1 # Test cases for Device Provisioning Protocol (DPP)
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018-2019, The Linux Foundation
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
12 logger
= logging
.getLogger()
20 from utils
import HwsimSkip
, alloc_fail
, fail_test
, wait_fail_trigger
21 from wpasupplicant
import WpaSupplicant
25 openssl_imported
= True
27 openssl_imported
= False
29 def check_dpp_capab(dev
, brainpool
=False, min_ver
=1):
30 if "UNKNOWN COMMAND" in dev
.request("DPP_BOOTSTRAP_GET_URI 0"):
31 raise HwsimSkip("DPP not supported")
33 tls
= dev
.request("GET tls_library")
34 if not tls
.startswith("OpenSSL") or "run=BoringSSL" in tls
:
35 raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls
)
36 capa
= dev
.request("GET_CAPABILITY dpp")
38 if capa
.startswith("DPP="):
41 raise HwsimSkip("DPP version %d not supported" % min_ver
)
44 def wait_dpp_fail(dev
, expected
=None):
45 ev
= dev
.wait_event(["DPP-FAIL"], timeout
=5)
47 raise Exception("Failure not reported")
48 if expected
and expected
not in ev
:
49 raise Exception("Unexpected result: " + ev
)
51 def test_dpp_qr_code_parsing(dev
, apdev
):
52 """DPP QR Code parsing"""
53 check_dpp_capab(dev
[0])
56 tests
= ["DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
57 "DPP:C:81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13,82/14,83/1,83/2,83/3,83/4,83/5,83/6,83/7,83/8,83/9,84/5,84/6,84/7,84/8,84/9,84/10,84/11,84/12,84/13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
58 "DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
59 "DPP:I:;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"]
61 id.append(dev
[0].dpp_qr_code(uri
))
63 uri2
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id[-1])
65 raise Exception("Returned URI does not match")
71 "DPP:I:;M:01020304050;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
72 "DPP:K:" + base64
.b64encode(b
"hello").decode() + ";;",
73 "DPP:K:MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
74 "DPP:K:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANNZaZA4T/kRDjnmpI1ACOJhAuTIIEk2KFOpS6XPpGF+EVr/ao3XemkE0/nzXmGaLzLqTUCJknSdxTnVPeWfCVsCAwEAAQ==;;",
75 "DPP:K:MIIBCjCB0wYHKoZIzj0CATCBxwIBATAkBgcqhkjOPQEBAhkA/////////////////////v//////////MEsEGP////////////////////7//////////AQYZCEFGeWcgOcPp+mrciQwSf643uzBRrmxAxUAMEWub8hCL2TtV5Uo04Eg6uEhltUEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
76 "DPP:I:foo\tbar;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
77 "DPP:C:1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
78 "DPP:C:81/1a;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
79 "DPP:C:1/2000,81/-1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
80 "DPP:C:-1/1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;"]
82 res
= dev
[0].request("DPP_QR_CODE " + t
)
84 raise Exception("Accepted invalid QR Code: " + t
)
86 logger
.info("ID: " + str(id))
87 if id[0] == id[1] or id[0] == id[2] or id[1] == id[2]:
88 raise Exception("Duplicate ID returned")
90 if "FAIL" not in dev
[0].request("DPP_BOOTSTRAP_REMOVE 12345678"):
91 raise Exception("DPP_BOOTSTRAP_REMOVE accepted unexpectedly")
92 if "OK" not in dev
[0].request("DPP_BOOTSTRAP_REMOVE %d" % id[1]):
93 raise Exception("DPP_BOOTSTRAP_REMOVE failed")
95 id = dev
[0].dpp_bootstrap_gen()
96 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
97 logger
.info("Generated URI: " + uri
)
99 dev
[0].dpp_qr_code(uri
)
101 id = dev
[0].dpp_bootstrap_gen(chan
="81/1,115/36", mac
="010203040506",
103 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
104 logger
.info("Generated URI: " + uri
)
106 dev
[0].dpp_qr_code(uri
)
108 def test_dpp_qr_code_parsing_fail(dev
, apdev
):
109 """DPP QR Code parsing local failure"""
110 check_dpp_capab(dev
[0])
111 with
alloc_fail(dev
[0], 1, "dpp_parse_uri_info"):
112 if "FAIL" not in dev
[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
113 raise Exception("DPP_QR_CODE failure not reported")
115 with
alloc_fail(dev
[0], 1, "dpp_parse_uri_pk"):
116 if "FAIL" not in dev
[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
117 raise Exception("DPP_QR_CODE failure not reported")
119 with
fail_test(dev
[0], 1, "dpp_parse_uri_pk"):
120 if "FAIL" not in dev
[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
121 raise Exception("DPP_QR_CODE failure not reported")
123 with
alloc_fail(dev
[0], 1, "dpp_parse_uri"):
124 if "FAIL" not in dev
[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
125 raise Exception("DPP_QR_CODE failure not reported")
127 dpp_key_p256
= "30570201010420777fc55dc51e967c10ec051b91d860b5f1e6c934e48d5daffef98d032c64b170a00a06082a8648ce3d030107a124032200020c804188c7f85beb6e91070d2b3e5e39b90ca77b4d3c5251bc1844d6ca29dcad"
128 dpp_key_p384
= "307402010104302f56fdd83b5345cacb630eb7c22fa5ad5daba37307c95191e2a75756d137003bd8b32dbcb00eb5650c1eb499ecfcaec0a00706052b81040022a13403320003615ec2141b5b77aebb6523f8a012755f9a34405a8398d2ceeeebca7f5ce868bf55056cba4c4ec62fad3ed26dd29e0f23"
129 dpp_key_p521
= "308198020101044200c8010d5357204c252551aaf4e210343111e503fd1dc615b257058997c49b6b643c975226e93be8181cca3d83a7072defd161dfbdf433c19abe1f2ad51867a05761a00706052b81040023a1460344000301cdf3608b1305fe34a1f976095dcf001182b9973354efe156291a66830292f9babd8f412ad462958663e7a75d1d0610abdfc3dd95d40669f7ab3bc001668cfb3b7c"
130 dpp_key_bp256
= "3058020101042057133a676fb60bf2a3e6797e19833c7b0f89dc192ab99ab5fa377ae23a157765a00b06092b2403030208010107a12403220002945d9bf7ce30c9c1ac0ff21ca62b984d5bb80ff69d2be8c9716ab39a10d2caf0"
131 dpp_key_bp384
= "307802010104304902df9f3033a9b7128554c0851dc7127c3573eed150671dae74c0013e9896a9b1c22b6f7d43d8a2ebb7cd474dc55039a00b06092b240303020801010ba13403320003623cb5e68787f351faababf3425161571560add2e6f9a306fcbffb507735bf955bb46dd20ba246b0d5cadce73e5bd6a6"
132 dpp_key_bp512
= "30819802010104405803494226eb7e50bf0e90633f37e7e35d33f5fa502165eeba721d927f9f846caf12e925701d18e123abaaaf4a7edb4fc4de21ce18bc10c4d12e8b3439f74e40a00b06092b240303020801010da144034200033b086ccd47486522d35dc16fbb2229642c2e9e87897d45abbf21f9fb52acb5a6272b31d1b227c3e53720769cc16b4cb181b26cd0d35fe463218aaedf3b6ec00a"
134 def test_dpp_qr_code_curves(dev
, apdev
):
135 """DPP QR Code and supported curves"""
136 check_dpp_capab(dev
[0])
137 tests
= [("prime256v1", dpp_key_p256
),
138 ("secp384r1", dpp_key_p384
),
139 ("secp521r1", dpp_key_p521
)]
140 for curve
, hex in tests
:
141 id = dev
[0].dpp_bootstrap_gen(key
=hex)
142 info
= dev
[0].request("DPP_BOOTSTRAP_INFO %d" % id)
144 raise Exception("Failed to get info for " + curve
)
145 if "curve=" + curve
not in info
:
146 raise Exception("Curve mismatch for " + curve
)
148 def test_dpp_qr_code_curves_brainpool(dev
, apdev
):
149 """DPP QR Code and supported Brainpool curves"""
150 check_dpp_capab(dev
[0], brainpool
=True)
151 tests
= [("brainpoolP256r1", dpp_key_bp256
),
152 ("brainpoolP384r1", dpp_key_bp384
),
153 ("brainpoolP512r1", dpp_key_bp512
)]
154 for curve
, hex in tests
:
155 id = dev
[0].dpp_bootstrap_gen(key
=hex)
156 info
= dev
[0].request("DPP_BOOTSTRAP_INFO %d" % id)
158 raise Exception("Failed to get info for " + curve
)
159 if "curve=" + curve
not in info
:
160 raise Exception("Curve mismatch for " + curve
)
162 def test_dpp_qr_code_unsupported_curve(dev
, apdev
):
163 """DPP QR Code and unsupported curve"""
164 check_dpp_capab(dev
[0])
166 id = dev
[0].request("DPP_BOOTSTRAP_GEN type=qrcode curve=unsupported")
168 raise Exception("Unsupported curve accepted")
171 "305f02010104187f723ed9e1b41979ec5cd02eb82696efc76b40e277661049a00a06082a8648ce3d030101a134033200043f292614dea97c43f500f069e79ae9fb48f8b07369180de5eec8fa2bc9eea5af7a46dc335f52f10cb1c0e9464201d41b"]
173 id = dev
[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex)
175 raise Exception("Unsupported/invalid curve accepted")
177 def test_dpp_qr_code_keygen_fail(dev
, apdev
):
178 """DPP QR Code and keygen failure"""
179 check_dpp_capab(dev
[0])
181 with
alloc_fail(dev
[0], 1, "dpp_bootstrap_key_der;dpp_keygen"):
182 if "FAIL" not in dev
[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
183 raise Exception("Failure not reported")
185 with
alloc_fail(dev
[0], 1, "base64_gen_encode;dpp_keygen"):
186 if "FAIL" not in dev
[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
187 raise Exception("Failure not reported")
189 def test_dpp_qr_code_curve_select(dev
, apdev
):
190 """DPP QR Code and curve selection"""
191 check_dpp_capab(dev
[0], brainpool
=True)
192 check_dpp_capab(dev
[1], brainpool
=True)
195 for key
in [dpp_key_p256
, dpp_key_p384
, dpp_key_p521
,
196 dpp_key_bp256
, dpp_key_bp384
, dpp_key_bp512
]:
197 id = dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True, key
=key
)
198 info
= dev
[0].request("DPP_BOOTSTRAP_INFO %d" % id)
199 for i
in info
.splitlines():
201 name
, val
= i
.split('=')
205 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
206 bi
.append((curve
, uri
))
208 for curve
, uri
in bi
:
209 logger
.info("Curve: " + curve
)
210 logger
.info("URI: " + uri
)
212 dev
[0].dpp_listen(2412)
213 dev
[1].dpp_auth_init(uri
=uri
)
214 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
215 allow_enrollee_failure
=True, stop_responder
=True,
218 def test_dpp_qr_code_auth_broadcast(dev
, apdev
):
219 """DPP QR Code and authentication exchange (broadcast)"""
220 check_dpp_capab(dev
[0])
221 check_dpp_capab(dev
[1])
222 logger
.info("dev0 displays QR Code")
223 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1")
224 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
225 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
226 dev
[0].dpp_listen(2412)
227 dev
[1].dpp_auth_init(uri
=uri0
)
228 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
230 def test_dpp_qr_code_auth_unicast(dev
, apdev
):
231 """DPP QR Code and authentication exchange (unicast)"""
232 run_dpp_qr_code_auth_unicast(dev
, apdev
, None)
234 def test_dpp_qr_code_auth_unicast_ap_enrollee(dev
, apdev
):
235 """DPP QR Code and authentication exchange (AP enrollee)"""
236 run_dpp_qr_code_auth_unicast(dev
, apdev
, None, netrole
="ap")
238 def test_dpp_qr_code_curve_prime256v1(dev
, apdev
):
239 """DPP QR Code and curve prime256v1"""
240 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1")
242 def test_dpp_qr_code_curve_secp384r1(dev
, apdev
):
243 """DPP QR Code and curve secp384r1"""
244 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1")
246 def test_dpp_qr_code_curve_secp521r1(dev
, apdev
):
247 """DPP QR Code and curve secp521r1"""
248 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1")
250 def test_dpp_qr_code_curve_brainpoolP256r1(dev
, apdev
):
251 """DPP QR Code and curve brainpoolP256r1"""
252 run_dpp_qr_code_auth_unicast(dev
, apdev
, "brainpoolP256r1")
254 def test_dpp_qr_code_curve_brainpoolP384r1(dev
, apdev
):
255 """DPP QR Code and curve brainpoolP384r1"""
256 run_dpp_qr_code_auth_unicast(dev
, apdev
, "brainpoolP384r1")
258 def test_dpp_qr_code_curve_brainpoolP512r1(dev
, apdev
):
259 """DPP QR Code and curve brainpoolP512r1"""
260 run_dpp_qr_code_auth_unicast(dev
, apdev
, "brainpoolP512r1")
262 def test_dpp_qr_code_set_key(dev
, apdev
):
263 """DPP QR Code and fixed bootstrapping key"""
264 run_dpp_qr_code_auth_unicast(dev
, apdev
, None, key
="30770201010420e5143ac74682cc6869a830e8f5301a5fa569130ac329b1d7dd6f2a7495dbcbe1a00a06082a8648ce3d030107a144034200045e13e167c33dbc7d85541e5509600aa8139bbb3e39e25898992c5d01be92039ee2850f17e71506ded0d6b25677441eae249f8e225c68dd15a6354dca54006383")
266 def run_dpp_qr_code_auth_unicast(dev
, apdev
, curve
, netrole
=None, key
=None,
267 require_conf_success
=False, init_extra
=None,
268 require_conf_failure
=False,
269 configurator
=False, conf_curve
=None):
270 check_dpp_capab(dev
[0], curve
and "brainpool" in curve
)
271 check_dpp_capab(dev
[1], curve
and "brainpool" in curve
)
273 conf_id
= dev
[1].dpp_configurator_add(curve
=conf_curve
)
277 logger
.info("dev0 displays QR Code")
278 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
=curve
, key
=key
)
279 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
281 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
282 dev
[0].dpp_listen(2412, netrole
=netrole
)
283 dev
[1].dpp_auth_init(uri
=uri0
, extra
=init_extra
, configurator
=conf_id
)
284 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
285 allow_enrollee_failure
=True,
286 allow_configurator_failure
=not require_conf_success
,
287 require_configurator_failure
=require_conf_failure
,
290 def test_dpp_qr_code_auth_mutual(dev
, apdev
):
291 """DPP QR Code and authentication exchange (mutual)"""
292 check_dpp_capab(dev
[0])
293 check_dpp_capab(dev
[1])
294 logger
.info("dev0 displays QR Code")
295 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
296 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
298 logger
.info("dev1 displays QR Code")
299 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
300 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
302 logger
.info("dev0 scans QR Code")
303 id0b
= dev
[0].dpp_qr_code(uri1b
)
305 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
306 dev
[0].dpp_listen(2412)
307 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
)
309 ev
= dev
[1].wait_event(["DPP-AUTH-DIRECTION"], timeout
=5)
311 raise Exception("DPP authentication direction not indicated (Initiator)")
312 if "mutual=1" not in ev
:
313 raise Exception("Mutual authentication not used")
315 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
317 def test_dpp_qr_code_auth_mutual2(dev
, apdev
):
318 """DPP QR Code and authentication exchange (mutual2)"""
319 check_dpp_capab(dev
[0])
320 check_dpp_capab(dev
[1])
321 logger
.info("dev0 displays QR Code")
322 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
323 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
325 logger
.info("dev1 displays QR Code")
326 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
327 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
329 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
330 dev
[0].dpp_listen(2412, qr
="mutual")
331 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
)
333 ev
= dev
[1].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
335 raise Exception("Pending response not reported")
336 ev
= dev
[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
338 raise Exception("QR Code scan for mutual authentication not requested")
340 logger
.info("dev0 scans QR Code")
341 id0b
= dev
[0].dpp_qr_code(uri1b
)
343 ev
= dev
[1].wait_event(["DPP-AUTH-DIRECTION"], timeout
=5)
345 raise Exception("DPP authentication direction not indicated (Initiator)")
346 if "mutual=1" not in ev
:
347 raise Exception("Mutual authentication not used")
349 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
351 def test_dpp_qr_code_auth_mutual_p_256(dev
, apdev
):
352 """DPP QR Code and authentication exchange (mutual, autogen P-256)"""
353 run_dpp_qr_code_auth_mutual(dev
, apdev
, "P-256")
355 def test_dpp_qr_code_auth_mutual_p_384(dev
, apdev
):
356 """DPP QR Code and authentication exchange (mutual, autogen P-384)"""
357 run_dpp_qr_code_auth_mutual(dev
, apdev
, "P-384")
359 def test_dpp_qr_code_auth_mutual_p_521(dev
, apdev
):
360 """DPP QR Code and authentication exchange (mutual, autogen P-521)"""
361 run_dpp_qr_code_auth_mutual(dev
, apdev
, "P-521")
363 def test_dpp_qr_code_auth_mutual_bp_256(dev
, apdev
):
364 """DPP QR Code and authentication exchange (mutual, autogen BP-256)"""
365 run_dpp_qr_code_auth_mutual(dev
, apdev
, "BP-256")
367 def test_dpp_qr_code_auth_mutual_bp_384(dev
, apdev
):
368 """DPP QR Code and authentication exchange (mutual, autogen BP-384)"""
369 run_dpp_qr_code_auth_mutual(dev
, apdev
, "BP-384")
371 def test_dpp_qr_code_auth_mutual_bp_512(dev
, apdev
):
372 """DPP QR Code and authentication exchange (mutual, autogen BP-512)"""
373 run_dpp_qr_code_auth_mutual(dev
, apdev
, "BP-512")
375 def run_dpp_qr_code_auth_mutual(dev
, apdev
, curve
):
376 check_dpp_capab(dev
[0], curve
and "BP-" in curve
)
377 check_dpp_capab(dev
[1], curve
and "BP-" in curve
)
378 logger
.info("dev0 displays QR Code")
379 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
=curve
)
380 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
381 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
382 dev
[0].dpp_listen(2412, qr
="mutual")
383 dev
[1].dpp_auth_init(uri
=uri0
)
385 ev
= dev
[1].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
387 raise Exception("Pending response not reported")
388 uri
= ev
.split(' ')[1]
390 ev
= dev
[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
392 raise Exception("QR Code scan for mutual authentication not requested")
394 logger
.info("dev0 scans QR Code")
395 dev
[0].dpp_qr_code(uri
)
397 ev
= dev
[1].wait_event(["DPP-AUTH-DIRECTION"], timeout
=5)
399 raise Exception("DPP authentication direction not indicated (Initiator)")
400 if "mutual=1" not in ev
:
401 raise Exception("Mutual authentication not used")
403 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
405 def test_dpp_auth_resp_retries(dev
, apdev
):
406 """DPP Authentication Response retries"""
407 check_dpp_capab(dev
[0])
408 check_dpp_capab(dev
[1])
409 dev
[0].set("dpp_resp_max_tries", "3")
410 dev
[0].set("dpp_resp_retry_time", "100")
412 logger
.info("dev0 displays QR Code")
413 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
414 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
415 logger
.info("dev1 displays QR Code")
416 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
417 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
418 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
419 dev
[0].dpp_listen(2412, qr
="mutual")
420 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
)
422 ev
= dev
[1].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
424 raise Exception("Pending response not reported")
425 ev
= dev
[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
427 raise Exception("QR Code scan for mutual authentication not requested")
429 # Stop Initiator from listening to frames to force retransmission of the
430 # DPP Authentication Response frame with Status=0
431 dev
[1].request("DPP_STOP_LISTEN")
433 dev
[1].dump_monitor()
434 dev
[0].dump_monitor()
436 logger
.info("dev0 scans QR Code")
437 id0b
= dev
[0].dpp_qr_code(uri1b
)
439 ev
= dev
[0].wait_event(["DPP-TX"], timeout
=5)
440 if ev
is None or "type=1" not in ev
:
441 raise Exception("DPP Authentication Response not sent")
442 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=5)
444 raise Exception("TX status for DPP Authentication Response not reported")
445 if "result=no-ACK" not in ev
:
446 raise Exception("Unexpected TX status for Authentication Response: " + ev
)
448 ev
= dev
[0].wait_event(["DPP-TX"], timeout
=15)
449 if ev
is None or "type=1" not in ev
:
450 raise Exception("DPP Authentication Response retransmission not sent")
452 def test_dpp_qr_code_auth_mutual_not_used(dev
, apdev
):
453 """DPP QR Code and authentication exchange (mutual not used)"""
454 check_dpp_capab(dev
[0])
455 check_dpp_capab(dev
[1])
456 logger
.info("dev0 displays QR Code")
457 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
458 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
459 logger
.info("dev1 displays QR Code")
460 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
461 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
462 logger
.info("dev0 does not scan QR Code")
463 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
464 dev
[0].dpp_listen(2412)
465 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
)
467 ev
= dev
[1].wait_event(["DPP-AUTH-DIRECTION"], timeout
=5)
469 raise Exception("DPP authentication direction not indicated (Initiator)")
470 if "mutual=0" not in ev
:
471 raise Exception("Mutual authentication not used")
473 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
475 def test_dpp_qr_code_auth_mutual_curve_mismatch(dev
, apdev
):
476 """DPP QR Code and authentication exchange (mutual/mismatch)"""
477 check_dpp_capab(dev
[0])
478 check_dpp_capab(dev
[1])
479 logger
.info("dev0 displays QR Code")
480 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
481 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
482 logger
.info("dev1 displays QR Code")
483 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
="secp384r1")
484 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
485 logger
.info("dev0 scans QR Code")
486 id0b
= dev
[0].dpp_qr_code(uri1b
)
487 logger
.info("dev1 scans QR Code")
488 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1b
, expect_fail
=True)
490 def test_dpp_qr_code_auth_hostapd_mutual2(dev
, apdev
):
491 """DPP QR Code and authentication exchange (hostapd mutual2)"""
492 check_dpp_capab(dev
[0])
493 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
494 check_dpp_capab(hapd
)
495 logger
.info("AP displays QR Code")
496 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
497 uri_h
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
498 logger
.info("dev0 displays QR Code")
499 id0b
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
500 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b
)
501 logger
.info("dev0 scans QR Code and initiates DPP Authentication")
502 hapd
.dpp_listen(2412, qr
="mutual")
503 dev
[0].dpp_auth_init(uri
=uri_h
, own
=id0b
)
505 ev
= dev
[0].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
507 raise Exception("Pending response not reported")
508 ev
= hapd
.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
510 raise Exception("QR Code scan for mutual authentication not requested")
512 logger
.info("AP scans QR Code")
513 hapd
.dpp_qr_code(uri0
)
515 wait_auth_success(hapd
, dev
[0], stop_responder
=True)
517 def test_dpp_qr_code_listen_continue(dev
, apdev
):
518 """DPP QR Code and listen operation needing continuation"""
519 check_dpp_capab(dev
[0])
520 check_dpp_capab(dev
[1])
521 logger
.info("dev0 displays QR Code")
522 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
523 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
524 dev
[0].dpp_listen(2412)
525 logger
.info("Wait for listen to expire and get restarted")
527 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
528 dev
[1].dpp_auth_init(uri
=uri0
)
529 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
531 def test_dpp_qr_code_auth_initiator_enrollee(dev
, apdev
):
532 """DPP QR Code and authentication exchange (Initiator in Enrollee role)"""
534 run_dpp_qr_code_auth_initiator_enrollee(dev
, apdev
)
536 dev
[0].set("gas_address3", "0")
537 dev
[1].set("gas_address3", "0")
539 def run_dpp_qr_code_auth_initiator_enrollee(dev
, apdev
):
540 check_dpp_capab(dev
[0])
541 check_dpp_capab(dev
[1])
542 dev
[0].request("SET gas_address3 1")
543 dev
[1].request("SET gas_address3 1")
544 logger
.info("dev0 displays QR Code")
545 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
546 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
547 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
548 dev
[0].dpp_listen(2412)
549 dev
[1].dpp_auth_init(uri
=uri0
, role
="enrollee")
550 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[0], enrollee
=dev
[1],
551 allow_enrollee_failure
=True, stop_responder
=True)
553 def test_dpp_qr_code_auth_initiator_either_1(dev
, apdev
):
554 """DPP QR Code and authentication exchange (Initiator in either role)"""
555 run_dpp_qr_code_auth_initiator_either(dev
, apdev
, None, dev
[1], dev
[0])
557 def test_dpp_qr_code_auth_initiator_either_2(dev
, apdev
):
558 """DPP QR Code and authentication exchange (Initiator in either role)"""
559 run_dpp_qr_code_auth_initiator_either(dev
, apdev
, "enrollee",
562 def test_dpp_qr_code_auth_initiator_either_3(dev
, apdev
):
563 """DPP QR Code and authentication exchange (Initiator in either role)"""
564 run_dpp_qr_code_auth_initiator_either(dev
, apdev
, "configurator",
567 def run_dpp_qr_code_auth_initiator_either(dev
, apdev
, resp_role
,
568 conf_dev
, enrollee_dev
):
569 check_dpp_capab(dev
[0])
570 check_dpp_capab(dev
[1])
571 logger
.info("dev0 displays QR Code")
572 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
573 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
574 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
575 dev
[0].dpp_listen(2412, role
=resp_role
)
576 dev
[1].dpp_auth_init(uri
=uri0
, role
="either")
577 wait_auth_success(dev
[0], dev
[1], configurator
=conf_dev
,
578 enrollee
=enrollee_dev
, allow_enrollee_failure
=True,
581 def run_init_incompatible_roles(dev
, role
="enrollee"):
582 check_dpp_capab(dev
[0])
583 check_dpp_capab(dev
[1])
584 logger
.info("dev0 displays QR Code")
585 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
586 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
588 logger
.info("dev1 scans QR Code")
589 id1
= dev
[1].dpp_qr_code(uri0
)
591 logger
.info("dev1 initiates DPP Authentication")
592 dev
[0].dpp_listen(2412, role
=role
)
595 def test_dpp_qr_code_auth_incompatible_roles(dev
, apdev
):
596 """DPP QR Code and authentication exchange (incompatible roles)"""
597 id1
= run_init_incompatible_roles(dev
)
598 dev
[1].dpp_auth_init(peer
=id1
, role
="enrollee")
599 ev
= dev
[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=5)
601 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
602 ev
= dev
[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=1)
604 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
605 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
606 wait_auth_success(dev
[0], dev
[1], stop_responder
=True)
608 def test_dpp_qr_code_auth_incompatible_roles2(dev
, apdev
):
609 """DPP QR Code and authentication exchange (incompatible roles 2)"""
610 id1
= run_init_incompatible_roles(dev
, role
="configurator")
611 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
612 ev
= dev
[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=5)
614 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
615 ev
= dev
[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=1)
617 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
619 def test_dpp_qr_code_auth_incompatible_roles_failure(dev
, apdev
):
620 """DPP QR Code and authentication exchange (incompatible roles failure)"""
621 id1
= run_init_incompatible_roles(dev
, role
="configurator")
622 with
alloc_fail(dev
[0], 1, "dpp_auth_build_resp_status"):
623 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
624 ev
= dev
[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=1)
626 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
628 def test_dpp_qr_code_auth_incompatible_roles_failure2(dev
, apdev
):
629 """DPP QR Code and authentication exchange (incompatible roles failure 2)"""
630 id1
= run_init_incompatible_roles(dev
, role
="configurator")
631 with
alloc_fail(dev
[1], 1, "dpp_auth_resp_rx_status"):
632 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
633 wait_fail_trigger(dev
[1], "GET_ALLOC_FAIL")
635 def test_dpp_qr_code_auth_incompatible_roles_failure3(dev
, apdev
):
636 """DPP QR Code and authentication exchange (incompatible roles failure 3)"""
637 id1
= run_init_incompatible_roles(dev
, role
="configurator")
638 with
fail_test(dev
[1], 1, "dpp_auth_resp_rx_status"):
639 dev
[1].dpp_auth_init(peer
=id1
, role
="configurator")
640 wait_dpp_fail(dev
[1], "AES-SIV decryption failed")
642 def test_dpp_qr_code_auth_neg_chan(dev
, apdev
):
643 """DPP QR Code and authentication exchange with requested different channel"""
644 check_dpp_capab(dev
[0])
645 check_dpp_capab(dev
[1])
646 conf_id
= dev
[1].dpp_configurator_add()
647 logger
.info("dev0 displays QR Code")
648 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
649 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
650 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
651 dev
[0].dpp_listen(2412)
652 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-dpp", neg_freq
=2462,
653 configurator
=conf_id
)
655 ev
= dev
[1].wait_event(["DPP-TX"], timeout
=5)
657 raise Exception("DPP Authentication Request not sent")
658 if "freq=2412 type=0" not in ev
:
659 raise Exception("Unexpected TX data for Authentication Request: " + ev
)
661 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
663 raise Exception("DPP Authentication Request not received")
664 if "freq=2412 type=0" not in ev
:
665 raise Exception("Unexpected RX data for Authentication Request: " + ev
)
667 ev
= dev
[1].wait_event(["DPP-TX-STATUS"], timeout
=5)
669 raise Exception("TX status for DPP Authentication Request not reported")
670 if "freq=2412 result=SUCCESS" not in ev
:
671 raise Exception("Unexpected TX status for Authentication Request: " + ev
)
673 ev
= dev
[0].wait_event(["DPP-TX"], timeout
=5)
675 raise Exception("DPP Authentication Response not sent")
676 if "freq=2462 type=1" not in ev
:
677 raise Exception("Unexpected TX data for Authentication Response: " + ev
)
679 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=5)
681 raise Exception("DPP Authentication Response not received")
682 if "freq=2462 type=1" not in ev
:
683 raise Exception("Unexpected RX data for Authentication Response: " + ev
)
685 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=5)
687 raise Exception("TX status for DPP Authentication Response not reported")
688 if "freq=2462 result=SUCCESS" not in ev
:
689 raise Exception("Unexpected TX status for Authentication Response: " + ev
)
691 ev
= dev
[1].wait_event(["DPP-TX"], timeout
=5)
693 raise Exception("DPP Authentication Confirm not sent")
694 if "freq=2462 type=2" not in ev
:
695 raise Exception("Unexpected TX data for Authentication Confirm: " + ev
)
697 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
699 raise Exception("DPP Authentication Confirm not received")
700 if "freq=2462 type=2" not in ev
:
701 raise Exception("Unexpected RX data for Authentication Confirm: " + ev
)
703 ev
= dev
[1].wait_event(["DPP-TX-STATUS"], timeout
=5)
705 raise Exception("TX status for DPP Authentication Confirm not reported")
706 if "freq=2462 result=SUCCESS" not in ev
:
707 raise Exception("Unexpected TX status for Authentication Confirm: " + ev
)
709 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
712 def test_dpp_config_legacy(dev
, apdev
):
713 """DPP Config Object for legacy network using passphrase"""
714 check_dpp_capab(dev
[1])
715 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
716 dev
[1].set("dpp_config_obj_override", conf
)
717 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
718 require_conf_success
=True)
720 def test_dpp_config_legacy_psk_hex(dev
, apdev
):
721 """DPP Config Object for legacy network using PSK"""
722 check_dpp_capab(dev
[1])
723 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"' + 32*"12" + '"}}'
724 dev
[1].set("dpp_config_obj_override", conf
)
725 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
726 require_conf_success
=True)
728 def test_dpp_config_fragmentation(dev
, apdev
):
729 """DPP Config Object for legacy network requiring fragmentation"""
730 check_dpp_capab(dev
[1])
731 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
732 dev
[1].set("dpp_config_obj_override", conf
)
733 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
734 require_conf_success
=True)
736 def test_dpp_config_legacy_gen(dev
, apdev
):
737 """Generate DPP Config Object for legacy network"""
738 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
739 init_extra
="conf=sta-psk pass=%s" % binascii
.hexlify(b
"passphrase").decode(),
740 require_conf_success
=True)
742 def test_dpp_config_legacy_gen_psk(dev
, apdev
):
743 """Generate DPP Config Object for legacy network (PSK)"""
744 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
745 init_extra
="conf=sta-psk psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
746 require_conf_success
=True)
748 def test_dpp_config_dpp_gen_prime256v1(dev
, apdev
):
749 """Generate DPP Config Object for DPP network (P-256)"""
750 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
751 init_extra
="conf=sta-dpp",
752 require_conf_success
=True,
755 def test_dpp_config_dpp_gen_secp384r1(dev
, apdev
):
756 """Generate DPP Config Object for DPP network (P-384)"""
757 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
758 init_extra
="conf=sta-dpp",
759 require_conf_success
=True,
762 def test_dpp_config_dpp_gen_secp521r1(dev
, apdev
):
763 """Generate DPP Config Object for DPP network (P-521)"""
764 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
765 init_extra
="conf=sta-dpp",
766 require_conf_success
=True,
769 def test_dpp_config_dpp_gen_prime256v1_prime256v1(dev
, apdev
):
770 """Generate DPP Config Object for DPP network (P-256 + P-256)"""
771 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
772 init_extra
="conf=sta-dpp",
773 require_conf_success
=True,
775 conf_curve
="prime256v1")
777 def test_dpp_config_dpp_gen_prime256v1_secp384r1(dev
, apdev
):
778 """Generate DPP Config Object for DPP network (P-256 + P-384)"""
779 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
780 init_extra
="conf=sta-dpp",
781 require_conf_success
=True,
783 conf_curve
="secp384r1")
785 def test_dpp_config_dpp_gen_prime256v1_secp521r1(dev
, apdev
):
786 """Generate DPP Config Object for DPP network (P-256 + P-521)"""
787 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
788 init_extra
="conf=sta-dpp",
789 require_conf_success
=True,
791 conf_curve
="secp521r1")
793 def test_dpp_config_dpp_gen_secp384r1_prime256v1(dev
, apdev
):
794 """Generate DPP Config Object for DPP network (P-384 + P-256)"""
795 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
796 init_extra
="conf=sta-dpp",
797 require_conf_success
=True,
799 conf_curve
="prime256v1")
801 def test_dpp_config_dpp_gen_secp384r1_secp384r1(dev
, apdev
):
802 """Generate DPP Config Object for DPP network (P-384 + P-384)"""
803 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
804 init_extra
="conf=sta-dpp",
805 require_conf_success
=True,
807 conf_curve
="secp384r1")
809 def test_dpp_config_dpp_gen_secp384r1_secp521r1(dev
, apdev
):
810 """Generate DPP Config Object for DPP network (P-384 + P-521)"""
811 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
812 init_extra
="conf=sta-dpp",
813 require_conf_success
=True,
815 conf_curve
="secp521r1")
817 def test_dpp_config_dpp_gen_secp521r1_prime256v1(dev
, apdev
):
818 """Generate DPP Config Object for DPP network (P-521 + P-256)"""
819 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
820 init_extra
="conf=sta-dpp",
821 require_conf_success
=True,
823 conf_curve
="prime256v1")
825 def test_dpp_config_dpp_gen_secp521r1_secp384r1(dev
, apdev
):
826 """Generate DPP Config Object for DPP network (P-521 + P-384)"""
827 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
828 init_extra
="conf=sta-dpp",
829 require_conf_success
=True,
831 conf_curve
="secp384r1")
833 def test_dpp_config_dpp_gen_secp521r1_secp521r1(dev
, apdev
):
834 """Generate DPP Config Object for DPP network (P-521 + P-521)"""
835 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
836 init_extra
="conf=sta-dpp",
837 require_conf_success
=True,
839 conf_curve
="secp521r1")
841 def test_dpp_config_dpp_gen_expiry(dev
, apdev
):
842 """Generate DPP Config Object for DPP network with expiry value"""
843 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
844 init_extra
="conf=sta-dpp expiry=%d" % (time
.time() + 1000),
845 require_conf_success
=True,
848 def test_dpp_config_dpp_gen_expired_key(dev
, apdev
):
849 """Generate DPP Config Object for DPP network with expiry value"""
850 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
851 init_extra
="conf=sta-dpp expiry=%d" % (time
.time() - 10),
852 require_conf_failure
=True,
855 def test_dpp_config_dpp_override_prime256v1(dev
, apdev
):
856 """DPP Config Object override (P-256)"""
857 check_dpp_capab(dev
[0])
858 check_dpp_capab(dev
[1])
859 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}'
860 dev
[0].set("dpp_ignore_netaccesskey_mismatch", "1")
861 dev
[1].set("dpp_config_obj_override", conf
)
862 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
863 require_conf_success
=True)
865 def test_dpp_config_dpp_override_secp384r1(dev
, apdev
):
866 """DPP Config Object override (P-384)"""
867 check_dpp_capab(dev
[0])
868 check_dpp_capab(dev
[1])
869 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJabi1iMndjbjRLM2pGQklkYmhGZkpVTHJTXzdESS0yMWxFQi02R3gxNjl3IiwiYWxnIjoiRVMzODQifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0zODQiLCJ4IjoickdrSGg1UUZsOUtfWjdqYUZkVVhmbThoY1RTRjM1b25Xb1NIRXVsbVNzWW9oX1RXZGpoRjhiVGdiS0ZRN2tBViIsInkiOiJBbU1QVDA5VmFENWpGdzMwTUFKQlp2VkZXeGNlVVlKLXR5blQ0bVJ5N0xOZWxhZ0dEWHpfOExaRlpOU2FaNUdLIn19.Yn_F7m-bbOQ5PlaYQJ9-1qsuqYQ6V-rAv8nWw1COKiCYwwbt3WFBJ8DljY0dPrlg5CHJC4saXwkytpI-CpELW1yUdzYb4Lrun07d20Eo_g10ICyOl5sqQCAUElKMe_Xr","csign":{"kty":"EC","crv":"P-384","x":"dmTyXXiPV2Y8a01fujL-jo08gvzyby23XmzOtzjAiujKQZZgPJsbhfEKrZDlc6ey","y":"H5Z0av5c7bqInxYb2_OOJdNiMhVf3zlcULR0516ZZitOY4U31KhL4wl4KGV7g2XW","kid":"Zn-b2wcn4K3jFBIdbhFfJULrS_7DI-21lEB-6Gx169w"}}}'
870 dev
[0].set("dpp_ignore_netaccesskey_mismatch", "1")
871 dev
[1].set("dpp_config_obj_override", conf
)
872 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp384r1",
873 require_conf_success
=True)
875 def test_dpp_config_dpp_override_secp521r1(dev
, apdev
):
876 """DPP Config Object override (P-521)"""
877 check_dpp_capab(dev
[0])
878 check_dpp_capab(dev
[1])
879 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJMZkhKY3hnV2ZKcG1uS2IwenZRT0F2VDB2b0ZKc0JjZnBmYzgxY3Y5ZXFnIiwiYWxnIjoiRVM1MTIifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC01MjEiLCJ4IjoiQVJlUFBrMFNISkRRR2NWbnlmM3lfbTlaQllHNjFJeElIbDN1NkdwRHVhMkU1WVd4TE1BSUtMMnZuUGtlSGFVRXljRmZaZlpYZ2JlNkViUUxMVkRVUm1VUSIsInkiOiJBWUtaYlNwUkFFNjJVYm9YZ2c1ZWRBVENzbEpzTlpwcm9RR1dUcW9Md04weXkzQkVoT3ZRZmZrOWhaR2lKZ295TzFobXFRRVRrS0pXb2tIYTBCQUpLSGZtIn19.ACEZLyPk13cM_OFScpLoCElQ2t1sxq5z2d_W_3_QslTQQe5SFiH_o8ycL4632YLAH4RV0gZcMKKRMtZdHgBYHjkzASDqgY-_aYN2SBmpfl8hw0YdDlUJWX3DJf-ofqNAlTbnGmhpSg69cEAhFn41Xgvx2MdwYcPVncxxESVOtWl5zNLK","csign":{"kty":"EC","crv":"P-521","x":"ADiOI_YJOAipEXHB-SpGl4KqokX8m8h3BVYCc8dgiwssZ061-nIIY3O1SIO6Re4Jjfy53RPgzDG6jitOgOGLtzZs","y":"AZKggKaQi0ExutSpJAU3-lqDV03sBQLA9C7KabfWoAn8qD6Vk4jU0WAJdt-wBBTF9o1nVuiqS2OxMVYrxN4lOz79","kid":"LfHJcxgWfJpmnKb0zvQOAvT0voFJsBcfpfc81cv9eqg"}}}'
880 dev
[0].set("dpp_ignore_netaccesskey_mismatch", "1")
881 dev
[1].set("dpp_config_obj_override", conf
)
882 run_dpp_qr_code_auth_unicast(dev
, apdev
, "secp521r1",
883 require_conf_success
=True)
885 def test_dpp_config_override_objects(dev
, apdev
):
886 """Generate DPP Config Object and override objects)"""
887 check_dpp_capab(dev
[1])
888 discovery
= '{\n"ssid":"mywifi"\n}'
889 groups
= '[\n {"groupId":"home","netRole":"sta"},\n {"groupId":"cottage","netRole":"sta"}\n]'
890 dev
[1].set("dpp_discovery_override", discovery
)
891 dev
[1].set("dpp_groups_override", groups
)
892 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
893 init_extra
="conf=sta-dpp",
894 require_conf_success
=True,
897 def build_conf_obj(kty
="EC", crv
="P-256",
898 x
="W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s",
899 y
="Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE",
900 kid
="TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU",
901 prot_hdr
='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}',
902 signed_connector
=None,
903 no_signed_connector
=False,
905 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{'
906 conf
+= '"akm":"dpp",'
909 conn
= signed_connector
910 conf
+= '"signedConnector":"%s",' % conn
911 elif not no_signed_connector
:
912 payload
= '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
913 sign
= "_sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A"
914 conn
= base64
.urlsafe_b64encode(prot_hdr
.encode()).decode().rstrip('=') + '.'
915 conn
+= base64
.urlsafe_b64encode(payload
.encode()).decode().rstrip('=') + '.'
917 conf
+= '"signedConnector":"%s",' % conn
922 conf
+= '"kty":"%s",' % kty
924 conf
+= '"crv":"%s",' % crv
926 conf
+= '"x":"%s",' % x
928 conf
+= '"y":"%s",' % y
930 conf
+= '"kid":"%s"' % kid
931 conf
= conf
.rstrip(',')
934 conf
= conf
.rstrip(',')
940 def run_dpp_config_error(dev
, apdev
, conf
,
941 skip_net_access_key_mismatch
=True):
942 check_dpp_capab(dev
[0])
943 check_dpp_capab(dev
[1])
944 if skip_net_access_key_mismatch
:
945 dev
[0].set("dpp_ignore_netaccesskey_mismatch", "1")
946 dev
[1].set("dpp_config_obj_override", conf
)
947 run_dpp_qr_code_auth_unicast(dev
, apdev
, "prime256v1",
948 require_conf_failure
=True)
950 def test_dpp_config_jwk_error_no_kty(dev
, apdev
):
951 """DPP Config Object JWK error - no kty"""
952 run_dpp_config_error(dev
, apdev
, build_conf_obj(kty
=None))
954 def test_dpp_config_jwk_error_unexpected_kty(dev
, apdev
):
955 """DPP Config Object JWK error - unexpected kty"""
956 run_dpp_config_error(dev
, apdev
, build_conf_obj(kty
="unknown"))
958 def test_dpp_config_jwk_error_no_crv(dev
, apdev
):
959 """DPP Config Object JWK error - no crv"""
960 run_dpp_config_error(dev
, apdev
, build_conf_obj(crv
=None))
962 def test_dpp_config_jwk_error_unsupported_crv(dev
, apdev
):
963 """DPP Config Object JWK error - unsupported curve"""
964 run_dpp_config_error(dev
, apdev
, build_conf_obj(crv
="unsupported"))
966 def test_dpp_config_jwk_error_no_x(dev
, apdev
):
967 """DPP Config Object JWK error - no x"""
968 run_dpp_config_error(dev
, apdev
, build_conf_obj(x
=None))
970 def test_dpp_config_jwk_error_invalid_x(dev
, apdev
):
971 """DPP Config Object JWK error - invalid x"""
972 run_dpp_config_error(dev
, apdev
, build_conf_obj(x
="MTIz"))
974 def test_dpp_config_jwk_error_no_y(dev
, apdev
):
975 """DPP Config Object JWK error - no y"""
976 run_dpp_config_error(dev
, apdev
, build_conf_obj(y
=None))
978 def test_dpp_config_jwk_error_invalid_y(dev
, apdev
):
979 """DPP Config Object JWK error - invalid y"""
980 run_dpp_config_error(dev
, apdev
, build_conf_obj(y
="MTIz"))
982 def test_dpp_config_jwk_error_invalid_xy(dev
, apdev
):
983 """DPP Config Object JWK error - invalid x,y"""
984 conf
= build_conf_obj(x
="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY",
985 y
="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY")
986 run_dpp_config_error(dev
, apdev
, conf
)
988 def test_dpp_config_jwk_error_no_kid(dev
, apdev
):
989 """DPP Config Object JWK error - no kid"""
990 run_dpp_config_error(dev
, apdev
, build_conf_obj(kid
=None))
992 def test_dpp_config_jws_error_prot_hdr_not_an_object(dev
, apdev
):
993 """DPP Config Object JWS error - protected header not an object"""
994 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
="1"))
996 def test_dpp_config_jws_error_prot_hdr_no_typ(dev
, apdev
):
997 """DPP Config Object JWS error - protected header - no typ"""
998 prot_hdr
= '{"kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
999 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1001 def test_dpp_config_jws_error_prot_hdr_unsupported_typ(dev
, apdev
):
1002 """DPP Config Object JWS error - protected header - unsupported typ"""
1003 prot_hdr
= '{"typ":"unsupported","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1004 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1006 def test_dpp_config_jws_error_prot_hdr_no_alg(dev
, apdev
):
1007 """DPP Config Object JWS error - protected header - no alg"""
1008 prot_hdr
= '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}'
1009 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1011 def test_dpp_config_jws_error_prot_hdr_unexpected_alg(dev
, apdev
):
1012 """DPP Config Object JWS error - protected header - unexpected alg"""
1013 prot_hdr
= '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"unexpected"}'
1014 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1016 def test_dpp_config_jws_error_prot_hdr_no_kid(dev
, apdev
):
1017 """DPP Config Object JWS error - protected header - no kid"""
1018 prot_hdr
= '{"typ":"dppCon","alg":"ES256"}'
1019 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1021 def test_dpp_config_jws_error_prot_hdr_unexpected_kid(dev
, apdev
):
1022 """DPP Config Object JWS error - protected header - unexpected kid"""
1023 prot_hdr
= '{"typ":"dppCon","kid":"MTIz","alg":"ES256"}'
1024 run_dpp_config_error(dev
, apdev
, build_conf_obj(prot_hdr
=prot_hdr
))
1026 def test_dpp_config_signed_connector_error_no_dot_1(dev
, apdev
):
1027 """DPP Config Object signedConnector error - no dot(1)"""
1029 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
=conn
))
1031 def test_dpp_config_signed_connector_error_no_dot_2(dev
, apdev
):
1032 """DPP Config Object signedConnector error - no dot(2)"""
1033 conn
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz"
1034 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
=conn
))
1036 def test_dpp_config_signed_connector_error_unexpected_signature_len(dev
, apdev
):
1037 """DPP Config Object signedConnector error - unexpected signature length"""
1038 conn
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTIz"
1039 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
=conn
))
1041 def test_dpp_config_signed_connector_error_invalid_signature_der(dev
, apdev
):
1042 """DPP Config Object signedConnector error - invalid signature DER"""
1043 conn
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTI"
1044 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
=conn
))
1046 def test_dpp_config_no_csign(dev
, apdev
):
1047 """DPP Config Object error - no csign"""
1048 run_dpp_config_error(dev
, apdev
, build_conf_obj(csign
=False))
1050 def test_dpp_config_no_signed_connector(dev
, apdev
):
1051 """DPP Config Object error - no signedConnector"""
1052 run_dpp_config_error(dev
, apdev
, build_conf_obj(no_signed_connector
=True))
1054 def test_dpp_config_unexpected_signed_connector_char(dev
, apdev
):
1055 """DPP Config Object error - unexpected signedConnector character"""
1056 run_dpp_config_error(dev
, apdev
, build_conf_obj(signed_connector
='a\nb'))
1058 def test_dpp_config_root_not_an_object(dev
, apdev
):
1059 """DPP Config Object error - root not an object"""
1061 run_dpp_config_error(dev
, apdev
, conf
)
1063 def test_dpp_config_no_wi_fi_tech(dev
, apdev
):
1064 """DPP Config Object error - no wi-fi_tech"""
1066 run_dpp_config_error(dev
, apdev
, conf
)
1068 def test_dpp_config_unsupported_wi_fi_tech(dev
, apdev
):
1069 """DPP Config Object error - unsupported wi-fi_tech"""
1070 conf
= '{"wi-fi_tech":"unsupported"}'
1071 run_dpp_config_error(dev
, apdev
, conf
)
1073 def test_dpp_config_no_discovery(dev
, apdev
):
1074 """DPP Config Object error - no discovery"""
1075 conf
= '{"wi-fi_tech":"infra"}'
1076 run_dpp_config_error(dev
, apdev
, conf
)
1078 def test_dpp_config_no_discovery_ssid(dev
, apdev
):
1079 """DPP Config Object error - no discovery::ssid"""
1080 conf
= '{"wi-fi_tech":"infra","discovery":{}}'
1081 run_dpp_config_error(dev
, apdev
, conf
)
1083 def test_dpp_config_too_long_discovery_ssid(dev
, apdev
):
1084 """DPP Config Object error - too long discovery::ssid"""
1085 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"%s"}}' % (33*'A')
1086 run_dpp_config_error(dev
, apdev
, conf
)
1088 def test_dpp_config_no_cred(dev
, apdev
):
1089 """DPP Config Object error - no cred"""
1090 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"}}'
1091 run_dpp_config_error(dev
, apdev
, conf
)
1093 def test_dpp_config_no_cred_akm(dev
, apdev
):
1094 """DPP Config Object error - no cred::akm"""
1095 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{}}'
1096 run_dpp_config_error(dev
, apdev
, conf
)
1098 def test_dpp_config_unsupported_cred_akm(dev
, apdev
):
1099 """DPP Config Object error - unsupported cred::akm"""
1100 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"unsupported"}}'
1101 run_dpp_config_error(dev
, apdev
, conf
)
1103 def test_dpp_config_error_legacy_no_pass(dev
, apdev
):
1104 """DPP Config Object legacy error - no pass/psk"""
1105 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk"}}'
1106 run_dpp_config_error(dev
, apdev
, conf
)
1108 def test_dpp_config_error_legacy_too_short_pass(dev
, apdev
):
1109 """DPP Config Object legacy error - too short pass/psk"""
1110 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"1"}}'
1111 run_dpp_config_error(dev
, apdev
, conf
)
1113 def test_dpp_config_error_legacy_too_long_pass(dev
, apdev
):
1114 """DPP Config Object legacy error - too long pass/psk"""
1115 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"%s"}}' % (64*'A')
1116 run_dpp_config_error(dev
, apdev
, conf
)
1118 def test_dpp_config_error_legacy_psk_with_sae(dev
, apdev
):
1119 """DPP Config Object legacy error - psk_hex with SAE"""
1120 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"sae","psk_hex":"%s"}}' % (32*"12")
1121 run_dpp_config_error(dev
, apdev
, conf
)
1123 def test_dpp_config_error_legacy_no_pass_for_sae(dev
, apdev
):
1124 """DPP Config Object legacy error - no pass for SAE"""
1125 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk+sae","psk_hex":"%s"}}' % (32*"12")
1126 run_dpp_config_error(dev
, apdev
, conf
)
1128 def test_dpp_config_error_legacy_invalid_psk(dev
, apdev
):
1129 """DPP Config Object legacy error - invalid psk_hex"""
1130 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (32*"qa")
1131 run_dpp_config_error(dev
, apdev
, conf
)
1133 def test_dpp_config_error_legacy_too_short_psk(dev
, apdev
):
1134 """DPP Config Object legacy error - too short psk_hex"""
1135 conf
= '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (31*"12")
1136 run_dpp_config_error(dev
, apdev
, conf
)
1138 def get_der_int_32(val
):
1139 a
, b
= struct
.unpack('BB', val
[0:2])
1141 raise Exception("Invalid DER encoding of INTEGER")
1142 if b
> len(val
) - 2:
1143 raise Exception("Invalid length of INTEGER (truncated)")
1149 raise Exception("Too large INTEGER (32)")
1152 r
= (32 - b
) * b
'\x00' + val
[0:b
]
1154 raise Exception("Invalid length of INTEGER (32): %d" % b
)
1157 def ecdsa_sign(pkey
, message
, alg
="sha256"):
1158 sign
= OpenSSL
.crypto
.sign(pkey
, message
, alg
)
1159 logger
.debug("sign=" + binascii
.hexlify(sign
).decode())
1160 a
, b
= struct
.unpack('BB', sign
[0:2])
1162 raise Exception("Invalid DER encoding of ECDSA signature")
1163 if b
!= len(sign
) - 2:
1164 raise Exception("Invalid length of ECDSA signature")
1167 r
, sign
= get_der_int_32(sign
)
1168 s
, sign
= get_der_int_32(sign
)
1170 raise Exception("Extra data at the end of ECDSA signature")
1172 logger
.info("r=" + binascii
.hexlify(r
).decode())
1173 logger
.info("s=" + binascii
.hexlify(s
).decode())
1175 return base64
.urlsafe_b64encode(raw_sign
).decode().rstrip('=')
1177 p256_priv_key
= """-----BEGIN EC PRIVATE KEY-----
1178 MHcCAQEEIBVQij9ah629f1pu3tarDQGQvrzHgAkgYd1jHGiLxNajoAoGCCqGSM49
1179 AwEHoUQDQgAEAC9d2/JirKu72F2qLuv5jEFMD1Cqu9EiyGk7cOzn/2DJ51p2mEoW
1180 n03N6XRvTC+G7WPol9Ng97NAM2sK57+F/Q==
1181 -----END EC PRIVATE KEY-----"""
1182 p256_pub_key_x
= binascii
.unhexlify("002f5ddbf262acabbbd85daa2eebf98c414c0f50aabbd122c8693b70ece7ff60")
1183 p256_pub_key_y
= binascii
.unhexlify("c9e75a76984a169f4dcde9746f4c2f86ed63e897d360f7b340336b0ae7bf85fd")
1185 def run_dpp_config_connector(dev
, apdev
, expiry
=None, payload
=None,
1186 skip_net_access_key_mismatch
=True):
1187 if not openssl_imported
:
1188 raise HwsimSkip("OpenSSL python method not available")
1189 pkey
= OpenSSL
.crypto
.load_privatekey(OpenSSL
.crypto
.FILETYPE_PEM
,
1191 x
= base64
.urlsafe_b64encode(p256_pub_key_x
).decode().rstrip('=')
1192 y
= base64
.urlsafe_b64encode(p256_pub_key_y
).decode().rstrip('=')
1194 pubkey
= b
'\x04' + p256_pub_key_x
+ p256_pub_key_y
1195 kid
= base64
.urlsafe_b64encode(hashlib
.sha256(pubkey
).digest()).decode().rstrip('=')
1197 prot_hdr
= '{"typ":"dppCon","kid":"%s","alg":"ES256"}' % kid
1200 payload
= '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}'
1202 payload
+= ',"expiry":"%s"' % expiry
1204 conn
= base64
.urlsafe_b64encode(prot_hdr
.encode()).decode().rstrip('=') + '.'
1205 conn
+= base64
.urlsafe_b64encode(payload
.encode()).decode().rstrip('=')
1206 sign
= ecdsa_sign(pkey
, conn
)
1208 run_dpp_config_error(dev
, apdev
,
1209 build_conf_obj(x
=x
, y
=y
, signed_connector
=conn
),
1210 skip_net_access_key_mismatch
=skip_net_access_key_mismatch
)
1212 def test_dpp_config_connector_error_ext_sign(dev
, apdev
):
1213 """DPP Config Object connector error - external signature calculation"""
1214 run_dpp_config_connector(dev
, apdev
)
1216 def test_dpp_config_connector_error_too_short_timestamp(dev
, apdev
):
1217 """DPP Config Object connector error - too short timestamp"""
1218 run_dpp_config_connector(dev
, apdev
, expiry
="1")
1220 def test_dpp_config_connector_error_invalid_timestamp(dev
, apdev
):
1221 """DPP Config Object connector error - invalid timestamp"""
1222 run_dpp_config_connector(dev
, apdev
, expiry
=19*"1")
1224 def test_dpp_config_connector_error_invalid_timestamp_date(dev
, apdev
):
1225 """DPP Config Object connector error - invalid timestamp date"""
1226 run_dpp_config_connector(dev
, apdev
, expiry
="9999-99-99T99:99:99Z")
1228 def test_dpp_config_connector_error_invalid_time_zone(dev
, apdev
):
1229 """DPP Config Object connector error - invalid time zone"""
1230 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00*")
1232 def test_dpp_config_connector_error_invalid_time_zone_2(dev
, apdev
):
1233 """DPP Config Object connector error - invalid time zone 2"""
1234 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00+")
1236 def test_dpp_config_connector_error_expired_1(dev
, apdev
):
1237 """DPP Config Object connector error - expired 1"""
1238 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00")
1240 def test_dpp_config_connector_error_expired_2(dev
, apdev
):
1241 """DPP Config Object connector error - expired 2"""
1242 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00Z")
1244 def test_dpp_config_connector_error_expired_3(dev
, apdev
):
1245 """DPP Config Object connector error - expired 3"""
1246 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00+01")
1248 def test_dpp_config_connector_error_expired_4(dev
, apdev
):
1249 """DPP Config Object connector error - expired 4"""
1250 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00+01:02")
1252 def test_dpp_config_connector_error_expired_5(dev
, apdev
):
1253 """DPP Config Object connector error - expired 5"""
1254 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00-01")
1256 def test_dpp_config_connector_error_expired_6(dev
, apdev
):
1257 """DPP Config Object connector error - expired 6"""
1258 run_dpp_config_connector(dev
, apdev
, expiry
="2018-01-01T00:00:00-01:02")
1260 def test_dpp_config_connector_error_no_groups(dev
, apdev
):
1261 """DPP Config Object connector error - no groups"""
1262 payload
= '{"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1263 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1265 def test_dpp_config_connector_error_empty_groups(dev
, apdev
):
1266 """DPP Config Object connector error - empty groups"""
1267 payload
= '{"groups":[],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1268 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1270 def test_dpp_config_connector_error_missing_group_id(dev
, apdev
):
1271 """DPP Config Object connector error - missing groupId"""
1272 payload
= '{"groups":[{"netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1273 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1275 def test_dpp_config_connector_error_missing_net_role(dev
, apdev
):
1276 """DPP Config Object connector error - missing netRole"""
1277 payload
= '{"groups":[{"groupId":"*"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1278 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1280 def test_dpp_config_connector_error_missing_net_access_key(dev
, apdev
):
1281 """DPP Config Object connector error - missing netAccessKey"""
1282 payload
= '{"groups":[{"groupId":"*","netRole":"sta"}]}'
1283 run_dpp_config_connector(dev
, apdev
, payload
=payload
)
1285 def test_dpp_config_connector_error_net_access_key_mismatch(dev
, apdev
):
1286 """DPP Config Object connector error - netAccessKey mismatch"""
1287 payload
= '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1288 run_dpp_config_connector(dev
, apdev
, payload
=payload
,
1289 skip_net_access_key_mismatch
=False)
1291 def test_dpp_gas_timeout(dev
, apdev
):
1292 """DPP and GAS server timeout for a query"""
1293 check_dpp_capab(dev
[0])
1294 check_dpp_capab(dev
[1])
1295 logger
.info("dev0 displays QR Code")
1296 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1297 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1299 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
1300 dev
[0].set("ext_mgmt_frame_handling", "1")
1301 dev
[0].dpp_listen(2412)
1303 # Force GAS fragmentation
1304 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
1305 dev
[1].set("dpp_config_obj_override", conf
)
1307 dev
[1].dpp_auth_init(uri
=uri0
)
1309 # DPP Authentication Request
1310 msg
= dev
[0].mgmt_rx()
1311 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1312 msg
['freq'], msg
['datarate'], msg
['ssi_signal'], binascii
.hexlify(msg
['frame']).decode())):
1313 raise Exception("MGMT_RX_PROCESS failed")
1315 # DPP Authentication Confirmation
1316 msg
= dev
[0].mgmt_rx()
1317 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1318 msg
['freq'], msg
['datarate'], msg
['ssi_signal'], binascii
.hexlify(msg
['frame']).decode())):
1319 raise Exception("MGMT_RX_PROCESS failed")
1321 wait_auth_success(dev
[0], dev
[1])
1323 # DPP Configuration Response (GAS Initial Response frame)
1324 msg
= dev
[0].mgmt_rx()
1325 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1326 msg
['freq'], msg
['datarate'], msg
['ssi_signal'], binascii
.hexlify(msg
['frame']).decode())):
1327 raise Exception("MGMT_RX_PROCESS failed")
1329 # GAS Comeback Response frame
1330 msg
= dev
[0].mgmt_rx()
1331 # Do not continue to force timeout on GAS server
1333 ev
= dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=10)
1335 raise Exception("GAS result not reported (Enrollee)")
1336 if "result=TIMEOUT" not in ev
:
1337 raise Exception("Unexpected GAS result (Enrollee): " + ev
)
1338 dev
[0].set("ext_mgmt_frame_handling", "0")
1340 ev
= dev
[1].wait_event(["DPP-CONF-FAILED"], timeout
=15)
1342 raise Exception("DPP configuration failure not reported (Configurator)")
1344 ev
= dev
[0].wait_event(["DPP-CONF-FAILED"], timeout
=1)
1346 raise Exception("DPP configuration failure not reported (Enrollee)")
1348 def test_dpp_akm_sha256(dev
, apdev
):
1349 """DPP AKM (SHA256)"""
1350 run_dpp_akm(dev
, apdev
, 32)
1352 def test_dpp_akm_sha384(dev
, apdev
):
1353 """DPP AKM (SHA384)"""
1354 run_dpp_akm(dev
, apdev
, 48)
1356 def test_dpp_akm_sha512(dev
, apdev
):
1357 """DPP AKM (SHA512)"""
1358 run_dpp_akm(dev
, apdev
, 64)
1360 def run_dpp_akm(dev
, apdev
, pmk_len
):
1361 check_dpp_capab(dev
[0])
1362 check_dpp_capab(dev
[1])
1363 params
= {"ssid": "dpp",
1365 "wpa_key_mgmt": "DPP",
1366 "rsn_pairwise": "CCMP",
1369 hapd
= hostapd
.add_ap(apdev
[0], params
)
1371 raise HwsimSkip("DPP not supported")
1373 id = dev
[0].connect("dpp", key_mgmt
="DPP", ieee80211w
="2", scan_freq
="2412",
1375 ev
= dev
[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout
=2)
1377 raise Exception("Network mismatch not reported")
1378 dev
[0].request("DISCONNECT")
1379 dev
[0].dump_monitor()
1381 bssid
= hapd
.own_addr()
1385 cmd
= "PMKSA_ADD %d %s %s %s 30240 43200 %d 0" % (id, bssid
, pmkid
, pmk
, akmp
)
1386 if "OK" not in dev
[0].request(cmd
):
1387 raise Exception("PMKSA_ADD failed (wpa_supplicant)")
1388 dev
[0].select_network(id, freq
="2412")
1389 ev
= dev
[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout
=2)
1390 dev
[0].request("DISCONNECT")
1391 dev
[0].dump_monitor()
1393 raise Exception("Association attempt was not rejected")
1394 if "status_code=53" not in ev
:
1395 raise Exception("Unexpected status code: " + ev
)
1397 addr
= dev
[0].own_addr()
1398 cmd
= "PMKSA_ADD %s %s %s 0 %d" % (addr
, pmkid
, pmk
, akmp
)
1399 if "OK" not in hapd
.request(cmd
):
1400 raise Exception("PMKSA_ADD failed (hostapd)")
1402 dev
[0].select_network(id, freq
="2412")
1403 dev
[0].wait_connected()
1404 val
= dev
[0].get_status_field("key_mgmt")
1406 raise Exception("Unexpected key_mgmt: " + val
)
1408 params1_csign
= "3059301306072a8648ce3d020106082a8648ce3d03010703420004d02e5bd81a120762b5f0f2994777f5d40297238a6c294fd575cdf35fabec44c050a6421c401d98d659fd2ed13c961cc8287944dd3202f516977800d3ab2f39ee"
1409 params1_ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwOHF4TlNYRzRWemdCV3BjVUdNSmc1czNvbElOVFJsRVQ1aERpNkRKY3ZjIiwieSI6IlVhaGFYQXpKRVpRQk1YaHRUQnlZZVlrOWtJYjk5UDA3UV9NcW9TVVZTVEkifX0.a5_nfMVr7Qe1SW0ZL3u6oQRm5NUCYUSfixDAJOUFN3XUfECBZ6E8fm8xjeSfdOytgRidTz0CTlIRjzPQo82dmQ"
1410 params1_ap_netaccesskey
= "30770201010420f6531d17f29dfab655b7c9e923478d5a345164c489aadd44a3519c3e9dcc792da00a06082a8648ce3d030107a14403420004d3cab13525c6e15ce0056a5c506309839b37a2520d4d19444f98438ba0c972f751a85a5c0cc911940131786d4c1c9879893d9086fdf4fd3b43f32aa125154932"
1411 params1_sta_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiZWMzR3NqQ3lQMzVBUUZOQUJJdEltQnN4WXVyMGJZX1dES1lfSE9zUGdjNCIsInkiOiJTRS1HVllkdWVnTFhLMU1TQXZNMEx2QWdLREpTNWoyQVhCbE9PMTdUSTRBIn19.PDK9zsGlK-e1pEOmNxVeJfCS8pNeay6ckIS1TXCQsR64AR-9wFPCNVjqOxWvVKltehyMFqVAtOcv0IrjtMJFqQ"
1412 params1_sta_netaccesskey
= "30770201010420bc33380c26fd2168b69cd8242ed1df07ba89aa4813f8d4e8523de6ca3f8dd28ba00a06082a8648ce3d030107a1440342000479cdc6b230b23f7e40405340048b48981b3162eaf46d8fd60ca63f1ceb0f81ce484f8655876e7a02d72b531202f3342ef020283252e63d805c194e3b5ed32380"
1414 def test_dpp_network_introduction(dev
, apdev
):
1415 """DPP network introduction"""
1416 check_dpp_capab(dev
[0])
1417 check_dpp_capab(dev
[1])
1419 params
= {"ssid": "dpp",
1421 "wpa_key_mgmt": "DPP",
1423 "rsn_pairwise": "CCMP",
1424 "dpp_connector": params1_ap_connector
,
1425 "dpp_csign": params1_csign
,
1426 "dpp_netaccesskey": params1_ap_netaccesskey
}
1428 hapd
= hostapd
.add_ap(apdev
[0], params
)
1430 raise HwsimSkip("DPP not supported")
1432 id = dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
1434 dpp_csign
=params1_csign
,
1435 dpp_connector
=params1_sta_connector
,
1436 dpp_netaccesskey
=params1_sta_netaccesskey
)
1437 val
= dev
[0].get_status_field("key_mgmt")
1439 raise Exception("Unexpected key_mgmt: " + val
)
1441 def test_dpp_and_sae_akm(dev
, apdev
):
1442 """DPP and SAE AKMs"""
1443 check_dpp_capab(dev
[0])
1444 check_dpp_capab(dev
[1])
1445 if "SAE" not in dev
[1].get_capability("auth_alg"):
1446 raise HwsimSkip("SAE not supported")
1448 params
= {"ssid": "dpp+sae",
1450 "wpa_key_mgmt": "DPP SAE",
1452 "rsn_pairwise": "CCMP",
1453 "sae_password": "sae-password",
1454 "dpp_connector": params1_ap_connector
,
1455 "dpp_csign": params1_csign
,
1456 "dpp_netaccesskey": params1_ap_netaccesskey
}
1458 hapd
= hostapd
.add_ap(apdev
[0], params
)
1460 raise HwsimSkip("DPP not supported")
1462 id = dev
[0].connect("dpp+sae", key_mgmt
="DPP", scan_freq
="2412",
1464 dpp_csign
=params1_csign
,
1465 dpp_connector
=params1_sta_connector
,
1466 dpp_netaccesskey
=params1_sta_netaccesskey
)
1467 val
= dev
[0].get_status_field("key_mgmt")
1469 raise Exception("Unexpected key_mgmt for DPP: " + val
)
1471 id = dev
[1].connect("dpp+sae", key_mgmt
="SAE", scan_freq
="2412",
1472 ieee80211w
="2", psk
="sae-password")
1473 val
= dev
[1].get_status_field("key_mgmt")
1475 raise Exception("Unexpected key_mgmt for SAE: " + val
)
1477 def test_dpp_ap_config(dev
, apdev
):
1478 """DPP and AP configuration"""
1479 run_dpp_ap_config(dev
, apdev
)
1481 def test_dpp_ap_config_p256_p256(dev
, apdev
):
1482 """DPP and AP configuration (P-256 + P-256)"""
1483 run_dpp_ap_config(dev
, apdev
, curve
="P-256", conf_curve
="P-256")
1485 def test_dpp_ap_config_p256_p384(dev
, apdev
):
1486 """DPP and AP configuration (P-256 + P-384)"""
1487 run_dpp_ap_config(dev
, apdev
, curve
="P-256", conf_curve
="P-384")
1489 def test_dpp_ap_config_p256_p521(dev
, apdev
):
1490 """DPP and AP configuration (P-256 + P-521)"""
1491 run_dpp_ap_config(dev
, apdev
, curve
="P-256", conf_curve
="P-521")
1493 def test_dpp_ap_config_p384_p256(dev
, apdev
):
1494 """DPP and AP configuration (P-384 + P-256)"""
1495 run_dpp_ap_config(dev
, apdev
, curve
="P-384", conf_curve
="P-256")
1497 def test_dpp_ap_config_p384_p384(dev
, apdev
):
1498 """DPP and AP configuration (P-384 + P-384)"""
1499 run_dpp_ap_config(dev
, apdev
, curve
="P-384", conf_curve
="P-384")
1501 def test_dpp_ap_config_p384_p521(dev
, apdev
):
1502 """DPP and AP configuration (P-384 + P-521)"""
1503 run_dpp_ap_config(dev
, apdev
, curve
="P-384", conf_curve
="P-521")
1505 def test_dpp_ap_config_p521_p256(dev
, apdev
):
1506 """DPP and AP configuration (P-521 + P-256)"""
1507 run_dpp_ap_config(dev
, apdev
, curve
="P-521", conf_curve
="P-256")
1509 def test_dpp_ap_config_p521_p384(dev
, apdev
):
1510 """DPP and AP configuration (P-521 + P-384)"""
1511 run_dpp_ap_config(dev
, apdev
, curve
="P-521", conf_curve
="P-384")
1513 def test_dpp_ap_config_p521_p521(dev
, apdev
):
1514 """DPP and AP configuration (P-521 + P-521)"""
1515 run_dpp_ap_config(dev
, apdev
, curve
="P-521", conf_curve
="P-521")
1517 def test_dpp_ap_config_bp256_bp256(dev
, apdev
):
1518 """DPP and AP configuration (BP-256 + BP-256)"""
1519 run_dpp_ap_config(dev
, apdev
, curve
="BP-256", conf_curve
="BP-256")
1521 def test_dpp_ap_config_bp384_bp384(dev
, apdev
):
1522 """DPP and AP configuration (BP-384 + BP-384)"""
1523 run_dpp_ap_config(dev
, apdev
, curve
="BP-384", conf_curve
="BP-384")
1525 def test_dpp_ap_config_bp512_bp512(dev
, apdev
):
1526 """DPP and AP configuration (BP-512 + BP-512)"""
1527 run_dpp_ap_config(dev
, apdev
, curve
="BP-512", conf_curve
="BP-512")
1529 def test_dpp_ap_config_p256_bp256(dev
, apdev
):
1530 """DPP and AP configuration (P-256 + BP-256)"""
1531 run_dpp_ap_config(dev
, apdev
, curve
="P-256", conf_curve
="BP-256")
1533 def test_dpp_ap_config_bp256_p256(dev
, apdev
):
1534 """DPP and AP configuration (BP-256 + P-256)"""
1535 run_dpp_ap_config(dev
, apdev
, curve
="BP-256", conf_curve
="P-256")
1537 def test_dpp_ap_config_p521_bp512(dev
, apdev
):
1538 """DPP and AP configuration (P-521 + BP-512)"""
1539 run_dpp_ap_config(dev
, apdev
, curve
="P-521", conf_curve
="BP-512")
1541 def test_dpp_ap_config_bp512_p521(dev
, apdev
):
1542 """DPP and AP configuration (BP-512 + P-521)"""
1543 run_dpp_ap_config(dev
, apdev
, curve
="BP-512", conf_curve
="P-521")
1545 def test_dpp_ap_config_reconfig_configurator(dev
, apdev
):
1546 """DPP and AP configuration with Configurator reconfiguration"""
1547 run_dpp_ap_config(dev
, apdev
, reconf_configurator
=True)
1549 def update_hapd_config(hapd
):
1550 ev
= hapd
.wait_event(["DPP-CONFOBJ-SSID"], timeout
=1)
1552 raise Exception("SSID not reported (AP)")
1553 ssid
= ev
.split(' ')[1]
1555 ev
= hapd
.wait_event(["DPP-CONNECTOR"], timeout
=1)
1557 raise Exception("Connector not reported (AP)")
1558 connector
= ev
.split(' ')[1]
1560 ev
= hapd
.wait_event(["DPP-C-SIGN-KEY"], timeout
=1)
1562 raise Exception("C-sign-key not reported (AP)")
1566 ev
= hapd
.wait_event(["DPP-NET-ACCESS-KEY"], timeout
=1)
1568 raise Exception("netAccessKey not reported (AP)")
1570 net_access_key
= p
[1]
1571 net_access_key_expiry
= p
[2] if len(p
) > 2 else None
1573 logger
.info("Update AP configuration to use key_mgmt=DPP")
1575 hapd
.set("ssid", ssid
)
1576 hapd
.set("wpa", "2")
1577 hapd
.set("wpa_key_mgmt", "DPP")
1578 hapd
.set("ieee80211w", "2")
1579 hapd
.set("rsn_pairwise", "CCMP")
1580 hapd
.set("dpp_connector", connector
)
1581 hapd
.set("dpp_csign", csign
)
1582 hapd
.set("dpp_netaccesskey", net_access_key
)
1583 if net_access_key_expiry
:
1584 hapd
.set("dpp_netaccesskey_expiry", net_access_key_expiry
)
1587 def run_dpp_ap_config(dev
, apdev
, curve
=None, conf_curve
=None,
1588 reconf_configurator
=False):
1589 check_dpp_capab(dev
[0])
1590 check_dpp_capab(dev
[1])
1591 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
1592 check_dpp_capab(hapd
)
1594 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
=curve
)
1595 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
1597 conf_id
= dev
[0].dpp_configurator_add(curve
=conf_curve
)
1599 if reconf_configurator
:
1600 csign
= dev
[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id
)
1601 if "FAIL" in csign
or len(csign
) == 0:
1602 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
1604 dev
[0].dpp_auth_init(uri
=uri
, conf
="ap-dpp", configurator
=conf_id
)
1605 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
)
1606 update_hapd_config(hapd
)
1608 id1
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
=curve
)
1609 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
1611 if reconf_configurator
:
1612 dev
[0].dpp_configurator_remove(conf_id
)
1613 conf_id
= dev
[0].dpp_configurator_add(curve
=conf_curve
, key
=csign
)
1615 dev
[1].dpp_listen(2412)
1616 dev
[0].dpp_auth_init(uri
=uri1
, conf
="sta-dpp", configurator
=conf_id
)
1617 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[0], enrollee
=dev
[1],
1618 stop_responder
=True)
1620 ev
= dev
[1].wait_event(["DPP-CONFOBJ-SSID"], timeout
=1)
1622 raise Exception("SSID not reported")
1623 ssid
= ev
.split(' ')[1]
1625 ev
= dev
[1].wait_event(["DPP-CONNECTOR"], timeout
=1)
1627 raise Exception("Connector not reported")
1628 connector
= ev
.split(' ')[1]
1630 ev
= dev
[1].wait_event(["DPP-C-SIGN-KEY"], timeout
=1)
1632 raise Exception("C-sign-key not reported")
1636 ev
= dev
[1].wait_event(["DPP-NET-ACCESS-KEY"], timeout
=1)
1638 raise Exception("netAccessKey not reported")
1640 net_access_key
= p
[1]
1641 net_access_key_expiry
= p
[2] if len(p
) > 2 else None
1643 dev
[1].dump_monitor()
1645 id = dev
[1].connect(ssid
, key_mgmt
="DPP", ieee80211w
="2", scan_freq
="2412",
1646 only_add_network
=True)
1647 dev
[1].set_network_quoted(id, "dpp_connector", connector
)
1648 dev
[1].set_network(id, "dpp_csign", csign
)
1649 dev
[1].set_network(id, "dpp_netaccesskey", net_access_key
)
1650 if net_access_key_expiry
:
1651 dev
[1].set_network(id, "dpp_netaccess_expiry", net_access_key_expiry
)
1653 logger
.info("Check data connection")
1654 dev
[1].select_network(id, freq
="2412")
1655 dev
[1].wait_connected()
1657 def test_dpp_auto_connect_1(dev
, apdev
):
1658 """DPP and auto connect (1)"""
1660 run_dpp_auto_connect(dev
, apdev
, 1)
1662 dev
[0].set("dpp_config_processing", "0")
1664 def test_dpp_auto_connect_2(dev
, apdev
):
1665 """DPP and auto connect (2)"""
1667 run_dpp_auto_connect(dev
, apdev
, 2)
1669 dev
[0].set("dpp_config_processing", "0")
1671 def test_dpp_auto_connect_2_connect_cmd(dev
, apdev
):
1672 """DPP and auto connect (2) using connect_cmd"""
1673 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
1674 wpas
.interface_add("wlan5", drv_params
="force_connect_cmd=1")
1675 dev_new
= [wpas
, dev
[1]]
1677 run_dpp_auto_connect(dev_new
, apdev
, 2)
1679 wpas
.set("dpp_config_processing", "0")
1681 def run_dpp_auto_connect(dev
, apdev
, processing
):
1682 check_dpp_capab(dev
[0])
1683 check_dpp_capab(dev
[1])
1685 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1686 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1687 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1688 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1690 params
= {"ssid": "test",
1692 "wpa_key_mgmt": "DPP",
1694 "rsn_pairwise": "CCMP",
1695 "dpp_connector": ap_connector
,
1696 "dpp_csign": csign_pub
,
1697 "dpp_netaccesskey": ap_netaccesskey
}
1699 hapd
= hostapd
.add_ap(apdev
[0], params
)
1701 raise HwsimSkip("DPP not supported")
1703 conf_id
= dev
[1].dpp_configurator_add(key
=csign
)
1704 dev
[0].set("dpp_config_processing", str(processing
))
1705 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1706 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1707 dev
[0].dpp_listen(2412)
1708 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-dpp", configurator
=conf_id
)
1709 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0])
1710 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
1712 raise Exception("DPP network profile not generated")
1713 id = ev
.split(' ')[1]
1716 dev
[0].select_network(id, freq
=2412)
1718 dev
[0].wait_connected()
1719 hwsim_utils
.test_connectivity(dev
[0], hapd
)
1721 def test_dpp_auto_connect_legacy(dev
, apdev
):
1722 """DPP and auto connect (legacy)"""
1724 run_dpp_auto_connect_legacy(dev
, apdev
)
1726 dev
[0].set("dpp_config_processing", "0")
1728 def test_dpp_auto_connect_legacy_sae_1(dev
, apdev
):
1729 """DPP and auto connect (legacy SAE)"""
1731 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-sae', psk_sae
=True)
1733 dev
[0].set("dpp_config_processing", "0")
1735 def test_dpp_auto_connect_legacy_sae_2(dev
, apdev
):
1736 """DPP and auto connect (legacy SAE)"""
1738 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-sae', sae_only
=True)
1740 dev
[0].set("dpp_config_processing", "0")
1742 def test_dpp_auto_connect_legacy_psk_sae_1(dev
, apdev
):
1743 """DPP and auto connect (legacy PSK+SAE)"""
1745 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-psk-sae',
1748 dev
[0].set("dpp_config_processing", "0")
1750 def test_dpp_auto_connect_legacy_psk_sae_2(dev
, apdev
):
1751 """DPP and auto connect (legacy PSK+SAE)"""
1753 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-psk-sae',
1756 dev
[0].set("dpp_config_processing", "0")
1758 def test_dpp_auto_connect_legacy_psk_sae_3(dev
, apdev
):
1759 """DPP and auto connect (legacy PSK+SAE)"""
1761 run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-psk-sae')
1763 dev
[0].set("dpp_config_processing", "0")
1765 def run_dpp_auto_connect_legacy(dev
, apdev
, conf
='sta-psk',
1766 psk_sae
=False, sae_only
=False):
1767 check_dpp_capab(dev
[0])
1768 check_dpp_capab(dev
[1])
1770 params
= hostapd
.wpa2_params(ssid
="dpp-legacy",
1771 passphrase
="secret passphrase")
1773 params
['wpa_key_mgmt'] = 'SAE'
1774 params
['ieee80211w'] = '2'
1776 params
['wpa_key_mgmt'] = 'WPA-PSK SAE'
1777 params
['ieee80211w'] = '1'
1778 params
['sae_require_mfp'] = '1'
1780 hapd
= hostapd
.add_ap(apdev
[0], params
)
1782 dev
[0].set("dpp_config_processing", "2")
1783 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1784 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1786 dev
[0].dpp_listen(2412)
1787 dev
[1].dpp_auth_init(uri
=uri0
, conf
=conf
, ssid
="dpp-legacy",
1788 passphrase
="secret passphrase")
1789 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0])
1790 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
1792 raise Exception("DPP network profile not generated")
1793 id = ev
.split(' ')[1]
1795 dev
[0].wait_connected()
1797 def test_dpp_auto_connect_legacy_pmf_required(dev
, apdev
):
1798 """DPP and auto connect (legacy, PMF required)"""
1800 run_dpp_auto_connect_legacy_pmf_required(dev
, apdev
)
1802 dev
[0].set("dpp_config_processing", "0")
1804 def run_dpp_auto_connect_legacy_pmf_required(dev
, apdev
):
1805 check_dpp_capab(dev
[0])
1806 check_dpp_capab(dev
[1])
1808 params
= hostapd
.wpa2_params(ssid
="dpp-legacy",
1809 passphrase
="secret passphrase")
1810 params
['wpa_key_mgmt'] = "WPA-PSK-SHA256"
1811 params
['ieee80211w'] = "2"
1812 hapd
= hostapd
.add_ap(apdev
[0], params
)
1814 dev
[0].set("dpp_config_processing", "2")
1815 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1816 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1817 dev
[0].dpp_listen(2412)
1818 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-psk", ssid
="dpp-legacy",
1819 passphrase
="secret passphrase")
1820 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0])
1821 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
1823 raise Exception("DPP network profile not generated")
1824 dev
[0].wait_connected()
1826 def test_dpp_qr_code_auth_responder_configurator(dev
, apdev
):
1827 """DPP QR Code and responder as the configurator"""
1828 run_dpp_qr_code_auth_responder_configurator(dev
, apdev
, "")
1830 def test_dpp_qr_code_auth_responder_configurator_group_id(dev
, apdev
):
1831 """DPP QR Code and responder as the configurator with group_id)"""
1832 run_dpp_qr_code_auth_responder_configurator(dev
, apdev
,
1833 " group_id=test-group")
1835 def run_dpp_qr_code_auth_responder_configurator(dev
, apdev
, extra
):
1836 check_dpp_capab(dev
[0])
1837 check_dpp_capab(dev
[1])
1838 conf_id
= dev
[0].dpp_configurator_add()
1839 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
1840 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1841 dev
[0].set("dpp_configurator_params",
1842 " conf=sta-dpp configurator=%d%s" % (conf_id
, extra
))
1843 dev
[0].dpp_listen(2412, role
="configurator")
1844 dev
[1].dpp_auth_init(uri
=uri0
, role
="enrollee")
1845 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[0], enrollee
=dev
[1],
1846 stop_responder
=True)
1848 def test_dpp_qr_code_hostapd_init(dev
, apdev
):
1849 """DPP QR Code and hostapd as initiator"""
1850 check_dpp_capab(dev
[0])
1851 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
1853 check_dpp_capab(hapd
)
1854 conf_id
= dev
[0].dpp_configurator_add()
1855 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/6", mac
=True)
1856 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1857 dev
[0].set("dpp_configurator_params",
1858 " conf=ap-dpp configurator=%d" % conf_id
)
1859 dev
[0].dpp_listen(2437, role
="configurator")
1860 hapd
.dpp_auth_init(uri
=uri0
, role
="enrollee")
1861 wait_auth_success(dev
[0], hapd
, configurator
=dev
[0], enrollee
=hapd
,
1862 stop_responder
=True)
1864 def test_dpp_qr_code_hostapd_init_offchannel(dev
, apdev
):
1865 """DPP QR Code and hostapd as initiator (offchannel)"""
1866 run_dpp_qr_code_hostapd_init_offchannel(dev
, apdev
, None)
1868 def test_dpp_qr_code_hostapd_init_offchannel_neg_freq(dev
, apdev
):
1869 """DPP QR Code and hostapd as initiator (offchannel, neg_freq)"""
1870 run_dpp_qr_code_hostapd_init_offchannel(dev
, apdev
, "neg_freq=2437")
1872 def run_dpp_qr_code_hostapd_init_offchannel(dev
, apdev
, extra
):
1873 check_dpp_capab(dev
[0])
1874 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
1876 check_dpp_capab(hapd
)
1877 conf_id
= dev
[0].dpp_configurator_add()
1878 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1,81/11", mac
=True)
1879 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1880 dev
[0].set("dpp_configurator_params",
1881 " conf=ap-dpp configurator=%d" % conf_id
)
1882 dev
[0].dpp_listen(2462, role
="configurator")
1883 hapd
.dpp_auth_init(uri
=uri0
, role
="enrollee", extra
=extra
)
1884 wait_auth_success(dev
[0], hapd
, configurator
=dev
[0], enrollee
=hapd
,
1885 stop_responder
=True)
1887 def test_dpp_test_vector_p_256(dev
, apdev
):
1888 """DPP P-256 test vector (mutual auth)"""
1889 check_dpp_capab(dev
[0])
1890 check_dpp_capab(dev
[1])
1892 # Responder bootstrapping key
1893 priv
= "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
1894 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True, key
="30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1895 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1897 # Responder protocol keypair override
1898 priv
= "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
1899 dev
[0].set("dpp_protocol_key_override",
1900 "30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1902 dev
[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
1904 # Initiator bootstrapping key
1905 priv
= "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
1906 id1
= dev
[1].dpp_bootstrap_gen(key
="30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1907 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
1909 # Initiator protocol keypair override
1910 priv
= "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
1911 dev
[1].set("dpp_protocol_key_override",
1912 "30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1914 dev
[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
1916 dev
[0].dpp_qr_code(uri1
)
1917 dev
[0].dpp_listen(2462, qr
="mutual")
1918 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1
, neg_freq
=2412)
1919 wait_auth_success(dev
[0], dev
[1])
1921 def test_dpp_test_vector_p_256_b(dev
, apdev
):
1922 """DPP P-256 test vector (Responder-only auth)"""
1923 check_dpp_capab(dev
[0])
1924 check_dpp_capab(dev
[1])
1926 # Responder bootstrapping key
1927 priv
= "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
1928 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True, key
="30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1929 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1931 # Responder protocol keypair override
1932 priv
= "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
1933 dev
[0].set("dpp_protocol_key_override",
1934 "30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1936 dev
[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
1938 # Initiator bootstrapping key
1939 priv
= "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
1940 id1
= dev
[1].dpp_bootstrap_gen(key
="30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1941 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
1943 # Initiator protocol keypair override
1944 priv
= "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
1945 dev
[1].set("dpp_protocol_key_override",
1946 "30310201010420" + priv
+ "a00a06082a8648ce3d030107")
1948 dev
[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
1950 dev
[0].dpp_listen(2462)
1951 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1
, neg_freq
=2412)
1952 wait_auth_success(dev
[0], dev
[1])
1954 def der_priv_key_p_521(priv
):
1955 if len(priv
) != 2 * 66:
1956 raise Exception("Unexpected der_priv_key_p_521 parameter: " + priv
)
1957 der_prefix
= "3081500201010442"
1958 der_postfix
= "a00706052b81040023"
1959 return der_prefix
+ priv
+ der_postfix
1961 def test_dpp_test_vector_p_521(dev
, apdev
):
1962 """DPP P-521 test vector (mutual auth)"""
1963 check_dpp_capab(dev
[0])
1964 check_dpp_capab(dev
[1])
1966 # Responder bootstrapping key
1967 priv
= "0061e54f518cdf859735da3dd64c6f72c2f086f41a6fd52915152ea2fe0f24ddaecd8883730c9c9fd82cf7c043a41021696388cf5190b731dd83638bcd56d8b6c743"
1968 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/11", mac
=True,
1969 key
=der_priv_key_p_521(priv
))
1970 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
1972 # Responder protocol keypair override
1973 priv
= "01d8b7b17cd1b0a33f7c66fb4220999329cdaf4f8b44b2ffadde8ab8ed8abffa9f5358c5b1caae26709ca4fb78e52a4d08f2e4f24111a36a6f440d20a0000ff51597"
1974 dev
[0].set("dpp_protocol_key_override", der_priv_key_p_521(priv
))
1976 dev
[0].set("dpp_nonce_override",
1977 "d749a782012eb0a8595af30b2dfc8d0880d004ebddb55ecc5afbdef18c400e01")
1979 # Initiator bootstrapping key
1980 priv
= "0060c10df14af5ef27f6e362d31bdd9eeb44be77a323ba64b08f3f03d58b92cbfe05c182a91660caa081ca344243c47b5aa088bcdf738840eb35f0218b9f26881e02"
1981 id1
= dev
[1].dpp_bootstrap_gen(key
=der_priv_key_p_521(priv
))
1982 uri1
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1
)
1984 # Initiator protocol keypair override
1985 priv
= "019c1c08caaeec38fb931894699b095bc3ab8c1ec7ef0622d2e3eba821477c8c6fca41774f21166ad98aebda37c067d9aa08a8a2e1b5c44c61f2bae02a61f85d9661"
1986 dev
[1].set("dpp_protocol_key_override", der_priv_key_p_521(priv
))
1988 dev
[1].set("dpp_nonce_override",
1989 "de972af3847bec3ba2aedd9f5c21cfdec7bf0bc5fe8b276cbcd0267807fb15b0")
1991 dev
[0].dpp_qr_code(uri1
)
1992 dev
[0].dpp_listen(2462, qr
="mutual")
1993 dev
[1].dpp_auth_init(uri
=uri0
, own
=id1
, neg_freq
=2412)
1994 wait_auth_success(dev
[0], dev
[1])
1996 def test_dpp_pkex(dev
, apdev
):
1998 run_dpp_pkex(dev
, apdev
)
2000 def test_dpp_pkex_p256(dev
, apdev
):
2001 """DPP and PKEX (P-256)"""
2002 run_dpp_pkex(dev
, apdev
, "P-256")
2004 def test_dpp_pkex_p384(dev
, apdev
):
2005 """DPP and PKEX (P-384)"""
2006 run_dpp_pkex(dev
, apdev
, "P-384")
2008 def test_dpp_pkex_p521(dev
, apdev
):
2009 """DPP and PKEX (P-521)"""
2010 run_dpp_pkex(dev
, apdev
, "P-521")
2012 def test_dpp_pkex_bp256(dev
, apdev
):
2013 """DPP and PKEX (BP-256)"""
2014 run_dpp_pkex(dev
, apdev
, "brainpoolP256r1")
2016 def test_dpp_pkex_bp384(dev
, apdev
):
2017 """DPP and PKEX (BP-384)"""
2018 run_dpp_pkex(dev
, apdev
, "brainpoolP384r1")
2020 def test_dpp_pkex_bp512(dev
, apdev
):
2021 """DPP and PKEX (BP-512)"""
2022 run_dpp_pkex(dev
, apdev
, "brainpoolP512r1")
2024 def test_dpp_pkex_config(dev
, apdev
):
2025 """DPP and PKEX with initiator as the configurator"""
2026 check_dpp_capab(dev
[1])
2027 conf_id
= dev
[1].dpp_configurator_add()
2028 run_dpp_pkex(dev
, apdev
,
2029 init_extra
="conf=sta-dpp configurator=%d" % (conf_id
),
2032 def test_dpp_pkex_no_identifier(dev
, apdev
):
2033 """DPP and PKEX without identifier"""
2034 run_dpp_pkex(dev
, apdev
, identifier_i
=None, identifier_r
=None)
2036 def test_dpp_pkex_identifier_mismatch(dev
, apdev
):
2037 """DPP and PKEX with different identifiers"""
2038 run_dpp_pkex(dev
, apdev
, identifier_i
="foo", identifier_r
="bar",
2039 expect_no_resp
=True)
2041 def test_dpp_pkex_identifier_mismatch2(dev
, apdev
):
2042 """DPP and PKEX with initiator using identifier and the responder not"""
2043 run_dpp_pkex(dev
, apdev
, identifier_i
="foo", identifier_r
=None,
2044 expect_no_resp
=True)
2046 def test_dpp_pkex_identifier_mismatch3(dev
, apdev
):
2047 """DPP and PKEX with responder using identifier and the initiator not"""
2048 run_dpp_pkex(dev
, apdev
, identifier_i
=None, identifier_r
="bar",
2049 expect_no_resp
=True)
2051 def run_dpp_pkex(dev
, apdev
, curve
=None, init_extra
=None, check_config
=False,
2052 identifier_i
="test", identifier_r
="test",
2053 expect_no_resp
=False):
2054 check_dpp_capab(dev
[0], curve
and "brainpool" in curve
)
2055 check_dpp_capab(dev
[1], curve
and "brainpool" in curve
)
2056 dev
[0].dpp_pkex_resp(2437, identifier
=identifier_r
, code
="secret",
2058 dev
[1].dpp_pkex_init(identifier
=identifier_i
, code
="secret", curve
=curve
,
2062 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=10)
2064 raise Exception("DPP PKEX frame not received")
2065 ev
= dev
[1].wait_event(["DPP-AUTH-SUCCESS"], timeout
=1)
2067 raise Exception("DPP authentication succeeded")
2068 ev
= dev
[0].wait_event(["DPP-AUTH-SUCCESS"], timeout
=0.1)
2070 raise Exception("DPP authentication succeeded")
2073 wait_auth_success(dev
[0], dev
[1],
2074 configurator
=dev
[1] if check_config
else None,
2075 enrollee
=dev
[0] if check_config
else None)
2077 def test_dpp_pkex_5ghz(dev
, apdev
):
2078 """DPP and PKEX on 5 GHz"""
2080 dev
[0].request("SET country US")
2081 dev
[1].request("SET country US")
2082 ev
= dev
[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout
=1)
2084 ev
= dev
[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"],
2086 run_dpp_pkex_5ghz(dev
, apdev
)
2088 dev
[0].request("SET country 00")
2089 dev
[1].request("SET country 00")
2090 subprocess
.call(['iw', 'reg', 'set', '00'])
2093 def run_dpp_pkex_5ghz(dev
, apdev
):
2094 check_dpp_capab(dev
[0])
2095 check_dpp_capab(dev
[1])
2096 dev
[0].dpp_pkex_resp(5745, identifier
="test", code
="secret")
2097 dev
[1].dpp_pkex_init(identifier
="test", code
="secret")
2098 wait_auth_success(dev
[0], dev
[1], timeout
=20)
2100 def test_dpp_pkex_test_vector(dev
, apdev
):
2101 """DPP and PKEX (P-256) test vector"""
2102 check_dpp_capab(dev
[0])
2103 check_dpp_capab(dev
[1])
2105 init_addr
= "ac:64:91:f4:52:07"
2106 resp_addr
= "6e:5e:ce:6e:f3:dd"
2108 identifier
= "joes_key"
2109 code
= "thisisreallysecret"
2111 # Initiator bootstrapping private key
2112 init_priv
= "5941b51acfc702cdc1c347264beb2920db88eb1a0bf03a211868b1632233c269"
2114 # Responder bootstrapping private key
2115 resp_priv
= "2ae8956293f49986b6d0b8169a86805d9232babb5f6813fdfe96f19d59536c60"
2117 # Initiator x/X keypair override
2118 init_x_priv
= "8365c5ed93d751bef2d92b410dc6adfd95670889183fac1bd66759ad85c3187a"
2120 # Responder y/Y keypair override
2121 resp_y_priv
= "d98faa24d7dd3f592665d71a95c862bfd02c4c48acb0c515a41cbc6e929675ea"
2123 p256_prefix
= "30310201010420"
2124 p256_postfix
= "a00a06082a8648ce3d030107"
2126 dev
[0].set("dpp_pkex_own_mac_override", resp_addr
)
2127 dev
[0].set("dpp_pkex_peer_mac_override", init_addr
)
2128 dev
[1].set("dpp_pkex_own_mac_override", init_addr
)
2129 dev
[1].set("dpp_pkex_peer_mac_override", resp_addr
)
2131 # Responder y/Y keypair override
2132 dev
[0].set("dpp_pkex_ephemeral_key_override",
2133 p256_prefix
+ resp_y_priv
+ p256_postfix
)
2135 # Initiator x/X keypair override
2136 dev
[1].set("dpp_pkex_ephemeral_key_override",
2137 p256_prefix
+ init_x_priv
+ p256_postfix
)
2139 dev
[0].dpp_pkex_resp(2437, identifier
=identifier
, code
=code
,
2140 key
=p256_prefix
+ resp_priv
+ p256_postfix
)
2141 dev
[1].dpp_pkex_init(identifier
=identifier
, code
=code
,
2142 key
=p256_prefix
+ init_priv
+ p256_postfix
)
2143 wait_auth_success(dev
[0], dev
[1])
2145 def test_dpp_pkex_code_mismatch(dev
, apdev
):
2146 """DPP and PKEX with mismatching code"""
2147 check_dpp_capab(dev
[0])
2148 check_dpp_capab(dev
[1])
2149 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2150 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="unknown")
2151 wait_dpp_fail(dev
[0], "possible PKEX code mismatch")
2152 dev
[0].dump_monitor()
2153 dev
[1].dump_monitor()
2154 dev
[1].dpp_pkex_init(identifier
="test", code
="secret", use_id
=id1
)
2155 wait_auth_success(dev
[0], dev
[1])
2157 def test_dpp_pkex_code_mismatch_limit(dev
, apdev
):
2158 """DPP and PKEX with mismatching code limit"""
2159 check_dpp_capab(dev
[0])
2160 check_dpp_capab(dev
[1])
2161 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2165 dev
[0].dump_monitor()
2166 dev
[1].dump_monitor()
2167 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="unknown",
2169 wait_dpp_fail(dev
[0], "possible PKEX code mismatch")
2171 ev
= dev
[0].wait_event(["DPP-PKEX-T-LIMIT"], timeout
=1)
2173 raise Exception("PKEX t limit not reported")
2175 def test_dpp_pkex_curve_mismatch(dev
, apdev
):
2176 """DPP and PKEX with mismatching curve"""
2177 check_dpp_capab(dev
[0])
2178 check_dpp_capab(dev
[1])
2179 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret", curve
="P-256")
2180 dev
[1].dpp_pkex_init(identifier
="test", code
="secret", curve
="P-384")
2181 wait_dpp_fail(dev
[0], "Mismatching PKEX curve: peer=20 own=19")
2182 wait_dpp_fail(dev
[1], "Peer indicated mismatching PKEX group - proposed 19")
2184 def test_dpp_pkex_curve_mismatch_failure(dev
, apdev
):
2185 """DPP and PKEX with mismatching curve (local failure)"""
2186 run_dpp_pkex_curve_mismatch_failure(dev
, apdev
, "=dpp_pkex_rx_exchange_req")
2188 def test_dpp_pkex_curve_mismatch_failure2(dev
, apdev
):
2189 """DPP and PKEX with mismatching curve (local failure 2)"""
2190 run_dpp_pkex_curve_mismatch_failure(dev
, apdev
,
2191 "dpp_pkex_build_exchange_resp")
2193 def run_dpp_pkex_curve_mismatch_failure(dev
, apdev
, func
):
2194 check_dpp_capab(dev
[0])
2195 check_dpp_capab(dev
[1])
2196 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret", curve
="P-256")
2198 with
alloc_fail(dev
[0], 1, func
):
2199 dev
[1].dpp_pkex_init(identifier
="test", code
="secret", curve
="P-384")
2201 ev
= dev
[0].wait_event(["DPP-FAIL"], timeout
=5)
2203 raise Exception("Failure not reported (dev 0)")
2204 if "Mismatching PKEX curve: peer=20 own=19" not in ev
:
2205 raise Exception("Unexpected result: " + ev
)
2206 wait_dpp_fail(dev
[0], "Mismatching PKEX curve: peer=20 own=19")
2208 def test_dpp_pkex_exchange_resp_processing_failure(dev
, apdev
):
2209 """DPP and PKEX with local failure in processing Exchange Resp"""
2210 check_dpp_capab(dev
[0])
2211 check_dpp_capab(dev
[1])
2212 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2214 with
fail_test(dev
[1], 1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_resp"):
2215 dev
[1].dpp_pkex_init(identifier
="test", code
="secret")
2216 wait_fail_trigger(dev
[1], "GET_FAIL")
2218 def test_dpp_pkex_commit_reveal_req_processing_failure(dev
, apdev
):
2219 """DPP and PKEX with local failure in processing Commit Reveal Req"""
2220 check_dpp_capab(dev
[0])
2221 check_dpp_capab(dev
[1])
2222 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2224 with
alloc_fail(dev
[0], 1,
2225 "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"):
2226 dev
[1].dpp_pkex_init(identifier
="test", code
="secret")
2227 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
2229 def test_dpp_pkex_config2(dev
, apdev
):
2230 """DPP and PKEX with responder as the configurator"""
2231 check_dpp_capab(dev
[0])
2232 conf_id
= dev
[0].dpp_configurator_add()
2233 dev
[0].set("dpp_configurator_params",
2234 " conf=sta-dpp configurator=%d" % conf_id
)
2235 run_dpp_pkex2(dev
, apdev
)
2237 def run_dpp_pkex2(dev
, apdev
, curve
=None, init_extra
=""):
2238 check_dpp_capab(dev
[0])
2239 check_dpp_capab(dev
[1])
2240 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret", curve
=curve
,
2241 listen_role
="configurator")
2242 dev
[1].dpp_pkex_init(identifier
="test", code
="secret", role
="enrollee",
2243 curve
=curve
, extra
=init_extra
)
2244 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[0], enrollee
=dev
[1])
2246 def test_dpp_pkex_no_responder(dev
, apdev
):
2247 """DPP and PKEX with no responder (retry behavior)"""
2248 check_dpp_capab(dev
[0])
2249 dev
[0].dpp_pkex_init(identifier
="test", code
="secret")
2252 ev
= dev
[0].wait_event(["DPP-TX ", "DPP-FAIL"], timeout
=5)
2254 raise Exception("DPP PKEX failure not reported")
2255 if "DPP-FAIL" not in ev
:
2257 if "No response from PKEX peer" not in ev
:
2258 raise Exception("Unexpected failure reason: " + ev
)
2261 def test_dpp_pkex_after_retry(dev
, apdev
):
2262 """DPP and PKEX completing after retry"""
2263 check_dpp_capab(dev
[0])
2264 dev
[0].dpp_pkex_init(identifier
="test", code
="secret")
2266 dev
[1].dpp_pkex_resp(2437, identifier
="test", code
="secret")
2267 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[0], enrollee
=dev
[1],
2268 allow_enrollee_failure
=True)
2270 def test_dpp_pkex_hostapd_responder(dev
, apdev
):
2271 """DPP PKEX with hostapd as responder"""
2272 check_dpp_capab(dev
[0])
2273 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
2275 check_dpp_capab(hapd
)
2276 hapd
.dpp_pkex_resp(2437, identifier
="test", code
="secret")
2277 conf_id
= dev
[0].dpp_configurator_add()
2278 dev
[0].dpp_pkex_init(identifier
="test", code
="secret",
2279 extra
="conf=ap-dpp configurator=%d" % conf_id
)
2280 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
,
2281 stop_initiator
=True)
2283 def test_dpp_pkex_hostapd_initiator(dev
, apdev
):
2284 """DPP PKEX with hostapd as initiator"""
2285 check_dpp_capab(dev
[0])
2286 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
2288 check_dpp_capab(hapd
)
2289 conf_id
= dev
[0].dpp_configurator_add()
2290 dev
[0].set("dpp_configurator_params",
2291 " conf=ap-dpp configurator=%d" % conf_id
)
2292 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
2293 listen_role
="configurator")
2294 hapd
.dpp_pkex_init(identifier
="test", code
="secret", role
="enrollee")
2295 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
,
2296 stop_initiator
=True)
2298 def test_dpp_hostapd_configurator(dev
, apdev
):
2299 """DPP with hostapd as configurator/initiator"""
2300 check_dpp_capab(dev
[0])
2301 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
2303 check_dpp_capab(hapd
)
2304 conf_id
= hapd
.dpp_configurator_add()
2305 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2306 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2307 id1
= hapd
.dpp_qr_code(uri0
)
2308 res
= hapd
.request("DPP_BOOTSTRAP_INFO %d" % id1
)
2310 raise Exception("DPP_BOOTSTRAP_INFO failed")
2311 if "type=QRCODE" not in res
:
2312 raise Exception("DPP_BOOTSTRAP_INFO did not report correct type")
2313 if "mac_addr=" + dev
[0].own_addr() not in res
:
2314 raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr")
2315 dev
[0].dpp_listen(2412)
2316 hapd
.dpp_auth_init(peer
=id1
, configurator
=conf_id
, conf
="sta-dpp")
2317 wait_auth_success(dev
[0], hapd
, configurator
=hapd
, enrollee
=dev
[0],
2318 stop_responder
=True)
2320 def test_dpp_hostapd_configurator_responder(dev
, apdev
):
2321 """DPP with hostapd as configurator/responder"""
2322 check_dpp_capab(dev
[0])
2323 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured",
2325 check_dpp_capab(hapd
)
2326 conf_id
= hapd
.dpp_configurator_add()
2327 hapd
.set("dpp_configurator_params",
2328 " conf=sta-dpp configurator=%d" % conf_id
)
2329 id0
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2330 uri0
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2331 dev
[0].dpp_auth_init(uri
=uri0
, role
="enrollee")
2332 wait_auth_success(hapd
, dev
[0], configurator
=hapd
, enrollee
=dev
[0],
2333 stop_initiator
=True)
2335 def test_dpp_own_config(dev
, apdev
):
2336 """DPP configurator signing own connector"""
2338 run_dpp_own_config(dev
, apdev
)
2340 dev
[0].set("dpp_config_processing", "0")
2342 def test_dpp_own_config_group_id(dev
, apdev
):
2343 """DPP configurator signing own connector"""
2345 run_dpp_own_config(dev
, apdev
, extra
=" group_id=test-group")
2347 dev
[0].set("dpp_config_processing", "0")
2349 def test_dpp_own_config_curve_mismatch(dev
, apdev
):
2350 """DPP configurator signing own connector using mismatching curve"""
2352 run_dpp_own_config(dev
, apdev
, own_curve
="BP-384", expect_failure
=True)
2354 dev
[0].set("dpp_config_processing", "0")
2356 def run_dpp_own_config(dev
, apdev
, own_curve
=None, expect_failure
=False,
2358 check_dpp_capab(dev
[0], own_curve
and "BP" in own_curve
)
2359 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2360 check_dpp_capab(hapd
)
2361 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2362 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
2363 conf_id
= dev
[0].dpp_configurator_add()
2364 dev
[0].dpp_auth_init(uri
=uri
, conf
="ap-dpp", configurator
=conf_id
,
2366 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
)
2367 update_hapd_config(hapd
)
2369 dev
[0].set("dpp_config_processing", "1")
2370 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d%s" % (conf_id
, extra
)
2372 cmd
+= " curve=" + own_curve
2373 res
= dev
[0].request(cmd
)
2375 raise Exception("Failed to generate own configuration")
2377 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
2379 raise Exception("DPP network profile not generated")
2380 id = ev
.split(' ')[1]
2381 dev
[0].select_network(id, freq
="2412")
2383 ev
= dev
[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout
=1)
2385 raise Exception("Unexpected connection")
2386 dev
[0].request("DISCONNECT")
2388 dev
[0].wait_connected()
2390 def test_dpp_own_config_ap(dev
, apdev
):
2391 """DPP configurator (AP) signing own connector"""
2393 run_dpp_own_config_ap(dev
, apdev
)
2395 dev
[0].set("dpp_config_processing", "0")
2397 def test_dpp_own_config_ap_group_id(dev
, apdev
):
2398 """DPP configurator (AP) signing own connector (group_id)"""
2400 run_dpp_own_config_ap(dev
, apdev
, extra
=" group_id=test-group")
2402 dev
[0].set("dpp_config_processing", "0")
2404 def test_dpp_own_config_ap_reconf(dev
, apdev
):
2405 """DPP configurator (AP) signing own connector and configurator reconf"""
2407 run_dpp_own_config_ap(dev
, apdev
)
2409 dev
[0].set("dpp_config_processing", "0")
2411 def run_dpp_own_config_ap(dev
, apdev
, reconf_configurator
=False, extra
=None):
2412 check_dpp_capab(dev
[0])
2413 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2414 check_dpp_capab(hapd
)
2415 conf_id
= hapd
.dpp_configurator_add()
2416 if reconf_configurator
:
2417 csign
= hapd
.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id
)
2418 if "FAIL" in csign
or len(csign
) == 0:
2419 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
2421 cmd
= "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d%s" % (conf_id
, extra
)
2422 res
= hapd
.request(cmd
)
2424 raise Exception("Failed to generate own configuration")
2425 update_hapd_config(hapd
)
2427 if reconf_configurator
:
2428 hapd
.dpp_configurator_remove(conf_id
)
2429 conf_id
= hapd
.dpp_configurator_add(key
=csign
)
2431 id = dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2432 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
2433 dev
[0].set("dpp_config_processing", "2")
2434 dev
[0].dpp_listen(2412)
2435 hapd
.dpp_auth_init(uri
=uri
, conf
="sta-dpp", configurator
=conf_id
,
2437 wait_auth_success(dev
[0], hapd
, configurator
=hapd
, enrollee
=dev
[0])
2438 dev
[0].wait_connected()
2440 def test_dpp_intro_mismatch(dev
, apdev
):
2441 """DPP network introduction mismatch cases"""
2444 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
2445 wpas
.interface_add("wlan5")
2446 check_dpp_capab(wpas
)
2447 run_dpp_intro_mismatch(dev
, apdev
, wpas
)
2449 dev
[0].set("dpp_config_processing", "0")
2450 dev
[2].set("dpp_config_processing", "0")
2452 wpas
.set("dpp_config_processing", "0")
2454 def run_dpp_intro_mismatch(dev
, apdev
, wpas
):
2455 check_dpp_capab(dev
[0])
2456 check_dpp_capab(dev
[1])
2457 check_dpp_capab(dev
[2])
2458 logger
.info("Start AP in unconfigured state")
2459 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
2460 check_dpp_capab(hapd
)
2461 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
2462 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
2463 logger
.info("Provision AP with DPP configuration")
2464 conf_id
= dev
[1].dpp_configurator_add()
2465 dev
[1].set("dpp_groups_override", '[{"groupId":"a","netRole":"ap"}]')
2466 dev
[1].dpp_auth_init(uri
=uri
, conf
="ap-dpp", configurator
=conf_id
)
2467 update_hapd_config(hapd
)
2469 logger
.info("Provision STA0 with DPP Connector that has mismatching groupId")
2470 dev
[0].set("dpp_config_processing", "2")
2471 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2472 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2473 dev
[0].dpp_listen(2412)
2474 dev
[1].set("dpp_groups_override", '[{"groupId":"b","netRole":"sta"}]')
2475 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-dpp", configurator
=conf_id
)
2476 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0])
2478 logger
.info("Provision STA2 with DPP Connector that has mismatching C-sign-key")
2479 dev
[2].set("dpp_config_processing", "2")
2480 id2
= dev
[2].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2481 uri2
= dev
[2].request("DPP_BOOTSTRAP_GET_URI %d" % id2
)
2482 dev
[2].dpp_listen(2412)
2483 conf_id_2
= dev
[1].dpp_configurator_add()
2484 dev
[1].set("dpp_groups_override", '')
2485 dev
[1].dpp_auth_init(uri
=uri2
, conf
="sta-dpp", configurator
=conf_id_2
)
2486 wait_auth_success(dev
[2], dev
[1], configurator
=dev
[1], enrollee
=dev
[2])
2488 logger
.info("Provision STA5 with DPP Connector that has mismatching netAccessKey EC group")
2489 wpas
.set("dpp_config_processing", "2")
2490 id5
= wpas
.dpp_bootstrap_gen(chan
="81/1", mac
=True, curve
="P-521")
2491 uri5
= wpas
.request("DPP_BOOTSTRAP_GET_URI %d" % id5
)
2492 wpas
.dpp_listen(2412)
2493 dev
[1].set("dpp_groups_override", '')
2494 dev
[1].dpp_auth_init(uri
=uri5
, conf
="sta-dpp", configurator
=conf_id
)
2495 wait_auth_success(wpas
, dev
[1], configurator
=dev
[1], enrollee
=wpas
)
2497 logger
.info("Verify network introduction results")
2498 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
2500 raise Exception("DPP network introduction result not seen on STA0")
2501 if "status=8" not in ev
:
2502 raise Exception("Unexpected network introduction result on STA0: " + ev
)
2504 ev
= dev
[2].wait_event(["DPP-INTRO"], timeout
=5)
2506 raise Exception("DPP network introduction result not seen on STA2")
2507 if "status=8" not in ev
:
2508 raise Exception("Unexpected network introduction result on STA2: " + ev
)
2510 ev
= wpas
.wait_event(["DPP-INTRO"], timeout
=10)
2512 raise Exception("DPP network introduction result not seen on STA5")
2513 if "status=7" not in ev
:
2514 raise Exception("Unexpected network introduction result on STA5: " + ev
)
2516 def run_dpp_proto_init(dev
, test_dev
, test
, mutual
=False, unicast
=True,
2517 listen
=True, chan
="81/1", init_enrollee
=False,
2518 incompatible_roles
=False):
2519 check_dpp_capab(dev
[0])
2520 check_dpp_capab(dev
[1])
2521 dev
[test_dev
].set("dpp_test", str(test
))
2523 conf_id
= dev
[0].dpp_configurator_add()
2525 conf_id
= dev
[1].dpp_configurator_add()
2526 id0
= dev
[0].dpp_bootstrap_gen(chan
=chan
, mac
=unicast
)
2527 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
2530 id1b
= dev
[1].dpp_bootstrap_gen(chan
="81/1", mac
=True)
2531 uri1b
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b
)
2533 id0b
= dev
[0].dpp_qr_code(uri1b
)
2539 if incompatible_roles
:
2542 role
= "configurator"
2543 dev
[0].set("dpp_configurator_params",
2544 " conf=sta-dpp configurator=%d" % conf_id
)
2545 elif incompatible_roles
:
2551 dev
[0].dpp_listen(2412, qr
=qr
, role
=role
)
2561 configurator
=conf_id
2563 if incompatible_roles
:
2567 dev
[1].dpp_auth_init(uri
=uri0
, role
=role
, configurator
=configurator
,
2570 def test_dpp_proto_after_wrapped_data_auth_req(dev
, apdev
):
2571 """DPP protocol testing - attribute after Wrapped Data in Auth Req"""
2572 run_dpp_proto_init(dev
, 1, 1)
2573 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
2575 raise Exception("DPP Authentication Request not seen")
2576 if "type=0" not in ev
or "ignore=invalid-attributes" not in ev
:
2577 raise Exception("Unexpected RX info: " + ev
)
2578 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=0.1)
2580 raise Exception("Unexpected DPP message seen")
2582 def test_dpp_auth_req_stop_after_ack(dev
, apdev
):
2583 """DPP initiator stopping after ACK, but no response"""
2584 run_dpp_proto_init(dev
, 1, 1, listen
=True)
2585 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
2587 raise Exception("Authentication failure not reported")
2589 def test_dpp_auth_req_retries(dev
, apdev
):
2590 """DPP initiator retries with no ACK"""
2591 check_dpp_capab(dev
[1])
2592 dev
[1].set("dpp_init_max_tries", "3")
2593 dev
[1].set("dpp_init_retry_time", "1000")
2594 dev
[1].set("dpp_resp_wait_time", "100")
2595 run_dpp_proto_init(dev
, 1, 1, unicast
=False, listen
=False)
2598 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
2600 raise Exception("Auth Req not sent (%d)" % i
)
2602 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
2604 raise Exception("Authentication failure not reported")
2606 def test_dpp_auth_req_retries_multi_chan(dev
, apdev
):
2607 """DPP initiator retries with no ACK and multiple channels"""
2608 check_dpp_capab(dev
[1])
2609 dev
[1].set("dpp_init_max_tries", "3")
2610 dev
[1].set("dpp_init_retry_time", "1000")
2611 dev
[1].set("dpp_resp_wait_time", "100")
2612 run_dpp_proto_init(dev
, 1, 1, unicast
=False, listen
=False,
2613 chan
="81/1,81/6,81/11")
2615 for i
in range(3 * 3):
2616 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
2618 raise Exception("Auth Req not sent (%d)" % i
)
2620 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
2622 raise Exception("Authentication failure not reported")
2624 def test_dpp_proto_after_wrapped_data_auth_resp(dev
, apdev
):
2625 """DPP protocol testing - attribute after Wrapped Data in Auth Resp"""
2626 run_dpp_proto_init(dev
, 0, 2)
2627 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=5)
2629 raise Exception("DPP Authentication Response not seen")
2630 if "type=1" not in ev
or "ignore=invalid-attributes" not in ev
:
2631 raise Exception("Unexpected RX info: " + ev
)
2632 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=1)
2633 if ev
is None or "type=0" not in ev
:
2634 raise Exception("DPP Authentication Request not seen")
2635 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=0.1)
2637 raise Exception("Unexpected DPP message seen")
2639 def test_dpp_proto_after_wrapped_data_auth_conf(dev
, apdev
):
2640 """DPP protocol testing - attribute after Wrapped Data in Auth Conf"""
2641 run_dpp_proto_init(dev
, 1, 3)
2642 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
2643 if ev
is None or "type=0" not in ev
:
2644 raise Exception("DPP Authentication Request not seen")
2645 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
2647 raise Exception("DPP Authentication Confirm not seen")
2648 if "type=2" not in ev
or "ignore=invalid-attributes" not in ev
:
2649 raise Exception("Unexpected RX info: " + ev
)
2651 def test_dpp_proto_after_wrapped_data_conf_req(dev
, apdev
):
2652 """DPP protocol testing - attribute after Wrapped Data in Conf Req"""
2653 run_dpp_proto_init(dev
, 0, 6)
2654 ev
= dev
[1].wait_event(["DPP-CONF-FAILED"], timeout
=10)
2656 raise Exception("DPP Configuration failure not seen")
2658 def test_dpp_proto_after_wrapped_data_conf_resp(dev
, apdev
):
2659 """DPP protocol testing - attribute after Wrapped Data in Conf Resp"""
2660 run_dpp_proto_init(dev
, 1, 7)
2661 ev
= dev
[0].wait_event(["DPP-CONF-FAILED"], timeout
=10)
2663 raise Exception("DPP Configuration failure not seen")
2665 def test_dpp_proto_zero_i_capab(dev
, apdev
):
2666 """DPP protocol testing - zero I-capability in Auth Req"""
2667 run_dpp_proto_init(dev
, 1, 8)
2668 wait_dpp_fail(dev
[0], "Invalid role in I-capabilities 0x00")
2669 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=0.1)
2671 raise Exception("Unexpected DPP message seen")
2673 def test_dpp_proto_zero_r_capab(dev
, apdev
):
2674 """DPP protocol testing - zero R-capability in Auth Resp"""
2675 run_dpp_proto_init(dev
, 0, 9)
2676 wait_dpp_fail(dev
[1], "Unexpected role in R-capabilities 0x00")
2677 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=1)
2678 if ev
is None or "type=0" not in ev
:
2679 raise Exception("DPP Authentication Request not seen")
2680 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=0.1)
2682 raise Exception("Unexpected DPP message seen")
2684 def run_dpp_proto_auth_req_missing(dev
, test
, reason
, mutual
=False):
2685 run_dpp_proto_init(dev
, 1, test
, mutual
=mutual
)
2686 wait_dpp_fail(dev
[0], reason
)
2687 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=0.1)
2689 raise Exception("Unexpected DPP message seen")
2691 def test_dpp_proto_auth_req_no_r_bootstrap_key(dev
, apdev
):
2692 """DPP protocol testing - no R-bootstrap key in Auth Req"""
2693 run_dpp_proto_auth_req_missing(dev
, 10, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2695 def test_dpp_proto_auth_req_invalid_r_bootstrap_key(dev
, apdev
):
2696 """DPP protocol testing - invalid R-bootstrap key in Auth Req"""
2697 run_dpp_proto_auth_req_missing(dev
, 68, "No matching own bootstrapping key found - ignore message")
2699 def test_dpp_proto_auth_req_no_i_bootstrap_key(dev
, apdev
):
2700 """DPP protocol testing - no I-bootstrap key in Auth Req"""
2701 run_dpp_proto_auth_req_missing(dev
, 11, "Missing or invalid required Initiator Bootstrapping Key Hash attribute")
2703 def test_dpp_proto_auth_req_invalid_i_bootstrap_key(dev
, apdev
):
2704 """DPP protocol testing - invalid I-bootstrap key in Auth Req"""
2705 run_dpp_proto_init(dev
, 1, 69, mutual
=True)
2706 ev
= dev
[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout
=5)
2708 raise Exception("DPP scan request not seen")
2709 ev
= dev
[1].wait_event(["DPP-RESPONSE-PENDING"], timeout
=5)
2711 raise Exception("DPP response pending indivation not seen")
2713 def test_dpp_proto_auth_req_no_i_proto_key(dev
, apdev
):
2714 """DPP protocol testing - no I-proto key in Auth Req"""
2715 run_dpp_proto_auth_req_missing(dev
, 12, "Missing required Initiator Protocol Key attribute")
2717 def test_dpp_proto_auth_req_invalid_i_proto_key(dev
, apdev
):
2718 """DPP protocol testing - invalid I-proto key in Auth Req"""
2719 run_dpp_proto_auth_req_missing(dev
, 66, "Invalid Initiator Protocol Key")
2721 def test_dpp_proto_auth_req_no_i_nonce(dev
, apdev
):
2722 """DPP protocol testing - no I-nonce in Auth Req"""
2723 run_dpp_proto_auth_req_missing(dev
, 13, "Missing or invalid I-nonce")
2725 def test_dpp_proto_auth_req_invalid_i_nonce(dev
, apdev
):
2726 """DPP protocol testing - invalid I-nonce in Auth Req"""
2727 run_dpp_proto_auth_req_missing(dev
, 81, "Missing or invalid I-nonce")
2729 def test_dpp_proto_auth_req_no_i_capab(dev
, apdev
):
2730 """DPP protocol testing - no I-capab in Auth Req"""
2731 run_dpp_proto_auth_req_missing(dev
, 14, "Missing or invalid I-capab")
2733 def test_dpp_proto_auth_req_no_wrapped_data(dev
, apdev
):
2734 """DPP protocol testing - no Wrapped Data in Auth Req"""
2735 run_dpp_proto_auth_req_missing(dev
, 15, "Missing or invalid required Wrapped Data attribute")
2737 def run_dpp_proto_auth_resp_missing(dev
, test
, reason
,
2738 incompatible_roles
=False):
2739 run_dpp_proto_init(dev
, 0, test
, mutual
=True,
2740 incompatible_roles
=incompatible_roles
)
2742 if incompatible_roles
:
2743 ev
= dev
[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout
=5)
2745 raise Exception("DPP-NOT-COMPATIBLE not reported")
2748 wait_dpp_fail(dev
[1], reason
)
2749 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=1)
2750 if ev
is None or "type=0" not in ev
:
2751 raise Exception("DPP Authentication Request not seen")
2752 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=0.1)
2754 raise Exception("Unexpected DPP message seen")
2756 def test_dpp_proto_auth_resp_no_status(dev
, apdev
):
2757 """DPP protocol testing - no Status in Auth Resp"""
2758 run_dpp_proto_auth_resp_missing(dev
, 16, "Missing or invalid required DPP Status attribute")
2760 def test_dpp_proto_auth_resp_status_no_status(dev
, apdev
):
2761 """DPP protocol testing - no Status in Auth Resp(status)"""
2762 run_dpp_proto_auth_resp_missing(dev
, 16,
2763 "Missing or invalid required DPP Status attribute",
2764 incompatible_roles
=True)
2766 def test_dpp_proto_auth_resp_invalid_status(dev
, apdev
):
2767 """DPP protocol testing - invalid Status in Auth Resp"""
2768 run_dpp_proto_auth_resp_missing(dev
, 74, "Responder reported failure")
2770 def test_dpp_proto_auth_resp_no_r_bootstrap_key(dev
, apdev
):
2771 """DPP protocol testing - no R-bootstrap key in Auth Resp"""
2772 run_dpp_proto_auth_resp_missing(dev
, 17, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2774 def test_dpp_proto_auth_resp_status_no_r_bootstrap_key(dev
, apdev
):
2775 """DPP protocol testing - no R-bootstrap key in Auth Resp(status)"""
2776 run_dpp_proto_auth_resp_missing(dev
, 17,
2777 "Missing or invalid required Responder Bootstrapping Key Hash attribute",
2778 incompatible_roles
=True)
2780 def test_dpp_proto_auth_resp_invalid_r_bootstrap_key(dev
, apdev
):
2781 """DPP protocol testing - invalid R-bootstrap key in Auth Resp"""
2782 run_dpp_proto_auth_resp_missing(dev
, 70, "Unexpected Responder Bootstrapping Key Hash value")
2784 def test_dpp_proto_auth_resp_status_invalid_r_bootstrap_key(dev
, apdev
):
2785 """DPP protocol testing - invalid R-bootstrap key in Auth Resp(status)"""
2786 run_dpp_proto_auth_resp_missing(dev
, 70,
2787 "Unexpected Responder Bootstrapping Key Hash value",
2788 incompatible_roles
=True)
2790 def test_dpp_proto_auth_resp_no_i_bootstrap_key(dev
, apdev
):
2791 """DPP protocol testing - no I-bootstrap key in Auth Resp"""
2792 run_dpp_proto_auth_resp_missing(dev
, 18, None)
2794 def test_dpp_proto_auth_resp_status_no_i_bootstrap_key(dev
, apdev
):
2795 """DPP protocol testing - no I-bootstrap key in Auth Resp(status)"""
2796 run_dpp_proto_auth_resp_missing(dev
, 18, None, incompatible_roles
=True)
2798 def test_dpp_proto_auth_resp_invalid_i_bootstrap_key(dev
, apdev
):
2799 """DPP protocol testing - invalid I-bootstrap key in Auth Resp"""
2800 run_dpp_proto_auth_resp_missing(dev
, 71, "Initiator Bootstrapping Key Hash attribute did not match")
2802 def test_dpp_proto_auth_resp_status_invalid_i_bootstrap_key(dev
, apdev
):
2803 """DPP protocol testing - invalid I-bootstrap key in Auth Resp(status)"""
2804 run_dpp_proto_auth_resp_missing(dev
, 71,
2805 "Initiator Bootstrapping Key Hash attribute did not match",
2806 incompatible_roles
=True)
2808 def test_dpp_proto_auth_resp_no_r_proto_key(dev
, apdev
):
2809 """DPP protocol testing - no R-Proto Key in Auth Resp"""
2810 run_dpp_proto_auth_resp_missing(dev
, 19, "Missing required Responder Protocol Key attribute")
2812 def test_dpp_proto_auth_resp_invalid_r_proto_key(dev
, apdev
):
2813 """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
2814 run_dpp_proto_auth_resp_missing(dev
, 67, "Invalid Responder Protocol Key")
2816 def test_dpp_proto_auth_resp_no_r_nonce(dev
, apdev
):
2817 """DPP protocol testing - no R-nonce in Auth Resp"""
2818 run_dpp_proto_auth_resp_missing(dev
, 20, "Missing or invalid R-nonce")
2820 def test_dpp_proto_auth_resp_no_i_nonce(dev
, apdev
):
2821 """DPP protocol testing - no I-nonce in Auth Resp"""
2822 run_dpp_proto_auth_resp_missing(dev
, 21, "Missing or invalid I-nonce")
2824 def test_dpp_proto_auth_resp_status_no_i_nonce(dev
, apdev
):
2825 """DPP protocol testing - no I-nonce in Auth Resp(status)"""
2826 run_dpp_proto_auth_resp_missing(dev
, 21, "Missing or invalid I-nonce",
2827 incompatible_roles
=True)
2829 def test_dpp_proto_auth_resp_no_r_capab(dev
, apdev
):
2830 """DPP protocol testing - no R-capab in Auth Resp"""
2831 run_dpp_proto_auth_resp_missing(dev
, 22, "Missing or invalid R-capabilities")
2833 def test_dpp_proto_auth_resp_no_r_auth(dev
, apdev
):
2834 """DPP protocol testing - no R-auth in Auth Resp"""
2835 run_dpp_proto_auth_resp_missing(dev
, 23, "Missing or invalid Secondary Wrapped Data")
2837 def test_dpp_proto_auth_resp_no_wrapped_data(dev
, apdev
):
2838 """DPP protocol testing - no Wrapped Data in Auth Resp"""
2839 run_dpp_proto_auth_resp_missing(dev
, 24, "Missing or invalid required Wrapped Data attribute")
2841 def test_dpp_proto_auth_resp_i_nonce_mismatch(dev
, apdev
):
2842 """DPP protocol testing - I-nonce mismatch in Auth Resp"""
2843 run_dpp_proto_init(dev
, 0, 30, mutual
=True)
2844 wait_dpp_fail(dev
[1], "I-nonce mismatch")
2845 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=1)
2846 if ev
is None or "type=0" not in ev
:
2847 raise Exception("DPP Authentication Request not seen")
2848 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=0.1)
2850 raise Exception("Unexpected DPP message seen")
2852 def test_dpp_proto_auth_resp_incompatible_r_capab(dev
, apdev
):
2853 """DPP protocol testing - Incompatible R-capab in Auth Resp"""
2854 run_dpp_proto_init(dev
, 0, 31, mutual
=True)
2855 wait_dpp_fail(dev
[1], "Unexpected role in R-capabilities 0x02")
2856 wait_dpp_fail(dev
[0], "Peer reported incompatible R-capab role")
2858 def test_dpp_proto_auth_resp_r_auth_mismatch(dev
, apdev
):
2859 """DPP protocol testing - R-auth mismatch in Auth Resp"""
2860 run_dpp_proto_init(dev
, 0, 32, mutual
=True)
2861 wait_dpp_fail(dev
[1], "Mismatching Responder Authenticating Tag")
2862 wait_dpp_fail(dev
[0], "Peer reported authentication failure")
2864 def test_dpp_proto_auth_resp_r_auth_mismatch_failure(dev
, apdev
):
2865 """DPP protocol testing - Auth Conf RX processing failure"""
2866 with
alloc_fail(dev
[0], 1, "dpp_auth_conf_rx_failure"):
2867 run_dpp_proto_init(dev
, 0, 32, mutual
=True)
2868 wait_dpp_fail(dev
[0], "Authentication failed")
2870 def test_dpp_proto_auth_resp_r_auth_mismatch_failure2(dev
, apdev
):
2871 """DPP protocol testing - Auth Conf RX processing failure 2"""
2872 with
fail_test(dev
[0], 1, "dpp_auth_conf_rx_failure"):
2873 run_dpp_proto_init(dev
, 0, 32, mutual
=True)
2874 wait_dpp_fail(dev
[0], "AES-SIV decryption failed")
2876 def run_dpp_proto_auth_conf_missing(dev
, test
, reason
):
2877 run_dpp_proto_init(dev
, 1, test
, mutual
=True)
2881 wait_dpp_fail(dev
[0], reason
)
2883 def test_dpp_proto_auth_conf_no_status(dev
, apdev
):
2884 """DPP protocol testing - no Status in Auth Conf"""
2885 run_dpp_proto_auth_conf_missing(dev
, 25, "Missing or invalid required DPP Status attribute")
2887 def test_dpp_proto_auth_conf_invalid_status(dev
, apdev
):
2888 """DPP protocol testing - invalid Status in Auth Conf"""
2889 run_dpp_proto_auth_conf_missing(dev
, 75, "Authentication failed")
2891 def test_dpp_proto_auth_conf_no_r_bootstrap_key(dev
, apdev
):
2892 """DPP protocol testing - no R-bootstrap key in Auth Conf"""
2893 run_dpp_proto_auth_conf_missing(dev
, 26, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
2895 def test_dpp_proto_auth_conf_invalid_r_bootstrap_key(dev
, apdev
):
2896 """DPP protocol testing - invalid R-bootstrap key in Auth Conf"""
2897 run_dpp_proto_auth_conf_missing(dev
, 72, "Responder Bootstrapping Key Hash mismatch")
2899 def test_dpp_proto_auth_conf_no_i_bootstrap_key(dev
, apdev
):
2900 """DPP protocol testing - no I-bootstrap key in Auth Conf"""
2901 run_dpp_proto_auth_conf_missing(dev
, 27, "Missing Initiator Bootstrapping Key Hash attribute")
2903 def test_dpp_proto_auth_conf_invalid_i_bootstrap_key(dev
, apdev
):
2904 """DPP protocol testing - invalid I-bootstrap key in Auth Conf"""
2905 run_dpp_proto_auth_conf_missing(dev
, 73, "Initiator Bootstrapping Key Hash mismatch")
2907 def test_dpp_proto_auth_conf_no_i_auth(dev
, apdev
):
2908 """DPP protocol testing - no I-Auth in Auth Conf"""
2909 run_dpp_proto_auth_conf_missing(dev
, 28, "Missing or invalid Initiator Authenticating Tag")
2911 def test_dpp_proto_auth_conf_no_wrapped_data(dev
, apdev
):
2912 """DPP protocol testing - no Wrapped Data in Auth Conf"""
2913 run_dpp_proto_auth_conf_missing(dev
, 29, "Missing or invalid required Wrapped Data attribute")
2915 def test_dpp_proto_auth_conf_i_auth_mismatch(dev
, apdev
):
2916 """DPP protocol testing - I-auth mismatch in Auth Conf"""
2917 run_dpp_proto_init(dev
, 1, 33, mutual
=True)
2918 wait_dpp_fail(dev
[0], "Mismatching Initiator Authenticating Tag")
2920 def test_dpp_proto_auth_conf_replaced_by_resp(dev
, apdev
):
2921 """DPP protocol testing - Auth Conf replaced by Resp"""
2922 run_dpp_proto_init(dev
, 1, 65, mutual
=True)
2923 wait_dpp_fail(dev
[0], "Unexpected Authentication Response")
2925 def run_dpp_proto_conf_req_missing(dev
, test
, reason
):
2926 run_dpp_proto_init(dev
, 0, test
)
2927 wait_dpp_fail(dev
[1], reason
)
2929 def test_dpp_proto_conf_req_no_e_nonce(dev
, apdev
):
2930 """DPP protocol testing - no E-nonce in Conf Req"""
2931 run_dpp_proto_conf_req_missing(dev
, 51,
2932 "Missing or invalid Enrollee Nonce attribute")
2934 def test_dpp_proto_conf_req_invalid_e_nonce(dev
, apdev
):
2935 """DPP protocol testing - invalid E-nonce in Conf Req"""
2936 run_dpp_proto_conf_req_missing(dev
, 83,
2937 "Missing or invalid Enrollee Nonce attribute")
2939 def test_dpp_proto_conf_req_no_config_attr_obj(dev
, apdev
):
2940 """DPP protocol testing - no Config Attr Obj in Conf Req"""
2941 run_dpp_proto_conf_req_missing(dev
, 52,
2942 "Missing or invalid Config Attributes attribute")
2944 def test_dpp_proto_conf_req_invalid_config_attr_obj(dev
, apdev
):
2945 """DPP protocol testing - invalid Config Attr Obj in Conf Req"""
2946 run_dpp_proto_conf_req_missing(dev
, 76,
2947 "Unsupported wi-fi_tech")
2949 def test_dpp_proto_conf_req_no_wrapped_data(dev
, apdev
):
2950 """DPP protocol testing - no Wrapped Data in Conf Req"""
2951 run_dpp_proto_conf_req_missing(dev
, 53,
2952 "Missing or invalid required Wrapped Data attribute")
2954 def run_dpp_proto_conf_resp_missing(dev
, test
, reason
):
2955 run_dpp_proto_init(dev
, 1, test
)
2956 wait_dpp_fail(dev
[0], reason
)
2958 def test_dpp_proto_conf_resp_no_e_nonce(dev
, apdev
):
2959 """DPP protocol testing - no E-nonce in Conf Resp"""
2960 run_dpp_proto_conf_resp_missing(dev
, 54,
2961 "Missing or invalid Enrollee Nonce attribute")
2963 def test_dpp_proto_conf_resp_no_config_obj(dev
, apdev
):
2964 """DPP protocol testing - no Config Object in Conf Resp"""
2965 run_dpp_proto_conf_resp_missing(dev
, 55,
2966 "Missing required Configuration Object attribute")
2968 def test_dpp_proto_conf_resp_no_status(dev
, apdev
):
2969 """DPP protocol testing - no Status in Conf Resp"""
2970 run_dpp_proto_conf_resp_missing(dev
, 56,
2971 "Missing or invalid required DPP Status attribute")
2973 def test_dpp_proto_conf_resp_no_wrapped_data(dev
, apdev
):
2974 """DPP protocol testing - no Wrapped Data in Conf Resp"""
2975 run_dpp_proto_conf_resp_missing(dev
, 57,
2976 "Missing or invalid required Wrapped Data attribute")
2978 def test_dpp_proto_conf_resp_invalid_status(dev
, apdev
):
2979 """DPP protocol testing - invalid Status in Conf Resp"""
2980 run_dpp_proto_conf_resp_missing(dev
, 58,
2981 "Configurator rejected configuration")
2983 def test_dpp_proto_conf_resp_e_nonce_mismatch(dev
, apdev
):
2984 """DPP protocol testing - E-nonce mismatch in Conf Resp"""
2985 run_dpp_proto_conf_resp_missing(dev
, 59,
2986 "Enrollee Nonce mismatch")
2988 def test_dpp_proto_stop_at_auth_req(dev
, apdev
):
2989 """DPP protocol testing - stop when receiving Auth Req"""
2990 run_dpp_proto_init(dev
, 0, 87)
2991 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
2993 raise Exception("Authentication init failure not reported")
2995 def test_dpp_proto_stop_at_auth_resp(dev
, apdev
):
2996 """DPP protocol testing - stop when receiving Auth Resp"""
2997 run_dpp_proto_init(dev
, 1, 88)
2999 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3001 raise Exception("Auth Req TX not seen")
3003 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3005 raise Exception("Auth Resp TX not seen")
3007 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=0.1)
3009 raise Exception("Unexpected Auth Conf TX")
3011 def test_dpp_proto_stop_at_auth_conf(dev
, apdev
):
3012 """DPP protocol testing - stop when receiving Auth Conf"""
3013 run_dpp_proto_init(dev
, 0, 89, init_enrollee
=True)
3014 ev
= dev
[1].wait_event(["GAS-QUERY-START"], timeout
=10)
3016 raise Exception("Enrollee did not start GAS")
3017 ev
= dev
[1].wait_event(["GAS-QUERY-DONE"], timeout
=10)
3019 raise Exception("Enrollee did not time out GAS")
3020 if "result=TIMEOUT" not in ev
:
3021 raise Exception("Unexpected GAS result: " + ev
)
3023 def test_dpp_proto_stop_at_auth_conf_tx(dev
, apdev
):
3024 """DPP protocol testing - stop when transmitting Auth Conf (Registrar)"""
3025 run_dpp_proto_init(dev
, 1, 89, init_enrollee
=True)
3026 wait_auth_success(dev
[0], dev
[1], timeout
=10)
3027 ev
= dev
[1].wait_event(["GAS-QUERY-START"], timeout
=0.1)
3029 raise Exception("Unexpected GAS query")
3031 # There is currently no timeout on GAS server side, so no event to wait for
3034 def test_dpp_proto_stop_at_auth_conf_tx2(dev
, apdev
):
3035 """DPP protocol testing - stop when transmitting Auth Conf (Enrollee)"""
3036 run_dpp_proto_init(dev
, 1, 89)
3037 wait_auth_success(dev
[0], dev
[1], timeout
=10)
3039 ev
= dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=5)
3040 if ev
is None or "result=TIMEOUT" not in ev
:
3041 raise Exception("GAS query did not time out")
3043 def test_dpp_proto_stop_at_conf_req(dev
, apdev
):
3044 """DPP protocol testing - stop when receiving Auth Req"""
3045 run_dpp_proto_init(dev
, 1, 90)
3046 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=10)
3048 raise Exception("Enrollee did not start GAS")
3049 ev
= dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=10)
3051 raise Exception("Enrollee did not time out GAS")
3052 if "result=TIMEOUT" not in ev
:
3053 raise Exception("Unexpected GAS result: " + ev
)
3055 def run_dpp_proto_init_pkex(dev
, test_dev
, test
):
3056 check_dpp_capab(dev
[0])
3057 check_dpp_capab(dev
[1])
3058 dev
[test_dev
].set("dpp_test", str(test
))
3059 dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret")
3060 dev
[1].dpp_pkex_init(identifier
="test", code
="secret")
3062 def test_dpp_proto_after_wrapped_data_pkex_cr_req(dev
, apdev
):
3063 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Req"""
3064 run_dpp_proto_init_pkex(dev
, 1, 4)
3065 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
3066 if ev
is None or "type=7" not in ev
:
3067 raise Exception("PKEX Exchange Request not seen")
3068 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
3069 if ev
is None or "type=9" not in ev
:
3070 raise Exception("PKEX Commit-Reveal Request not seen")
3071 if "ignore=invalid-attributes" not in ev
:
3072 raise Exception("Unexpected RX info: " + ev
)
3074 def test_dpp_proto_after_wrapped_data_pkex_cr_resp(dev
, apdev
):
3075 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Resp"""
3076 run_dpp_proto_init_pkex(dev
, 0, 5)
3077 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=5)
3078 if ev
is None or "type=8" not in ev
:
3079 raise Exception("PKEX Exchange Response not seen")
3080 ev
= dev
[1].wait_event(["DPP-RX"], timeout
=5)
3081 if ev
is None or "type=10" not in ev
:
3082 raise Exception("PKEX Commit-Reveal Response not seen")
3083 if "ignore=invalid-attributes" not in ev
:
3084 raise Exception("Unexpected RX info: " + ev
)
3086 def run_dpp_proto_pkex_req_missing(dev
, test
, reason
):
3087 run_dpp_proto_init_pkex(dev
, 1, test
)
3088 wait_dpp_fail(dev
[0], reason
)
3090 def run_dpp_proto_pkex_resp_missing(dev
, test
, reason
):
3091 run_dpp_proto_init_pkex(dev
, 0, test
)
3092 wait_dpp_fail(dev
[1], reason
)
3094 def test_dpp_proto_pkex_exchange_req_no_finite_cyclic_group(dev
, apdev
):
3095 """DPP protocol testing - no Finite Cyclic Group in PKEX Exchange Request"""
3096 run_dpp_proto_pkex_req_missing(dev
, 34,
3097 "Missing or invalid Finite Cyclic Group attribute")
3099 def test_dpp_proto_pkex_exchange_req_no_encrypted_key(dev
, apdev
):
3100 """DPP protocol testing - no Encrypted Key in PKEX Exchange Request"""
3101 run_dpp_proto_pkex_req_missing(dev
, 35,
3102 "Missing Encrypted Key attribute")
3104 def test_dpp_proto_pkex_exchange_resp_no_status(dev
, apdev
):
3105 """DPP protocol testing - no Status in PKEX Exchange Response"""
3106 run_dpp_proto_pkex_resp_missing(dev
, 36, "No DPP Status attribute")
3108 def test_dpp_proto_pkex_exchange_resp_no_encrypted_key(dev
, apdev
):
3109 """DPP protocol testing - no Encrypted Key in PKEX Exchange Response"""
3110 run_dpp_proto_pkex_resp_missing(dev
, 37, "Missing Encrypted Key attribute")
3112 def test_dpp_proto_pkex_cr_req_no_bootstrap_key(dev
, apdev
):
3113 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Request"""
3114 run_dpp_proto_pkex_req_missing(dev
, 38,
3115 "No valid peer bootstrapping key found")
3117 def test_dpp_proto_pkex_cr_req_no_i_auth_tag(dev
, apdev
):
3118 """DPP protocol testing - no I-Auth Tag in PKEX Commit-Reveal Request"""
3119 run_dpp_proto_pkex_req_missing(dev
, 39, "No valid u (I-Auth tag) found")
3121 def test_dpp_proto_pkex_cr_req_no_wrapped_data(dev
, apdev
):
3122 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Request"""
3123 run_dpp_proto_pkex_req_missing(dev
, 40, "Missing or invalid required Wrapped Data attribute")
3125 def test_dpp_proto_pkex_cr_resp_no_bootstrap_key(dev
, apdev
):
3126 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Response"""
3127 run_dpp_proto_pkex_resp_missing(dev
, 41,
3128 "No valid peer bootstrapping key found")
3130 def test_dpp_proto_pkex_cr_resp_no_r_auth_tag(dev
, apdev
):
3131 """DPP protocol testing - no R-Auth Tag in PKEX Commit-Reveal Response"""
3132 run_dpp_proto_pkex_resp_missing(dev
, 42, "No valid v (R-Auth tag) found")
3134 def test_dpp_proto_pkex_cr_resp_no_wrapped_data(dev
, apdev
):
3135 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Response"""
3136 run_dpp_proto_pkex_resp_missing(dev
, 43, "Missing or invalid required Wrapped Data attribute")
3138 def test_dpp_proto_pkex_exchange_req_invalid_encrypted_key(dev
, apdev
):
3139 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Request"""
3140 run_dpp_proto_pkex_req_missing(dev
, 44,
3141 "Invalid Encrypted Key value")
3143 def test_dpp_proto_pkex_exchange_resp_invalid_encrypted_key(dev
, apdev
):
3144 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Response"""
3145 run_dpp_proto_pkex_resp_missing(dev
, 45,
3146 "Invalid Encrypted Key value")
3148 def test_dpp_proto_pkex_exchange_resp_invalid_status(dev
, apdev
):
3149 """DPP protocol testing - invalid Status in PKEX Exchange Response"""
3150 run_dpp_proto_pkex_resp_missing(dev
, 46,
3151 "PKEX failed (peer indicated failure)")
3153 def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev
, apdev
):
3154 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
3155 run_dpp_proto_pkex_req_missing(dev
, 47,
3156 "Peer bootstrapping key is invalid")
3158 def test_dpp_proto_pkex_cr_resp_invalid_bootstrap_key(dev
, apdev
):
3159 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Response"""
3160 run_dpp_proto_pkex_resp_missing(dev
, 48,
3161 "Peer bootstrapping key is invalid")
3163 def test_dpp_proto_pkex_cr_req_i_auth_tag_mismatch(dev
, apdev
):
3164 """DPP protocol testing - I-auth tag mismatch in PKEX Commit-Reveal Request"""
3165 run_dpp_proto_pkex_req_missing(dev
, 49, "No valid u (I-Auth tag) found")
3167 def test_dpp_proto_pkex_cr_resp_r_auth_tag_mismatch(dev
, apdev
):
3168 """DPP protocol testing - R-auth tag mismatch in PKEX Commit-Reveal Response"""
3169 run_dpp_proto_pkex_resp_missing(dev
, 50, "No valid v (R-Auth tag) found")
3171 def test_dpp_proto_stop_at_pkex_exchange_resp(dev
, apdev
):
3172 """DPP protocol testing - stop when receiving PKEX Exchange Response"""
3173 run_dpp_proto_init_pkex(dev
, 1, 84)
3175 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3177 raise Exception("PKEX Exchange Req TX not seen")
3179 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3181 raise Exception("PKEX Exchange Resp not seen")
3183 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=0.1)
3185 raise Exception("Unexpected PKEX CR Req TX")
3187 def test_dpp_proto_stop_at_pkex_cr_req(dev
, apdev
):
3188 """DPP protocol testing - stop when receiving PKEX CR Request"""
3189 run_dpp_proto_init_pkex(dev
, 0, 85)
3191 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3193 raise Exception("PKEX Exchange Req TX not seen")
3195 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3197 raise Exception("PKEX Exchange Resp not seen")
3199 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3201 raise Exception("PKEX CR Req TX not seen")
3203 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=0.1)
3205 raise Exception("Unexpected PKEX CR Resp TX")
3207 def test_dpp_proto_stop_at_pkex_cr_resp(dev
, apdev
):
3208 """DPP protocol testing - stop when receiving PKEX CR Response"""
3209 run_dpp_proto_init_pkex(dev
, 1, 86)
3211 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3213 raise Exception("PKEX Exchange Req TX not seen")
3215 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3217 raise Exception("PKEX Exchange Resp not seen")
3219 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=5)
3221 raise Exception("PKEX CR Req TX not seen")
3223 ev
= dev
[0].wait_event(["DPP-TX "], timeout
=5)
3225 raise Exception("PKEX CR Resp TX not seen")
3227 ev
= dev
[1].wait_event(["DPP-TX "], timeout
=0.1)
3229 raise Exception("Unexpected Auth Req TX")
3231 def test_dpp_proto_network_introduction(dev
, apdev
):
3232 """DPP protocol testing - network introduction"""
3233 check_dpp_capab(dev
[0])
3234 check_dpp_capab(dev
[1])
3236 params
= {"ssid": "dpp",
3238 "wpa_key_mgmt": "DPP",
3240 "rsn_pairwise": "CCMP",
3241 "dpp_connector": params1_ap_connector
,
3242 "dpp_csign": params1_csign
,
3243 "dpp_netaccesskey": params1_ap_netaccesskey
}
3245 hapd
= hostapd
.add_ap(apdev
[0], params
)
3247 raise HwsimSkip("DPP not supported")
3249 for test
in [60, 61, 80, 82]:
3250 dev
[0].set("dpp_test", str(test
))
3251 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412", ieee80211w
="2",
3252 dpp_csign
=params1_csign
,
3253 dpp_connector
=params1_sta_connector
,
3254 dpp_netaccesskey
=params1_sta_netaccesskey
,
3257 ev
= dev
[0].wait_event(["DPP-TX"], timeout
=10)
3258 if ev
is None or "type=5" not in ev
:
3259 raise Exception("Peer Discovery Request TX not reported")
3260 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=2)
3261 if ev
is None or "result=SUCCESS" not in ev
:
3262 raise Exception("Peer Discovery Request TX status not reported")
3264 ev
= hapd
.wait_event(["DPP-RX"], timeout
=10)
3265 if ev
is None or "type=5" not in ev
:
3266 raise Exception("Peer Discovery Request RX not reported")
3269 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
3271 raise Exception("DPP-INTRO not reported for test 80")
3272 if "status=7" not in ev
:
3273 raise Exception("Unexpected result in test 80: " + ev
)
3275 dev
[0].request("REMOVE_NETWORK all")
3276 dev
[0].dump_monitor()
3278 dev
[0].set("dpp_test", "0")
3280 for test
in [62, 63, 64, 77, 78, 79]:
3281 hapd
.set("dpp_test", str(test
))
3282 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412", ieee80211w
="2",
3283 dpp_csign
=params1_csign
,
3284 dpp_connector
=params1_sta_connector
,
3285 dpp_netaccesskey
=params1_sta_netaccesskey
,
3288 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
3290 raise Exception("Peer introduction result not reported (test %d)" % test
)
3292 if "fail=transaction_id_mismatch" not in ev
:
3293 raise Exception("Connector validation failure not reported")
3295 if "status=254" not in ev
:
3296 raise Exception("Invalid status value not reported")
3298 if "fail=peer_connector_validation_failed" not in ev
:
3299 raise Exception("Connector validation failure not reported")
3300 elif "status=" in ev
:
3301 raise Exception("Unexpected peer introduction result (test %d): " % test
+ ev
)
3303 dev
[0].request("REMOVE_NETWORK all")
3304 dev
[0].dump_monitor()
3306 hapd
.set("dpp_test", "0")
3308 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412", ieee80211w
="2",
3309 dpp_csign
=params1_csign
, dpp_connector
=params1_sta_connector
,
3310 dpp_netaccesskey
=params1_sta_netaccesskey
)
3312 def test_dpp_qr_code_no_chan_list_unicast(dev
, apdev
):
3313 """DPP QR Code and no channel list (unicast)"""
3314 run_dpp_qr_code_chan_list(dev
, apdev
, True, 2417, None)
3316 def test_dpp_qr_code_chan_list_unicast(dev
, apdev
):
3317 """DPP QR Code and 2.4 GHz channels (unicast)"""
3318 run_dpp_qr_code_chan_list(dev
, apdev
, True, 2417,
3319 "81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13")
3321 def test_dpp_qr_code_chan_list_no_peer_unicast(dev
, apdev
):
3322 """DPP QR Code and channel list and no peer (unicast)"""
3323 run_dpp_qr_code_chan_list(dev
, apdev
, True, 2417, "81/1,81/6,81/11",
3325 ev
= dev
[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout
=5)
3327 raise Exception("Initiation failure not reported")
3329 def test_dpp_qr_code_no_chan_list_broadcast(dev
, apdev
):
3330 """DPP QR Code and no channel list (broadcast)"""
3331 run_dpp_qr_code_chan_list(dev
, apdev
, False, 2412, None)
3333 def test_dpp_qr_code_chan_list_broadcast(dev
, apdev
):
3334 """DPP QR Code and some 2.4 GHz channels (broadcast)"""
3335 run_dpp_qr_code_chan_list(dev
, apdev
, False, 2412, "81/1,81/6,81/11",
3338 def run_dpp_qr_code_chan_list(dev
, apdev
, unicast
, listen_freq
, chanlist
,
3339 no_wait
=False, timeout
=5):
3340 check_dpp_capab(dev
[0])
3341 check_dpp_capab(dev
[1])
3342 dev
[1].set("dpp_init_max_tries", "3")
3343 dev
[1].set("dpp_init_retry_time", "100")
3344 dev
[1].set("dpp_resp_wait_time", "1000")
3346 logger
.info("dev0 displays QR Code")
3347 id0
= dev
[0].dpp_bootstrap_gen(chan
=chanlist
, mac
=unicast
)
3348 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3349 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
3350 dev
[0].dpp_listen(listen_freq
)
3351 dev
[1].dpp_auth_init(uri
=uri0
)
3354 wait_auth_success(dev
[0], dev
[1], timeout
=timeout
, configurator
=dev
[1],
3355 enrollee
=dev
[0], allow_enrollee_failure
=True,
3356 stop_responder
=True)
3358 def test_dpp_qr_code_chan_list_no_match(dev
, apdev
):
3359 """DPP QR Code and no matching supported channel"""
3360 check_dpp_capab(dev
[0])
3361 check_dpp_capab(dev
[1])
3362 id0
= dev
[0].dpp_bootstrap_gen(chan
="123/123")
3363 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3364 dev
[1].dpp_auth_init(uri
=uri0
, expect_fail
=True)
3366 def test_dpp_pkex_alloc_fail(dev
, apdev
):
3367 """DPP/PKEX and memory allocation failures"""
3368 check_dpp_capab(dev
[0])
3369 check_dpp_capab(dev
[1])
3371 tests
= [(1, "=dpp_keygen_configurator"),
3372 (1, "base64_gen_encode;dpp_keygen_configurator")]
3373 for count
, func
in tests
:
3374 with
alloc_fail(dev
[1], count
, func
):
3375 cmd
= "DPP_CONFIGURATOR_ADD"
3376 res
= dev
[1].request(cmd
)
3377 if "FAIL" not in res
:
3378 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
3380 conf_id
= dev
[1].dpp_configurator_add()
3385 # Local error cases on the Initiator
3386 tests
= [(1, "dpp_get_pubkey_point"),
3387 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_req"),
3388 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_req"),
3389 (1, "dpp_alloc_msg;dpp_auth_build_req"),
3390 (1, "dpp_alloc_msg;dpp_auth_build_conf"),
3391 (1, "dpp_bootstrap_key_hash"),
3392 (1, "dpp_auth_init"),
3393 (1, "=dpp_auth_resp_rx"),
3394 (2, "=dpp_auth_resp_rx"),
3395 (1, "dpp_build_conf_start"),
3396 (1, "dpp_build_conf_obj_dpp"),
3397 (2, "dpp_build_conf_obj_dpp"),
3398 (3, "dpp_build_conf_obj_dpp"),
3399 (4, "dpp_build_conf_obj_dpp"),
3400 (5, "dpp_build_conf_obj_dpp"),
3401 (6, "dpp_build_conf_obj_dpp"),
3402 (7, "dpp_build_conf_obj_dpp"),
3403 (8, "dpp_build_conf_obj_dpp"),
3404 (1, "dpp_conf_req_rx"),
3405 (2, "dpp_conf_req_rx"),
3406 (3, "dpp_conf_req_rx"),
3407 (4, "dpp_conf_req_rx"),
3408 (5, "dpp_conf_req_rx"),
3409 (6, "dpp_conf_req_rx"),
3410 (7, "dpp_conf_req_rx"),
3411 (1, "dpp_pkex_init"),
3412 (2, "dpp_pkex_init"),
3413 (3, "dpp_pkex_init"),
3414 (1, "dpp_pkex_derive_z"),
3415 (1, "=dpp_pkex_rx_commit_reveal_resp"),
3416 (1, "dpp_get_pubkey_point;dpp_build_jwk"),
3417 (2, "dpp_get_pubkey_point;dpp_build_jwk"),
3418 (1, "dpp_get_pubkey_point;dpp_auth_init")]
3419 for count
, func
in tests
:
3420 dev
[0].request("DPP_STOP_LISTEN")
3421 dev
[1].request("DPP_STOP_LISTEN")
3422 dev
[0].dump_monitor()
3423 dev
[1].dump_monitor()
3424 id0
= dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
3427 with
alloc_fail(dev
[1], count
, func
):
3428 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="secret",
3430 extra
="conf=sta-dpp configurator=%d" % conf_id
,
3432 wait_fail_trigger(dev
[1], "GET_ALLOC_FAIL", max_iter
=100)
3433 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=0.01)
3435 dev
[0].request("DPP_STOP_LISTEN")
3436 dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=3)
3438 # Local error cases on the Responder
3439 tests
= [(1, "dpp_get_pubkey_point"),
3440 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_resp"),
3441 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_resp"),
3442 (1, "dpp_alloc_msg;dpp_auth_build_resp"),
3443 (1, "dpp_get_pubkey_point;dpp_auth_build_resp_ok"),
3444 (1, "=dpp_auth_req_rx"),
3445 (2, "=dpp_auth_req_rx"),
3446 (1, "=dpp_auth_conf_rx"),
3447 (1, "json_parse;dpp_parse_jws_prot_hdr"),
3448 (1, "json_get_member_base64url;dpp_parse_jws_prot_hdr"),
3449 (1, "json_get_member_base64url;dpp_parse_jwk"),
3450 (2, "json_get_member_base64url;dpp_parse_jwk"),
3451 (1, "json_parse;dpp_parse_connector"),
3452 (1, "dpp_parse_jwk;dpp_parse_connector"),
3453 (1, "dpp_parse_jwk;dpp_parse_cred_dpp"),
3454 (1, "dpp_get_pubkey_point;dpp_check_pubkey_match"),
3455 (1, "base64_gen_decode;dpp_process_signed_connector"),
3456 (1, "dpp_parse_jws_prot_hdr;dpp_process_signed_connector"),
3457 (2, "base64_gen_decode;dpp_process_signed_connector"),
3458 (3, "base64_gen_decode;dpp_process_signed_connector"),
3459 (4, "base64_gen_decode;dpp_process_signed_connector"),
3460 (1, "json_parse;dpp_parse_conf_obj"),
3461 (1, "dpp_conf_resp_rx"),
3462 (1, "=dpp_pkex_derive_z"),
3463 (1, "=dpp_pkex_rx_exchange_req"),
3464 (2, "=dpp_pkex_rx_exchange_req"),
3465 (3, "=dpp_pkex_rx_exchange_req"),
3466 (1, "=dpp_pkex_rx_commit_reveal_req"),
3467 (1, "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"),
3468 (1, "dpp_bootstrap_key_hash")]
3469 for count
, func
in tests
:
3470 dev
[0].request("DPP_STOP_LISTEN")
3471 dev
[1].request("DPP_STOP_LISTEN")
3472 dev
[0].dump_monitor()
3473 dev
[1].dump_monitor()
3474 id0
= dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
3477 with
alloc_fail(dev
[0], count
, func
):
3478 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="secret",
3480 extra
="conf=sta-dpp configurator=%d" % conf_id
)
3481 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL", max_iter
=100)
3482 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=0.01)
3484 dev
[0].request("DPP_STOP_LISTEN")
3485 dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=3)
3487 def test_dpp_pkex_test_fail(dev
, apdev
):
3488 """DPP/PKEX and local failures"""
3489 check_dpp_capab(dev
[0])
3490 check_dpp_capab(dev
[1])
3492 tests
= [(1, "dpp_keygen_configurator")]
3493 for count
, func
in tests
:
3494 with
fail_test(dev
[1], count
, func
):
3495 cmd
= "DPP_CONFIGURATOR_ADD"
3496 res
= dev
[1].request(cmd
)
3497 if "FAIL" not in res
:
3498 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
3500 tests
= [(1, "dpp_keygen")]
3501 for count
, func
in tests
:
3502 with
fail_test(dev
[1], count
, func
):
3503 cmd
= "DPP_BOOTSTRAP_GEN type=pkex"
3504 res
= dev
[1].request(cmd
)
3505 if "FAIL" not in res
:
3506 raise Exception("Unexpected DPP_BOOTSTRAP_GEN success")
3508 conf_id
= dev
[1].dpp_configurator_add()
3513 # Local error cases on the Initiator
3514 tests
= [(1, "aes_siv_encrypt;dpp_auth_build_req"),
3515 (1, "os_get_random;dpp_auth_init"),
3516 (1, "dpp_derive_k1;dpp_auth_init"),
3517 (1, "dpp_hkdf_expand;dpp_derive_k1;dpp_auth_init"),
3518 (1, "dpp_gen_i_auth;dpp_auth_build_conf"),
3519 (1, "aes_siv_encrypt;dpp_auth_build_conf"),
3520 (1, "dpp_derive_k2;dpp_auth_resp_rx"),
3521 (1, "dpp_hkdf_expand;dpp_derive_k2;dpp_auth_resp_rx"),
3522 (1, "dpp_derive_ke;dpp_auth_resp_rx"),
3523 (1, "dpp_hkdf_expand;dpp_derive_ke;dpp_auth_resp_rx"),
3524 (1, "dpp_gen_r_auth;dpp_auth_resp_rx"),
3525 (1, "aes_siv_encrypt;dpp_build_conf_resp"),
3526 (1, "dpp_pkex_derive_Qi;dpp_pkex_build_exchange_req"),
3527 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_req"),
3528 (1, "hmac_sha256_vector;dpp_pkex_rx_exchange_resp"),
3529 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_resp"),
3530 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_resp"),
3531 (1, "dpp_bootstrap_key_hash")]
3532 for count
, func
in tests
:
3533 dev
[0].request("DPP_STOP_LISTEN")
3534 dev
[1].request("DPP_STOP_LISTEN")
3535 dev
[0].dump_monitor()
3536 dev
[1].dump_monitor()
3537 id0
= dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
3540 with
fail_test(dev
[1], count
, func
):
3541 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="secret",
3543 extra
="conf=sta-dpp configurator=%d" % conf_id
,
3545 wait_fail_trigger(dev
[1], "GET_FAIL", max_iter
=100)
3546 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=0.01)
3548 dev
[0].request("DPP_STOP_LISTEN")
3549 dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=3)
3551 # Local error cases on the Responder
3552 tests
= [(1, "aes_siv_encrypt;dpp_auth_build_resp"),
3553 (1, "aes_siv_encrypt;dpp_auth_build_resp;dpp_auth_build_resp_ok"),
3554 (1, "os_get_random;dpp_build_conf_req"),
3555 (1, "aes_siv_encrypt;dpp_build_conf_req"),
3556 (1, "os_get_random;dpp_auth_build_resp_ok"),
3557 (1, "dpp_derive_k2;dpp_auth_build_resp_ok"),
3558 (1, "dpp_derive_ke;dpp_auth_build_resp_ok"),
3559 (1, "dpp_gen_r_auth;dpp_auth_build_resp_ok"),
3560 (1, "aes_siv_encrypt;dpp_auth_build_resp_ok"),
3561 (1, "dpp_derive_k1;dpp_auth_req_rx"),
3562 (1, "aes_siv_decrypt;dpp_auth_req_rx"),
3563 (1, "aes_siv_decrypt;dpp_auth_conf_rx"),
3564 (1, "dpp_gen_i_auth;dpp_auth_conf_rx"),
3565 (1, "dpp_check_pubkey_match"),
3566 (1, "aes_siv_decrypt;dpp_conf_resp_rx"),
3567 (1, "hmac_sha256_kdf;dpp_pkex_derive_z"),
3568 (1, "dpp_pkex_derive_Qi;dpp_pkex_rx_exchange_req"),
3569 (1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_req"),
3570 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_resp"),
3571 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_req"),
3572 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req"),
3573 (2, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req")]
3574 for count
, func
in tests
:
3575 dev
[0].request("DPP_STOP_LISTEN")
3576 dev
[1].request("DPP_STOP_LISTEN")
3577 dev
[0].dump_monitor()
3578 dev
[1].dump_monitor()
3579 id0
= dev
[0].dpp_pkex_resp(2437, identifier
="test", code
="secret",
3582 with
fail_test(dev
[0], count
, func
):
3583 id1
= dev
[1].dpp_pkex_init(identifier
="test", code
="secret",
3585 extra
="conf=sta-dpp configurator=%d" % conf_id
)
3586 wait_fail_trigger(dev
[0], "GET_FAIL", max_iter
=100)
3587 ev
= dev
[0].wait_event(["GAS-QUERY-START"], timeout
=0.01)
3589 dev
[0].request("DPP_STOP_LISTEN")
3590 dev
[0].wait_event(["GAS-QUERY-DONE"], timeout
=3)
3592 def test_dpp_keygen_configurator_error(dev
, apdev
):
3593 """DPP Configurator keygen error case"""
3594 check_dpp_capab(dev
[0])
3595 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD curve=unknown"):
3596 raise Exception("Unexpected success of invalid DPP_CONFIGURATOR_ADD")
3598 def rx_process_frame(dev
):
3601 raise Exception("No management frame RX reported")
3602 if "OK" not in dev
.request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
3603 msg
['freq'], msg
['datarate'], msg
['ssi_signal'], binascii
.hexlify(msg
['frame']).decode())):
3604 raise Exception("MGMT_RX_PROCESS failed")
3607 def wait_auth_success(responder
, initiator
, configurator
=None, enrollee
=None,
3608 allow_enrollee_failure
=False,
3609 allow_configurator_failure
=False,
3610 require_configurator_failure
=False,
3611 timeout
=5, stop_responder
=False, stop_initiator
=False):
3612 ev
= responder
.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout
=timeout
)
3613 if ev
is None or "DPP-AUTH-SUCCESS" not in ev
:
3614 raise Exception("DPP authentication did not succeed (Responder)")
3615 ev
= initiator
.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout
=5)
3616 if ev
is None or "DPP-AUTH-SUCCESS" not in ev
:
3617 raise Exception("DPP authentication did not succeed (Initiator)")
3619 ev
= configurator
.wait_event(["DPP-CONF-SENT",
3620 "DPP-CONF-FAILED"], timeout
=5)
3622 raise Exception("DPP configuration not completed (Configurator)")
3623 if "DPP-CONF-FAILED" in ev
and not allow_configurator_failure
:
3624 raise Exception("DPP configuration did not succeed (Configurator")
3625 if "DPP-CONF-SUCCESS" in ev
and not require_configurator_failure
:
3626 raise Exception("DPP configuration succeeded (Configurator")
3628 ev
= enrollee
.wait_event(["DPP-CONF-RECEIVED",
3629 "DPP-CONF-FAILED"], timeout
=5)
3631 raise Exception("DPP configuration not completed (Enrollee)")
3632 if "DPP-CONF-FAILED" in ev
and not allow_enrollee_failure
:
3633 raise Exception("DPP configuration did not succeed (Enrollee)")
3635 responder
.request("DPP_STOP_LISTEN")
3637 initiator
.request("DPP_STOP_LISTEN")
3639 def wait_conf_completion(configurator
, enrollee
):
3640 ev
= configurator
.wait_event(["DPP-CONF-SENT"], timeout
=5)
3642 raise Exception("DPP configuration not completed (Configurator)")
3643 ev
= enrollee
.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
3646 raise Exception("DPP configuration not completed (Enrollee)")
3649 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3650 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3652 conf
= '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
3653 dev
[0].set("dpp_config_obj_override", conf
)
3655 dev
[0].set("ext_mgmt_frame_handling", "1")
3656 dev
[0].dpp_listen(2412)
3657 dev
[1].dpp_auth_init(uri
=uri0
, role
="enrollee")
3659 def test_dpp_gas_timeout_handling(dev
, apdev
):
3660 """DPP and GAS timeout handling"""
3661 check_dpp_capab(dev
[0])
3662 check_dpp_capab(dev
[1])
3665 # DPP Authentication Request
3666 rx_process_frame(dev
[0])
3668 # DPP Authentication Confirmation
3669 rx_process_frame(dev
[0])
3671 wait_auth_success(dev
[0], dev
[1])
3673 # DPP Configuration Request (GAS Initial Request frame)
3674 rx_process_frame(dev
[0])
3676 # DPP Configuration Request (GAS Comeback Request frame)
3677 rx_process_frame(dev
[0])
3679 # Wait for GAS timeout
3680 ev
= dev
[1].wait_event(["DPP-CONF-FAILED"], timeout
=5)
3682 raise Exception("DPP configuration not completed (Enrollee)")
3684 def test_dpp_gas_comeback_after_failure(dev
, apdev
):
3685 """DPP and GAS comeback after failure"""
3686 check_dpp_capab(dev
[0])
3687 check_dpp_capab(dev
[1])
3690 # DPP Authentication Request
3691 rx_process_frame(dev
[0])
3693 # DPP Authentication Confirmation
3694 rx_process_frame(dev
[0])
3696 wait_auth_success(dev
[0], dev
[1])
3698 # DPP Configuration Request (GAS Initial Request frame)
3699 rx_process_frame(dev
[0])
3701 # DPP Configuration Request (GAS Comeback Request frame)
3702 msg
= dev
[0].mgmt_rx()
3703 frame
= binascii
.hexlify(msg
['frame']).decode()
3704 with
alloc_fail(dev
[0], 1, "gas_build_comeback_resp;gas_server_handle_rx_comeback_req"):
3705 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3706 raise Exception("MGMT_RX_PROCESS failed")
3707 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
3708 # Try the same frame again - this is expected to fail since the response has
3709 # already been freed.
3710 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3711 raise Exception("MGMT_RX_PROCESS failed")
3713 # DPP Configuration Request (GAS Comeback Request frame retry)
3714 msg
= dev
[0].mgmt_rx()
3716 def test_dpp_gas(dev
, apdev
):
3717 """DPP and GAS protocol testing"""
3718 ver0
= check_dpp_capab(dev
[0])
3719 ver1
= check_dpp_capab(dev
[1])
3722 # DPP Authentication Request
3723 rx_process_frame(dev
[0])
3725 # DPP Authentication Confirmation
3726 rx_process_frame(dev
[0])
3728 wait_auth_success(dev
[0], dev
[1])
3730 # DPP Configuration Request (GAS Initial Request frame)
3731 msg
= dev
[0].mgmt_rx()
3733 # Protected Dual of GAS Initial Request frame (dropped by GAS server)
3735 raise Exception("MGMT_RX_PROCESS failed. <Please retry>")
3736 frame
= binascii
.hexlify(msg
['frame'])
3737 frame
= frame
[0:48] + b
"09" + frame
[50:]
3738 frame
= frame
.decode()
3739 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3740 raise Exception("MGMT_RX_PROCESS failed")
3742 with
alloc_fail(dev
[0], 1, "gas_server_send_resp"):
3743 frame
= binascii
.hexlify(msg
['frame']).decode()
3744 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3745 raise Exception("MGMT_RX_PROCESS failed")
3746 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
3748 with
alloc_fail(dev
[0], 1, "gas_build_initial_resp;gas_server_send_resp"):
3749 frame
= binascii
.hexlify(msg
['frame']).decode()
3750 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3751 raise Exception("MGMT_RX_PROCESS failed")
3752 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
3754 # Add extra data after Query Request field to trigger
3755 # "GAS: Ignored extra data after Query Request field"
3756 frame
= binascii
.hexlify(msg
['frame']).decode() + "00"
3757 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
3758 raise Exception("MGMT_RX_PROCESS failed")
3760 # DPP Configuration Request (GAS Comeback Request frame)
3761 rx_process_frame(dev
[0])
3763 # DPP Configuration Request (GAS Comeback Request frame)
3764 rx_process_frame(dev
[0])
3766 # DPP Configuration Request (GAS Comeback Request frame)
3767 rx_process_frame(dev
[0])
3769 if ver0
>= 2 and ver1
>= 2:
3770 # DPP Configuration Result
3771 rx_process_frame(dev
[0])
3773 wait_conf_completion(dev
[0], dev
[1])
3775 def test_dpp_truncated_attr(dev
, apdev
):
3776 """DPP and truncated attribute"""
3777 check_dpp_capab(dev
[0])
3778 check_dpp_capab(dev
[1])
3781 # DPP Authentication Request
3782 msg
= dev
[0].mgmt_rx()
3783 frame
= msg
['frame']
3785 # DPP: Truncated message - not enough room for the attribute - dropped
3786 frame1
= binascii
.hexlify(frame
[0:36]).decode()
3787 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame1
)):
3788 raise Exception("MGMT_RX_PROCESS failed")
3789 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
3790 if ev
is None or "ignore=invalid-attributes" not in ev
:
3791 raise Exception("Invalid attribute error not reported")
3793 # DPP: Unexpected octets (3) after the last attribute
3794 frame2
= binascii
.hexlify(frame
).decode() + "000000"
3795 if "OK" not in dev
[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame2
)):
3796 raise Exception("MGMT_RX_PROCESS failed")
3797 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
3798 if ev
is None or "ignore=invalid-attributes" not in ev
:
3799 raise Exception("Invalid attribute error not reported")
3801 def test_dpp_bootstrap_key_autogen_issues(dev
, apdev
):
3802 """DPP bootstrap key autogen issues"""
3803 check_dpp_capab(dev
[0])
3804 check_dpp_capab(dev
[1])
3806 logger
.info("dev0 displays QR Code")
3807 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3808 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3810 logger
.info("dev1 scans QR Code")
3811 id1
= dev
[1].dpp_qr_code(uri0
)
3813 logger
.info("dev1 initiates DPP Authentication")
3814 dev
[0].dpp_listen(2412)
3815 with
alloc_fail(dev
[1], 1, "dpp_autogen_bootstrap_key"):
3816 dev
[1].dpp_auth_init(peer
=id1
, expect_fail
=True)
3817 with
alloc_fail(dev
[1], 2, "=dpp_autogen_bootstrap_key"):
3818 dev
[1].dpp_auth_init(peer
=id1
, expect_fail
=True)
3819 with
fail_test(dev
[1], 1, "dpp_keygen;dpp_autogen_bootstrap_key"):
3820 dev
[1].dpp_auth_init(peer
=id1
, expect_fail
=True)
3821 dev
[0].request("DPP_STOP_LISTEN")
3823 def test_dpp_auth_resp_status_failure(dev
, apdev
):
3824 """DPP and Auth Resp(status) build failure"""
3825 with
alloc_fail(dev
[0], 1, "dpp_auth_build_resp"):
3826 run_dpp_proto_auth_resp_missing(dev
, 99999, None,
3827 incompatible_roles
=True)
3829 def test_dpp_auth_resp_aes_siv_issue(dev
, apdev
):
3830 """DPP Auth Resp AES-SIV issue"""
3831 check_dpp_capab(dev
[0])
3832 check_dpp_capab(dev
[1])
3833 logger
.info("dev0 displays QR Code")
3834 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3835 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3836 logger
.info("dev1 scans QR Code and initiates DPP Authentication")
3837 dev
[0].dpp_listen(2412)
3838 with
fail_test(dev
[1], 1, "aes_siv_decrypt;dpp_auth_resp_rx"):
3839 dev
[1].dpp_auth_init(uri
=uri0
)
3840 wait_dpp_fail(dev
[1], "AES-SIV decryption failed")
3841 dev
[0].request("DPP_STOP_LISTEN")
3843 def test_dpp_invalid_legacy_params(dev
, apdev
):
3844 """DPP invalid legacy parameters"""
3845 check_dpp_capab(dev
[0])
3846 check_dpp_capab(dev
[1])
3847 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3848 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3850 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-psk", ssid
="dpp-legacy",
3853 def test_dpp_invalid_legacy_params2(dev
, apdev
):
3854 """DPP invalid legacy parameters 2"""
3855 check_dpp_capab(dev
[0])
3856 check_dpp_capab(dev
[1])
3857 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3858 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3859 dev
[0].set("dpp_configurator_params",
3860 " conf=sta-psk ssid=%s" % (binascii
.hexlify(b
"dpp-legacy").decode()))
3861 dev
[0].dpp_listen(2412, role
="configurator")
3862 dev
[1].dpp_auth_init(uri
=uri0
, role
="enrollee")
3864 ev
= dev
[0].wait_event(["DPP: Failed to set configurator parameters"],
3867 raise Exception("DPP configuration failure not reported")
3869 def test_dpp_legacy_params_failure(dev
, apdev
):
3870 """DPP legacy parameters local failure"""
3871 check_dpp_capab(dev
[0])
3872 check_dpp_capab(dev
[1])
3873 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
3874 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
3875 dev
[0].dpp_listen(2412)
3876 with
alloc_fail(dev
[1], 1, "dpp_build_conf_obj_legacy"):
3877 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-psk", passphrase
="passphrase",
3879 ev
= dev
[0].wait_event(["DPP-CONF-FAILED"], timeout
=5)
3881 raise Exception("DPP configuration failure not reported")
3883 def test_dpp_invalid_configurator_key(dev
, apdev
):
3884 """DPP invalid configurator key"""
3885 check_dpp_capab(dev
[0])
3887 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=aa"):
3888 raise Exception("Invalid key accepted")
3890 with
alloc_fail(dev
[0], 1, "dpp_keygen_configurator"):
3891 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256
):
3892 raise Exception("Error not reported")
3894 with
alloc_fail(dev
[0], 1, "dpp_get_pubkey_point;dpp_keygen_configurator"):
3895 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256
):
3896 raise Exception("Error not reported")
3898 with
alloc_fail(dev
[0], 1, "base64_gen_encode;dpp_keygen_configurator"):
3899 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256
):
3900 raise Exception("Error not reported")
3902 with
fail_test(dev
[0], 1, "dpp_keygen_configurator"):
3903 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256
):
3904 raise Exception("Error not reported")
3906 def test_dpp_own_config_sign_fail(dev
, apdev
):
3907 """DPP own config signing failure"""
3908 check_dpp_capab(dev
[0])
3909 conf_id
= dev
[0].dpp_configurator_add()
3913 " configurator=%d" % conf_id
,
3914 " conf=sta-dpp configurator=%d curve=unsupported" % conf_id
]
3916 if "FAIL" not in dev
[0].request("DPP_CONFIGURATOR_SIGN " + t
):
3917 raise Exception("Invalid command accepted: " + t
)
3919 def test_dpp_peer_intro_failures(dev
, apdev
):
3920 """DPP peer introduction failures"""
3922 run_dpp_peer_intro_failures(dev
, apdev
)
3924 dev
[0].set("dpp_config_processing", "0")
3926 def run_dpp_peer_intro_failures(dev
, apdev
):
3927 check_dpp_capab(dev
[0])
3928 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
3929 check_dpp_capab(hapd
)
3931 conf_id
= hapd
.dpp_configurator_add(key
=dpp_key_p256
)
3932 csign
= hapd
.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id
)
3933 if "FAIL" in csign
or len(csign
) == 0:
3934 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
3936 conf_id2
= dev
[0].dpp_configurator_add(key
=csign
)
3937 csign2
= dev
[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id2
)
3940 raise Exception("Unexpected difference in configurator key")
3942 cmd
= "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d" % conf_id
3943 res
= hapd
.request(cmd
)
3945 raise Exception("Failed to generate own configuration")
3946 update_hapd_config(hapd
)
3948 dev
[0].set("dpp_config_processing", "1")
3949 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
3950 res
= dev
[0].request(cmd
)
3952 raise Exception("Failed to generate own configuration")
3953 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
3955 raise Exception("DPP network profile not generated")
3956 id = ev
.split(' ')[1]
3957 dev
[0].select_network(id, freq
=2412)
3958 dev
[0].wait_connected()
3959 dev
[0].request("DISCONNECT")
3960 dev
[0].wait_disconnected()
3961 dev
[0].dump_monitor()
3963 tests
= ["eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOltdLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJiVmFMRGlBT09OQmFjcVFVN1pYamFBVEtEMVhhbDVlUExqOUZFZUl3VkN3IiwieSI6Il95c25JR1hTYjBvNEsyMWg0anZmSkZxMHdVNnlPNWp1VUFPd3FuM0dHVHMifX0.WgzZBOJaisWBRxvtXPbVYPXU7OIZxs6sZD-cPOLmJVTIYZKdMkSOMvP5b6si_j61FIrjhm43tmGq1P6cpoxB_g",
3964 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7fV0sIm5ldEFjY2Vzc0tleSI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkJhY3BWSDNpNDBrZklNS0RHa1FFRzhCODBCaEk4cEFmTWpLbzM5NlFZT2ciLCJ5IjoiMjBDYjhDNjRsSjFzQzV2NXlKMnBFZXRRempxMjI4YVV2cHMxNmQ0M3EwQSJ9fQ.dG2y8VvZQJ5hfob8E5F2FAeR7Nd700qstYkxDgA2QfARaNMZ0_SfKfoG-yKXsIZNM-TvGBfACgfhagG9Oaw_Xw",
3965 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJkc2VmcmJWWlhad0RMWHRpLWlObDBBYkFIOXpqeFFKd0R1SUd5NzNuZGU0IiwieSI6IjZFQnExN3cwYW1fZlh1OUQ4UGxWYk9XZ2I3b19DcTUxWHlmSG8wcHJyeDQifX0.caBvdDUtXrhnS61-juVZ_2FQdprepv0yZjC04G4ERvLUpeX7cgu0Hp-A1aFDogP1PEFGpkaEdcAWRQnSSRiIKQ"]
3967 dev
[0].set_network_quoted(id, "dpp_connector", t
)
3968 dev
[0].select_network(id, freq
=2412)
3969 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=5)
3970 if ev
is None or "status=8" not in ev
:
3971 raise Exception("Introduction failure not reported")
3972 dev
[0].request("DISCONNECT")
3973 dev
[0].dump_monitor()
3975 def test_dpp_peer_intro_local_failures(dev
, apdev
):
3976 """DPP peer introduction local failures"""
3977 check_dpp_capab(dev
[0])
3978 check_dpp_capab(dev
[1])
3980 params
= {"ssid": "dpp",
3982 "wpa_key_mgmt": "DPP",
3984 "rsn_pairwise": "CCMP",
3985 "dpp_connector": params1_ap_connector
,
3986 "dpp_csign": params1_csign
,
3987 "dpp_netaccesskey": params1_ap_netaccesskey
}
3989 hapd
= hostapd
.add_ap(apdev
[0], params
)
3991 raise HwsimSkip("DPP not supported")
3993 tests
= ["dpp_derive_pmk",
3994 "dpp_hkdf_expand;dpp_derive_pmk",
3997 with
fail_test(dev
[0], 1, func
):
3998 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4000 dpp_csign
=params1_csign
,
4001 dpp_connector
=params1_sta_connector
,
4002 dpp_netaccesskey
=params1_sta_netaccesskey
,
4004 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
4005 if ev
is None or "fail=peer_connector_validation_failed" not in ev
:
4006 raise Exception("Introduction failure not reported")
4007 dev
[0].request("REMOVE_NETWORK all")
4008 dev
[0].dump_monitor()
4010 tests
= [(1, "base64_gen_decode;dpp_peer_intro"),
4011 (1, "json_parse;dpp_peer_intro"),
4012 (50, "json_parse;dpp_peer_intro"),
4013 (1, "=dpp_peer_intro"),
4014 (1, "dpp_parse_jwk")]
4015 for count
, func
in tests
:
4016 with
alloc_fail(dev
[0], count
, func
):
4017 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4019 dpp_csign
=params1_csign
,
4020 dpp_connector
=params1_sta_connector
,
4021 dpp_netaccesskey
=params1_sta_netaccesskey
,
4023 ev
= dev
[0].wait_event(["DPP-INTRO"], timeout
=10)
4024 if ev
is None or "fail=peer_connector_validation_failed" not in ev
:
4025 raise Exception("Introduction failure not reported")
4026 dev
[0].request("REMOVE_NETWORK all")
4027 dev
[0].dump_monitor()
4029 parts
= params1_ap_connector
.split('.')
4030 for ap_connector
in ['.'.join(parts
[0:2]), '.'.join(parts
[0:1])]:
4031 hapd
.set("dpp_connector", ap_connector
)
4032 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4034 dpp_csign
=params1_csign
,
4035 dpp_connector
=params1_sta_connector
,
4036 dpp_netaccesskey
=params1_sta_netaccesskey
,
4038 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=10)
4040 raise Exception("No TX status reported")
4041 dev
[0].request("REMOVE_NETWORK all")
4042 dev
[0].dump_monitor()
4044 hapd
.set("dpp_netaccesskey", "00")
4045 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4047 dpp_csign
=params1_csign
,
4048 dpp_connector
=params1_sta_connector
,
4049 dpp_netaccesskey
=params1_sta_netaccesskey
,
4051 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=10)
4053 raise Exception("No TX status reported")
4054 dev
[0].request("REMOVE_NETWORK all")
4055 dev
[0].dump_monitor()
4057 hapd
.set("dpp_csign", "00")
4058 dev
[0].connect("dpp", key_mgmt
="DPP", scan_freq
="2412",
4060 dpp_csign
=params1_csign
,
4061 dpp_connector
=params1_sta_connector
,
4062 dpp_netaccesskey
=params1_sta_netaccesskey
,
4064 ev
= dev
[0].wait_event(["DPP-TX-STATUS"], timeout
=10)
4066 raise Exception("No TX status reported")
4067 dev
[0].request("REMOVE_NETWORK all")
4069 def run_dpp_configurator_id_unknown(dev
):
4070 check_dpp_capab(dev
)
4071 conf_id
= dev
.dpp_configurator_add()
4072 if "FAIL" not in dev
.request("DPP_CONFIGURATOR_GET_KEY %d" % (conf_id
+ 1)):
4073 raise Exception("DPP_CONFIGURATOR_GET_KEY with incorrect id accepted")
4075 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % (conf_id
+ 1)
4076 if "FAIL" not in dev
.request(cmd
):
4077 raise Exception("DPP_CONFIGURATOR_SIGN with incorrect id accepted")
4079 def test_dpp_configurator_id_unknown(dev
, apdev
):
4080 """DPP and unknown configurator id"""
4081 run_dpp_configurator_id_unknown(dev
[0])
4082 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
4083 run_dpp_configurator_id_unknown(hapd
)
4085 def run_dpp_bootstrap_gen_failures(dev
):
4086 check_dpp_capab(dev
)
4088 tests
= ["type=unsupported",
4089 "type=qrcode chan=-1",
4090 "type=qrcode mac=a",
4091 "type=qrcode key=qq",
4093 "type=qrcode info=abc\tdef"]
4095 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GEN " + t
):
4096 raise Exception("Command accepted unexpectedly")
4098 id = dev
.dpp_bootstrap_gen()
4099 uri
= dev
.request("DPP_BOOTSTRAP_GET_URI %d" % id)
4100 if not uri
.startswith("DPP:"):
4101 raise Exception("Could not get URI")
4102 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GET_URI 0"):
4103 raise Exception("Failure not reported")
4104 info
= dev
.request("DPP_BOOTSTRAP_INFO %d" % id)
4105 if not info
.startswith("type=QRCODE"):
4106 raise Exception("Could not get info")
4107 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_REMOVE 0"):
4108 raise Exception("Failure not reported")
4109 if "FAIL" in dev
.request("DPP_BOOTSTRAP_REMOVE *"):
4110 raise Exception("Failed to remove bootstrap info")
4111 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GET_URI %d" % id):
4112 raise Exception("Failure not reported")
4113 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_INFO %d" % id):
4114 raise Exception("Failure not reported")
4116 func
= "dpp_bootstrap_gen"
4117 with
alloc_fail(dev
, 1, "=" + func
):
4118 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GEN type=qrcode"):
4119 raise Exception("Command accepted unexpectedly")
4121 with
alloc_fail(dev
, 2, "=" + func
):
4122 if "FAIL" not in dev
.request("DPP_BOOTSTRAP_GEN type=qrcode"):
4123 raise Exception("Command accepted unexpectedly")
4125 with
alloc_fail(dev
, 1, "get_param"):
4126 dev
.request("DPP_BOOTSTRAP_GEN type=qrcode curve=foo")
4128 def test_dpp_bootstrap_gen_failures(dev
, apdev
):
4129 """DPP_BOOTSTRAP_GEN/REMOVE/GET_URI/INFO error cases"""
4130 run_dpp_bootstrap_gen_failures(dev
[0])
4131 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
4132 run_dpp_bootstrap_gen_failures(hapd
)
4134 def test_dpp_listen_continue(dev
, apdev
):
4135 """DPP and continue listen state"""
4136 check_dpp_capab(dev
[0])
4137 check_dpp_capab(dev
[1])
4138 id = dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4139 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4140 dev
[0].dpp_listen(2412)
4142 dev
[1].dpp_auth_init(uri
=uri
)
4143 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
4144 allow_enrollee_failure
=True, stop_responder
=True,
4145 stop_initiator
=True)
4147 def test_dpp_network_addition_failure(dev
, apdev
):
4148 """DPP network addition failure"""
4150 run_dpp_network_addition_failure(dev
, apdev
)
4152 dev
[0].set("dpp_config_processing", "0")
4154 def run_dpp_network_addition_failure(dev
, apdev
):
4155 check_dpp_capab(dev
[0])
4156 conf_id
= dev
[0].dpp_configurator_add()
4157 dev
[0].set("dpp_config_processing", "1")
4158 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
4159 tests
= [(1, "=wpas_dpp_add_network"),
4160 (2, "=wpas_dpp_add_network"),
4161 (3, "=wpas_dpp_add_network"),
4162 (4, "=wpas_dpp_add_network"),
4163 (1, "wpa_config_add_network;wpas_dpp_add_network")]
4164 for count
, func
in tests
:
4165 with
alloc_fail(dev
[0], count
, func
):
4166 res
= dev
[0].request(cmd
)
4168 ev
= dev
[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout
=2)
4170 raise Exception("Config object not processed")
4171 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4172 dev
[0].dump_monitor()
4174 cmd
= "DPP_CONFIGURATOR_SIGN conf=sta-psk pass=%s configurator=%d" % (binascii
.hexlify(b
"passphrase").decode(), conf_id
)
4175 tests
= [(1, "wpa_config_set_quoted;wpas_dpp_add_network")]
4176 for count
, func
in tests
:
4177 with
alloc_fail(dev
[0], count
, func
):
4178 res
= dev
[0].request(cmd
)
4180 ev
= dev
[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout
=2)
4182 raise Exception("Config object not processed")
4183 wait_fail_trigger(dev
[0], "GET_ALLOC_FAIL")
4184 dev
[0].dump_monitor()
4186 def test_dpp_two_initiators(dev
, apdev
):
4187 """DPP and two initiators"""
4188 check_dpp_capab(dev
[0])
4189 check_dpp_capab(dev
[1])
4190 check_dpp_capab(dev
[2])
4191 id = dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4192 uri
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
4193 dev
[0].dpp_listen(2412)
4194 dev
[1].dpp_auth_init(uri
=uri
)
4195 ev
= dev
[0].wait_event(["DPP-RX"], timeout
=5)
4197 raise Exeption("No DPP Authentication Request seen")
4198 dev
[2].dpp_auth_init(uri
=uri
)
4199 wait_dpp_fail(dev
[0],
4200 "DPP-FAIL Already in DPP authentication exchange - ignore new one")
4202 ev
= dev
[0].wait_event(["DPP-CONF-FAILED"], timeout
=2)
4204 raise Exception("DPP configuration result not seen (Enrollee)")
4205 ev
= dev
[1].wait_event(["DPP-CONF-SENT"], timeout
=2)
4207 raise Exception("DPP configuration result not seen (Responder)")
4209 dev
[0].request("DPP_STOP_LISTEN")
4210 dev
[1].request("DPP_STOP_LISTEN")
4211 dev
[2].request("DPP_STOP_LISTEN")
4213 def test_dpp_conf_file_update(dev
, apdev
, params
):
4214 """DPP provisioning updating wpa_supplicant configuration file"""
4215 config
= os
.path
.join(params
['logdir'], 'dpp_conf_file_update.conf')
4216 with
open(config
, "w") as f
:
4217 f
.write("update_config=1\n")
4218 wpas
= WpaSupplicant(global_iface
='/tmp/wpas-wlan5')
4219 wpas
.interface_add("wlan5", config
=config
)
4220 wpas
.set("dpp_config_processing", "1")
4221 run_dpp_qr_code_auth_unicast([wpas
, dev
[1]], apdev
, None,
4222 init_extra
="conf=sta-dpp",
4223 require_conf_success
=True,
4225 wpas
.interface_remove("wlan5")
4227 with
open(config
, "r") as f
:
4229 for i
in ["network={", "dpp_connector=", "key_mgmt=DPP", "ieee80211w=2",
4230 "dpp_netaccesskey=", "dpp_csign="]:
4232 raise Exception("Configuration file missing '%s'" % i
)
4234 wpas
.interface_add("wlan5", config
=config
)
4235 if len(wpas
.list_networks()) != 1:
4236 raise Exception("Unexpected number of networks")
4238 def test_dpp_duplicated_auth_resp(dev
, apdev
):
4239 """DPP and duplicated Authentication Response"""
4240 check_dpp_capab(dev
[0])
4241 check_dpp_capab(dev
[1])
4242 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4243 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
4244 dev
[0].set("ext_mgmt_frame_handling", "1")
4245 dev
[1].set("ext_mgmt_frame_handling", "1")
4246 dev
[0].dpp_listen(2412)
4247 dev
[1].dpp_auth_init(uri
=uri0
)
4249 # DPP Authentication Request
4250 rx_process_frame(dev
[0])
4252 # DPP Authentication Response
4253 msg
= rx_process_frame(dev
[1])
4254 frame
= binascii
.hexlify(msg
['frame']).decode()
4256 if "OK" not in dev
[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame
)):
4257 raise Exception("MGMT_RX_PROCESS failed")
4258 # Modified frame - nonzero status
4259 if frame
[2*32:2*37] != "0010010000":
4260 raise Exception("Could not find Status attribute")
4261 frame2
= frame
[0:2*32] + "0010010001" + frame
[2*37:]
4262 if "OK" not in dev
[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame2
)):
4263 raise Exception("MGMT_RX_PROCESS failed")
4264 frame2
= frame
[0:2*32] + "00100100ff" + frame
[2*37:]
4265 if "OK" not in dev
[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg
['freq'], msg
['datarate'], msg
['ssi_signal'], frame2
)):
4266 raise Exception("MGMT_RX_PROCESS failed")
4268 # DPP Authentication Confirmation
4269 rx_process_frame(dev
[0])
4271 wait_auth_success(dev
[0], dev
[1])
4273 # DPP Configuration Request
4274 rx_process_frame(dev
[1])
4276 # DPP Configuration Response
4277 rx_process_frame(dev
[0])
4279 wait_conf_completion(dev
[1], dev
[0])
4281 def test_dpp_enrollee_reject_config(dev
, apdev
):
4282 """DPP and Enrollee rejecting Config Object"""
4283 check_dpp_capab(dev
[0])
4284 check_dpp_capab(dev
[1])
4285 dev
[0].set("dpp_test", "91")
4286 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4287 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
4288 dev
[0].dpp_listen(2412)
4289 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-sae", ssid
="dpp-legacy",
4290 passphrase
="secret passphrase")
4291 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
4292 allow_enrollee_failure
=True,
4293 allow_configurator_failure
=True)
4295 def test_dpp_enrollee_ap_reject_config(dev
, apdev
):
4296 """DPP and Enrollee AP rejecting Config Object"""
4297 check_dpp_capab(dev
[0])
4298 check_dpp_capab(dev
[1])
4299 hapd
= hostapd
.add_ap(apdev
[0], {"ssid": "unconfigured"})
4300 check_dpp_capab(hapd
)
4301 hapd
.set("dpp_test", "91")
4302 conf_id
= dev
[0].dpp_configurator_add()
4303 id_h
= hapd
.dpp_bootstrap_gen(chan
="81/1", mac
=True)
4304 uri
= hapd
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
4305 dev
[0].dpp_auth_init(uri
=uri
, conf
="ap-dpp", configurator
=conf_id
)
4306 wait_auth_success(hapd
, dev
[0], configurator
=dev
[0], enrollee
=hapd
,
4307 allow_enrollee_failure
=True,
4308 allow_configurator_failure
=True)
4310 def test_dpp_legacy_and_dpp_akm(dev
, apdev
):
4311 """DPP and provisoning DPP and legacy AKMs"""
4313 run_dpp_legacy_and_dpp_akm(dev
, apdev
)
4315 dev
[0].set("dpp_config_processing", "0")
4317 def run_dpp_legacy_and_dpp_akm(dev
, apdev
):
4318 check_dpp_capab(dev
[0], min_ver
=2)
4319 check_dpp_capab(dev
[1], min_ver
=2)
4321 csign
= "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
4322 csign_pub
= "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
4323 ap_connector
= "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
4324 ap_netaccesskey
= "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
4327 passphrase
= "secret passphrase"
4328 params
= {"ssid": ssid
,
4330 "wpa_key_mgmt": "DPP WPA-PSK SAE",
4332 "sae_require_mfp": '1',
4333 "rsn_pairwise": "CCMP",
4334 "wpa_passphrase": passphrase
,
4335 "dpp_connector": ap_connector
,
4336 "dpp_csign": csign_pub
,
4337 "dpp_netaccesskey": ap_netaccesskey
}
4339 hapd
= hostapd
.add_ap(apdev
[0], params
)
4341 raise HwsimSkip("DPP not supported")
4343 conf_id
= dev
[1].dpp_configurator_add(key
=csign
)
4344 dev
[0].set("dpp_config_processing", "1")
4345 id0
= dev
[0].dpp_bootstrap_gen(chan
="81/1", mac
=True)
4346 uri0
= dev
[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0
)
4347 dev
[0].dpp_listen(2412)
4348 dev
[1].dpp_auth_init(uri
=uri0
, conf
="sta-psk-sae-dpp", ssid
=ssid
,
4349 passphrase
=passphrase
, configurator
=conf_id
)
4350 wait_auth_success(dev
[0], dev
[1], configurator
=dev
[1], enrollee
=dev
[0],
4351 allow_enrollee_failure
=True,
4352 allow_configurator_failure
=True)
4353 ev
= dev
[0].wait_event(["DPP-NETWORK-ID"], timeout
=1)
4355 raise Exception("DPP network profile not generated")
4356 id0
= ev
.split(' ')[1]
4358 key_mgmt
= dev
[0].get_network(id0
, "key_mgmt").split(' ')
4359 for m
in ["SAE", "WPA-PSK", "DPP"]:
4360 if m
not in key_mgmt
:
4361 raise Exception("%s missing from key_mgmt" % m
)
4363 dev
[0].scan_for_bss(hapd
.own_addr(), freq
=2412)
4364 dev
[0].select_network(id0
, freq
=2412)
4365 dev
[0].wait_connected()
4367 dev
[0].request("DISCONNECT")
4368 dev
[0].wait_disconnected()
4371 params
= {"ssid": ssid
,
4373 "wpa_key_mgmt": "WPA-PSK SAE",
4375 "sae_require_mfp": '1',
4376 "rsn_pairwise": "CCMP",
4377 "wpa_passphrase": passphrase
}
4378 hapd2
= hostapd
.add_ap(apdev
[1], params
)
4380 dev
[0].request("BSS_FLUSH 0")
4381 dev
[0].scan_for_bss(hapd2
.own_addr(), freq
=2412, force_scan
=True,
4383 dev
[0].select_network(id0
, freq
=2412)
4384 dev
[0].wait_connected()
4386 dev
[0].request("DISCONNECT")
4387 dev
[0].wait_disconnected()
4389 def test_dpp_controller_relay(dev
, apdev
, params
):
4390 """DPP Controller/Relay"""
4392 run_dpp_controller_relay(dev
, apdev
, params
)
4394 dev
[0].set("dpp_config_processing", "0")
4395 dev
[1].request("DPP_CONTROLLER_STOP")
4397 def run_dpp_controller_relay(dev
, apdev
, params
):
4398 check_dpp_capab(dev
[0])
4399 check_dpp_capab(dev
[1])
4400 prefix
= "dpp_controller_relay"
4401 cap_lo
= os
.path
.join(params
['logdir'], prefix
+ ".lo.pcap")
4403 cmd
= subprocess
.Popen(['tcpdump', '-p', '-U', '-i', 'lo',
4404 '-w', cap_lo
, '-s', '2000'],
4405 stderr
=open('/dev/null', 'w'))
4408 conf_id
= dev
[1].dpp_configurator_add()
4409 dev
[1].set("dpp_configurator_params",
4410 " conf=sta-dpp configurator=%d" % conf_id
)
4411 id_c
= dev
[1].dpp_bootstrap_gen()
4412 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
4413 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
4415 for line
in res
.splitlines():
4416 name
, value
= line
.split('=')
4417 if name
== "pkhash":
4421 raise Exception("Could not fetch public key hash from Controller")
4422 if "OK" not in dev
[1].request("DPP_CONTROLLER_START"):
4423 raise Exception("Failed to start Controller")
4426 params
= {"ssid": "unconfigured",
4428 "dpp_controller": "ipaddr=127.0.0.1 pkhash=" + pkhash
}
4429 relay
= hostapd
.add_ap(apdev
[1], params
)
4430 check_dpp_capab(relay
)
4432 # Enroll Relay to the network
4433 # TODO: Do this over TCP once direct Enrollee-over-TCP case is supported
4434 id_h
= relay
.dpp_bootstrap_gen(chan
="81/6", mac
=True)
4435 uri_r
= relay
.request("DPP_BOOTSTRAP_GET_URI %d" % id_h
)
4436 dev
[1].dpp_auth_init(uri
=uri_r
, conf
="ap-dpp", configurator
=conf_id
)
4437 wait_auth_success(relay
, dev
[1], configurator
=dev
[1], enrollee
=relay
)
4438 update_hapd_config(relay
)
4440 # Initiate from Enrollee with broadcast DPP Authentication Request
4441 dev
[0].set("dpp_config_processing", "2")
4442 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee")
4443 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0],
4444 allow_enrollee_failure
=True,
4445 allow_configurator_failure
=True)
4446 dev
[0].wait_connected()
4451 def test_dpp_tcp(dev
, apdev
, params
):
4454 cap_lo
= os
.path
.join(params
['logdir'], prefix
+ ".lo.pcap")
4456 run_dpp_tcp(dev
, apdev
, cap_lo
)
4458 dev
[1].request("DPP_CONTROLLER_STOP")
4460 def test_dpp_tcp_port(dev
, apdev
, params
):
4461 """DPP over TCP and specified port"""
4462 prefix
= "dpp_tcp_port"
4463 cap_lo
= os
.path
.join(params
['logdir'], prefix
+ ".lo.pcap")
4465 run_dpp_tcp(dev
, apdev
, cap_lo
, port
="23456")
4467 dev
[1].request("DPP_CONTROLLER_STOP")
4469 def run_dpp_tcp(dev
, apdev
, cap_lo
, port
=None):
4470 check_dpp_capab(dev
[0])
4471 check_dpp_capab(dev
[1])
4473 cmd
= subprocess
.Popen(['tcpdump', '-p', '-U', '-i', 'lo',
4474 '-w', cap_lo
, '-s', '2000'],
4475 stderr
=open('/dev/null', 'w'))
4479 conf_id
= dev
[1].dpp_configurator_add()
4480 dev
[1].set("dpp_configurator_params",
4481 " conf=sta-dpp configurator=%d" % conf_id
)
4482 id_c
= dev
[1].dpp_bootstrap_gen()
4483 uri_c
= dev
[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c
)
4484 res
= dev
[1].request("DPP_BOOTSTRAP_INFO %d" % id_c
)
4486 for line
in res
.splitlines():
4487 name
, value
= line
.split('=')
4488 if name
== "pkhash":
4492 raise Exception("Could not fetch public key hash from Controller")
4493 req
= "DPP_CONTROLLER_START"
4495 req
+= " tcp_port=" + port
4496 if "OK" not in dev
[1].request(req
):
4497 raise Exception("Failed to start Controller")
4499 # Initiate from Enrollee with broadcast DPP Authentication Request
4500 dev
[0].dpp_auth_init(uri
=uri_c
, role
="enrollee", tcp_addr
="127.0.0.1",
4502 wait_auth_success(dev
[1], dev
[0], configurator
=dev
[1], enrollee
=dev
[0],
4503 allow_enrollee_failure
=True,
4504 allow_configurator_failure
=True)