (conf_id),
2030 check_config=True)
2031
2032 def test_dpp_pkex_no_identifier(dev, apdev):
2033 """DPP and PKEX without identifier"""
2034 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r=None)
2035
2036 def test_dpp_pkex_identifier_mismatch(dev, apdev):
2037 """DPP and PKEX with different identifiers"""
2038 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r="bar",
2039 expect_no_resp=True)
2040
2041 def test_dpp_pkex_identifier_mismatch2(dev, apdev):
2042 """DPP and PKEX with initiator using identifier and the responder not"""
2043 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r=None,
2044 expect_no_resp=True)
2045
2046 def test_dpp_pkex_identifier_mismatch3(dev, apdev):
2047 """DPP and PKEX with responder using identifier and the initiator not"""
2048 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r="bar",
2049 expect_no_resp=True)
2050
2051 def run_dpp_pkex(dev, apdev, curve=None, init_extra=None, check_config=False,
2052 identifier_i="test", identifier_r="test",
2053 expect_no_resp=False):
2054 check_dpp_capab(dev[0], curve and "brainpool" in curve)
2055 check_dpp_capab(dev[1], curve and "brainpool" in curve)
2056 dev[0].dpp_pkex_resp(2437, identifier=identifier_r, code="secret",
2057 curve=curve)
2058 dev[1].dpp_pkex_init(identifier=identifier_i, code="secret", curve=curve,
2059 extra=init_extra)
2060
2061 if expect_no_resp:
2062 ev = dev[0].wait_event(["DPP-RX"], timeout=10)
2063 if ev is None:
2064 raise Exception("DPP PKEX frame not received")
2065 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=1)
2066 if ev is not None:
2067 raise Exception("DPP authentication succeeded")
2068 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=0.1)
2069 if ev is not None:
2070 raise Exception("DPP authentication succeeded")
2071 return
2072
2073 wait_auth_success(dev[0], dev[1],
2074 configurator=dev[1] if check_config else None,
2075 enrollee=dev[0] if check_config else None)
2076
2077 def test_dpp_pkex_5ghz(dev, apdev):
2078 """DPP and PKEX on 5 GHz"""
2079 try:
2080 dev[0].request("SET country US")
2081 dev[1].request("SET country US")
2082 ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
2083 if ev is None:
2084 ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"],
2085 timeout=1)
2086 run_dpp_pkex_5ghz(dev, apdev)
2087 finally:
2088 dev[0].request("SET country 00")
2089 dev[1].request("SET country 00")
2090 subprocess.call(['iw', 'reg', 'set', '00'])
2091 time.sleep(0.1)
2092
2093 def run_dpp_pkex_5ghz(dev, apdev):
2094 check_dpp_capab(dev[0])
2095 check_dpp_capab(dev[1])
2096 dev[0].dpp_pkex_resp(5745, identifier="test", code="secret")
2097 dev[1].dpp_pkex_init(identifier="test", code="secret")
2098 wait_auth_success(dev[0], dev[1], timeout=20)
2099
2100 def test_dpp_pkex_test_vector(dev, apdev):
2101 """DPP and PKEX (P-256) test vector"""
2102 check_dpp_capab(dev[0])
2103 check_dpp_capab(dev[1])
2104
2105 init_addr = "ac:64:91:f4:52:07"
2106 resp_addr = "6e:5e:ce:6e:f3:dd"
2107
2108 identifier = "joes_key"
2109 code = "thisisreallysecret"
2110
2111 # Initiator bootstrapping private key
2112 init_priv = "5941b51acfc702cdc1c347264beb2920db88eb1a0bf03a211868b1632233c269"
2113
2114 # Responder bootstrapping private key
2115 resp_priv = "2ae8956293f49986b6d0b8169a86805d9232babb5f6813fdfe96f19d59536c60"
2116
2117 # Initiator x/X keypair override
2118 init_x_priv = "8365c5ed93d751bef2d92b410dc6adfd95670889183fac1bd66759ad85c3187a"
2119
2120 # Responder y/Y keypair override
2121 resp_y_priv = "d98faa24d7dd3f592665d71a95c862bfd02c4c48acb0c515a41cbc6e929675ea"
2122
2123 p256_prefix = "30310201010420"
2124 p256_postfix = "a00a06082a8648ce3d030107"
2125
2126 dev[0].set("dpp_pkex_own_mac_override", resp_addr)
2127 dev[0].set("dpp_pkex_peer_mac_override", init_addr)
2128 dev[1].set("dpp_pkex_own_mac_override", init_addr)
2129 dev[1].set("dpp_pkex_peer_mac_override", resp_addr)
2130
2131 # Responder y/Y keypair override
2132 dev[0].set("dpp_pkex_ephemeral_key_override",
2133 p256_prefix + resp_y_priv + p256_postfix)
2134
2135 # Initiator x/X keypair override
2136 dev[1].set("dpp_pkex_ephemeral_key_override",
2137 p256_prefix + init_x_priv + p256_postfix)
2138
2139 dev[0].dpp_pkex_resp(2437, identifier=identifier, code=code,
2140 key=p256_prefix + resp_priv + p256_postfix)
2141 dev[1].dpp_pkex_init(identifier=identifier, code=code,
2142 key=p256_prefix + init_priv + p256_postfix)
2143 wait_auth_success(dev[0], dev[1])
2144
2145 def test_dpp_pkex_code_mismatch(dev, apdev):
2146 """DPP and PKEX with mismatching code"""
2147 check_dpp_capab(dev[0])
2148 check_dpp_capab(dev[1])
2149 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
2150 id1 = dev[1].dpp_pkex_init(identifier="test", code="unknown")
2151 wait_dpp_fail(dev[0], "possible PKEX code mismatch")
2152 dev[0].dump_monitor()
2153 dev[1].dump_monitor()
2154 dev[1].dpp_pkex_init(identifier="test", code="secret", use_id=id1)
2155 wait_auth_success(dev[0], dev[1])
2156
2157 def test_dpp_pkex_code_mismatch_limit(dev, apdev):
2158 """DPP and PKEX with mismatching code limit"""
2159 check_dpp_capab(dev[0])
2160 check_dpp_capab(dev[1])
2161 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
2162
2163 id1 = None
2164 for i in range(5):
2165 dev[0].dump_monitor()
2166 dev[1].dump_monitor()
2167 id1 = dev[1].dpp_pkex_init(identifier="test", code="unknown",
2168 use_id=id1)
2169 wait_dpp_fail(dev[0], "possible PKEX code mismatch")
2170
2171 ev = dev[0].wait_event(["DPP-PKEX-T-LIMIT"], timeout=1)
2172 if ev is None:
2173 raise Exception("PKEX t limit not reported")
2174
2175 def test_dpp_pkex_curve_mismatch(dev, apdev):
2176 """DPP and PKEX with mismatching curve"""
2177 check_dpp_capab(dev[0])
2178 check_dpp_capab(dev[1])
2179 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve="P-256")
2180 dev[1].dpp_pkex_init(identifier="test", code="secret", curve="P-384")
2181 wait_dpp_fail(dev[0], "Mismatching PKEX curve: peer=20 own=19")
2182 wait_dpp_fail(dev[1], "Peer indicated mismatching PKEX group - proposed 19")
2183
2184 def test_dpp_pkex_curve_mismatch_failure(dev, apdev):
2185 """DPP and PKEX with mismatching curve (local failure)"""
2186 run_dpp_pkex_curve_mismatch_failure(dev, apdev, "=dpp_pkex_rx_exchange_req")
2187
2188 def test_dpp_pkex_curve_mismatch_failure2(dev, apdev):
2189 """DPP and PKEX with mismatching curve (local failure 2)"""
2190 run_dpp_pkex_curve_mismatch_failure(dev, apdev,
2191 "dpp_pkex_build_exchange_resp")
2192
2193 def run_dpp_pkex_curve_mismatch_failure(dev, apdev, func):
2194 check_dpp_capab(dev[0])
2195 check_dpp_capab(dev[1])
2196 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve="P-256")
2197
2198 with alloc_fail(dev[0], 1, func):
2199 dev[1].dpp_pkex_init(identifier="test", code="secret", curve="P-384")
2200
2201 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
2202 if ev is None:
2203 raise Exception("Failure not reported (dev 0)")
2204 if "Mismatching PKEX curve: peer=20 own=19" not in ev:
2205 raise Exception("Unexpected result: " + ev)
2206 wait_dpp_fail(dev[0], "Mismatching PKEX curve: peer=20 own=19")
2207
2208 def test_dpp_pkex_exchange_resp_processing_failure(dev, apdev):
2209 """DPP and PKEX with local failure in processing Exchange Resp"""
2210 check_dpp_capab(dev[0])
2211 check_dpp_capab(dev[1])
2212 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
2213
2214 with fail_test(dev[1], 1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_resp"):
2215 dev[1].dpp_pkex_init(identifier="test", code="secret")
2216 wait_fail_trigger(dev[1], "GET_FAIL")
2217
2218 def test_dpp_pkex_commit_reveal_req_processing_failure(dev, apdev):
2219 """DPP and PKEX with local failure in processing Commit Reveal Req"""
2220 check_dpp_capab(dev[0])
2221 check_dpp_capab(dev[1])
2222 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
2223
2224 with alloc_fail(dev[0], 1,
2225 "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"):
2226 dev[1].dpp_pkex_init(identifier="test", code="secret")
2227 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
2228
2229 def test_dpp_pkex_config2(dev, apdev):
2230 """DPP and PKEX with responder as the configurator"""
2231 check_dpp_capab(dev[0])
2232 conf_id = dev[0].dpp_configurator_add()
2233 dev[0].set("dpp_configurator_params",
2234 " conf=sta-dpp configurator=%d" % conf_id)
2235 run_dpp_pkex2(dev, apdev)
2236
2237 def run_dpp_pkex2(dev, apdev, curve=None, init_extra=""):
2238 check_dpp_capab(dev[0])
2239 check_dpp_capab(dev[1])
2240 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve=curve,
2241 listen_role="configurator")
2242 dev[1].dpp_pkex_init(identifier="test", code="secret", role="enrollee",
2243 curve=curve, extra=init_extra)
2244 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1])
2245
2246 def test_dpp_pkex_no_responder(dev, apdev):
2247 """DPP and PKEX with no responder (retry behavior)"""
2248 check_dpp_capab(dev[0])
2249 dev[0].dpp_pkex_init(identifier="test", code="secret")
2250
2251 for i in range(15):
2252 ev = dev[0].wait_event(["DPP-TX ", "DPP-FAIL"], timeout=5)
2253 if ev is None:
2254 raise Exception("DPP PKEX failure not reported")
2255 if "DPP-FAIL" not in ev:
2256 continue
2257 if "No response from PKEX peer" not in ev:
2258 raise Exception("Unexpected failure reason: " + ev)
2259 break
2260
2261 def test_dpp_pkex_after_retry(dev, apdev):
2262 """DPP and PKEX completing after retry"""
2263 check_dpp_capab(dev[0])
2264 dev[0].dpp_pkex_init(identifier="test", code="secret")
2265 time.sleep(0.1)
2266 dev[1].dpp_pkex_resp(2437, identifier="test", code="secret")
2267 wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1],
2268 allow_enrollee_failure=True)
2269
2270 def test_dpp_pkex_hostapd_responder(dev, apdev):
2271 """DPP PKEX with hostapd as responder"""
2272 check_dpp_capab(dev[0])
2273 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
2274 "channel": "6"})
2275 check_dpp_capab(hapd)
2276 hapd.dpp_pkex_resp(2437, identifier="test", code="secret")
2277 conf_id = dev[0].dpp_configurator_add()
2278 dev[0].dpp_pkex_init(identifier="test", code="secret",
2279 extra="conf=ap-dpp configurator=%d" % conf_id)
2280 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
2281 stop_initiator=True)
2282
2283 def test_dpp_pkex_hostapd_initiator(dev, apdev):
2284 """DPP PKEX with hostapd as initiator"""
2285 check_dpp_capab(dev[0])
2286 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
2287 "channel": "6"})
2288 check_dpp_capab(hapd)
2289 conf_id = dev[0].dpp_configurator_add()
2290 dev[0].set("dpp_configurator_params",
2291 " conf=ap-dpp configurator=%d" % conf_id)
2292 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
2293 listen_role="configurator")
2294 hapd.dpp_pkex_init(identifier="test", code="secret", role="enrollee")
2295 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
2296 stop_initiator=True)
2297
2298 def test_dpp_hostapd_configurator(dev, apdev):
2299 """DPP with hostapd as configurator/initiator"""
2300 check_dpp_capab(dev[0])
2301 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
2302 "channel": "1"})
2303 check_dpp_capab(hapd)
2304 conf_id = hapd.dpp_configurator_add()
2305 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
2306 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2307 id1 = hapd.dpp_qr_code(uri0)
2308 res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1)
2309 if "FAIL" in res:
2310 raise Exception("DPP_BOOTSTRAP_INFO failed")
2311 if "type=QRCODE" not in res:
2312 raise Exception("DPP_BOOTSTRAP_INFO did not report correct type")
2313 if "mac_addr=" + dev[0].own_addr() not in res:
2314 raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr")
2315 dev[0].dpp_listen(2412)
2316 hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp")
2317 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0],
2318 stop_responder=True)
2319
2320 def test_dpp_hostapd_configurator_responder(dev, apdev):
2321 """DPP with hostapd as configurator/responder"""
2322 check_dpp_capab(dev[0])
2323 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured",
2324 "channel": "1"})
2325 check_dpp_capab(hapd)
2326 conf_id = hapd.dpp_configurator_add()
2327 hapd.set("dpp_configurator_params",
2328 " conf=sta-dpp configurator=%d" % conf_id)
2329 id0 = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2330 uri0 = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2331 dev[0].dpp_auth_init(uri=uri0, role="enrollee")
2332 wait_auth_success(hapd, dev[0], configurator=hapd, enrollee=dev[0],
2333 stop_initiator=True)
2334
2335 def test_dpp_own_config(dev, apdev):
2336 """DPP configurator signing own connector"""
2337 try:
2338 run_dpp_own_config(dev, apdev)
2339 finally:
2340 dev[0].set("dpp_config_processing", "0")
2341
2342 def test_dpp_own_config_group_id(dev, apdev):
2343 """DPP configurator signing own connector"""
2344 try:
2345 run_dpp_own_config(dev, apdev, extra=" group_id=test-group")
2346 finally:
2347 dev[0].set("dpp_config_processing", "0")
2348
2349 def test_dpp_own_config_curve_mismatch(dev, apdev):
2350 """DPP configurator signing own connector using mismatching curve"""
2351 try:
2352 run_dpp_own_config(dev, apdev, own_curve="BP-384", expect_failure=True)
2353 finally:
2354 dev[0].set("dpp_config_processing", "0")
2355
2356 def run_dpp_own_config(dev, apdev, own_curve=None, expect_failure=False,
2357 extra=None):
2358 check_dpp_capab(dev[0], own_curve and "BP" in own_curve)
2359 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2360 check_dpp_capab(hapd)
2361 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2362 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
2363 conf_id = dev[0].dpp_configurator_add()
2364 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id,
2365 extra=extra)
2366 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd)
2367 update_hapd_config(hapd)
2368
2369 dev[0].set("dpp_config_processing", "1")
2370 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d%s" % (conf_id, extra)
2371 if own_curve:
2372 cmd += " curve=" + own_curve
2373 res = dev[0].request(cmd)
2374 if "FAIL" in res:
2375 raise Exception("Failed to generate own configuration")
2376
2377 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
2378 if ev is None:
2379 raise Exception("DPP network profile not generated")
2380 id = ev.split(' ')[1]
2381 dev[0].select_network(id, freq="2412")
2382 if expect_failure:
2383 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
2384 if ev is not None:
2385 raise Exception("Unexpected connection")
2386 dev[0].request("DISCONNECT")
2387 else:
2388 dev[0].wait_connected()
2389
2390 def test_dpp_own_config_ap(dev, apdev):
2391 """DPP configurator (AP) signing own connector"""
2392 try:
2393 run_dpp_own_config_ap(dev, apdev)
2394 finally:
2395 dev[0].set("dpp_config_processing", "0")
2396
2397 def test_dpp_own_config_ap_group_id(dev, apdev):
2398 """DPP configurator (AP) signing own connector (group_id)"""
2399 try:
2400 run_dpp_own_config_ap(dev, apdev, extra=" group_id=test-group")
2401 finally:
2402 dev[0].set("dpp_config_processing", "0")
2403
2404 def test_dpp_own_config_ap_reconf(dev, apdev):
2405 """DPP configurator (AP) signing own connector and configurator reconf"""
2406 try:
2407 run_dpp_own_config_ap(dev, apdev)
2408 finally:
2409 dev[0].set("dpp_config_processing", "0")
2410
2411 def run_dpp_own_config_ap(dev, apdev, reconf_configurator=False, extra=None):
2412 check_dpp_capab(dev[0])
2413 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2414 check_dpp_capab(hapd)
2415 conf_id = hapd.dpp_configurator_add()
2416 if reconf_configurator:
2417 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
2418 if "FAIL" in csign or len(csign) == 0:
2419 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
2420
2421 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d%s" % (conf_id, extra)
2422 res = hapd.request(cmd)
2423 if "FAIL" in res:
2424 raise Exception("Failed to generate own configuration")
2425 update_hapd_config(hapd)
2426
2427 if reconf_configurator:
2428 hapd.dpp_configurator_remove(conf_id)
2429 conf_id = hapd.dpp_configurator_add(key=csign)
2430
2431 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
2432 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2433 dev[0].set("dpp_config_processing", "2")
2434 dev[0].dpp_listen(2412)
2435 hapd.dpp_auth_init(uri=uri, conf="sta-dpp", configurator=conf_id,
2436 extra=extra)
2437 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0])
2438 dev[0].wait_connected()
2439
2440 def test_dpp_intro_mismatch(dev, apdev):
2441 """DPP network introduction mismatch cases"""
2442 try:
2443 wpas = None
2444 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
2445 wpas.interface_add("wlan5")
2446 check_dpp_capab(wpas)
2447 run_dpp_intro_mismatch(dev, apdev, wpas)
2448 finally:
2449 dev[0].set("dpp_config_processing", "0")
2450 dev[2].set("dpp_config_processing", "0")
2451 if wpas:
2452 wpas.set("dpp_config_processing", "0")
2453
2454 def run_dpp_intro_mismatch(dev, apdev, wpas):
2455 check_dpp_capab(dev[0])
2456 check_dpp_capab(dev[1])
2457 check_dpp_capab(dev[2])
2458 logger.info("Start AP in unconfigured state")
2459 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
2460 check_dpp_capab(hapd)
2461 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
2462 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
2463 logger.info("Provision AP with DPP configuration")
2464 conf_id = dev[1].dpp_configurator_add()
2465 dev[1].set("dpp_groups_override", '[{"groupId":"a","netRole":"ap"}]')
2466 dev[1].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
2467 update_hapd_config(hapd)
2468
2469 logger.info("Provision STA0 with DPP Connector that has mismatching groupId")
2470 dev[0].set("dpp_config_processing", "2")
2471 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
2472 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2473 dev[0].dpp_listen(2412)
2474 dev[1].set("dpp_groups_override", '[{"groupId":"b","netRole":"sta"}]')
2475 dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", configurator=conf_id)
2476 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0])
2477
2478 logger.info("Provision STA2 with DPP Connector that has mismatching C-sign-key")
2479 dev[2].set("dpp_config_processing", "2")
2480 id2 = dev[2].dpp_bootstrap_gen(chan="81/1", mac=True)
2481 uri2 = dev[2].request("DPP_BOOTSTRAP_GET_URI %d" % id2)
2482 dev[2].dpp_listen(2412)
2483 conf_id_2 = dev[1].dpp_configurator_add()
2484 dev[1].set("dpp_groups_override", '')
2485 dev[1].dpp_auth_init(uri=uri2, conf="sta-dpp", configurator=conf_id_2)
2486 wait_auth_success(dev[2], dev[1], configurator=dev[1], enrollee=dev[2])
2487
2488 logger.info("Provision STA5 with DPP Connector that has mismatching netAccessKey EC group")
2489 wpas.set("dpp_config_processing", "2")
2490 id5 = wpas.dpp_bootstrap_gen(chan="81/1", mac=True, curve="P-521")
2491 uri5 = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id5)
2492 wpas.dpp_listen(2412)
2493 dev[1].set("dpp_groups_override", '')
2494 dev[1].dpp_auth_init(uri=uri5, conf="sta-dpp", configurator=conf_id)
2495 wait_auth_success(wpas, dev[1], configurator=dev[1], enrollee=wpas)
2496
2497 logger.info("Verify network introduction results")
2498 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
2499 if ev is None:
2500 raise Exception("DPP network introduction result not seen on STA0")
2501 if "status=8" not in ev:
2502 raise Exception("Unexpected network introduction result on STA0: " + ev)
2503
2504 ev = dev[2].wait_event(["DPP-INTRO"], timeout=5)
2505 if ev is None:
2506 raise Exception("DPP network introduction result not seen on STA2")
2507 if "status=8" not in ev:
2508 raise Exception("Unexpected network introduction result on STA2: " + ev)
2509
2510 ev = wpas.wait_event(["DPP-INTRO"], timeout=10)
2511 if ev is None:
2512 raise Exception("DPP network introduction result not seen on STA5")
2513 if "status=7" not in ev:
2514 raise Exception("Unexpected network introduction result on STA5: " + ev)
2515
2516 def run_dpp_proto_init(dev, test_dev, test, mutual=False, unicast=True,
2517 listen=True, chan="81/1", init_enrollee=False,
2518 incompatible_roles=False):
2519 check_dpp_capab(dev[0])
2520 check_dpp_capab(dev[1])
2521 dev[test_dev].set("dpp_test", str(test))
2522 if init_enrollee:
2523 conf_id = dev[0].dpp_configurator_add()
2524 else:
2525 conf_id = dev[1].dpp_configurator_add()
2526 id0 = dev[0].dpp_bootstrap_gen(chan=chan, mac=unicast)
2527 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2528
2529 if mutual:
2530 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
2531 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
2532
2533 id0b = dev[0].dpp_qr_code(uri1b)
2534 qr = "mutual"
2535 else:
2536 qr = None
2537
2538 if init_enrollee:
2539 if incompatible_roles:
2540 role = "enrollee"
2541 else:
2542 role = "configurator"
2543 dev[0].set("dpp_configurator_params",
2544 " conf=sta-dpp configurator=%d" % conf_id)
2545 elif incompatible_roles:
2546 role = "enrollee"
2547 else:
2548 role = None
2549
2550 if listen:
2551 dev[0].dpp_listen(2412, qr=qr, role=role)
2552
2553 role = None
2554 configurator = None
2555 conf = None
2556 own = None
2557
2558 if init_enrollee:
2559 role="enrollee"
2560 else:
2561 configurator=conf_id
2562 conf="sta-dpp"
2563 if incompatible_roles:
2564 role="enrollee"
2565 if mutual:
2566 own = id1b
2567 dev[1].dpp_auth_init(uri=uri0, role=role, configurator=configurator,
2568 conf=conf, own=own)
2569
2570 def test_dpp_proto_after_wrapped_data_auth_req(dev, apdev):
2571 """DPP protocol testing - attribute after Wrapped Data in Auth Req"""
2572 run_dpp_proto_init(dev, 1, 1)
2573 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
2574 if ev is None:
2575 raise Exception("DPP Authentication Request not seen")
2576 if "type=0" not in ev or "ignore=invalid-attributes" not in ev:
2577 raise Exception("Unexpected RX info: " + ev)
2578 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
2579 if ev is not None:
2580 raise Exception("Unexpected DPP message seen")
2581
2582 def test_dpp_auth_req_stop_after_ack(dev, apdev):
2583 """DPP initiator stopping after ACK, but no response"""
2584 run_dpp_proto_init(dev, 1, 1, listen=True)
2585 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
2586 if ev is None:
2587 raise Exception("Authentication failure not reported")
2588
2589 def test_dpp_auth_req_retries(dev, apdev):
2590 """DPP initiator retries with no ACK"""
2591 check_dpp_capab(dev[1])
2592 dev[1].set("dpp_init_max_tries", "3")
2593 dev[1].set("dpp_init_retry_time", "1000")
2594 dev[1].set("dpp_resp_wait_time", "100")
2595 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False)
2596
2597 for i in range(3):
2598 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
2599 if ev is None:
2600 raise Exception("Auth Req not sent (%d)" % i)
2601
2602 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
2603 if ev is None:
2604 raise Exception("Authentication failure not reported")
2605
2606 def test_dpp_auth_req_retries_multi_chan(dev, apdev):
2607 """DPP initiator retries with no ACK and multiple channels"""
2608 check_dpp_capab(dev[1])
2609 dev[1].set("dpp_init_max_tries", "3")
2610 dev[1].set("dpp_init_retry_time", "1000")
2611 dev[1].set("dpp_resp_wait_time", "100")
2612 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False,
2613 chan="81/1,81/6,81/11")
2614
2615 for i in range(3 * 3):
2616 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
2617 if ev is None:
2618 raise Exception("Auth Req not sent (%d)" % i)
2619
2620 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
2621 if ev is None:
2622 raise Exception("Authentication failure not reported")
2623
2624 def test_dpp_proto_after_wrapped_data_auth_resp(dev, apdev):
2625 """DPP protocol testing - attribute after Wrapped Data in Auth Resp"""
2626 run_dpp_proto_init(dev, 0, 2)
2627 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
2628 if ev is None:
2629 raise Exception("DPP Authentication Response not seen")
2630 if "type=1" not in ev or "ignore=invalid-attributes" not in ev:
2631 raise Exception("Unexpected RX info: " + ev)
2632 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
2633 if ev is None or "type=0" not in ev:
2634 raise Exception("DPP Authentication Request not seen")
2635 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
2636 if ev is not None:
2637 raise Exception("Unexpected DPP message seen")
2638
2639 def test_dpp_proto_after_wrapped_data_auth_conf(dev, apdev):
2640 """DPP protocol testing - attribute after Wrapped Data in Auth Conf"""
2641 run_dpp_proto_init(dev, 1, 3)
2642 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
2643 if ev is None or "type=0" not in ev:
2644 raise Exception("DPP Authentication Request not seen")
2645 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
2646 if ev is None:
2647 raise Exception("DPP Authentication Confirm not seen")
2648 if "type=2" not in ev or "ignore=invalid-attributes" not in ev:
2649 raise Exception("Unexpected RX info: " + ev)
2650
2651 def test_dpp_proto_after_wrapped_data_conf_req(dev, apdev):
2652 """DPP protocol testing - attribute after Wrapped Data in Conf Req"""
2653 run_dpp_proto_init(dev, 0, 6)
2654 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=10)
2655 if ev is None:
2656 raise Exception("DPP Configuration failure not seen")
2657
2658 def test_dpp_proto_after_wrapped_data_conf_resp(dev, apdev):
2659 """DPP protocol testing - attribute after Wrapped Data in Conf Resp"""
2660 run_dpp_proto_init(dev, 1, 7)
2661 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=10)
2662 if ev is None:
2663 raise Exception("DPP Configuration failure not seen")
2664
2665 def test_dpp_proto_zero_i_capab(dev, apdev):
2666 """DPP protocol testing - zero I-capability in Auth Req"""
2667 run_dpp_proto_init(dev, 1, 8)
2668 wait_dpp_fail(dev[0], "Invalid role in I-capabilities 0x00")
2669 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
2670 if ev is not None:
2671 raise Exception("Unexpected DPP message seen")
2672
2673 def test_dpp_proto_zero_r_capab(dev, apdev):
2674 """DPP protocol testing - zero R-capability in Auth Resp"""
2675 run_dpp_proto_init(dev, 0, 9)
2676 wait_dpp_fail(dev[1], "Unexpected role in R-capabilities 0x00")
2677 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
2678 if ev is None or "type=0" not in ev:
2679 raise Exception("DPP Authentication Request not seen")
2680 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
2681 if ev is not None:
2682 raise Exception("Unexpected DPP message seen")
2683
2684 def run_dpp_proto_auth_req_missing(dev, test, reason, mutual=False):
2685 run_dpp_proto_init(dev, 1, test, mutual=mutual)
2686 wait_dpp_fail(dev[0], reason)
2687 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
2688 if ev is not None:
2689 raise Exception("Unexpected DPP message seen")
2690
2691 def test_dpp_proto_auth_req_no_r_bootstrap_key(dev, apdev):
2692 """DPP protocol testing - no R-bootstrap key in Auth Req"""
2693 run_dpp_proto_auth_req_missing(dev, 10, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2694
2695 def test_dpp_proto_auth_req_invalid_r_bootstrap_key(dev, apdev):
2696 """DPP protocol testing - invalid R-bootstrap key in Auth Req"""
2697 run_dpp_proto_auth_req_missing(dev, 68, "No matching own bootstrapping key found - ignore message")
2698
2699 def test_dpp_proto_auth_req_no_i_bootstrap_key(dev, apdev):
2700 """DPP protocol testing - no I-bootstrap key in Auth Req"""
2701 run_dpp_proto_auth_req_missing(dev, 11, "Missing or invalid required Initiator Bootstrapping Key Hash attribute")
2702
2703 def test_dpp_proto_auth_req_invalid_i_bootstrap_key(dev, apdev):
2704 """DPP protocol testing - invalid I-bootstrap key in Auth Req"""
2705 run_dpp_proto_init(dev, 1, 69, mutual=True)
2706 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
2707 if ev is None:
2708 raise Exception("DPP scan request not seen")
2709 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
2710 if ev is None:
2711 raise Exception("DPP response pending indivation not seen")
2712
2713 def test_dpp_proto_auth_req_no_i_proto_key(dev, apdev):
2714 """DPP protocol testing - no I-proto key in Auth Req"""
2715 run_dpp_proto_auth_req_missing(dev, 12, "Missing required Initiator Protocol Key attribute")
2716
2717 def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
2718 """DPP protocol testing - invalid I-proto key in Auth Req"""
2719 run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
2720
2721 def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
2722 """DPP protocol testing - no I-nonce in Auth Req"""
2723 run_dpp_proto_auth_req_missing(dev, 13, "Missing or invalid I-nonce")
2724
2725 def test_dpp_proto_auth_req_invalid_i_nonce(dev, apdev):
2726 """DPP protocol testing - invalid I-nonce in Auth Req"""
2727 run_dpp_proto_auth_req_missing(dev, 81, "Missing or invalid I-nonce")
2728
2729 def test_dpp_proto_auth_req_no_i_capab(dev, apdev):
2730 """DPP protocol testing - no I-capab in Auth Req"""
2731 run_dpp_proto_auth_req_missing(dev, 14, "Missing or invalid I-capab")
2732
2733 def test_dpp_proto_auth_req_no_wrapped_data(dev, apdev):
2734 """DPP protocol testing - no Wrapped Data in Auth Req"""
2735 run_dpp_proto_auth_req_missing(dev, 15, "Missing or invalid required Wrapped Data attribute")
2736
2737 def run_dpp_proto_auth_resp_missing(dev, test, reason,
2738 incompatible_roles=False):
2739 run_dpp_proto_init(dev, 0, test, mutual=True,
2740 incompatible_roles=incompatible_roles)
2741 if reason is None:
2742 if incompatible_roles:
2743 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
2744 if ev is None:
2745 raise Exception("DPP-NOT-COMPATIBLE not reported")
2746 time.sleep(0.1)
2747 return
2748 wait_dpp_fail(dev[1], reason)
2749 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
2750 if ev is None or "type=0" not in ev:
2751 raise Exception("DPP Authentication Request not seen")
2752 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
2753 if ev is not None:
2754 raise Exception("Unexpected DPP message seen")
2755
2756 def test_dpp_proto_auth_resp_no_status(dev, apdev):
2757 """DPP protocol testing - no Status in Auth Resp"""
2758 run_dpp_proto_auth_resp_missing(dev, 16, "Missing or invalid required DPP Status attribute")
2759
2760 def test_dpp_proto_auth_resp_status_no_status(dev, apdev):
2761 """DPP protocol testing - no Status in Auth Resp(status)"""
2762 run_dpp_proto_auth_resp_missing(dev, 16,
2763 "Missing or invalid required DPP Status attribute",
2764 incompatible_roles=True)
2765
2766 def test_dpp_proto_auth_resp_invalid_status(dev, apdev):
2767 """DPP protocol testing - invalid Status in Auth Resp"""
2768 run_dpp_proto_auth_resp_missing(dev, 74, "Responder reported failure")
2769
2770 def test_dpp_proto_auth_resp_no_r_bootstrap_key(dev, apdev):
2771 """DPP protocol testing - no R-bootstrap key in Auth Resp"""
2772 run_dpp_proto_auth_resp_missing(dev, 17, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2773
2774 def test_dpp_proto_auth_resp_status_no_r_bootstrap_key(dev, apdev):
2775 """DPP protocol testing - no R-bootstrap key in Auth Resp(status)"""
2776 run_dpp_proto_auth_resp_missing(dev, 17,
2777 "Missing or invalid required Responder Bootstrapping Key Hash attribute",
2778 incompatible_roles=True)
2779
2780 def test_dpp_proto_auth_resp_invalid_r_bootstrap_key(dev, apdev):
2781 """DPP protocol testing - invalid R-bootstrap key in Auth Resp"""
2782 run_dpp_proto_auth_resp_missing(dev, 70, "Unexpected Responder Bootstrapping Key Hash value")
2783
2784 def test_dpp_proto_auth_resp_status_invalid_r_bootstrap_key(dev, apdev):
2785 """DPP protocol testing - invalid R-bootstrap key in Auth Resp(status)"""
2786 run_dpp_proto_auth_resp_missing(dev, 70,
2787 "Unexpected Responder Bootstrapping Key Hash value",
2788 incompatible_roles=True)
2789
2790 def test_dpp_proto_auth_resp_no_i_bootstrap_key(dev, apdev):
2791 """DPP protocol testing - no I-bootstrap key in Auth Resp"""
2792 run_dpp_proto_auth_resp_missing(dev, 18, None)
2793
2794 def test_dpp_proto_auth_resp_status_no_i_bootstrap_key(dev, apdev):
2795 """DPP protocol testing - no I-bootstrap key in Auth Resp(status)"""
2796 run_dpp_proto_auth_resp_missing(dev, 18, None, incompatible_roles=True)
2797
2798 def test_dpp_proto_auth_resp_invalid_i_bootstrap_key(dev, apdev):
2799 """DPP protocol testing - invalid I-bootstrap key in Auth Resp"""
2800 run_dpp_proto_auth_resp_missing(dev, 71, "Initiator Bootstrapping Key Hash attribute did not match")
2801
2802 def test_dpp_proto_auth_resp_status_invalid_i_bootstrap_key(dev, apdev):
2803 """DPP protocol testing - invalid I-bootstrap key in Auth Resp(status)"""
2804 run_dpp_proto_auth_resp_missing(dev, 71,
2805 "Initiator Bootstrapping Key Hash attribute did not match",
2806 incompatible_roles=True)
2807
2808 def test_dpp_proto_auth_resp_no_r_proto_key(dev, apdev):
2809 """DPP protocol testing - no R-Proto Key in Auth Resp"""
2810 run_dpp_proto_auth_resp_missing(dev, 19, "Missing required Responder Protocol Key attribute")
2811
2812 def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
2813 """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
2814 run_dpp_proto_auth_resp_missing(dev, 67, "Invalid Responder Protocol Key")
2815
2816 def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
2817 """DPP protocol testing - no R-nonce in Auth Resp"""
2818 run_dpp_proto_auth_resp_missing(dev, 20, "Missing or invalid R-nonce")
2819
2820 def test_dpp_proto_auth_resp_no_i_nonce(dev, apdev):
2821 """DPP protocol testing - no I-nonce in Auth Resp"""
2822 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce")
2823
2824 def test_dpp_proto_auth_resp_status_no_i_nonce(dev, apdev):
2825 """DPP protocol testing - no I-nonce in Auth Resp(status)"""
2826 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce",
2827 incompatible_roles=True)
2828
2829 def test_dpp_proto_auth_resp_no_r_capab(dev, apdev):
2830 """DPP protocol testing - no R-capab in Auth Resp"""
2831 run_dpp_proto_auth_resp_missing(dev, 22, "Missing or invalid R-capabilities")
2832
2833 def test_dpp_proto_auth_resp_no_r_auth(dev, apdev):
2834 """DPP protocol testing - no R-auth in Auth Resp"""
2835 run_dpp_proto_auth_resp_missing(dev, 23, "Missing or invalid Secondary Wrapped Data")
2836
2837 def test_dpp_proto_auth_resp_no_wrapped_data(dev, apdev):
2838 """DPP protocol testing - no Wrapped Data in Auth Resp"""
2839 run_dpp_proto_auth_resp_missing(dev, 24, "Missing or invalid required Wrapped Data attribute")
2840
2841 def test_dpp_proto_auth_resp_i_nonce_mismatch(dev, apdev):
2842 """DPP protocol testing - I-nonce mismatch in Auth Resp"""
2843 run_dpp_proto_init(dev, 0, 30, mutual=True)
2844 wait_dpp_fail(dev[1], "I-nonce mismatch")
2845 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
2846 if ev is None or "type=0" not in ev:
2847 raise Exception("DPP Authentication Request not seen")
2848 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
2849 if ev is not None:
2850 raise Exception("Unexpected DPP message seen")
2851
2852 def test_dpp_proto_auth_resp_incompatible_r_capab(dev, apdev):
2853 """DPP protocol testing - Incompatible R-capab in Auth Resp"""
2854 run_dpp_proto_init(dev, 0, 31, mutual=True)
2855 wait_dpp_fail(dev[1], "Unexpected role in R-capabilities 0x02")
2856 wait_dpp_fail(dev[0], "Peer reported incompatible R-capab role")
2857
2858 def test_dpp_proto_auth_resp_r_auth_mismatch(dev, apdev):
2859 """DPP protocol testing - R-auth mismatch in Auth Resp"""
2860 run_dpp_proto_init(dev, 0, 32, mutual=True)
2861 wait_dpp_fail(dev[1], "Mismatching Responder Authenticating Tag")
2862 wait_dpp_fail(dev[0], "Peer reported authentication failure")
2863
2864 def test_dpp_proto_auth_resp_r_auth_mismatch_failure(dev, apdev):
2865 """DPP protocol testing - Auth Conf RX processing failure"""
2866 with alloc_fail(dev[0], 1, "dpp_auth_conf_rx_failure"):
2867 run_dpp_proto_init(dev, 0, 32, mutual=True)
2868 wait_dpp_fail(dev[0], "Authentication failed")
2869
2870 def test_dpp_proto_auth_resp_r_auth_mismatch_failure2(dev, apdev):
2871 """DPP protocol testing - Auth Conf RX processing failure 2"""
2872 with fail_test(dev[0], 1, "dpp_auth_conf_rx_failure"):
2873 run_dpp_proto_init(dev, 0, 32, mutual=True)
2874 wait_dpp_fail(dev[0], "AES-SIV decryption failed")
2875
2876 def run_dpp_proto_auth_conf_missing(dev, test, reason):
2877 run_dpp_proto_init(dev, 1, test, mutual=True)
2878 if reason is None:
2879 time.sleep(0.1)
2880 return
2881 wait_dpp_fail(dev[0], reason)
2882
2883 def test_dpp_proto_auth_conf_no_status(dev, apdev):
2884 """DPP protocol testing - no Status in Auth Conf"""
2885 run_dpp_proto_auth_conf_missing(dev, 25, "Missing or invalid required DPP Status attribute")
2886
2887 def test_dpp_proto_auth_conf_invalid_status(dev, apdev):
2888 """DPP protocol testing - invalid Status in Auth Conf"""
2889 run_dpp_proto_auth_conf_missing(dev, 75, "Authentication failed")
2890
2891 def test_dpp_proto_auth_conf_no_r_bootstrap_key(dev, apdev):
2892 """DPP protocol testing - no R-bootstrap key in Auth Conf"""
2893 run_dpp_proto_auth_conf_missing(dev, 26, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2894
2895 def test_dpp_proto_auth_conf_invalid_r_bootstrap_key(dev, apdev):
2896 """DPP protocol testing - invalid R-bootstrap key in Auth Conf"""
2897 run_dpp_proto_auth_conf_missing(dev, 72, "Responder Bootstrapping Key Hash mismatch")
2898
2899 def test_dpp_proto_auth_conf_no_i_bootstrap_key(dev, apdev):
2900 """DPP protocol testing - no I-bootstrap key in Auth Conf"""
2901 run_dpp_proto_auth_conf_missing(dev, 27, "Missing Initiator Bootstrapping Key Hash attribute")
2902
2903 def test_dpp_proto_auth_conf_invalid_i_bootstrap_key(dev, apdev):
2904 """DPP protocol testing - invalid I-bootstrap key in Auth Conf"""
2905 run_dpp_proto_auth_conf_missing(dev, 73, "Initiator Bootstrapping Key Hash mismatch")
2906
2907 def test_dpp_proto_auth_conf_no_i_auth(dev, apdev):
2908 """DPP protocol testing - no I-Auth in Auth Conf"""
2909 run_dpp_proto_auth_conf_missing(dev, 28, "Missing or invalid Initiator Authenticating Tag")
2910
2911 def test_dpp_proto_auth_conf_no_wrapped_data(dev, apdev):
2912 """DPP protocol testing - no Wrapped Data in Auth Conf"""
2913 run_dpp_proto_auth_conf_missing(dev, 29, "Missing or invalid required Wrapped Data attribute")
2914
2915 def test_dpp_proto_auth_conf_i_auth_mismatch(dev, apdev):
2916 """DPP protocol testing - I-auth mismatch in Auth Conf"""
2917 run_dpp_proto_init(dev, 1, 33, mutual=True)
2918 wait_dpp_fail(dev[0], "Mismatching Initiator Authenticating Tag")
2919
2920 def test_dpp_proto_auth_conf_replaced_by_resp(dev, apdev):
2921 """DPP protocol testing - Auth Conf replaced by Resp"""
2922 run_dpp_proto_init(dev, 1, 65, mutual=True)
2923 wait_dpp_fail(dev[0], "Unexpected Authentication Response")
2924
2925 def run_dpp_proto_conf_req_missing(dev, test, reason):
2926 run_dpp_proto_init(dev, 0, test)
2927 wait_dpp_fail(dev[1], reason)
2928
2929 def test_dpp_proto_conf_req_no_e_nonce(dev, apdev):
2930 """DPP protocol testing - no E-nonce in Conf Req"""
2931 run_dpp_proto_conf_req_missing(dev, 51,
2932 "Missing or invalid Enrollee Nonce attribute")
2933
2934 def test_dpp_proto_conf_req_invalid_e_nonce(dev, apdev):
2935 """DPP protocol testing - invalid E-nonce in Conf Req"""
2936 run_dpp_proto_conf_req_missing(dev, 83,
2937 "Missing or invalid Enrollee Nonce attribute")
2938
2939 def test_dpp_proto_conf_req_no_config_attr_obj(dev, apdev):
2940 """DPP protocol testing - no Config Attr Obj in Conf Req"""
2941 run_dpp_proto_conf_req_missing(dev, 52,
2942 "Missing or invalid Config Attributes attribute")
2943
2944 def test_dpp_proto_conf_req_invalid_config_attr_obj(dev, apdev):
2945 """DPP protocol testing - invalid Config Attr Obj in Conf Req"""
2946 run_dpp_proto_conf_req_missing(dev, 76,
2947 "Unsupported wi-fi_tech")
2948
2949 def test_dpp_proto_conf_req_no_wrapped_data(dev, apdev):
2950 """DPP protocol testing - no Wrapped Data in Conf Req"""
2951 run_dpp_proto_conf_req_missing(dev, 53,
2952 "Missing or invalid required Wrapped Data attribute")
2953
2954 def run_dpp_proto_conf_resp_missing(dev, test, reason):
2955 run_dpp_proto_init(dev, 1, test)
2956 wait_dpp_fail(dev[0], reason)
2957
2958 def test_dpp_proto_conf_resp_no_e_nonce(dev, apdev):
2959 """DPP protocol testing - no E-nonce in Conf Resp"""
2960 run_dpp_proto_conf_resp_missing(dev, 54,
2961 "Missing or invalid Enrollee Nonce attribute")
2962
2963 def test_dpp_proto_conf_resp_no_config_obj(dev, apdev):
2964 """DPP protocol testing - no Config Object in Conf Resp"""
2965 run_dpp_proto_conf_resp_missing(dev, 55,
2966 "Missing required Configuration Object attribute")
2967
2968 def test_dpp_proto_conf_resp_no_status(dev, apdev):
2969 """DPP protocol testing - no Status in Conf Resp"""
2970 run_dpp_proto_conf_resp_missing(dev, 56,
2971 "Missing or invalid required DPP Status attribute")
2972
2973 def test_dpp_proto_conf_resp_no_wrapped_data(dev, apdev):
2974 """DPP protocol testing - no Wrapped Data in Conf Resp"""
2975 run_dpp_proto_conf_resp_missing(dev, 57,
2976 "Missing or invalid required Wrapped Data attribute")
2977
2978 def test_dpp_proto_conf_resp_invalid_status(dev, apdev):
2979 """DPP protocol testing - invalid Status in Conf Resp"""
2980 run_dpp_proto_conf_resp_missing(dev, 58,
2981 "Configurator rejected configuration")
2982
2983 def test_dpp_proto_conf_resp_e_nonce_mismatch(dev, apdev):
2984 """DPP protocol testing - E-nonce mismatch in Conf Resp"""
2985 run_dpp_proto_conf_resp_missing(dev, 59,
2986 "Enrollee Nonce mismatch")
2987
2988 def test_dpp_proto_stop_at_auth_req(dev, apdev):
2989 """DPP protocol testing - stop when receiving Auth Req"""
2990 run_dpp_proto_init(dev, 0, 87)
2991 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
2992 if ev is None:
2993 raise Exception("Authentication init failure not reported")
2994
2995 def test_dpp_proto_stop_at_auth_resp(dev, apdev):
2996 """DPP protocol testing - stop when receiving Auth Resp"""
2997 run_dpp_proto_init(dev, 1, 88)
2998
2999 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3000 if ev is None:
3001 raise Exception("Auth Req TX not seen")
3002
3003 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3004 if ev is None:
3005 raise Exception("Auth Resp TX not seen")
3006
3007 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
3008 if ev is not None:
3009 raise Exception("Unexpected Auth Conf TX")
3010
3011 def test_dpp_proto_stop_at_auth_conf(dev, apdev):
3012 """DPP protocol testing - stop when receiving Auth Conf"""
3013 run_dpp_proto_init(dev, 0, 89, init_enrollee=True)
3014 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=10)
3015 if ev is None:
3016 raise Exception("Enrollee did not start GAS")
3017 ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=10)
3018 if ev is None:
3019 raise Exception("Enrollee did not time out GAS")
3020 if "result=TIMEOUT" not in ev:
3021 raise Exception("Unexpected GAS result: " + ev)
3022
3023 def test_dpp_proto_stop_at_auth_conf_tx(dev, apdev):
3024 """DPP protocol testing - stop when transmitting Auth Conf (Registrar)"""
3025 run_dpp_proto_init(dev, 1, 89, init_enrollee=True)
3026 wait_auth_success(dev[0], dev[1], timeout=10)
3027 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=0.1)
3028 if ev is not None:
3029 raise Exception("Unexpected GAS query")
3030
3031 # There is currently no timeout on GAS server side, so no event to wait for
3032 # in this case.
3033
3034 def test_dpp_proto_stop_at_auth_conf_tx2(dev, apdev):
3035 """DPP protocol testing - stop when transmitting Auth Conf (Enrollee)"""
3036 run_dpp_proto_init(dev, 1, 89)
3037 wait_auth_success(dev[0], dev[1], timeout=10)
3038
3039 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
3040 if ev is None or "result=TIMEOUT" not in ev:
3041 raise Exception("GAS query did not time out")
3042
3043 def test_dpp_proto_stop_at_conf_req(dev, apdev):
3044 """DPP protocol testing - stop when receiving Auth Req"""
3045 run_dpp_proto_init(dev, 1, 90)
3046 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=10)
3047 if ev is None:
3048 raise Exception("Enrollee did not start GAS")
3049 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
3050 if ev is None:
3051 raise Exception("Enrollee did not time out GAS")
3052 if "result=TIMEOUT" not in ev:
3053 raise Exception("Unexpected GAS result: " + ev)
3054
3055 def run_dpp_proto_init_pkex(dev, test_dev, test):
3056 check_dpp_capab(dev[0])
3057 check_dpp_capab(dev[1])
3058 dev[test_dev].set("dpp_test", str(test))
3059 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret")
3060 dev[1].dpp_pkex_init(identifier="test", code="secret")
3061
3062 def test_dpp_proto_after_wrapped_data_pkex_cr_req(dev, apdev):
3063 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Req"""
3064 run_dpp_proto_init_pkex(dev, 1, 4)
3065 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3066 if ev is None or "type=7" not in ev:
3067 raise Exception("PKEX Exchange Request not seen")
3068 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3069 if ev is None or "type=9" not in ev:
3070 raise Exception("PKEX Commit-Reveal Request not seen")
3071 if "ignore=invalid-attributes" not in ev:
3072 raise Exception("Unexpected RX info: " + ev)
3073
3074 def test_dpp_proto_after_wrapped_data_pkex_cr_resp(dev, apdev):
3075 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Resp"""
3076 run_dpp_proto_init_pkex(dev, 0, 5)
3077 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
3078 if ev is None or "type=8" not in ev:
3079 raise Exception("PKEX Exchange Response not seen")
3080 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
3081 if ev is None or "type=10" not in ev:
3082 raise Exception("PKEX Commit-Reveal Response not seen")
3083 if "ignore=invalid-attributes" not in ev:
3084 raise Exception("Unexpected RX info: " + ev)
3085
3086 def run_dpp_proto_pkex_req_missing(dev, test, reason):
3087 run_dpp_proto_init_pkex(dev, 1, test)
3088 wait_dpp_fail(dev[0], reason)
3089
3090 def run_dpp_proto_pkex_resp_missing(dev, test, reason):
3091 run_dpp_proto_init_pkex(dev, 0, test)
3092 wait_dpp_fail(dev[1], reason)
3093
3094 def test_dpp_proto_pkex_exchange_req_no_finite_cyclic_group(dev, apdev):
3095 """DPP protocol testing - no Finite Cyclic Group in PKEX Exchange Request"""
3096 run_dpp_proto_pkex_req_missing(dev, 34,
3097 "Missing or invalid Finite Cyclic Group attribute")
3098
3099 def test_dpp_proto_pkex_exchange_req_no_encrypted_key(dev, apdev):
3100 """DPP protocol testing - no Encrypted Key in PKEX Exchange Request"""
3101 run_dpp_proto_pkex_req_missing(dev, 35,
3102 "Missing Encrypted Key attribute")
3103
3104 def test_dpp_proto_pkex_exchange_resp_no_status(dev, apdev):
3105 """DPP protocol testing - no Status in PKEX Exchange Response"""
3106 run_dpp_proto_pkex_resp_missing(dev, 36, "No DPP Status attribute")
3107
3108 def test_dpp_proto_pkex_exchange_resp_no_encrypted_key(dev, apdev):
3109 """DPP protocol testing - no Encrypted Key in PKEX Exchange Response"""
3110 run_dpp_proto_pkex_resp_missing(dev, 37, "Missing Encrypted Key attribute")
3111
3112 def test_dpp_proto_pkex_cr_req_no_bootstrap_key(dev, apdev):
3113 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Request"""
3114 run_dpp_proto_pkex_req_missing(dev, 38,
3115 "No valid peer bootstrapping key found")
3116
3117 def test_dpp_proto_pkex_cr_req_no_i_auth_tag(dev, apdev):
3118 """DPP protocol testing - no I-Auth Tag in PKEX Commit-Reveal Request"""
3119 run_dpp_proto_pkex_req_missing(dev, 39, "No valid u (I-Auth tag) found")
3120
3121 def test_dpp_proto_pkex_cr_req_no_wrapped_data(dev, apdev):
3122 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Request"""
3123 run_dpp_proto_pkex_req_missing(dev, 40, "Missing or invalid required Wrapped Data attribute")
3124
3125 def test_dpp_proto_pkex_cr_resp_no_bootstrap_key(dev, apdev):
3126 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Response"""
3127 run_dpp_proto_pkex_resp_missing(dev, 41,
3128 "No valid peer bootstrapping key found")
3129
3130 def test_dpp_proto_pkex_cr_resp_no_r_auth_tag(dev, apdev):
3131 """DPP protocol testing - no R-Auth Tag in PKEX Commit-Reveal Response"""
3132 run_dpp_proto_pkex_resp_missing(dev, 42, "No valid v (R-Auth tag) found")
3133
3134 def test_dpp_proto_pkex_cr_resp_no_wrapped_data(dev, apdev):
3135 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Response"""
3136 run_dpp_proto_pkex_resp_missing(dev, 43, "Missing or invalid required Wrapped Data attribute")
3137
3138 def test_dpp_proto_pkex_exchange_req_invalid_encrypted_key(dev, apdev):
3139 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Request"""
3140 run_dpp_proto_pkex_req_missing(dev, 44,
3141 "Invalid Encrypted Key value")
3142
3143 def test_dpp_proto_pkex_exchange_resp_invalid_encrypted_key(dev, apdev):
3144 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Response"""
3145 run_dpp_proto_pkex_resp_missing(dev, 45,
3146 "Invalid Encrypted Key value")
3147
3148 def test_dpp_proto_pkex_exchange_resp_invalid_status(dev, apdev):
3149 """DPP protocol testing - invalid Status in PKEX Exchange Response"""
3150 run_dpp_proto_pkex_resp_missing(dev, 46,
3151 "PKEX failed (peer indicated failure)")
3152
3153 def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
3154 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
3155 run_dpp_proto_pkex_req_missing(dev, 47,
3156 "Peer bootstrapping key is invalid")
3157
3158 def test_dpp_proto_pkex_cr_resp_invalid_bootstrap_key(dev, apdev):
3159 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Response"""
3160 run_dpp_proto_pkex_resp_missing(dev, 48,
3161 "Peer bootstrapping key is invalid")
3162
3163 def test_dpp_proto_pkex_cr_req_i_auth_tag_mismatch(dev, apdev):
3164 """DPP protocol testing - I-auth tag mismatch in PKEX Commit-Reveal Request"""
3165 run_dpp_proto_pkex_req_missing(dev, 49, "No valid u (I-Auth tag) found")
3166
3167 def test_dpp_proto_pkex_cr_resp_r_auth_tag_mismatch(dev, apdev):
3168 """DPP protocol testing - R-auth tag mismatch in PKEX Commit-Reveal Response"""
3169 run_dpp_proto_pkex_resp_missing(dev, 50, "No valid v (R-Auth tag) found")
3170
3171 def test_dpp_proto_stop_at_pkex_exchange_resp(dev, apdev):
3172 """DPP protocol testing - stop when receiving PKEX Exchange Response"""
3173 run_dpp_proto_init_pkex(dev, 1, 84)
3174
3175 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3176 if ev is None:
3177 raise Exception("PKEX Exchange Req TX not seen")
3178
3179 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3180 if ev is None:
3181 raise Exception("PKEX Exchange Resp not seen")
3182
3183 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
3184 if ev is not None:
3185 raise Exception("Unexpected PKEX CR Req TX")
3186
3187 def test_dpp_proto_stop_at_pkex_cr_req(dev, apdev):
3188 """DPP protocol testing - stop when receiving PKEX CR Request"""
3189 run_dpp_proto_init_pkex(dev, 0, 85)
3190
3191 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3192 if ev is None:
3193 raise Exception("PKEX Exchange Req TX not seen")
3194
3195 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3196 if ev is None:
3197 raise Exception("PKEX Exchange Resp not seen")
3198
3199 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3200 if ev is None:
3201 raise Exception("PKEX CR Req TX not seen")
3202
3203 ev = dev[0].wait_event(["DPP-TX "], timeout=0.1)
3204 if ev is not None:
3205 raise Exception("Unexpected PKEX CR Resp TX")
3206
3207 def test_dpp_proto_stop_at_pkex_cr_resp(dev, apdev):
3208 """DPP protocol testing - stop when receiving PKEX CR Response"""
3209 run_dpp_proto_init_pkex(dev, 1, 86)
3210
3211 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3212 if ev is None:
3213 raise Exception("PKEX Exchange Req TX not seen")
3214
3215 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3216 if ev is None:
3217 raise Exception("PKEX Exchange Resp not seen")
3218
3219 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3220 if ev is None:
3221 raise Exception("PKEX CR Req TX not seen")
3222
3223 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3224 if ev is None:
3225 raise Exception("PKEX CR Resp TX not seen")
3226
3227 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
3228 if ev is not None:
3229 raise Exception("Unexpected Auth Req TX")
3230
3231 def test_dpp_proto_network_introduction(dev, apdev):
3232 """DPP protocol testing - network introduction"""
3233 check_dpp_capab(dev[0])
3234 check_dpp_capab(dev[1])
3235
3236 params = {"ssid": "dpp",
3237 "wpa": "2",
3238 "wpa_key_mgmt": "DPP",
3239 "ieee80211w": "2",
3240 "rsn_pairwise": "CCMP",
3241 "dpp_connector": params1_ap_connector,
3242 "dpp_csign": params1_csign,
3243 "dpp_netaccesskey": params1_ap_netaccesskey}
3244 try:
3245 hapd = hostapd.add_ap(apdev[0], params)
3246 except:
3247 raise HwsimSkip("DPP not supported")
3248
3249 for test in [60, 61, 80, 82]:
3250 dev[0].set("dpp_test", str(test))
3251 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
3252 dpp_csign=params1_csign,
3253 dpp_connector=params1_sta_connector,
3254 dpp_netaccesskey=params1_sta_netaccesskey,
3255 wait_connect=False)
3256
3257 ev = dev[0].wait_event(["DPP-TX"], timeout=10)
3258 if ev is None or "type=5" not in ev:
3259 raise Exception("Peer Discovery Request TX not reported")
3260 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=2)
3261 if ev is None or "result=SUCCESS" not in ev:
3262 raise Exception("Peer Discovery Request TX status not reported")
3263
3264 ev = hapd.wait_event(["DPP-RX"], timeout=10)
3265 if ev is None or "type=5" not in ev:
3266 raise Exception("Peer Discovery Request RX not reported")
3267
3268 if test == 80:
3269 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
3270 if ev is None:
3271 raise Exception("DPP-INTRO not reported for test 80")
3272 if "status=7" not in ev:
3273 raise Exception("Unexpected result in test 80: " + ev)
3274
3275 dev[0].request("REMOVE_NETWORK all")
3276 dev[0].dump_monitor()
3277 hapd.dump_monitor()
3278 dev[0].set("dpp_test", "0")
3279
3280 for test in [62, 63, 64, 77, 78, 79]:
3281 hapd.set("dpp_test", str(test))
3282 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
3283 dpp_csign=params1_csign,
3284 dpp_connector=params1_sta_connector,
3285 dpp_netaccesskey=params1_sta_netaccesskey,
3286 wait_connect=False)
3287
3288 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
3289 if ev is None:
3290 raise Exception("Peer introduction result not reported (test %d)" % test)
3291 if test == 77:
3292 if "fail=transaction_id_mismatch" not in ev:
3293 raise Exception("Connector validation failure not reported")
3294 elif test == 78:
3295 if "status=254" not in ev:
3296 raise Exception("Invalid status value not reported")
3297 elif test == 79:
3298 if "fail=peer_connector_validation_failed" not in ev:
3299 raise Exception("Connector validation failure not reported")
3300 elif "status=" in ev:
3301 raise Exception("Unexpected peer introduction result (test %d): " % test + ev)
3302
3303 dev[0].request("REMOVE_NETWORK all")
3304 dev[0].dump_monitor()
3305 hapd.dump_monitor()
3306 hapd.set("dpp_test", "0")
3307
3308 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
3309 dpp_csign=params1_csign, dpp_connector=params1_sta_connector,
3310 dpp_netaccesskey=params1_sta_netaccesskey)
3311
3312 def test_dpp_qr_code_no_chan_list_unicast(dev, apdev):
3313 """DPP QR Code and no channel list (unicast)"""
3314 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, None)
3315
3316 def test_dpp_qr_code_chan_list_unicast(dev, apdev):
3317 """DPP QR Code and 2.4 GHz channels (unicast)"""
3318 run_dpp_qr_code_chan_list(dev, apdev, True, 2417,
3319 "81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13")
3320
3321 def test_dpp_qr_code_chan_list_no_peer_unicast(dev, apdev):
3322 """DPP QR Code and channel list and no peer (unicast)"""
3323 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, "81/1,81/6,81/11",
3324 no_wait=True)
3325 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3326 if ev is None:
3327 raise Exception("Initiation failure not reported")
3328
3329 def test_dpp_qr_code_no_chan_list_broadcast(dev, apdev):
3330 """DPP QR Code and no channel list (broadcast)"""
3331 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, None)
3332
3333 def test_dpp_qr_code_chan_list_broadcast(dev, apdev):
3334 """DPP QR Code and some 2.4 GHz channels (broadcast)"""
3335 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, "81/1,81/6,81/11",
3336 timeout=10)
3337
3338 def run_dpp_qr_code_chan_list(dev, apdev, unicast, listen_freq, chanlist,
3339 no_wait=False, timeout=5):
3340 check_dpp_capab(dev[0])
3341 check_dpp_capab(dev[1])
3342 dev[1].set("dpp_init_max_tries", "3")
3343 dev[1].set("dpp_init_retry_time", "100")
3344 dev[1].set("dpp_resp_wait_time", "1000")
3345
3346 logger.info("dev0 displays QR Code")
3347 id0 = dev[0].dpp_bootstrap_gen(chan=chanlist, mac=unicast)
3348 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3349 logger.info("dev1 scans QR Code and initiates DPP Authentication")
3350 dev[0].dpp_listen(listen_freq)
3351 dev[1].dpp_auth_init(uri=uri0)
3352 if no_wait:
3353 return
3354 wait_auth_success(dev[0], dev[1], timeout=timeout, configurator=dev[1],
3355 enrollee=dev[0], allow_enrollee_failure=True,
3356 stop_responder=True)
3357
3358 def test_dpp_qr_code_chan_list_no_match(dev, apdev):
3359 """DPP QR Code and no matching supported channel"""
3360 check_dpp_capab(dev[0])
3361 check_dpp_capab(dev[1])
3362 id0 = dev[0].dpp_bootstrap_gen(chan="123/123")
3363 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3364 dev[1].dpp_auth_init(uri=uri0, expect_fail=True)
3365
3366 def test_dpp_pkex_alloc_fail(dev, apdev):
3367 """DPP/PKEX and memory allocation failures"""
3368 check_dpp_capab(dev[0])
3369 check_dpp_capab(dev[1])
3370
3371 tests = [(1, "=dpp_keygen_configurator"),
3372 (1, "base64_gen_encode;dpp_keygen_configurator")]
3373 for count, func in tests:
3374 with alloc_fail(dev[1], count, func):
3375 cmd = "DPP_CONFIGURATOR_ADD"
3376 res = dev[1].request(cmd)
3377 if "FAIL" not in res:
3378 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
3379
3380 conf_id = dev[1].dpp_configurator_add()
3381
3382 id0 = None
3383 id1 = None
3384
3385 # Local error cases on the Initiator
3386 tests = [(1, "dpp_get_pubkey_point"),
3387 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_req"),
3388 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_req"),
3389 (1, "dpp_alloc_msg;dpp_auth_build_req"),
3390 (1, "dpp_alloc_msg;dpp_auth_build_conf"),
3391 (1, "dpp_bootstrap_key_hash"),
3392 (1, "dpp_auth_init"),
3393 (1, "=dpp_auth_resp_rx"),
3394 (2, "=dpp_auth_resp_rx"),
3395 (1, "dpp_build_conf_start"),
3396 (1, "dpp_build_conf_obj_dpp"),
3397 (2, "dpp_build_conf_obj_dpp"),
3398 (3, "dpp_build_conf_obj_dpp"),
3399 (4, "dpp_build_conf_obj_dpp"),
3400 (5, "dpp_build_conf_obj_dpp"),
3401 (6, "dpp_build_conf_obj_dpp"),
3402 (7, "dpp_build_conf_obj_dpp"),
3403 (8, "dpp_build_conf_obj_dpp"),
3404 (1, "dpp_conf_req_rx"),
3405 (2, "dpp_conf_req_rx"),
3406 (3, "dpp_conf_req_rx"),
3407 (4, "dpp_conf_req_rx"),
3408 (5, "dpp_conf_req_rx"),
3409 (6, "dpp_conf_req_rx"),
3410 (7, "dpp_conf_req_rx"),
3411 (1, "dpp_pkex_init"),
3412 (2, "dpp_pkex_init"),
3413 (3, "dpp_pkex_init"),
3414 (1, "dpp_pkex_derive_z"),
3415 (1, "=dpp_pkex_rx_commit_reveal_resp"),
3416 (1, "dpp_get_pubkey_point;dpp_build_jwk"),
3417 (2, "dpp_get_pubkey_point;dpp_build_jwk"),
3418 (1, "dpp_get_pubkey_point;dpp_auth_init")]
3419 for count, func in tests:
3420 dev[0].request("DPP_STOP_LISTEN")
3421 dev[1].request("DPP_STOP_LISTEN")
3422 dev[0].dump_monitor()
3423 dev[1].dump_monitor()
3424 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
3425 use_id=id0)
3426
3427 with alloc_fail(dev[1], count, func):
3428 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
3429 use_id=id1,
3430 extra="conf=sta-dpp configurator=%d" % conf_id,
3431 allow_fail=True)
3432 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL", max_iter=100)
3433 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
3434 if ev:
3435 dev[0].request("DPP_STOP_LISTEN")
3436 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
3437
3438 # Local error cases on the Responder
3439 tests = [(1, "dpp_get_pubkey_point"),
3440 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_resp"),
3441 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_resp"),
3442 (1, "dpp_alloc_msg;dpp_auth_build_resp"),
3443 (1, "dpp_get_pubkey_point;dpp_auth_build_resp_ok"),
3444 (1, "=dpp_auth_req_rx"),
3445 (2, "=dpp_auth_req_rx"),
3446 (1, "=dpp_auth_conf_rx"),
3447 (1, "json_parse;dpp_parse_jws_prot_hdr"),
3448 (1, "json_get_member_base64url;dpp_parse_jws_prot_hdr"),
3449 (1, "json_get_member_base64url;dpp_parse_jwk"),
3450 (2, "json_get_member_base64url;dpp_parse_jwk"),
3451 (1, "json_parse;dpp_parse_connector"),
3452 (1, "dpp_parse_jwk;dpp_parse_connector"),
3453 (1, "dpp_parse_jwk;dpp_parse_cred_dpp"),
3454 (1, "dpp_get_pubkey_point;dpp_check_pubkey_match"),
3455 (1, "base64_gen_decode;dpp_process_signed_connector"),
3456 (1, "dpp_parse_jws_prot_hdr;dpp_process_signed_connector"),
3457 (2, "base64_gen_decode;dpp_process_signed_connector"),
3458 (3, "base64_gen_decode;dpp_process_signed_connector"),
3459 (4, "base64_gen_decode;dpp_process_signed_connector"),
3460 (1, "json_parse;dpp_parse_conf_obj"),
3461 (1, "dpp_conf_resp_rx"),
3462 (1, "=dpp_pkex_derive_z"),
3463 (1, "=dpp_pkex_rx_exchange_req"),
3464 (2, "=dpp_pkex_rx_exchange_req"),
3465 (3, "=dpp_pkex_rx_exchange_req"),
3466 (1, "=dpp_pkex_rx_commit_reveal_req"),
3467 (1, "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"),
3468 (1, "dpp_bootstrap_key_hash")]
3469 for count, func in tests:
3470 dev[0].request("DPP_STOP_LISTEN")
3471 dev[1].request("DPP_STOP_LISTEN")
3472 dev[0].dump_monitor()
3473 dev[1].dump_monitor()
3474 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
3475 use_id=id0)
3476
3477 with alloc_fail(dev[0], count, func):
3478 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
3479 use_id=id1,
3480 extra="conf=sta-dpp configurator=%d" % conf_id)
3481 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL", max_iter=100)
3482 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
3483 if ev:
3484 dev[0].request("DPP_STOP_LISTEN")
3485 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
3486
3487 def test_dpp_pkex_test_fail(dev, apdev):
3488 """DPP/PKEX and local failures"""
3489 check_dpp_capab(dev[0])
3490 check_dpp_capab(dev[1])
3491
3492 tests = [(1, "dpp_keygen_configurator")]
3493 for count, func in tests:
3494 with fail_test(dev[1], count, func):
3495 cmd = "DPP_CONFIGURATOR_ADD"
3496 res = dev[1].request(cmd)
3497 if "FAIL" not in res:
3498 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
3499
3500 tests = [(1, "dpp_keygen")]
3501 for count, func in tests:
3502 with fail_test(dev[1], count, func):
3503 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
3504 res = dev[1].request(cmd)
3505 if "FAIL" not in res:
3506 raise Exception("Unexpected DPP_BOOTSTRAP_GEN success")
3507
3508 conf_id = dev[1].dpp_configurator_add()
3509
3510 id0 = None
3511 id1 = None
3512
3513 # Local error cases on the Initiator
3514 tests = [(1, "aes_siv_encrypt;dpp_auth_build_req"),
3515 (1, "os_get_random;dpp_auth_init"),
3516 (1, "dpp_derive_k1;dpp_auth_init"),
3517 (1, "dpp_hkdf_expand;dpp_derive_k1;dpp_auth_init"),
3518 (1, "dpp_gen_i_auth;dpp_auth_build_conf"),
3519 (1, "aes_siv_encrypt;dpp_auth_build_conf"),
3520 (1, "dpp_derive_k2;dpp_auth_resp_rx"),
3521 (1, "dpp_hkdf_expand;dpp_derive_k2;dpp_auth_resp_rx"),
3522 (1, "dpp_derive_ke;dpp_auth_resp_rx"),
3523 (1, "dpp_hkdf_expand;dpp_derive_ke;dpp_auth_resp_rx"),
3524 (1, "dpp_gen_r_auth;dpp_auth_resp_rx"),
3525 (1, "aes_siv_encrypt;dpp_build_conf_resp"),
3526 (1, "dpp_pkex_derive_Qi;dpp_pkex_build_exchange_req"),
3527 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_req"),
3528 (1, "hmac_sha256_vector;dpp_pkex_rx_exchange_resp"),
3529 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_resp"),
3530 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_resp"),
3531 (1, "dpp_bootstrap_key_hash")]
3532 for count, func in tests:
3533 dev[0].request("DPP_STOP_LISTEN")
3534 dev[1].request("DPP_STOP_LISTEN")
3535 dev[0].dump_monitor()
3536 dev[1].dump_monitor()
3537 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
3538 use_id=id0)
3539
3540 with fail_test(dev[1], count, func):
3541 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
3542 use_id=id1,
3543 extra="conf=sta-dpp configurator=%d" % conf_id,
3544 allow_fail=True)
3545 wait_fail_trigger(dev[1], "GET_FAIL", max_iter=100)
3546 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
3547 if ev:
3548 dev[0].request("DPP_STOP_LISTEN")
3549 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
3550
3551 # Local error cases on the Responder
3552 tests = [(1, "aes_siv_encrypt;dpp_auth_build_resp"),
3553 (1, "aes_siv_encrypt;dpp_auth_build_resp;dpp_auth_build_resp_ok"),
3554 (1, "os_get_random;dpp_build_conf_req"),
3555 (1, "aes_siv_encrypt;dpp_build_conf_req"),
3556 (1, "os_get_random;dpp_auth_build_resp_ok"),
3557 (1, "dpp_derive_k2;dpp_auth_build_resp_ok"),
3558 (1, "dpp_derive_ke;dpp_auth_build_resp_ok"),
3559 (1, "dpp_gen_r_auth;dpp_auth_build_resp_ok"),
3560 (1, "aes_siv_encrypt;dpp_auth_build_resp_ok"),
3561 (1, "dpp_derive_k1;dpp_auth_req_rx"),
3562 (1, "aes_siv_decrypt;dpp_auth_req_rx"),
3563 (1, "aes_siv_decrypt;dpp_auth_conf_rx"),
3564 (1, "dpp_gen_i_auth;dpp_auth_conf_rx"),
3565 (1, "dpp_check_pubkey_match"),
3566 (1, "aes_siv_decrypt;dpp_conf_resp_rx"),
3567 (1, "hmac_sha256_kdf;dpp_pkex_derive_z"),
3568 (1, "dpp_pkex_derive_Qi;dpp_pkex_rx_exchange_req"),
3569 (1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_req"),
3570 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_resp"),
3571 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_req"),
3572 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req"),
3573 (2, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req")]
3574 for count, func in tests:
3575 dev[0].request("DPP_STOP_LISTEN")
3576 dev[1].request("DPP_STOP_LISTEN")
3577 dev[0].dump_monitor()
3578 dev[1].dump_monitor()
3579 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret",
3580 use_id=id0)
3581
3582 with fail_test(dev[0], count, func):
3583 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret",
3584 use_id=id1,
3585 extra="conf=sta-dpp configurator=%d" % conf_id)
3586 wait_fail_trigger(dev[0], "GET_FAIL", max_iter=100)
3587 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
3588 if ev:
3589 dev[0].request("DPP_STOP_LISTEN")
3590 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
3591
3592 def test_dpp_keygen_configurator_error(dev, apdev):
3593 """DPP Configurator keygen error case"""
3594 check_dpp_capab(dev[0])
3595 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD curve=unknown"):
3596 raise Exception("Unexpected success of invalid DPP_CONFIGURATOR_ADD")
3597
3598 def rx_process_frame(dev):
3599 msg = dev.mgmt_rx()
3600 if msg is None:
3601 raise Exception("No management frame RX reported")
3602 if "OK" not in dev.request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
3603 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
3604 raise Exception("MGMT_RX_PROCESS failed")
3605 return msg
3606
3607 def wait_auth_success(responder, initiator, configurator=None, enrollee=None,
3608 allow_enrollee_failure=False,
3609 allow_configurator_failure=False,
3610 require_configurator_failure=False,
3611 timeout=5, stop_responder=False, stop_initiator=False):
3612 ev = responder.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout=timeout)
3613 if ev is None or "DPP-AUTH-SUCCESS" not in ev:
3614 raise Exception("DPP authentication did not succeed (Responder)")
3615 ev = initiator.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout=5)
3616 if ev is None or "DPP-AUTH-SUCCESS" not in ev:
3617 raise Exception("DPP authentication did not succeed (Initiator)")
3618 if configurator:
3619 ev = configurator.wait_event(["DPP-CONF-SENT",
3620 "DPP-CONF-FAILED"], timeout=5)
3621 if ev is None:
3622 raise Exception("DPP configuration not completed (Configurator)")
3623 if "DPP-CONF-FAILED" in ev and not allow_configurator_failure:
3624 raise Exception("DPP configuration did not succeed (Configurator")
3625 if "DPP-CONF-SUCCESS" in ev and not require_configurator_failure:
3626 raise Exception("DPP configuration succeeded (Configurator")
3627 if enrollee:
3628 ev = enrollee.wait_event(["DPP-CONF-RECEIVED",
3629 "DPP-CONF-FAILED"], timeout=5)
3630 if ev is None:
3631 raise Exception("DPP configuration not completed (Enrollee)")
3632 if "DPP-CONF-FAILED" in ev and not allow_enrollee_failure:
3633 raise Exception("DPP configuration did not succeed (Enrollee)")
3634 if stop_responder:
3635 responder.request("DPP_STOP_LISTEN")
3636 if stop_initiator:
3637 initiator.request("DPP_STOP_LISTEN")
3638
3639 def wait_conf_completion(configurator, enrollee):
3640 ev = configurator.wait_event(["DPP-CONF-SENT"], timeout=5)
3641 if ev is None:
3642 raise Exception("DPP configuration not completed (Configurator)")
3643 ev = enrollee.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
3644 timeout=5)
3645 if ev is None:
3646 raise Exception("DPP configuration not completed (Enrollee)")
3647
3648 def start_dpp(dev):
3649 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3650 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3651
3652 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
3653 dev[0].set("dpp_config_obj_override", conf)
3654
3655 dev[0].set("ext_mgmt_frame_handling", "1")
3656 dev[0].dpp_listen(2412)
3657 dev[1].dpp_auth_init(uri=uri0, role="enrollee")
3658
3659 def test_dpp_gas_timeout_handling(dev, apdev):
3660 """DPP and GAS timeout handling"""
3661 check_dpp_capab(dev[0])
3662 check_dpp_capab(dev[1])
3663 start_dpp(dev)
3664
3665 # DPP Authentication Request
3666 rx_process_frame(dev[0])
3667
3668 # DPP Authentication Confirmation
3669 rx_process_frame(dev[0])
3670
3671 wait_auth_success(dev[0], dev[1])
3672
3673 # DPP Configuration Request (GAS Initial Request frame)
3674 rx_process_frame(dev[0])
3675
3676 # DPP Configuration Request (GAS Comeback Request frame)
3677 rx_process_frame(dev[0])
3678
3679 # Wait for GAS timeout
3680 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=5)
3681 if ev is None:
3682 raise Exception("DPP configuration not completed (Enrollee)")
3683
3684 def test_dpp_gas_comeback_after_failure(dev, apdev):
3685 """DPP and GAS comeback after failure"""
3686 check_dpp_capab(dev[0])
3687 check_dpp_capab(dev[1])
3688 start_dpp(dev)
3689
3690 # DPP Authentication Request
3691 rx_process_frame(dev[0])
3692
3693 # DPP Authentication Confirmation
3694 rx_process_frame(dev[0])
3695
3696 wait_auth_success(dev[0], dev[1])
3697
3698 # DPP Configuration Request (GAS Initial Request frame)
3699 rx_process_frame(dev[0])
3700
3701 # DPP Configuration Request (GAS Comeback Request frame)
3702 msg = dev[0].mgmt_rx()
3703 frame = binascii.hexlify(msg['frame']).decode()
3704 with alloc_fail(dev[0], 1, "gas_build_comeback_resp;gas_server_handle_rx_comeback_req"):
3705 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3706 raise Exception("MGMT_RX_PROCESS failed")
3707 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
3708 # Try the same frame again - this is expected to fail since the response has
3709 # already been freed.
3710 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3711 raise Exception("MGMT_RX_PROCESS failed")
3712
3713 # DPP Configuration Request (GAS Comeback Request frame retry)
3714 msg = dev[0].mgmt_rx()
3715
3716 def test_dpp_gas(dev, apdev):
3717 """DPP and GAS protocol testing"""
3718 ver0 = check_dpp_capab(dev[0])
3719 ver1 = check_dpp_capab(dev[1])
3720 start_dpp(dev)
3721
3722 # DPP Authentication Request
3723 rx_process_frame(dev[0])
3724
3725 # DPP Authentication Confirmation
3726 rx_process_frame(dev[0])
3727
3728 wait_auth_success(dev[0], dev[1])
3729
3730 # DPP Configuration Request (GAS Initial Request frame)
3731 msg = dev[0].mgmt_rx()
3732
3733 # Protected Dual of GAS Initial Request frame (dropped by GAS server)
3734 if msg == None:
3735 raise Exception("MGMT_RX_PROCESS failed. <Please retry>")
3736 frame = binascii.hexlify(msg['frame'])
3737 frame = frame[0:48] + b"09" + frame[50:]
3738 frame = frame.decode()
3739 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3740 raise Exception("MGMT_RX_PROCESS failed")
3741
3742 with alloc_fail(dev[0], 1, "gas_server_send_resp"):
3743 frame = binascii.hexlify(msg['frame']).decode()
3744 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3745 raise Exception("MGMT_RX_PROCESS failed")
3746 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
3747
3748 with alloc_fail(dev[0], 1, "gas_build_initial_resp;gas_server_send_resp"):
3749 frame = binascii.hexlify(msg['frame']).decode()
3750 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3751 raise Exception("MGMT_RX_PROCESS failed")
3752 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
3753
3754 # Add extra data after Query Request field to trigger
3755 # "GAS: Ignored extra data after Query Request field"
3756 frame = binascii.hexlify(msg['frame']).decode() + "00"
3757 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
3758 raise Exception("MGMT_RX_PROCESS failed")
3759
3760 # DPP Configuration Request (GAS Comeback Request frame)
3761 rx_process_frame(dev[0])
3762
3763 # DPP Configuration Request (GAS Comeback Request frame)
3764 rx_process_frame(dev[0])
3765
3766 # DPP Configuration Request (GAS Comeback Request frame)
3767 rx_process_frame(dev[0])
3768
3769 if ver0 >= 2 and ver1 >= 2:
3770 # DPP Configuration Result
3771 rx_process_frame(dev[0])
3772
3773 wait_conf_completion(dev[0], dev[1])
3774
3775 def test_dpp_truncated_attr(dev, apdev):
3776 """DPP and truncated attribute"""
3777 check_dpp_capab(dev[0])
3778 check_dpp_capab(dev[1])
3779 start_dpp(dev)
3780
3781 # DPP Authentication Request
3782 msg = dev[0].mgmt_rx()
3783 frame = msg['frame']
3784
3785 # DPP: Truncated message - not enough room for the attribute - dropped
3786 frame1 = binascii.hexlify(frame[0:36]).decode()
3787 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame1)):
3788 raise Exception("MGMT_RX_PROCESS failed")
3789 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3790 if ev is None or "ignore=invalid-attributes" not in ev:
3791 raise Exception("Invalid attribute error not reported")
3792
3793 # DPP: Unexpected octets (3) after the last attribute
3794 frame2 = binascii.hexlify(frame).decode() + "000000"
3795 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
3796 raise Exception("MGMT_RX_PROCESS failed")
3797 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3798 if ev is None or "ignore=invalid-attributes" not in ev:
3799 raise Exception("Invalid attribute error not reported")
3800
3801 def test_dpp_bootstrap_key_autogen_issues(dev, apdev):
3802 """DPP bootstrap key autogen issues"""
3803 check_dpp_capab(dev[0])
3804 check_dpp_capab(dev[1])
3805
3806 logger.info("dev0 displays QR Code")
3807 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3808 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3809
3810 logger.info("dev1 scans QR Code")
3811 id1 = dev[1].dpp_qr_code(uri0)
3812
3813 logger.info("dev1 initiates DPP Authentication")
3814 dev[0].dpp_listen(2412)
3815 with alloc_fail(dev[1], 1, "dpp_autogen_bootstrap_key"):
3816 dev[1].dpp_auth_init(peer=id1, expect_fail=True)
3817 with alloc_fail(dev[1], 2, "=dpp_autogen_bootstrap_key"):
3818 dev[1].dpp_auth_init(peer=id1, expect_fail=True)
3819 with fail_test(dev[1], 1, "dpp_keygen;dpp_autogen_bootstrap_key"):
3820 dev[1].dpp_auth_init(peer=id1, expect_fail=True)
3821 dev[0].request("DPP_STOP_LISTEN")
3822
3823 def test_dpp_auth_resp_status_failure(dev, apdev):
3824 """DPP and Auth Resp(status) build failure"""
3825 with alloc_fail(dev[0], 1, "dpp_auth_build_resp"):
3826 run_dpp_proto_auth_resp_missing(dev, 99999, None,
3827 incompatible_roles=True)
3828
3829 def test_dpp_auth_resp_aes_siv_issue(dev, apdev):
3830 """DPP Auth Resp AES-SIV issue"""
3831 check_dpp_capab(dev[0])
3832 check_dpp_capab(dev[1])
3833 logger.info("dev0 displays QR Code")
3834 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3835 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3836 logger.info("dev1 scans QR Code and initiates DPP Authentication")
3837 dev[0].dpp_listen(2412)
3838 with fail_test(dev[1], 1, "aes_siv_decrypt;dpp_auth_resp_rx"):
3839 dev[1].dpp_auth_init(uri=uri0)
3840 wait_dpp_fail(dev[1], "AES-SIV decryption failed")
3841 dev[0].request("DPP_STOP_LISTEN")
3842
3843 def test_dpp_invalid_legacy_params(dev, apdev):
3844 """DPP invalid legacy parameters"""
3845 check_dpp_capab(dev[0])
3846 check_dpp_capab(dev[1])
3847 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3848 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3849 # No pass/psk
3850 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", ssid="dpp-legacy",
3851 expect_fail=True)
3852
3853 def test_dpp_invalid_legacy_params2(dev, apdev):
3854 """DPP invalid legacy parameters 2"""
3855 check_dpp_capab(dev[0])
3856 check_dpp_capab(dev[1])
3857 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3858 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3859 dev[0].set("dpp_configurator_params",
3860 " conf=sta-psk ssid=%s" % (binascii.hexlify(b"dpp-legacy").decode()))
3861 dev[0].dpp_listen(2412, role="configurator")
3862 dev[1].dpp_auth_init(uri=uri0, role="enrollee")
3863 # No pass/psk
3864 ev = dev[0].wait_event(["DPP: Failed to set configurator parameters"],
3865 timeout=5)
3866 if ev is None:
3867 raise Exception("DPP configuration failure not reported")
3868
3869 def test_dpp_legacy_params_failure(dev, apdev):
3870 """DPP legacy parameters local failure"""
3871 check_dpp_capab(dev[0])
3872 check_dpp_capab(dev[1])
3873 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3874 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3875 dev[0].dpp_listen(2412)
3876 with alloc_fail(dev[1], 1, "dpp_build_conf_obj_legacy"):
3877 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", passphrase="passphrase",
3878 ssid="dpp-legacy")
3879 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=5)
3880 if ev is None:
3881 raise Exception("DPP configuration failure not reported")
3882
3883 def test_dpp_invalid_configurator_key(dev, apdev):
3884 """DPP invalid configurator key"""
3885 check_dpp_capab(dev[0])
3886
3887 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=aa"):
3888 raise Exception("Invalid key accepted")
3889
3890 with alloc_fail(dev[0], 1, "dpp_keygen_configurator"):
3891 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
3892 raise Exception("Error not reported")
3893
3894 with alloc_fail(dev[0], 1, "dpp_get_pubkey_point;dpp_keygen_configurator"):
3895 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
3896 raise Exception("Error not reported")
3897
3898 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen_configurator"):
3899 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
3900 raise Exception("Error not reported")
3901
3902 with fail_test(dev[0], 1, "dpp_keygen_configurator"):
3903 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
3904 raise Exception("Error not reported")
3905
3906 def test_dpp_own_config_sign_fail(dev, apdev):
3907 """DPP own config signing failure"""
3908 check_dpp_capab(dev[0])
3909 conf_id = dev[0].dpp_configurator_add()
3910 tests = ["",
3911 " ",
3912 " conf=sta-dpp",
3913 " configurator=%d" % conf_id,
3914 " conf=sta-dpp configurator=%d curve=unsupported" % conf_id]
3915 for t in tests:
3916 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_SIGN " + t):
3917 raise Exception("Invalid command accepted: " + t)
3918
3919 def test_dpp_peer_intro_failures(dev, apdev):
3920 """DPP peer introduction failures"""
3921 try:
3922 run_dpp_peer_intro_failures(dev, apdev)
3923 finally:
3924 dev[0].set("dpp_config_processing", "0")
3925
3926 def run_dpp_peer_intro_failures(dev, apdev):
3927 check_dpp_capab(dev[0])
3928 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
3929 check_dpp_capab(hapd)
3930
3931 conf_id = hapd.dpp_configurator_add(key=dpp_key_p256)
3932 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
3933 if "FAIL" in csign or len(csign) == 0:
3934 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
3935
3936 conf_id2 = dev[0].dpp_configurator_add(key=csign)
3937 csign2 = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id2)
3938
3939 if csign != csign2:
3940 raise Exception("Unexpected difference in configurator key")
3941
3942 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d" % conf_id
3943 res = hapd.request(cmd)
3944 if "FAIL" in res:
3945 raise Exception("Failed to generate own configuration")
3946 update_hapd_config(hapd)
3947
3948 dev[0].set("dpp_config_processing", "1")
3949 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
3950 res = dev[0].request(cmd)
3951 if "FAIL" in res:
3952 raise Exception("Failed to generate own configuration")
3953 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
3954 if ev is None:
3955 raise Exception("DPP network profile not generated")
3956 id = ev.split(' ')[1]
3957 dev[0].select_network(id, freq=2412)
3958 dev[0].wait_connected()
3959 dev[0].request("DISCONNECT")
3960 dev[0].wait_disconnected()
3961 dev[0].dump_monitor()
3962
3963 tests = ["eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOltdLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJiVmFMRGlBT09OQmFjcVFVN1pYamFBVEtEMVhhbDVlUExqOUZFZUl3VkN3IiwieSI6Il95c25JR1hTYjBvNEsyMWg0anZmSkZxMHdVNnlPNWp1VUFPd3FuM0dHVHMifX0.WgzZBOJaisWBRxvtXPbVYPXU7OIZxs6sZD-cPOLmJVTIYZKdMkSOMvP5b6si_j61FIrjhm43tmGq1P6cpoxB_g",
3964 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7fV0sIm5ldEFjY2Vzc0tleSI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkJhY3BWSDNpNDBrZklNS0RHa1FFRzhCODBCaEk4cEFmTWpLbzM5NlFZT2ciLCJ5IjoiMjBDYjhDNjRsSjFzQzV2NXlKMnBFZXRRempxMjI4YVV2cHMxNmQ0M3EwQSJ9fQ.dG2y8VvZQJ5hfob8E5F2FAeR7Nd700qstYkxDgA2QfARaNMZ0_SfKfoG-yKXsIZNM-TvGBfACgfhagG9Oaw_Xw",
3965 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJkc2VmcmJWWlhad0RMWHRpLWlObDBBYkFIOXpqeFFKd0R1SUd5NzNuZGU0IiwieSI6IjZFQnExN3cwYW1fZlh1OUQ4UGxWYk9XZ2I3b19DcTUxWHlmSG8wcHJyeDQifX0.caBvdDUtXrhnS61-juVZ_2FQdprepv0yZjC04G4ERvLUpeX7cgu0Hp-A1aFDogP1PEFGpkaEdcAWRQnSSRiIKQ"]
3966 for t in tests:
3967 dev[0].set_network_quoted(id, "dpp_connector", t)
3968 dev[0].select_network(id, freq=2412)
3969 ev = dev[0].wait_event(["DPP-INTRO"], timeout=5)
3970 if ev is None or "status=8" not in ev:
3971 raise Exception("Introduction failure not reported")
3972 dev[0].request("DISCONNECT")
3973 dev[0].dump_monitor()
3974
3975 def test_dpp_peer_intro_local_failures(dev, apdev):
3976 """DPP peer introduction local failures"""
3977 check_dpp_capab(dev[0])
3978 check_dpp_capab(dev[1])
3979
3980 params = {"ssid": "dpp",
3981 "wpa": "2",
3982 "wpa_key_mgmt": "DPP",
3983 "ieee80211w": "2",
3984 "rsn_pairwise": "CCMP",
3985 "dpp_connector": params1_ap_connector,
3986 "dpp_csign": params1_csign,
3987 "dpp_netaccesskey": params1_ap_netaccesskey}
3988 try:
3989 hapd = hostapd.add_ap(apdev[0], params)
3990 except:
3991 raise HwsimSkip("DPP not supported")
3992
3993 tests = ["dpp_derive_pmk",
3994 "dpp_hkdf_expand;dpp_derive_pmk",
3995 "dpp_derive_pmkid"]
3996 for func in tests:
3997 with fail_test(dev[0], 1, func):
3998 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
3999 ieee80211w="2",
4000 dpp_csign=params1_csign,
4001 dpp_connector=params1_sta_connector,
4002 dpp_netaccesskey=params1_sta_netaccesskey,
4003 wait_connect=False)
4004 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
4005 if ev is None or "fail=peer_connector_validation_failed" not in ev:
4006 raise Exception("Introduction failure not reported")
4007 dev[0].request("REMOVE_NETWORK all")
4008 dev[0].dump_monitor()
4009
4010 tests = [(1, "base64_gen_decode;dpp_peer_intro"),
4011 (1, "json_parse;dpp_peer_intro"),
4012 (50, "json_parse;dpp_peer_intro"),
4013 (1, "=dpp_peer_intro"),
4014 (1, "dpp_parse_jwk")]
4015 for count, func in tests:
4016 with alloc_fail(dev[0], count, func):
4017 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
4018 ieee80211w="2",
4019 dpp_csign=params1_csign,
4020 dpp_connector=params1_sta_connector,
4021 dpp_netaccesskey=params1_sta_netaccesskey,
4022 wait_connect=False)
4023 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
4024 if ev is None or "fail=peer_connector_validation_failed" not in ev:
4025 raise Exception("Introduction failure not reported")
4026 dev[0].request("REMOVE_NETWORK all")
4027 dev[0].dump_monitor()
4028
4029 parts = params1_ap_connector.split('.')
4030 for ap_connector in ['.'.join(parts[0:2]), '.'.join(parts[0:1])]:
4031 hapd.set("dpp_connector", ap_connector)
4032 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
4033 ieee80211w="2",
4034 dpp_csign=params1_csign,
4035 dpp_connector=params1_sta_connector,
4036 dpp_netaccesskey=params1_sta_netaccesskey,
4037 wait_connect=False)
4038 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
4039 if ev is None:
4040 raise Exception("No TX status reported")
4041 dev[0].request("REMOVE_NETWORK all")
4042 dev[0].dump_monitor()
4043
4044 hapd.set("dpp_netaccesskey", "00")
4045 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
4046 ieee80211w="2",
4047 dpp_csign=params1_csign,
4048 dpp_connector=params1_sta_connector,
4049 dpp_netaccesskey=params1_sta_netaccesskey,
4050 wait_connect=False)
4051 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
4052 if ev is None:
4053 raise Exception("No TX status reported")
4054 dev[0].request("REMOVE_NETWORK all")
4055 dev[0].dump_monitor()
4056
4057 hapd.set("dpp_csign", "00")
4058 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
4059 ieee80211w="2",
4060 dpp_csign=params1_csign,
4061 dpp_connector=params1_sta_connector,
4062 dpp_netaccesskey=params1_sta_netaccesskey,
4063 wait_connect=False)
4064 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
4065 if ev is None:
4066 raise Exception("No TX status reported")
4067 dev[0].request("REMOVE_NETWORK all")
4068
4069 def run_dpp_configurator_id_unknown(dev):
4070 check_dpp_capab(dev)
4071 conf_id = dev.dpp_configurator_add()
4072 if "FAIL" not in dev.request("DPP_CONFIGURATOR_GET_KEY %d" % (conf_id + 1)):
4073 raise Exception("DPP_CONFIGURATOR_GET_KEY with incorrect id accepted")
4074
4075 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % (conf_id + 1)
4076 if "FAIL" not in dev.request(cmd):
4077 raise Exception("DPP_CONFIGURATOR_SIGN with incorrect id accepted")
4078
4079 def test_dpp_configurator_id_unknown(dev, apdev):
4080 """DPP and unknown configurator id"""
4081 run_dpp_configurator_id_unknown(dev[0])
4082 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
4083 run_dpp_configurator_id_unknown(hapd)
4084
4085 def run_dpp_bootstrap_gen_failures(dev):
4086 check_dpp_capab(dev)
4087
4088 tests = ["type=unsupported",
4089 "type=qrcode chan=-1",
4090 "type=qrcode mac=a",
4091 "type=qrcode key=qq",
4092 "type=qrcode key=",
4093 "type=qrcode info=abc\tdef"]
4094 for t in tests:
4095 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN " + t):
4096 raise Exception("Command accepted unexpectedly")
4097
4098 id = dev.dpp_bootstrap_gen()
4099 uri = dev.request("DPP_BOOTSTRAP_GET_URI %d" % id)
4100 if not uri.startswith("DPP:"):
4101 raise Exception("Could not get URI")
4102 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
4103 raise Exception("Failure not reported")
4104 info = dev.request("DPP_BOOTSTRAP_INFO %d" % id)
4105 if not info.startswith("type=QRCODE"):
4106 raise Exception("Could not get info")
4107 if "FAIL" not in dev.request("DPP_BOOTSTRAP_REMOVE 0"):
4108 raise Exception("Failure not reported")
4109 if "FAIL" in dev.request("DPP_BOOTSTRAP_REMOVE *"):
4110 raise Exception("Failed to remove bootstrap info")
4111 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI %d" % id):
4112 raise Exception("Failure not reported")
4113 if "FAIL" not in dev.request("DPP_BOOTSTRAP_INFO %d" % id):
4114 raise Exception("Failure not reported")
4115
4116 func = "dpp_bootstrap_gen"
4117 with alloc_fail(dev, 1, "=" + func):
4118 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
4119 raise Exception("Command accepted unexpectedly")
4120
4121 with alloc_fail(dev, 2, "=" + func):
4122 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
4123 raise Exception("Command accepted unexpectedly")
4124
4125 with alloc_fail(dev, 1, "get_param"):
4126 dev.request("DPP_BOOTSTRAP_GEN type=qrcode curve=foo")
4127
4128 def test_dpp_bootstrap_gen_failures(dev, apdev):
4129 """DPP_BOOTSTRAP_GEN/REMOVE/GET_URI/INFO error cases"""
4130 run_dpp_bootstrap_gen_failures(dev[0])
4131 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
4132 run_dpp_bootstrap_gen_failures(hapd)
4133
4134 def test_dpp_listen_continue(dev, apdev):
4135 """DPP and continue listen state"""
4136 check_dpp_capab(dev[0])
4137 check_dpp_capab(dev[1])
4138 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4139 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4140 dev[0].dpp_listen(2412)
4141 time.sleep(5.1)
4142 dev[1].dpp_auth_init(uri=uri)
4143 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
4144 allow_enrollee_failure=True, stop_responder=True,
4145 stop_initiator=True)
4146
4147 def test_dpp_network_addition_failure(dev, apdev):
4148 """DPP network addition failure"""
4149 try:
4150 run_dpp_network_addition_failure(dev, apdev)
4151 finally:
4152 dev[0].set("dpp_config_processing", "0")
4153
4154 def run_dpp_network_addition_failure(dev, apdev):
4155 check_dpp_capab(dev[0])
4156 conf_id = dev[0].dpp_configurator_add()
4157 dev[0].set("dpp_config_processing", "1")
4158 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
4159 tests = [(1, "=wpas_dpp_add_network"),
4160 (2, "=wpas_dpp_add_network"),
4161 (3, "=wpas_dpp_add_network"),
4162 (4, "=wpas_dpp_add_network"),
4163 (1, "wpa_config_add_network;wpas_dpp_add_network")]
4164 for count, func in tests:
4165 with alloc_fail(dev[0], count, func):
4166 res = dev[0].request(cmd)
4167 if "OK" in res:
4168 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
4169 if ev is None:
4170 raise Exception("Config object not processed")
4171 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
4172 dev[0].dump_monitor()
4173
4174 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-psk pass=%s configurator=%d" % (binascii.hexlify(b"passphrase").decode(), conf_id)
4175 tests = [(1, "wpa_config_set_quoted;wpas_dpp_add_network")]
4176 for count, func in tests:
4177 with alloc_fail(dev[0], count, func):
4178 res = dev[0].request(cmd)
4179 if "OK" in res:
4180 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
4181 if ev is None:
4182 raise Exception("Config object not processed")
4183 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
4184 dev[0].dump_monitor()
4185
4186 def test_dpp_two_initiators(dev, apdev):
4187 """DPP and two initiators"""
4188 check_dpp_capab(dev[0])
4189 check_dpp_capab(dev[1])
4190 check_dpp_capab(dev[2])
4191 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4192 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4193 dev[0].dpp_listen(2412)
4194 dev[1].dpp_auth_init(uri=uri)
4195 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
4196 if ev is None:
4197 raise Exeption("No DPP Authentication Request seen")
4198 dev[2].dpp_auth_init(uri=uri)
4199 wait_dpp_fail(dev[0],
4200 "DPP-FAIL Already in DPP authentication exchange - ignore new one")
4201
4202 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2)
4203 if ev is None:
4204 raise Exception("DPP configuration result not seen (Enrollee)")
4205 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2)
4206 if ev is None:
4207 raise Exception("DPP configuration result not seen (Responder)")
4208
4209 dev[0].request("DPP_STOP_LISTEN")
4210 dev[1].request("DPP_STOP_LISTEN")
4211 dev[2].request("DPP_STOP_LISTEN")
4212
4213 def test_dpp_conf_file_update(dev, apdev, params):
4214 """DPP provisioning updating wpa_supplicant configuration file"""
4215 config = os.path.join(params['logdir'], 'dpp_conf_file_update.conf')
4216 with open(config, "w") as f:
4217 f.write("update_config=1\n")
4218 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
4219 wpas.interface_add("wlan5", config=config)
4220 wpas.set("dpp_config_processing", "1")
4221 run_dpp_qr_code_auth_unicast([wpas, dev[1]], apdev, None,
4222 init_extra="conf=sta-dpp",
4223 require_conf_success=True,
4224 configurator=True)
4225 wpas.interface_remove("wlan5")
4226
4227 with open(config, "r") as f:
4228 res = f.read()
4229 for i in ["network={", "dpp_connector=", "key_mgmt=DPP", "ieee80211w=2",
4230 "dpp_netaccesskey=", "dpp_csign="]:
4231 if i not in res:
4232 raise Exception("Configuration file missing '%s'" % i)
4233
4234 wpas.interface_add("wlan5", config=config)
4235 if len(wpas.list_networks()) != 1:
4236 raise Exception("Unexpected number of networks")
4237
4238 def test_dpp_duplicated_auth_resp(dev, apdev):
4239 """DPP and duplicated Authentication Response"""
4240 check_dpp_capab(dev[0])
4241 check_dpp_capab(dev[1])
4242 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4243 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4244 dev[0].set("ext_mgmt_frame_handling", "1")
4245 dev[1].set("ext_mgmt_frame_handling", "1")
4246 dev[0].dpp_listen(2412)
4247 dev[1].dpp_auth_init(uri=uri0)
4248
4249 # DPP Authentication Request
4250 rx_process_frame(dev[0])
4251
4252 # DPP Authentication Response
4253 msg = rx_process_frame(dev[1])
4254 frame = binascii.hexlify(msg['frame']).decode()
4255 # Duplicated frame
4256 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
4257 raise Exception("MGMT_RX_PROCESS failed")
4258 # Modified frame - nonzero status
4259 if frame[2*32:2*37] != "0010010000":
4260 raise Exception("Could not find Status attribute")
4261 frame2 = frame[0:2*32] + "0010010001" + frame[2*37:]
4262 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
4263 raise Exception("MGMT_RX_PROCESS failed")
4264 frame2 = frame[0:2*32] + "00100100ff" + frame[2*37:]
4265 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
4266 raise Exception("MGMT_RX_PROCESS failed")
4267
4268 # DPP Authentication Confirmation
4269 rx_process_frame(dev[0])
4270
4271 wait_auth_success(dev[0], dev[1])
4272
4273 # DPP Configuration Request
4274 rx_process_frame(dev[1])
4275
4276 # DPP Configuration Response
4277 rx_process_frame(dev[0])
4278
4279 wait_conf_completion(dev[1], dev[0])
4280
4281 def test_dpp_enrollee_reject_config(dev, apdev):
4282 """DPP and Enrollee rejecting Config Object"""
4283 check_dpp_capab(dev[0])
4284 check_dpp_capab(dev[1])
4285 dev[0].set("dpp_test", "91")
4286 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4287 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4288 dev[0].dpp_listen(2412)
4289 dev[1].dpp_auth_init(uri=uri0, conf="sta-sae", ssid="dpp-legacy",
4290 passphrase="secret passphrase")
4291 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
4292 allow_enrollee_failure=True,
4293 allow_configurator_failure=True)
4294
4295 def test_dpp_enrollee_ap_reject_config(dev, apdev):
4296 """DPP and Enrollee AP rejecting Config Object"""
4297 check_dpp_capab(dev[0])
4298 check_dpp_capab(dev[1])
4299 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"})
4300 check_dpp_capab(hapd)
4301 hapd.set("dpp_test", "91")
4302 conf_id = dev[0].dpp_configurator_add()
4303 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
4304 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
4305 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id)
4306 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd,
4307 allow_enrollee_failure=True,
4308 allow_configurator_failure=True)
4309
4310 def test_dpp_legacy_and_dpp_akm(dev, apdev):
4311 """DPP and provisoning DPP and legacy AKMs"""
4312 try:
4313 run_dpp_legacy_and_dpp_akm(dev, apdev)
4314 finally:
4315 dev[0].set("dpp_config_processing", "0")
4316
4317 def run_dpp_legacy_and_dpp_akm(dev, apdev):
4318 check_dpp_capab(dev[0], min_ver=2)
4319 check_dpp_capab(dev[1], min_ver=2)
4320
4321 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
4322 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
4323 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
4324 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
4325
4326 ssid = "dpp-both"
4327 passphrase = "secret passphrase"
4328 params = {"ssid": ssid,
4329 "wpa": "2",
4330 "wpa_key_mgmt": "DPP WPA-PSK SAE",
4331 "ieee80211w": "1",
4332 "sae_require_mfp": '1',
4333 "rsn_pairwise": "CCMP",
4334 "wpa_passphrase": passphrase,
4335 "dpp_connector": ap_connector,
4336 "dpp_csign": csign_pub,
4337 "dpp_netaccesskey": ap_netaccesskey}
4338 try:
4339 hapd = hostapd.add_ap(apdev[0], params)
4340 except:
4341 raise HwsimSkip("DPP not supported")
4342
4343 conf_id = dev[1].dpp_configurator_add(key=csign)
4344 dev[0].set("dpp_config_processing", "1")
4345 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4346 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4347 dev[0].dpp_listen(2412)
4348 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk-sae-dpp", ssid=ssid,
4349 passphrase=passphrase, configurator=conf_id)
4350 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0],
4351 allow_enrollee_failure=True,
4352 allow_configurator_failure=True)
4353 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
4354 if ev is None:
4355 raise Exception("DPP network profile not generated")
4356 id0 = ev.split(' ')[1]
4357
4358 key_mgmt = dev[0].get_network(id0, "key_mgmt").split(' ')
4359 for m in ["SAE", "WPA-PSK", "DPP"]:
4360 if m not in key_mgmt:
4361 raise Exception("%s missing from key_mgmt" % m)
4362
4363 dev[0].scan_for_bss(hapd.own_addr(), freq=2412)
4364 dev[0].select_network(id0, freq=2412)
4365 dev[0].wait_connected()
4366
4367 dev[0].request("DISCONNECT")
4368 dev[0].wait_disconnected()
4369 hapd.disable()
4370
4371 params = {"ssid": ssid,
4372 "wpa": "2",
4373 "wpa_key_mgmt": "WPA-PSK SAE",
4374 "ieee80211w": "1",
4375 "sae_require_mfp": '1',
4376 "rsn_pairwise": "CCMP",
4377 "wpa_passphrase": passphrase}
4378 hapd2 = hostapd.add_ap(apdev[1], params)
4379
4380 dev[0].request("BSS_FLUSH 0")
4381 dev[0].scan_for_bss(hapd2.own_addr(), freq=2412, force_scan=True,
4382 only_new=True)
4383 dev[0].select_network(id0, freq=2412)
4384 dev[0].wait_connected()
4385
4386 dev[0].request("DISCONNECT")
4387 dev[0].wait_disconnected()
4388
4389 def test_dpp_controller_relay(dev, apdev, params):
4390 """DPP Controller/Relay"""
4391 try:
4392 run_dpp_controller_relay(dev, apdev, params)
4393 finally:
4394 dev[0].set("dpp_config_processing", "0")
4395 dev[1].request("DPP_CONTROLLER_STOP")
4396
4397 def run_dpp_controller_relay(dev, apdev, params):
4398 check_dpp_capab(dev[0])
4399 check_dpp_capab(dev[1])
4400 prefix = "dpp_controller_relay"
4401 cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap")
4402
4403 cmd = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'lo',
4404 '-w', cap_lo, '-s', '2000'],
4405 stderr=open('/dev/null', 'w'))
4406
4407 # Controller
4408 conf_id = dev[1].dpp_configurator_add()
4409 dev[1].set("dpp_configurator_params",
4410 " conf=sta-dpp configurator=%d" % conf_id)
4411 id_c = dev[1].dpp_bootstrap_gen()
4412 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
4413 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
4414 pkhash = None
4415 for line in res.splitlines():
4416 name, value = line.split('=')
4417 if name == "pkhash":
4418 pkhash = value
4419 break
4420 if not pkhash:
4421 raise Exception("Could not fetch public key hash from Controller")
4422 if "OK" not in dev[1].request("DPP_CONTROLLER_START"):
4423 raise Exception("Failed to start Controller")
4424
4425 # Relay
4426 params = {"ssid": "unconfigured",
4427 "channel": "6",
4428 "dpp_controller": "ipaddr=127.0.0.1 pkhash=" + pkhash}
4429 relay = hostapd.add_ap(apdev[1], params)
4430 check_dpp_capab(relay)
4431
4432 # Enroll Relay to the network
4433 # TODO: Do this over TCP once direct Enrollee-over-TCP case is supported
4434 id_h = relay.dpp_bootstrap_gen(chan="81/6", mac=True)
4435 uri_r = relay.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
4436 dev[1].dpp_auth_init(uri=uri_r, conf="ap-dpp", configurator=conf_id)
4437 wait_auth_success(relay, dev[1], configurator=dev[1], enrollee=relay)
4438 update_hapd_config(relay)
4439
4440 # Initiate from Enrollee with broadcast DPP Authentication Request
4441 dev[0].set("dpp_config_processing", "2")
4442 dev[0].dpp_auth_init(uri=uri_c, role="enrollee")
4443 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0],
4444 allow_enrollee_failure=True,
4445 allow_configurator_failure=True)
4446 dev[0].wait_connected()
4447
4448 time.sleep(0.5)
4449 cmd.terminate()
4450
4451 def test_dpp_tcp(dev, apdev, params):
4452 """DPP over TCP"""
4453 prefix = "dpp_tcp"
4454 cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap")
4455 try:
4456 run_dpp_tcp(dev, apdev, cap_lo)
4457 finally:
4458 dev[1].request("DPP_CONTROLLER_STOP")
4459
4460 def test_dpp_tcp_port(dev, apdev, params):
4461 """DPP over TCP and specified port"""
4462 prefix = "dpp_tcp_port"
4463 cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap")
4464 try:
4465 run_dpp_tcp(dev, apdev, cap_lo, port="23456")
4466 finally:
4467 dev[1].request("DPP_CONTROLLER_STOP")
4468
4469 def run_dpp_tcp(dev, apdev, cap_lo, port=None):
4470 check_dpp_capab(dev[0])
4471 check_dpp_capab(dev[1])
4472
4473 cmd = subprocess.Popen(['tcpdump', '-p', '-U', '-i', 'lo',
4474 '-w', cap_lo, '-s', '2000'],
4475 stderr=open('/dev/null', 'w'))
4476 time.sleep(1)
4477
4478 # Controller
4479 conf_id = dev[1].dpp_configurator_add()
4480 dev[1].set("dpp_configurator_params",
4481 " conf=sta-dpp configurator=%d" % conf_id)
4482 id_c = dev[1].dpp_bootstrap_gen()
4483 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c)
4484 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c)
4485 pkhash = None
4486 for line in res.splitlines():
4487 name, value = line.split('=')
4488 if name == "pkhash":
4489 pkhash = value
4490 break
4491 if not pkhash:
4492 raise Exception("Could not fetch public key hash from Controller")
4493 req = "DPP_CONTROLLER_START"
4494 if port:
4495 req += " tcp_port=" + port
4496 if "OK" not in dev[1].request(req):
4497 raise Exception("Failed to start Controller")
4498
4499 # Initiate from Enrollee with broadcast DPP Authentication Request
4500 dev[0].dpp_auth_init(uri=uri_c, role="enrollee", tcp_addr="127.0.0.1",
4501 tcp_port=port)
4502 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0],
4503 allow_enrollee_failure=True,
4504 allow_configurator_failure=True)
4505 time.sleep(0.5)
4506 cmd.terminate()
Unnamed repository; edit this file 'description' to name the repository.