]> git.ipfire.org Git - thirdparty/hostap.git/blob - tests/hwsim/test_dpp.py
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tests: DPP and duplicated Authentication Response
[thirdparty/hostap.git] / tests / hwsim / test_dpp.py
1 # Test cases for Device Provisioning Protocol (DPP)
2 # Copyright (c) 2017, Qualcomm Atheros, Inc.
3 # Copyright (c) 2018, The Linux Foundation
4 #
5 # This software may be distributed under the terms of the BSD license.
6 # See README for more details.
7
8 import base64
9 import binascii
10 import hashlib
11 import logging
12 logger = logging.getLogger()
13 import os
14 import struct
15 import subprocess
16 import time
17
18 import hostapd
19 import hwsim_utils
20 from utils import HwsimSkip, alloc_fail, fail_test, wait_fail_trigger
21 from wpasupplicant import WpaSupplicant
22
23 try:
24 import OpenSSL
25 openssl_imported = True
26 except ImportError:
27 openssl_imported = False
28
29 def check_dpp_capab(dev, brainpool=False):
30 if "UNKNOWN COMMAND" in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
31 raise HwsimSkip("DPP not supported")
32 if brainpool:
33 tls = dev.request("GET tls_library")
34 if not tls.startswith("OpenSSL") or "run=BoringSSL" in tls:
35 raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls)
36
37 def test_dpp_qr_code_parsing(dev, apdev):
38 """DPP QR Code parsing"""
39 check_dpp_capab(dev[0])
40 id = []
41
42 tests = [ "DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
43 "DPP:C:81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13,82/14,83/1,83/2,83/3,83/4,83/5,83/6,83/7,83/8,83/9,84/5,84/6,84/7,84/8,84/9,84/10,84/11,84/12,84/13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;",
44 "DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
45 "DPP:I:;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;" ]
46 for uri in tests:
47 id.append(dev[0].dpp_qr_code(uri))
48
49 uri2 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id[-1])
50 if uri != uri2:
51 raise Exception("Returned URI does not match")
52
53 tests = [ "foo",
54 "DPP:",
55 "DPP:;;",
56 "DPP:C:1/2;M:;K;;",
57 "DPP:I:;M:01020304050;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
58 "DPP:K:" + base64.b64encode(b"hello").decode() + ";;",
59 "DPP:K:MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
60 "DPP:K:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANNZaZA4T/kRDjnmpI1ACOJhAuTIIEk2KFOpS6XPpGF+EVr/ao3XemkE0/nzXmGaLzLqTUCJknSdxTnVPeWfCVsCAwEAAQ==;;",
61 "DPP:K:MIIBCjCB0wYHKoZIzj0CATCBxwIBATAkBgcqhkjOPQEBAhkA/////////////////////v//////////MEsEGP////////////////////7//////////AQYZCEFGeWcgOcPp+mrciQwSf643uzBRrmxAxUAMEWub8hCL2TtV5Uo04Eg6uEhltUEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;",
62 "DPP:I:foo\tbar;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;",
63 "DPP:C:1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
64 "DPP:C:81/1a;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
65 "DPP:C:1/2000,81/-1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;",
66 "DPP:C:-1/1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;" ]
67 for t in tests:
68 res = dev[0].request("DPP_QR_CODE " + t)
69 if "FAIL" not in res:
70 raise Exception("Accepted invalid QR Code: " + t)
71
72 logger.info("ID: " + str(id))
73 if id[0] == id[1] or id[0] == id[2] or id[1] == id[2]:
74 raise Exception("Duplicate ID returned")
75
76 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_REMOVE 12345678"):
77 raise Exception("DPP_BOOTSTRAP_REMOVE accepted unexpectedly")
78 if "OK" not in dev[0].request("DPP_BOOTSTRAP_REMOVE %d" % id[1]):
79 raise Exception("DPP_BOOTSTRAP_REMOVE failed")
80
81 id = dev[0].dpp_bootstrap_gen()
82 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
83 logger.info("Generated URI: " + uri)
84
85 dev[0].dpp_qr_code(uri)
86
87 id = dev[0].dpp_bootstrap_gen(chan="81/1,115/36", mac="010203040506",
88 info="foo")
89 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
90 logger.info("Generated URI: " + uri)
91
92 dev[0].dpp_qr_code(uri)
93
94 def test_dpp_qr_code_parsing_fail(dev, apdev):
95 """DPP QR Code parsing local failure"""
96 check_dpp_capab(dev[0])
97 with alloc_fail(dev[0], 1, "dpp_parse_uri_info"):
98 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
99 raise Exception("DPP_QR_CODE failure not reported")
100
101 with alloc_fail(dev[0], 1, "dpp_parse_uri_pk"):
102 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
103 raise Exception("DPP_QR_CODE failure not reported")
104
105 with fail_test(dev[0], 1, "dpp_parse_uri_pk"):
106 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
107 raise Exception("DPP_QR_CODE failure not reported")
108
109 with alloc_fail(dev[0], 1, "dpp_parse_uri"):
110 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"):
111 raise Exception("DPP_QR_CODE failure not reported")
112
113 dpp_key_p256 ="30570201010420777fc55dc51e967c10ec051b91d860b5f1e6c934e48d5daffef98d032c64b170a00a06082a8648ce3d030107a124032200020c804188c7f85beb6e91070d2b3e5e39b90ca77b4d3c5251bc1844d6ca29dcad"
114 dpp_key_p384 = "307402010104302f56fdd83b5345cacb630eb7c22fa5ad5daba37307c95191e2a75756d137003bd8b32dbcb00eb5650c1eb499ecfcaec0a00706052b81040022a13403320003615ec2141b5b77aebb6523f8a012755f9a34405a8398d2ceeeebca7f5ce868bf55056cba4c4ec62fad3ed26dd29e0f23"
115 dpp_key_p521 = "308198020101044200c8010d5357204c252551aaf4e210343111e503fd1dc615b257058997c49b6b643c975226e93be8181cca3d83a7072defd161dfbdf433c19abe1f2ad51867a05761a00706052b81040023a1460344000301cdf3608b1305fe34a1f976095dcf001182b9973354efe156291a66830292f9babd8f412ad462958663e7a75d1d0610abdfc3dd95d40669f7ab3bc001668cfb3b7c"
116 dpp_key_bp256 = "3058020101042057133a676fb60bf2a3e6797e19833c7b0f89dc192ab99ab5fa377ae23a157765a00b06092b2403030208010107a12403220002945d9bf7ce30c9c1ac0ff21ca62b984d5bb80ff69d2be8c9716ab39a10d2caf0"
117 dpp_key_bp384 = "307802010104304902df9f3033a9b7128554c0851dc7127c3573eed150671dae74c0013e9896a9b1c22b6f7d43d8a2ebb7cd474dc55039a00b06092b240303020801010ba13403320003623cb5e68787f351faababf3425161571560add2e6f9a306fcbffb507735bf955bb46dd20ba246b0d5cadce73e5bd6a6"
118 dpp_key_bp512 = "30819802010104405803494226eb7e50bf0e90633f37e7e35d33f5fa502165eeba721d927f9f846caf12e925701d18e123abaaaf4a7edb4fc4de21ce18bc10c4d12e8b3439f74e40a00b06092b240303020801010da144034200033b086ccd47486522d35dc16fbb2229642c2e9e87897d45abbf21f9fb52acb5a6272b31d1b227c3e53720769cc16b4cb181b26cd0d35fe463218aaedf3b6ec00a"
119
120 def test_dpp_qr_code_curves(dev, apdev):
121 """DPP QR Code and supported curves"""
122 check_dpp_capab(dev[0])
123 tests = [ ("prime256v1", dpp_key_p256),
124 ("secp384r1", dpp_key_p384),
125 ("secp521r1", dpp_key_p521) ]
126 for curve, hex in tests:
127 id = dev[0].dpp_bootstrap_gen(key=hex)
128 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
129 if "FAIL" in info:
130 raise Exception("Failed to get info for " + curve)
131 if "curve=" + curve not in info:
132 raise Exception("Curve mismatch for " + curve)
133
134 def test_dpp_qr_code_curves_brainpool(dev, apdev):
135 """DPP QR Code and supported Brainpool curves"""
136 check_dpp_capab(dev[0], brainpool=True)
137 tests = [ ("brainpoolP256r1", dpp_key_bp256),
138 ("brainpoolP384r1", dpp_key_bp384),
139 ("brainpoolP512r1", dpp_key_bp512) ]
140 for curve, hex in tests:
141 id = dev[0].dpp_bootstrap_gen(key=hex)
142 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
143 if "FAIL" in info:
144 raise Exception("Failed to get info for " + curve)
145 if "curve=" + curve not in info:
146 raise Exception("Curve mismatch for " + curve)
147
148 def test_dpp_qr_code_unsupported_curve(dev, apdev):
149 """DPP QR Code and unsupported curve"""
150 check_dpp_capab(dev[0])
151
152 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode curve=unsupported")
153 if "FAIL" not in id:
154 raise Exception("Unsupported curve accepted")
155
156 tests = [ "30",
157 "305f02010104187f723ed9e1b41979ec5cd02eb82696efc76b40e277661049a00a06082a8648ce3d030101a134033200043f292614dea97c43f500f069e79ae9fb48f8b07369180de5eec8fa2bc9eea5af7a46dc335f52f10cb1c0e9464201d41b" ]
158 for hex in tests:
159 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex)
160 if "FAIL" not in id:
161 raise Exception("Unsupported/invalid curve accepted")
162
163 def test_dpp_qr_code_keygen_fail(dev, apdev):
164 """DPP QR Code and keygen failure"""
165 check_dpp_capab(dev[0])
166
167 with alloc_fail(dev[0], 1, "dpp_bootstrap_key_der;dpp_keygen"):
168 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
169 raise Exception("Failure not reported")
170
171 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen"):
172 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"):
173 raise Exception("Failure not reported")
174
175 def test_dpp_qr_code_curve_select(dev, apdev):
176 """DPP QR Code and curve selection"""
177 check_dpp_capab(dev[0], brainpool=True)
178 check_dpp_capab(dev[1], brainpool=True)
179
180 bi = []
181 for key in [ dpp_key_p256, dpp_key_p384, dpp_key_p521,
182 dpp_key_bp256, dpp_key_bp384, dpp_key_bp512 ]:
183 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, key=key)
184 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id)
185 for i in info.splitlines():
186 if '=' in i:
187 name, val = i.split('=')
188 if name == "curve":
189 curve = val
190 break
191 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
192 bi.append((curve, uri))
193
194 for curve, uri in bi:
195 logger.info("Curve: " + curve)
196 logger.info("URI: " + uri)
197
198 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
199 raise Exception("Failed to start listen operation")
200
201 res = dev[1].dpp_qr_code(uri)
202 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % res):
203 raise Exception("Failed to initiate DPP Authentication")
204 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
205 if ev is None:
206 raise Exception("DPP authentication did not succeed (Responder)")
207 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
208 if ev is None:
209 raise Exception("DPP authentication did not succeed (Initiator)")
210 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2)
211 if ev is None:
212 raise Exception("DPP configuration result not seen (Enrollee)")
213 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2)
214 if ev is None:
215 raise Exception("DPP configuration result not seen (Responder)")
216 dev[0].request("DPP_STOP_LISTEN")
217 dev[1].request("DPP_STOP_LISTEN")
218 dev[0].dump_monitor()
219 dev[1].dump_monitor()
220
221 def test_dpp_qr_code_auth_broadcast(dev, apdev):
222 """DPP QR Code and authentication exchange (broadcast)"""
223 check_dpp_capab(dev[0])
224 check_dpp_capab(dev[1])
225 logger.info("dev0 displays QR Code")
226 id0 = dev[0].dpp_bootstrap_gen(chan="81/1")
227 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
228
229 logger.info("dev1 scans QR Code")
230 id1 = dev[1].dpp_qr_code(uri0)
231
232 logger.info("dev1 initiates DPP Authentication")
233 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
234 raise Exception("Failed to start listen operation")
235 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % id1):
236 raise Exception("Failed to initiate DPP Authentication")
237 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
238 if ev is None:
239 raise Exception("DPP authentication did not succeed (Responder)")
240 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
241 if ev is None:
242 raise Exception("DPP authentication did not succeed (Initiator)")
243 dev[0].request("DPP_STOP_LISTEN")
244
245 def test_dpp_qr_code_auth_unicast(dev, apdev):
246 """DPP QR Code and authentication exchange (unicast)"""
247 run_dpp_qr_code_auth_unicast(dev, apdev, None)
248
249 def test_dpp_qr_code_auth_unicast_ap_enrollee(dev, apdev):
250 """DPP QR Code and authentication exchange (AP enrollee)"""
251 run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="ap")
252
253 def test_dpp_qr_code_curve_prime256v1(dev, apdev):
254 """DPP QR Code and curve prime256v1"""
255 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1")
256
257 def test_dpp_qr_code_curve_secp384r1(dev, apdev):
258 """DPP QR Code and curve secp384r1"""
259 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1")
260
261 def test_dpp_qr_code_curve_secp521r1(dev, apdev):
262 """DPP QR Code and curve secp521r1"""
263 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1")
264
265 def test_dpp_qr_code_curve_brainpoolP256r1(dev, apdev):
266 """DPP QR Code and curve brainpoolP256r1"""
267 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP256r1")
268
269 def test_dpp_qr_code_curve_brainpoolP384r1(dev, apdev):
270 """DPP QR Code and curve brainpoolP384r1"""
271 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP384r1")
272
273 def test_dpp_qr_code_curve_brainpoolP512r1(dev, apdev):
274 """DPP QR Code and curve brainpoolP512r1"""
275 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP512r1")
276
277 def test_dpp_qr_code_set_key(dev, apdev):
278 """DPP QR Code and fixed bootstrapping key"""
279 run_dpp_qr_code_auth_unicast(dev, apdev, None, key="30770201010420e5143ac74682cc6869a830e8f5301a5fa569130ac329b1d7dd6f2a7495dbcbe1a00a06082a8648ce3d030107a144034200045e13e167c33dbc7d85541e5509600aa8139bbb3e39e25898992c5d01be92039ee2850f17e71506ded0d6b25677441eae249f8e225c68dd15a6354dca54006383")
280
281 def run_dpp_qr_code_auth_unicast(dev, apdev, curve, netrole=None, key=None,
282 require_conf_success=False, init_extra=None,
283 require_conf_failure=False,
284 configurator=False, conf_curve=None):
285 check_dpp_capab(dev[0], curve and "brainpool" in curve)
286 check_dpp_capab(dev[1], curve and "brainpool" in curve)
287 if configurator:
288 logger.info("Create configurator on dev1")
289 cmd = "DPP_CONFIGURATOR_ADD"
290 if conf_curve:
291 cmd += " curve=" + conf_curve
292 res = dev[1].request(cmd)
293 if "FAIL" in res:
294 raise Exception("Failed to add configurator")
295 conf_id = int(res)
296
297 logger.info("dev0 displays QR Code")
298 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve, key=key)
299 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
300
301 logger.info("dev1 scans QR Code")
302 id1 = dev[1].dpp_qr_code(uri0)
303
304 logger.info("dev1 initiates DPP Authentication")
305 cmd = "DPP_LISTEN 2412"
306 if netrole:
307 cmd += " netrole=" + netrole
308 if "OK" not in dev[0].request(cmd):
309 raise Exception("Failed to start listen operation")
310 cmd = "DPP_AUTH_INIT peer=%d" % id1
311 if init_extra:
312 cmd += " " + init_extra
313 if configurator:
314 cmd += " configurator=%d" % conf_id
315 if "OK" not in dev[1].request(cmd):
316 raise Exception("Failed to initiate DPP Authentication")
317 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
318 if ev is None:
319 raise Exception("DPP authentication did not succeed (Responder)")
320 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
321 if ev is None:
322 raise Exception("DPP authentication did not succeed (Initiator)")
323 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
324 if ev is None:
325 raise Exception("DPP configuration not completed (Configurator)")
326 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
327 if ev is None:
328 raise Exception("DPP configuration not completed (Enrollee)")
329 if require_conf_success:
330 if "DPP-CONF-FAILED" in ev:
331 raise Exception("DPP configuration failed")
332 if require_conf_failure:
333 if "DPP-CONF-SUCCESS" in ev:
334 raise Exception("DPP configuration succeeded unexpectedly")
335 dev[0].request("DPP_STOP_LISTEN")
336 dev[0].dump_monitor()
337 dev[1].dump_monitor()
338
339 def test_dpp_qr_code_auth_mutual(dev, apdev):
340 """DPP QR Code and authentication exchange (mutual)"""
341 check_dpp_capab(dev[0])
342 check_dpp_capab(dev[1])
343 logger.info("dev0 displays QR Code")
344 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
345 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
346
347 logger.info("dev1 scans QR Code")
348 id1 = dev[1].dpp_qr_code(uri0)
349
350 logger.info("dev1 displays QR Code")
351 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
352 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
353
354 logger.info("dev0 scans QR Code")
355 id0b = dev[0].dpp_qr_code(uri1b)
356
357 logger.info("dev1 initiates DPP Authentication")
358 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
359 raise Exception("Failed to start listen operation")
360 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b)):
361 raise Exception("Failed to initiate DPP Authentication")
362
363 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
364 if ev is None:
365 raise Exception("DPP authentication direction not indicated (Initiator)")
366 if "mutual=1" not in ev:
367 raise Exception("Mutual authentication not used")
368
369 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
370 if ev is None:
371 raise Exception("DPP authentication did not succeed (Responder)")
372 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
373 if ev is None:
374 raise Exception("DPP authentication did not succeed (Initiator)")
375 dev[0].request("DPP_STOP_LISTEN")
376
377 def test_dpp_qr_code_auth_mutual2(dev, apdev):
378 """DPP QR Code and authentication exchange (mutual2)"""
379 check_dpp_capab(dev[0])
380 check_dpp_capab(dev[1])
381 logger.info("dev0 displays QR Code")
382 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
383 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
384
385 logger.info("dev1 scans QR Code")
386 id1 = dev[1].dpp_qr_code(uri0)
387
388 logger.info("dev1 displays QR Code")
389 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
390 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
391
392 logger.info("dev1 initiates DPP Authentication")
393 if "OK" not in dev[0].request("DPP_LISTEN 2412 qr=mutual"):
394 raise Exception("Failed to start listen operation")
395 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b)):
396 raise Exception("Failed to initiate DPP Authentication")
397
398 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
399 if ev is None:
400 raise Exception("Pending response not reported")
401 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
402 if ev is None:
403 raise Exception("QR Code scan for mutual authentication not requested")
404
405 logger.info("dev0 scans QR Code")
406 id0b = dev[0].dpp_qr_code(uri1b)
407
408 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
409 if ev is None:
410 raise Exception("DPP authentication direction not indicated (Initiator)")
411 if "mutual=1" not in ev:
412 raise Exception("Mutual authentication not used")
413
414 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
415 if ev is None:
416 raise Exception("DPP authentication did not succeed (Responder)")
417 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
418 if ev is None:
419 raise Exception("DPP authentication did not succeed (Initiator)")
420 dev[0].request("DPP_STOP_LISTEN")
421
422 def test_dpp_qr_code_auth_mutual_p_256(dev, apdev):
423 """DPP QR Code and authentication exchange (mutual, autogen P-256)"""
424 run_dpp_qr_code_auth_mutual(dev, apdev, "P-256")
425
426 def test_dpp_qr_code_auth_mutual_p_384(dev, apdev):
427 """DPP QR Code and authentication exchange (mutual, autogen P-384)"""
428 run_dpp_qr_code_auth_mutual(dev, apdev, "P-384")
429
430 def test_dpp_qr_code_auth_mutual_p_521(dev, apdev):
431 """DPP QR Code and authentication exchange (mutual, autogen P-521)"""
432 run_dpp_qr_code_auth_mutual(dev, apdev, "P-521")
433
434 def test_dpp_qr_code_auth_mutual_bp_256(dev, apdev):
435 """DPP QR Code and authentication exchange (mutual, autogen BP-256)"""
436 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-256")
437
438 def test_dpp_qr_code_auth_mutual_bp_384(dev, apdev):
439 """DPP QR Code and authentication exchange (mutual, autogen BP-384)"""
440 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-384")
441
442 def test_dpp_qr_code_auth_mutual_bp_512(dev, apdev):
443 """DPP QR Code and authentication exchange (mutual, autogen BP-512)"""
444 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-512")
445
446 def run_dpp_qr_code_auth_mutual(dev, apdev, curve):
447 check_dpp_capab(dev[0], curve and "BP-" in curve)
448 check_dpp_capab(dev[1], curve and "BP-" in curve)
449 logger.info("dev0 displays QR Code")
450 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
451 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
452
453 logger.info("dev1 scans QR Code")
454 id1 = dev[1].dpp_qr_code(uri0)
455
456 logger.info("dev1 initiates DPP Authentication")
457 if "OK" not in dev[0].request("DPP_LISTEN 2412 qr=mutual"):
458 raise Exception("Failed to start listen operation")
459 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % (id1)):
460 raise Exception("Failed to initiate DPP Authentication")
461
462 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
463 if ev is None:
464 raise Exception("Pending response not reported")
465 uri = ev.split(' ')[1]
466
467 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
468 if ev is None:
469 raise Exception("QR Code scan for mutual authentication not requested")
470
471 logger.info("dev0 scans QR Code")
472 dev[0].dpp_qr_code(uri)
473
474 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
475 if ev is None:
476 raise Exception("DPP authentication direction not indicated (Initiator)")
477 if "mutual=1" not in ev:
478 raise Exception("Mutual authentication not used")
479
480 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
481 if ev is None:
482 raise Exception("DPP authentication did not succeed (Responder)")
483 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
484 if ev is None:
485 raise Exception("DPP authentication did not succeed (Initiator)")
486 dev[0].request("DPP_STOP_LISTEN")
487
488 def test_dpp_auth_resp_retries(dev, apdev):
489 """DPP Authentication Response retries"""
490 check_dpp_capab(dev[0])
491 check_dpp_capab(dev[1])
492 dev[0].set("dpp_resp_max_tries", "3")
493 dev[0].set("dpp_resp_retry_time", "100")
494
495 logger.info("dev0 displays QR Code")
496 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
497 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
498
499 logger.info("dev1 scans QR Code")
500 id1 = dev[1].dpp_qr_code(uri0)
501
502 logger.info("dev1 displays QR Code")
503 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
504 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
505
506 logger.info("dev1 initiates DPP Authentication")
507 if "OK" not in dev[0].request("DPP_LISTEN 2412 qr=mutual"):
508 raise Exception("Failed to start listen operation")
509 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b)):
510 raise Exception("Failed to initiate DPP Authentication")
511
512 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
513 if ev is None:
514 raise Exception("Pending response not reported")
515 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
516 if ev is None:
517 raise Exception("QR Code scan for mutual authentication not requested")
518
519 # Stop Initiator from listening to frames to force retransmission of the
520 # DPP Authentication Response frame with Status=0
521 dev[1].request("DPP_STOP_LISTEN")
522
523 dev[1].dump_monitor()
524 dev[0].dump_monitor()
525
526 logger.info("dev0 scans QR Code")
527 id0b = dev[0].dpp_qr_code(uri1b)
528
529 ev = dev[0].wait_event(["DPP-TX"], timeout=5)
530 if ev is None or "type=1" not in ev:
531 raise Exception("DPP Authentication Response not sent")
532 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
533 if ev is None:
534 raise Exception("TX status for DPP Authentication Response not reported")
535 if "result=no-ACK" not in ev:
536 raise Exception("Unexpected TX status for Authentication Response: " + ev)
537
538 ev = dev[0].wait_event(["DPP-TX"], timeout=15)
539 if ev is None or "type=1" not in ev:
540 raise Exception("DPP Authentication Response retransmission not sent")
541
542 def test_dpp_qr_code_auth_mutual_not_used(dev, apdev):
543 """DPP QR Code and authentication exchange (mutual not used)"""
544 check_dpp_capab(dev[0])
545 check_dpp_capab(dev[1])
546 logger.info("dev0 displays QR Code")
547 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
548 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
549
550 logger.info("dev1 scans QR Code")
551 id1 = dev[1].dpp_qr_code(uri0)
552
553 logger.info("dev1 displays QR Code")
554 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
555 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
556
557 logger.info("dev0 does not scan QR Code")
558
559 logger.info("dev1 initiates DPP Authentication")
560 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
561 raise Exception("Failed to start listen operation")
562 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b)):
563 raise Exception("Failed to initiate DPP Authentication")
564
565 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5)
566 if ev is None:
567 raise Exception("DPP authentication direction not indicated (Initiator)")
568 if "mutual=0" not in ev:
569 raise Exception("Mutual authentication not used")
570
571 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
572 if ev is None:
573 raise Exception("DPP authentication did not succeed (Responder)")
574 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
575 if ev is None:
576 raise Exception("DPP authentication did not succeed (Initiator)")
577 dev[0].request("DPP_STOP_LISTEN")
578
579 def test_dpp_qr_code_auth_mutual_curve_mismatch(dev, apdev):
580 """DPP QR Code and authentication exchange (mutual/mismatch)"""
581 check_dpp_capab(dev[0])
582 check_dpp_capab(dev[1])
583 logger.info("dev0 displays QR Code")
584 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
585 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
586
587 logger.info("dev1 scans QR Code")
588 id1 = dev[1].dpp_qr_code(uri0)
589
590 logger.info("dev1 displays QR Code")
591 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve="secp384r1")
592 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
593
594 logger.info("dev0 scans QR Code")
595 id0b = dev[0].dpp_qr_code(uri1b)
596
597 res = dev[1].request("DPP_AUTH_INIT peer=%d own=%d" % (id1, id1b))
598 if "FAIL" not in res:
599 raise Exception("DPP_AUTH_INIT accepted unexpectedly")
600
601 def test_dpp_qr_code_auth_hostapd_mutual2(dev, apdev):
602 """DPP QR Code and authentication exchange (hostapd mutual2)"""
603 check_dpp_capab(dev[0])
604 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
605 check_dpp_capab(hapd)
606
607 logger.info("AP displays QR Code")
608 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
609 uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
610
611 logger.info("dev0 scans QR Code")
612 id0 = dev[0].dpp_qr_code(uri_h)
613
614 logger.info("dev0 displays QR Code")
615 id0b = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
616 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b)
617
618 logger.info("dev0 initiates DPP Authentication")
619 if "OK" not in hapd.request("DPP_LISTEN 2412 qr=mutual"):
620 raise Exception("Failed to start listen operation")
621 if "OK" not in dev[0].request("DPP_AUTH_INIT peer=%d own=%d" % (id0, id0b)):
622 raise Exception("Failed to initiate DPP Authentication")
623
624 ev = dev[0].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
625 if ev is None:
626 raise Exception("Pending response not reported")
627 ev = hapd.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
628 if ev is None:
629 raise Exception("QR Code scan for mutual authentication not requested")
630
631 logger.info("AP scans QR Code")
632 hapd.dpp_qr_code(uri0)
633
634 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
635 if ev is None:
636 raise Exception("DPP authentication did not succeed (Responder)")
637 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
638 if ev is None:
639 raise Exception("DPP authentication did not succeed (Initiator)")
640 hapd.request("DPP_STOP_LISTEN")
641
642 def test_dpp_qr_code_listen_continue(dev, apdev):
643 """DPP QR Code and listen operation needing continuation"""
644 check_dpp_capab(dev[0])
645 check_dpp_capab(dev[1])
646 logger.info("dev0 displays QR Code")
647 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
648 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
649
650 logger.info("dev1 scans QR Code")
651 id1 = dev[1].dpp_qr_code(uri0)
652
653 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
654 raise Exception("Failed to start listen operation")
655 logger.info("Wait for listen to expire and get restarted")
656 time.sleep(5.5)
657 logger.info("dev1 initiates DPP Authentication")
658 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % id1):
659 raise Exception("Failed to initiate DPP Authentication")
660 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
661 if ev is None:
662 raise Exception("DPP authentication did not succeed (Responder)")
663 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
664 if ev is None:
665 raise Exception("DPP authentication did not succeed (Initiator)")
666 dev[0].request("DPP_STOP_LISTEN")
667
668 def test_dpp_qr_code_auth_initiator_enrollee(dev, apdev):
669 """DPP QR Code and authentication exchange (Initiator in Enrollee role)"""
670 check_dpp_capab(dev[0])
671 check_dpp_capab(dev[1])
672 dev[0].request("SET gas_address3 1")
673 dev[1].request("SET gas_address3 1")
674 logger.info("dev0 displays QR Code")
675 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
676 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
677
678 logger.info("dev1 scans QR Code")
679 id1 = dev[1].dpp_qr_code(uri0)
680
681 logger.info("dev1 initiates DPP Authentication")
682 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
683 raise Exception("Failed to start listen operation")
684 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=enrollee" % id1):
685 raise Exception("Failed to initiate DPP Authentication")
686 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
687 if ev is None:
688 raise Exception("DPP authentication did not succeed (Responder)")
689 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
690 if ev is None:
691 raise Exception("DPP authentication did not succeed (Initiator)")
692
693 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
694 if ev is None:
695 raise Exception("DPP configuration did not succeed (Configurator)")
696 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=5)
697 if ev is None:
698 raise Exception("DPP configuration did not succeed (Enrollee)")
699
700 dev[0].request("DPP_STOP_LISTEN")
701
702 def test_dpp_qr_code_auth_initiator_either_1(dev, apdev):
703 """DPP QR Code and authentication exchange (Initiator in either role)"""
704 run_dpp_qr_code_auth_initiator_either(dev, apdev, None, dev[1], dev[0])
705
706 def test_dpp_qr_code_auth_initiator_either_2(dev, apdev):
707 """DPP QR Code and authentication exchange (Initiator in either role)"""
708 run_dpp_qr_code_auth_initiator_either(dev, apdev, "enrollee",
709 dev[1], dev[0])
710
711 def test_dpp_qr_code_auth_initiator_either_3(dev, apdev):
712 """DPP QR Code and authentication exchange (Initiator in either role)"""
713 run_dpp_qr_code_auth_initiator_either(dev, apdev, "configurator",
714 dev[0], dev[1])
715
716 def run_dpp_qr_code_auth_initiator_either(dev, apdev, resp_role,
717 conf_dev, enrollee_dev):
718 check_dpp_capab(dev[0])
719 check_dpp_capab(dev[1])
720 logger.info("dev0 displays QR Code")
721 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
722 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
723
724 logger.info("dev1 scans QR Code")
725 id1 = dev[1].dpp_qr_code(uri0)
726
727 logger.info("dev1 initiates DPP Authentication")
728 cmd = "DPP_LISTEN 2412"
729 if resp_role:
730 cmd += " role=" + resp_role
731 if "OK" not in dev[0].request(cmd):
732 raise Exception("Failed to start listen operation")
733 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=either" % id1):
734 raise Exception("Failed to initiate DPP Authentication")
735 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
736 if ev is None:
737 raise Exception("DPP authentication did not succeed (Responder)")
738 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
739 if ev is None:
740 raise Exception("DPP authentication did not succeed (Initiator)")
741
742 ev = conf_dev.wait_event(["DPP-CONF-SENT"], timeout=5)
743 if ev is None:
744 raise Exception("DPP configuration did not succeed (Configurator)")
745 ev = enrollee_dev.wait_event(["DPP-CONF-FAILED"], timeout=5)
746 if ev is None:
747 raise Exception("DPP configuration did not succeed (Enrollee)")
748
749 dev[0].request("DPP_STOP_LISTEN")
750
751 def run_init_incompatible_roles(dev, role="enrollee"):
752 check_dpp_capab(dev[0])
753 check_dpp_capab(dev[1])
754 logger.info("dev0 displays QR Code")
755 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
756 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
757
758 logger.info("dev1 scans QR Code")
759 id1 = dev[1].dpp_qr_code(uri0)
760
761 logger.info("dev1 initiates DPP Authentication")
762 if "OK" not in dev[0].request("DPP_LISTEN 2412 role=%s" % role):
763 raise Exception("Failed to start listen operation")
764 return id1
765
766 def test_dpp_qr_code_auth_incompatible_roles(dev, apdev):
767 """DPP QR Code and authentication exchange (incompatible roles)"""
768 id1 = run_init_incompatible_roles(dev)
769 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=enrollee" % id1):
770 raise Exception("Failed to initiate DPP Authentication")
771 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
772 if ev is None:
773 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
774 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
775 if ev is None:
776 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
777
778 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
779 raise Exception("Failed to initiate DPP Authentication")
780 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
781 if ev is None:
782 raise Exception("DPP authentication did not succeed (Responder)")
783 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
784 if ev is None:
785 raise Exception("DPP authentication did not succeed (Initiator)")
786 dev[0].request("DPP_STOP_LISTEN")
787
788 def test_dpp_qr_code_auth_incompatible_roles2(dev, apdev):
789 """DPP QR Code and authentication exchange (incompatible roles 2)"""
790 id1 = run_init_incompatible_roles(dev, role="configurator")
791 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
792 raise Exception("Failed to initiate DPP Authentication")
793 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5)
794 if ev is None:
795 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out")
796 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
797 if ev is None:
798 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
799
800 def test_dpp_qr_code_auth_incompatible_roles_failure(dev, apdev):
801 """DPP QR Code and authentication exchange (incompatible roles failure)"""
802 id1 = run_init_incompatible_roles(dev, role="configurator")
803 with alloc_fail(dev[0], 1, "dpp_auth_build_resp_status"):
804 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
805 raise Exception("Failed to initiate DPP Authentication")
806 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1)
807 if ev is None:
808 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out")
809
810 def test_dpp_qr_code_auth_incompatible_roles_failure2(dev, apdev):
811 """DPP QR Code and authentication exchange (incompatible roles failure 2)"""
812 id1 = run_init_incompatible_roles(dev, role="configurator")
813 with alloc_fail(dev[1], 1, "dpp_auth_resp_rx_status"):
814 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
815 raise Exception("Failed to initiate DPP Authentication")
816 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL")
817
818 def test_dpp_qr_code_auth_incompatible_roles_failure3(dev, apdev):
819 """DPP QR Code and authentication exchange (incompatible roles failure 3)"""
820 id1 = run_init_incompatible_roles(dev, role="configurator")
821 with fail_test(dev[1], 1, "dpp_auth_resp_rx_status"):
822 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d role=configurator" % id1):
823 raise Exception("Failed to initiate DPP Authentication")
824 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
825 if ev is None or "AES-SIV decryption failed" not in ev:
826 raise Exception("AES-SIV decryption failure not reported")
827
828 def test_dpp_qr_code_auth_neg_chan(dev, apdev):
829 """DPP QR Code and authentication exchange with requested different channel"""
830 check_dpp_capab(dev[0])
831 check_dpp_capab(dev[1])
832
833 logger.info("Create configurator on dev1")
834 cmd = "DPP_CONFIGURATOR_ADD"
835 res = dev[1].request(cmd)
836 if "FAIL" in res:
837 raise Exception("Failed to add configurator")
838 conf_id = int(res)
839
840 logger.info("dev0 displays QR Code")
841 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
842 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
843
844 logger.info("dev1 scans QR Code")
845 id1 = dev[1].dpp_qr_code(uri0)
846
847 logger.info("dev1 initiates DPP Authentication")
848 cmd = "DPP_LISTEN 2412"
849 if "OK" not in dev[0].request(cmd):
850 raise Exception("Failed to start listen operation")
851 cmd = "DPP_AUTH_INIT peer=%d configurator=%d conf=sta-dpp neg_freq=2462" % (id1, conf_id)
852 if "OK" not in dev[1].request(cmd):
853 raise Exception("Failed to initiate DPP Authentication")
854
855 ev = dev[1].wait_event(["DPP-TX"], timeout=5)
856 if ev is None:
857 raise Exception("DPP Authentication Request not sent")
858 if "freq=2412 type=0" not in ev:
859 raise Exception("Unexpected TX data for Authentication Request: " + ev)
860
861 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
862 if ev is None:
863 raise Exception("DPP Authentication Request not received")
864 if "freq=2412 type=0" not in ev:
865 raise Exception("Unexpected RX data for Authentication Request: " + ev)
866
867 ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
868 if ev is None:
869 raise Exception("TX status for DPP Authentication Request not reported")
870 if "freq=2412 result=SUCCESS" not in ev:
871 raise Exception("Unexpected TX status for Authentication Request: " + ev)
872
873 ev = dev[0].wait_event(["DPP-TX"], timeout=5)
874 if ev is None:
875 raise Exception("DPP Authentication Response not sent")
876 if "freq=2462 type=1" not in ev:
877 raise Exception("Unexpected TX data for Authentication Response: " + ev)
878
879 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
880 if ev is None:
881 raise Exception("DPP Authentication Response not received")
882 if "freq=2462 type=1" not in ev:
883 raise Exception("Unexpected RX data for Authentication Response: " + ev)
884
885 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5)
886 if ev is None:
887 raise Exception("TX status for DPP Authentication Response not reported")
888 if "freq=2462 result=SUCCESS" not in ev:
889 raise Exception("Unexpected TX status for Authentication Response: " + ev)
890
891 ev = dev[1].wait_event(["DPP-TX"], timeout=5)
892 if ev is None:
893 raise Exception("DPP Authentication Confirm not sent")
894 if "freq=2462 type=2" not in ev:
895 raise Exception("Unexpected TX data for Authentication Confirm: " + ev)
896
897 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
898 if ev is None:
899 raise Exception("DPP Authentication Confirm not received")
900 if "freq=2462 type=2" not in ev:
901 raise Exception("Unexpected RX data for Authentication Confirm: " + ev)
902
903 ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5)
904 if ev is None:
905 raise Exception("TX status for DPP Authentication Confirm not reported")
906 if "freq=2462 result=SUCCESS" not in ev:
907 raise Exception("Unexpected TX status for Authentication Confirm: " + ev)
908
909 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
910 if ev is None:
911 raise Exception("DPP authentication did not succeed (Responder)")
912 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
913 if ev is None:
914 raise Exception("DPP authentication did not succeed (Initiator)")
915 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
916 if ev is None:
917 raise Exception("DPP configuration not completed (Configurator)")
918 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
919 if ev is None:
920 raise Exception("DPP configuration not completed (Enrollee)")
921 if "DPP-CONF-FAILED" in ev:
922 raise Exception("DPP configuration failed")
923 dev[0].request("DPP_STOP_LISTEN")
924 dev[0].dump_monitor()
925 dev[1].dump_monitor()
926
927 def test_dpp_config_legacy(dev, apdev):
928 """DPP Config Object for legacy network using passphrase"""
929 check_dpp_capab(dev[1])
930 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}'
931 dev[1].set("dpp_config_obj_override", conf)
932 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
933 require_conf_success=True)
934
935 def test_dpp_config_legacy_psk_hex(dev, apdev):
936 """DPP Config Object for legacy network using PSK"""
937 check_dpp_capab(dev[1])
938 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"' + 32*"12" + '"}}'
939 dev[1].set("dpp_config_obj_override", conf)
940 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
941 require_conf_success=True)
942
943 def test_dpp_config_fragmentation(dev, apdev):
944 """DPP Config Object for legacy network requiring fragmentation"""
945 check_dpp_capab(dev[1])
946 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
947 dev[1].set("dpp_config_obj_override", conf)
948 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
949 require_conf_success=True)
950
951 def test_dpp_config_legacy_gen(dev, apdev):
952 """Generate DPP Config Object for legacy network"""
953 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
954 init_extra="conf=sta-psk pass=%s" % binascii.hexlify(b"passphrase").decode(),
955 require_conf_success=True)
956
957 def test_dpp_config_legacy_gen_psk(dev, apdev):
958 """Generate DPP Config Object for legacy network (PSK)"""
959 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
960 init_extra="conf=sta-psk psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef",
961 require_conf_success=True)
962
963 def test_dpp_config_dpp_gen_prime256v1(dev, apdev):
964 """Generate DPP Config Object for DPP network (P-256)"""
965 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
966 init_extra="conf=sta-dpp",
967 require_conf_success=True,
968 configurator=True)
969
970 def test_dpp_config_dpp_gen_secp384r1(dev, apdev):
971 """Generate DPP Config Object for DPP network (P-384)"""
972 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
973 init_extra="conf=sta-dpp",
974 require_conf_success=True,
975 configurator=True)
976
977 def test_dpp_config_dpp_gen_secp521r1(dev, apdev):
978 """Generate DPP Config Object for DPP network (P-521)"""
979 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
980 init_extra="conf=sta-dpp",
981 require_conf_success=True,
982 configurator=True)
983
984 def test_dpp_config_dpp_gen_prime256v1_prime256v1(dev, apdev):
985 """Generate DPP Config Object for DPP network (P-256 + P-256)"""
986 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
987 init_extra="conf=sta-dpp",
988 require_conf_success=True,
989 configurator=True,
990 conf_curve="prime256v1")
991
992 def test_dpp_config_dpp_gen_prime256v1_secp384r1(dev, apdev):
993 """Generate DPP Config Object for DPP network (P-256 + P-384)"""
994 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
995 init_extra="conf=sta-dpp",
996 require_conf_success=True,
997 configurator=True,
998 conf_curve="secp384r1")
999
1000 def test_dpp_config_dpp_gen_prime256v1_secp521r1(dev, apdev):
1001 """Generate DPP Config Object for DPP network (P-256 + P-521)"""
1002 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1003 init_extra="conf=sta-dpp",
1004 require_conf_success=True,
1005 configurator=True,
1006 conf_curve="secp521r1")
1007
1008 def test_dpp_config_dpp_gen_secp384r1_prime256v1(dev, apdev):
1009 """Generate DPP Config Object for DPP network (P-384 + P-256)"""
1010 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
1011 init_extra="conf=sta-dpp",
1012 require_conf_success=True,
1013 configurator=True,
1014 conf_curve="prime256v1")
1015
1016 def test_dpp_config_dpp_gen_secp384r1_secp384r1(dev, apdev):
1017 """Generate DPP Config Object for DPP network (P-384 + P-384)"""
1018 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
1019 init_extra="conf=sta-dpp",
1020 require_conf_success=True,
1021 configurator=True,
1022 conf_curve="secp384r1")
1023
1024 def test_dpp_config_dpp_gen_secp384r1_secp521r1(dev, apdev):
1025 """Generate DPP Config Object for DPP network (P-384 + P-521)"""
1026 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
1027 init_extra="conf=sta-dpp",
1028 require_conf_success=True,
1029 configurator=True,
1030 conf_curve="secp521r1")
1031
1032 def test_dpp_config_dpp_gen_secp521r1_prime256v1(dev, apdev):
1033 """Generate DPP Config Object for DPP network (P-521 + P-256)"""
1034 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
1035 init_extra="conf=sta-dpp",
1036 require_conf_success=True,
1037 configurator=True,
1038 conf_curve="prime256v1")
1039
1040 def test_dpp_config_dpp_gen_secp521r1_secp384r1(dev, apdev):
1041 """Generate DPP Config Object for DPP network (P-521 + P-384)"""
1042 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
1043 init_extra="conf=sta-dpp",
1044 require_conf_success=True,
1045 configurator=True,
1046 conf_curve="secp384r1")
1047
1048 def test_dpp_config_dpp_gen_secp521r1_secp521r1(dev, apdev):
1049 """Generate DPP Config Object for DPP network (P-521 + P-521)"""
1050 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
1051 init_extra="conf=sta-dpp",
1052 require_conf_success=True,
1053 configurator=True,
1054 conf_curve="secp521r1")
1055
1056 def test_dpp_config_dpp_gen_expiry(dev, apdev):
1057 """Generate DPP Config Object for DPP network with expiry value"""
1058 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1059 init_extra="conf=sta-dpp expiry=%d" % (time.time() + 1000),
1060 require_conf_success=True,
1061 configurator=True)
1062
1063 def test_dpp_config_dpp_gen_expired_key(dev, apdev):
1064 """Generate DPP Config Object for DPP network with expiry value"""
1065 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1066 init_extra="conf=sta-dpp expiry=%d" % (time.time() - 10),
1067 require_conf_failure=True,
1068 configurator=True)
1069
1070 def test_dpp_config_dpp_override_prime256v1(dev, apdev):
1071 """DPP Config Object override (P-256)"""
1072 check_dpp_capab(dev[0])
1073 check_dpp_capab(dev[1])
1074 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}'
1075 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
1076 dev[1].set("dpp_config_obj_override", conf)
1077 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1078 require_conf_success=True)
1079
1080 def test_dpp_config_dpp_override_secp384r1(dev, apdev):
1081 """DPP Config Object override (P-384)"""
1082 check_dpp_capab(dev[0])
1083 check_dpp_capab(dev[1])
1084 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJabi1iMndjbjRLM2pGQklkYmhGZkpVTHJTXzdESS0yMWxFQi02R3gxNjl3IiwiYWxnIjoiRVMzODQifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0zODQiLCJ4IjoickdrSGg1UUZsOUtfWjdqYUZkVVhmbThoY1RTRjM1b25Xb1NIRXVsbVNzWW9oX1RXZGpoRjhiVGdiS0ZRN2tBViIsInkiOiJBbU1QVDA5VmFENWpGdzMwTUFKQlp2VkZXeGNlVVlKLXR5blQ0bVJ5N0xOZWxhZ0dEWHpfOExaRlpOU2FaNUdLIn19.Yn_F7m-bbOQ5PlaYQJ9-1qsuqYQ6V-rAv8nWw1COKiCYwwbt3WFBJ8DljY0dPrlg5CHJC4saXwkytpI-CpELW1yUdzYb4Lrun07d20Eo_g10ICyOl5sqQCAUElKMe_Xr","csign":{"kty":"EC","crv":"P-384","x":"dmTyXXiPV2Y8a01fujL-jo08gvzyby23XmzOtzjAiujKQZZgPJsbhfEKrZDlc6ey","y":"H5Z0av5c7bqInxYb2_OOJdNiMhVf3zlcULR0516ZZitOY4U31KhL4wl4KGV7g2XW","kid":"Zn-b2wcn4K3jFBIdbhFfJULrS_7DI-21lEB-6Gx169w"}}}'
1085 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
1086 dev[1].set("dpp_config_obj_override", conf)
1087 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1",
1088 require_conf_success=True)
1089
1090 def test_dpp_config_dpp_override_secp521r1(dev, apdev):
1091 """DPP Config Object override (P-521)"""
1092 check_dpp_capab(dev[0])
1093 check_dpp_capab(dev[1])
1094 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJMZkhKY3hnV2ZKcG1uS2IwenZRT0F2VDB2b0ZKc0JjZnBmYzgxY3Y5ZXFnIiwiYWxnIjoiRVM1MTIifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC01MjEiLCJ4IjoiQVJlUFBrMFNISkRRR2NWbnlmM3lfbTlaQllHNjFJeElIbDN1NkdwRHVhMkU1WVd4TE1BSUtMMnZuUGtlSGFVRXljRmZaZlpYZ2JlNkViUUxMVkRVUm1VUSIsInkiOiJBWUtaYlNwUkFFNjJVYm9YZ2c1ZWRBVENzbEpzTlpwcm9RR1dUcW9Md04weXkzQkVoT3ZRZmZrOWhaR2lKZ295TzFobXFRRVRrS0pXb2tIYTBCQUpLSGZtIn19.ACEZLyPk13cM_OFScpLoCElQ2t1sxq5z2d_W_3_QslTQQe5SFiH_o8ycL4632YLAH4RV0gZcMKKRMtZdHgBYHjkzASDqgY-_aYN2SBmpfl8hw0YdDlUJWX3DJf-ofqNAlTbnGmhpSg69cEAhFn41Xgvx2MdwYcPVncxxESVOtWl5zNLK","csign":{"kty":"EC","crv":"P-521","x":"ADiOI_YJOAipEXHB-SpGl4KqokX8m8h3BVYCc8dgiwssZ061-nIIY3O1SIO6Re4Jjfy53RPgzDG6jitOgOGLtzZs","y":"AZKggKaQi0ExutSpJAU3-lqDV03sBQLA9C7KabfWoAn8qD6Vk4jU0WAJdt-wBBTF9o1nVuiqS2OxMVYrxN4lOz79","kid":"LfHJcxgWfJpmnKb0zvQOAvT0voFJsBcfpfc81cv9eqg"}}}'
1095 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
1096 dev[1].set("dpp_config_obj_override", conf)
1097 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1",
1098 require_conf_success=True)
1099
1100 def test_dpp_config_override_objects(dev, apdev):
1101 """Generate DPP Config Object and override objects)"""
1102 check_dpp_capab(dev[1])
1103 discovery = '{\n"ssid":"mywifi"\n}'
1104 groups = '[\n {"groupId":"home","netRole":"sta"},\n {"groupId":"cottage","netRole":"sta"}\n]'
1105 dev[1].set("dpp_discovery_override", discovery)
1106 dev[1].set("dpp_groups_override", groups)
1107 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1108 init_extra="conf=sta-dpp",
1109 require_conf_success=True,
1110 configurator=True)
1111
1112 def build_conf_obj(kty="EC", crv="P-256",
1113 x="W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s",
1114 y="Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE",
1115 kid="TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU",
1116 prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}',
1117 signed_connector=None,
1118 no_signed_connector=False,
1119 csign=True):
1120 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{'
1121 conf += '"akm":"dpp",'
1122
1123 if signed_connector:
1124 conn = signed_connector
1125 conf += '"signedConnector":"%s",' % conn
1126 elif not no_signed_connector:
1127 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1128 sign = "_sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A"
1129 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
1130 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=') + '.'
1131 conn += sign
1132 conf += '"signedConnector":"%s",' % conn
1133
1134 if csign:
1135 conf += '"csign":{'
1136 if kty:
1137 conf += '"kty":"%s",' % kty
1138 if crv:
1139 conf += '"crv":"%s",' % crv
1140 if x:
1141 conf += '"x":"%s",' % x
1142 if y:
1143 conf += '"y":"%s",' % y
1144 if kid:
1145 conf += '"kid":"%s"' % kid
1146 conf = conf.rstrip(',')
1147 conf += '}'
1148 else:
1149 conf = conf.rstrip(',')
1150
1151 conf += '}}'
1152
1153 return conf
1154
1155 def run_dpp_config_error(dev, apdev, conf,
1156 skip_net_access_key_mismatch=True):
1157 check_dpp_capab(dev[0])
1158 check_dpp_capab(dev[1])
1159 if skip_net_access_key_mismatch:
1160 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1")
1161 dev[1].set("dpp_config_obj_override", conf)
1162 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1",
1163 require_conf_failure=True)
1164
1165 def test_dpp_config_jwk_error_no_kty(dev, apdev):
1166 """DPP Config Object JWK error - no kty"""
1167 run_dpp_config_error(dev, apdev, build_conf_obj(kty=None))
1168
1169 def test_dpp_config_jwk_error_unexpected_kty(dev, apdev):
1170 """DPP Config Object JWK error - unexpected kty"""
1171 run_dpp_config_error(dev, apdev, build_conf_obj(kty="unknown"))
1172
1173 def test_dpp_config_jwk_error_no_crv(dev, apdev):
1174 """DPP Config Object JWK error - no crv"""
1175 run_dpp_config_error(dev, apdev, build_conf_obj(crv=None))
1176
1177 def test_dpp_config_jwk_error_unsupported_crv(dev, apdev):
1178 """DPP Config Object JWK error - unsupported curve"""
1179 run_dpp_config_error(dev, apdev, build_conf_obj(crv="unsupported"))
1180
1181 def test_dpp_config_jwk_error_no_x(dev, apdev):
1182 """DPP Config Object JWK error - no x"""
1183 run_dpp_config_error(dev, apdev, build_conf_obj(x=None))
1184
1185 def test_dpp_config_jwk_error_invalid_x(dev, apdev):
1186 """DPP Config Object JWK error - invalid x"""
1187 run_dpp_config_error(dev, apdev, build_conf_obj(x="MTIz"))
1188
1189 def test_dpp_config_jwk_error_no_y(dev, apdev):
1190 """DPP Config Object JWK error - no y"""
1191 run_dpp_config_error(dev, apdev, build_conf_obj(y=None))
1192
1193 def test_dpp_config_jwk_error_invalid_y(dev, apdev):
1194 """DPP Config Object JWK error - invalid y"""
1195 run_dpp_config_error(dev, apdev, build_conf_obj(y="MTIz"))
1196
1197 def test_dpp_config_jwk_error_invalid_xy(dev, apdev):
1198 """DPP Config Object JWK error - invalid x,y"""
1199 conf = build_conf_obj(x="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY",
1200 y="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY")
1201 run_dpp_config_error(dev, apdev, conf)
1202
1203 def test_dpp_config_jwk_error_no_kid(dev, apdev):
1204 """DPP Config Object JWK error - no kid"""
1205 run_dpp_config_error(dev, apdev, build_conf_obj(kid=None))
1206
1207 def test_dpp_config_jws_error_prot_hdr_not_an_object(dev, apdev):
1208 """DPP Config Object JWS error - protected header not an object"""
1209 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr="1"))
1210
1211 def test_dpp_config_jws_error_prot_hdr_no_typ(dev, apdev):
1212 """DPP Config Object JWS error - protected header - no typ"""
1213 prot_hdr='{"kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1214 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1215
1216 def test_dpp_config_jws_error_prot_hdr_unsupported_typ(dev, apdev):
1217 """DPP Config Object JWS error - protected header - unsupported typ"""
1218 prot_hdr='{"typ":"unsupported","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}'
1219 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1220
1221 def test_dpp_config_jws_error_prot_hdr_no_alg(dev, apdev):
1222 """DPP Config Object JWS error - protected header - no alg"""
1223 prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}'
1224 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1225
1226 def test_dpp_config_jws_error_prot_hdr_unexpected_alg(dev, apdev):
1227 """DPP Config Object JWS error - protected header - unexpected alg"""
1228 prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"unexpected"}'
1229 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1230
1231 def test_dpp_config_jws_error_prot_hdr_no_kid(dev, apdev):
1232 """DPP Config Object JWS error - protected header - no kid"""
1233 prot_hdr='{"typ":"dppCon","alg":"ES256"}'
1234 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1235
1236 def test_dpp_config_jws_error_prot_hdr_unexpected_kid(dev, apdev):
1237 """DPP Config Object JWS error - protected header - unexpected kid"""
1238 prot_hdr='{"typ":"dppCon","kid":"MTIz","alg":"ES256"}'
1239 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr))
1240
1241 def test_dpp_config_signed_connector_error_no_dot_1(dev, apdev):
1242 """DPP Config Object signedConnector error - no dot(1)"""
1243 conn = "MTIz"
1244 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1245
1246 def test_dpp_config_signed_connector_error_no_dot_2(dev, apdev):
1247 """DPP Config Object signedConnector error - no dot(2)"""
1248 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz"
1249 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1250
1251 def test_dpp_config_signed_connector_error_unexpected_signature_len(dev, apdev):
1252 """DPP Config Object signedConnector error - unexpected signature length"""
1253 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTIz"
1254 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1255
1256 def test_dpp_config_signed_connector_error_invalid_signature_der(dev, apdev):
1257 """DPP Config Object signedConnector error - invalid signature DER"""
1258 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTI"
1259 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn))
1260
1261 def test_dpp_config_no_csign(dev, apdev):
1262 """DPP Config Object error - no csign"""
1263 run_dpp_config_error(dev, apdev, build_conf_obj(csign=False))
1264
1265 def test_dpp_config_no_signed_connector(dev, apdev):
1266 """DPP Config Object error - no signedConnector"""
1267 run_dpp_config_error(dev, apdev, build_conf_obj(no_signed_connector=True))
1268
1269 def test_dpp_config_unexpected_signed_connector_char(dev, apdev):
1270 """DPP Config Object error - unexpected signedConnector character"""
1271 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector='a\nb'))
1272
1273 def test_dpp_config_root_not_an_object(dev, apdev):
1274 """DPP Config Object error - root not an object"""
1275 conf = "1"
1276 run_dpp_config_error(dev, apdev, conf)
1277
1278 def test_dpp_config_no_wi_fi_tech(dev, apdev):
1279 """DPP Config Object error - no wi-fi_tech"""
1280 conf = "{}"
1281 run_dpp_config_error(dev, apdev, conf)
1282
1283 def test_dpp_config_unsupported_wi_fi_tech(dev, apdev):
1284 """DPP Config Object error - unsupported wi-fi_tech"""
1285 conf = '{"wi-fi_tech":"unsupported"}'
1286 run_dpp_config_error(dev, apdev, conf)
1287
1288 def test_dpp_config_no_discovery(dev, apdev):
1289 """DPP Config Object error - no discovery"""
1290 conf = '{"wi-fi_tech":"infra"}'
1291 run_dpp_config_error(dev, apdev, conf)
1292
1293 def test_dpp_config_no_discovery_ssid(dev, apdev):
1294 """DPP Config Object error - no discovery::ssid"""
1295 conf = '{"wi-fi_tech":"infra","discovery":{}}'
1296 run_dpp_config_error(dev, apdev, conf)
1297
1298 def test_dpp_config_too_long_discovery_ssid(dev, apdev):
1299 """DPP Config Object error - too long discovery::ssid"""
1300 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"%s"}}' % (33*'A')
1301 run_dpp_config_error(dev, apdev, conf)
1302
1303 def test_dpp_config_no_cred(dev, apdev):
1304 """DPP Config Object error - no cred"""
1305 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"}}'
1306 run_dpp_config_error(dev, apdev, conf)
1307
1308 def test_dpp_config_no_cred_akm(dev, apdev):
1309 """DPP Config Object error - no cred::akm"""
1310 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{}}'
1311 run_dpp_config_error(dev, apdev, conf)
1312
1313 def test_dpp_config_unsupported_cred_akm(dev, apdev):
1314 """DPP Config Object error - unsupported cred::akm"""
1315 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"unsupported"}}'
1316 run_dpp_config_error(dev, apdev, conf)
1317
1318 def test_dpp_config_error_legacy_no_pass(dev, apdev):
1319 """DPP Config Object legacy error - no pass/psk"""
1320 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk"}}'
1321 run_dpp_config_error(dev, apdev, conf)
1322
1323 def test_dpp_config_error_legacy_too_short_pass(dev, apdev):
1324 """DPP Config Object legacy error - too short pass/psk"""
1325 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"1"}}'
1326 run_dpp_config_error(dev, apdev, conf)
1327
1328 def test_dpp_config_error_legacy_too_long_pass(dev, apdev):
1329 """DPP Config Object legacy error - too long pass/psk"""
1330 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"%s"}}' % (64*'A')
1331 run_dpp_config_error(dev, apdev, conf)
1332
1333 def test_dpp_config_error_legacy_psk_with_sae(dev, apdev):
1334 """DPP Config Object legacy error - psk_hex with SAE"""
1335 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"sae","psk_hex":"%s"}}' % (32*"12")
1336 run_dpp_config_error(dev, apdev, conf)
1337
1338 def test_dpp_config_error_legacy_no_pass_for_sae(dev, apdev):
1339 """DPP Config Object legacy error - no pass for SAE"""
1340 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk+sae","psk_hex":"%s"}}' % (32*"12")
1341 run_dpp_config_error(dev, apdev, conf)
1342
1343 def test_dpp_config_error_legacy_invalid_psk(dev, apdev):
1344 """DPP Config Object legacy error - invalid psk_hex"""
1345 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (32*"qa")
1346 run_dpp_config_error(dev, apdev, conf)
1347
1348 def test_dpp_config_error_legacy_too_short_psk(dev, apdev):
1349 """DPP Config Object legacy error - too short psk_hex"""
1350 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (31*"12")
1351 run_dpp_config_error(dev, apdev, conf)
1352
1353 def ecdsa_sign(pkey, message, alg="sha256"):
1354 sign = OpenSSL.crypto.sign(pkey, message, alg)
1355 a,b = struct.unpack('BB', sign[0:2])
1356 if a != 0x30:
1357 raise Exception("Invalid DER encoding of ECDSA signature")
1358 if b != len(sign) - 2:
1359 raise Exception("Invalid length of ECDSA signature")
1360 sign = sign[2:]
1361
1362 a,b = struct.unpack('BB', sign[0:2])
1363 if a != 0x02:
1364 raise Exception("Invalid DER encoding of ECDSA signature r")
1365 if b > len(sign) - 2:
1366 raise Exception("Invalid length of ECDSA signature r")
1367 sign = sign[2:]
1368 if b == 32:
1369 r = sign[0:32]
1370 sign = sign[32:]
1371 elif b == 33:
1372 r = sign[1:33]
1373 sign = sign[33:]
1374 else:
1375 raise Exception("Invalid length of ECDSA signature r")
1376
1377 a,b = struct.unpack('BB', sign[0:2])
1378 if a != 0x02:
1379 raise Exception("Invalid DER encoding of ECDSA signature s")
1380 if b > len(sign) - 2:
1381 raise Exception("Invalid length of ECDSA signature s")
1382 sign = sign[2:]
1383 if b == 32:
1384 s = sign[0:32]
1385 sign = sign[32:]
1386 elif b == 33:
1387 s = sign[1:33]
1388 sign = sign[33:]
1389 else:
1390 raise Exception("Invalid length of ECDSA signature s")
1391 if len(sign) != 0:
1392 raise Exception("Extra data at the end of ECDSA signature")
1393
1394 raw_sign = r + s
1395 return base64.urlsafe_b64encode(raw_sign).decode().rstrip('=')
1396
1397 p256_priv_key = """-----BEGIN EC PRIVATE KEY-----
1398 MHcCAQEEIBVQij9ah629f1pu3tarDQGQvrzHgAkgYd1jHGiLxNajoAoGCCqGSM49
1399 AwEHoUQDQgAEAC9d2/JirKu72F2qLuv5jEFMD1Cqu9EiyGk7cOzn/2DJ51p2mEoW
1400 n03N6XRvTC+G7WPol9Ng97NAM2sK57+F/Q==
1401 -----END EC PRIVATE KEY-----"""
1402 p256_pub_key_x = binascii.unhexlify("002f5ddbf262acabbbd85daa2eebf98c414c0f50aabbd122c8693b70ece7ff60")
1403 p256_pub_key_y = binascii.unhexlify("c9e75a76984a169f4dcde9746f4c2f86ed63e897d360f7b340336b0ae7bf85fd")
1404
1405 def run_dpp_config_connector(dev, apdev, expiry=None, payload=None,
1406 skip_net_access_key_mismatch=True):
1407 if not openssl_imported:
1408 raise HwsimSkip("OpenSSL python method not available")
1409 pkey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM,
1410 p256_priv_key)
1411 x = base64.urlsafe_b64encode(p256_pub_key_x).decode().rstrip('=')
1412 y = base64.urlsafe_b64encode(p256_pub_key_y).decode().rstrip('=')
1413
1414 pubkey = b'\x04' + p256_pub_key_x + p256_pub_key_y
1415 kid = base64.urlsafe_b64encode(hashlib.sha256(pubkey).digest()).decode().rstrip('=')
1416
1417 prot_hdr = '{"typ":"dppCon","kid":"%s","alg":"ES256"}' % kid
1418
1419 if not payload:
1420 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}'
1421 if expiry:
1422 payload += ',"expiry":"%s"' % expiry
1423 payload += '}'
1424 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.'
1425 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=')
1426 sign = ecdsa_sign(pkey, conn)
1427 conn += '.' + sign
1428 run_dpp_config_error(dev, apdev,
1429 build_conf_obj(x=x, y=y, signed_connector=conn),
1430 skip_net_access_key_mismatch=skip_net_access_key_mismatch)
1431
1432 def test_dpp_config_connector_error_ext_sign(dev, apdev):
1433 """DPP Config Object connector error - external signature calculation"""
1434 run_dpp_config_connector(dev, apdev)
1435
1436 def test_dpp_config_connector_error_too_short_timestamp(dev, apdev):
1437 """DPP Config Object connector error - too short timestamp"""
1438 run_dpp_config_connector(dev, apdev, expiry="1")
1439
1440 def test_dpp_config_connector_error_invalid_timestamp(dev, apdev):
1441 """DPP Config Object connector error - invalid timestamp"""
1442 run_dpp_config_connector(dev, apdev, expiry=19*"1")
1443
1444 def test_dpp_config_connector_error_invalid_timestamp_date(dev, apdev):
1445 """DPP Config Object connector error - invalid timestamp date"""
1446 run_dpp_config_connector(dev, apdev, expiry="9999-99-99T99:99:99Z")
1447
1448 def test_dpp_config_connector_error_invalid_time_zone(dev, apdev):
1449 """DPP Config Object connector error - invalid time zone"""
1450 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00*")
1451
1452 def test_dpp_config_connector_error_invalid_time_zone_2(dev, apdev):
1453 """DPP Config Object connector error - invalid time zone 2"""
1454 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+")
1455
1456 def test_dpp_config_connector_error_expired_1(dev, apdev):
1457 """DPP Config Object connector error - expired 1"""
1458 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00")
1459
1460 def test_dpp_config_connector_error_expired_2(dev, apdev):
1461 """DPP Config Object connector error - expired 2"""
1462 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00Z")
1463
1464 def test_dpp_config_connector_error_expired_3(dev, apdev):
1465 """DPP Config Object connector error - expired 3"""
1466 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01")
1467
1468 def test_dpp_config_connector_error_expired_4(dev, apdev):
1469 """DPP Config Object connector error - expired 4"""
1470 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01:02")
1471
1472 def test_dpp_config_connector_error_expired_5(dev, apdev):
1473 """DPP Config Object connector error - expired 5"""
1474 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01")
1475
1476 def test_dpp_config_connector_error_expired_6(dev, apdev):
1477 """DPP Config Object connector error - expired 6"""
1478 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01:02")
1479
1480 def test_dpp_config_connector_error_no_groups(dev, apdev):
1481 """DPP Config Object connector error - no groups"""
1482 payload = '{"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1483 run_dpp_config_connector(dev, apdev, payload=payload)
1484
1485 def test_dpp_config_connector_error_empty_groups(dev, apdev):
1486 """DPP Config Object connector error - empty groups"""
1487 payload = '{"groups":[],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1488 run_dpp_config_connector(dev, apdev, payload=payload)
1489
1490 def test_dpp_config_connector_error_missing_group_id(dev, apdev):
1491 """DPP Config Object connector error - missing groupId"""
1492 payload = '{"groups":[{"netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1493 run_dpp_config_connector(dev, apdev, payload=payload)
1494
1495 def test_dpp_config_connector_error_missing_net_role(dev, apdev):
1496 """DPP Config Object connector error - missing netRole"""
1497 payload = '{"groups":[{"groupId":"*"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1498 run_dpp_config_connector(dev, apdev, payload=payload)
1499
1500 def test_dpp_config_connector_error_missing_net_access_key(dev, apdev):
1501 """DPP Config Object connector error - missing netAccessKey"""
1502 payload = '{"groups":[{"groupId":"*","netRole":"sta"}]}'
1503 run_dpp_config_connector(dev, apdev, payload=payload)
1504
1505 def test_dpp_config_connector_error_net_access_key_mismatch(dev, apdev):
1506 """DPP Config Object connector error - netAccessKey mismatch"""
1507 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}'
1508 run_dpp_config_connector(dev, apdev, payload=payload,
1509 skip_net_access_key_mismatch=False)
1510
1511 def test_dpp_gas_timeout(dev, apdev):
1512 """DPP and GAS server timeout for a query"""
1513 check_dpp_capab(dev[0])
1514 check_dpp_capab(dev[1])
1515 logger.info("dev0 displays QR Code")
1516 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1517 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1518
1519 logger.info("dev1 scans QR Code")
1520 id1 = dev[1].dpp_qr_code(uri0)
1521
1522 logger.info("dev1 initiates DPP Authentication")
1523 dev[0].set("ext_mgmt_frame_handling", "1")
1524 cmd = "DPP_LISTEN 2412"
1525 if "OK" not in dev[0].request(cmd):
1526 raise Exception("Failed to start listen operation")
1527
1528 # Force GAS fragmentation
1529 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
1530 dev[1].set("dpp_config_obj_override", conf)
1531
1532 cmd = "DPP_AUTH_INIT peer=%d" % id1
1533 if "OK" not in dev[1].request(cmd):
1534 raise Exception("Failed to initiate DPP Authentication")
1535
1536 # DPP Authentication Request
1537 msg = dev[0].mgmt_rx()
1538 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1539 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1540 raise Exception("MGMT_RX_PROCESS failed")
1541
1542 # DPP Authentication Confirmation
1543 msg = dev[0].mgmt_rx()
1544 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1545 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1546 raise Exception("MGMT_RX_PROCESS failed")
1547
1548 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1549 if ev is None:
1550 raise Exception("DPP authentication did not succeed (Responder)")
1551 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1552 if ev is None:
1553 raise Exception("DPP authentication did not succeed (Initiator)")
1554
1555 # DPP Configuration Response (GAS Initial Response frame)
1556 msg = dev[0].mgmt_rx()
1557 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
1558 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
1559 raise Exception("MGMT_RX_PROCESS failed")
1560
1561 # GAS Comeback Response frame
1562 msg = dev[0].mgmt_rx()
1563 # Do not continue to force timeout on GAS server
1564
1565 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
1566 if ev is None:
1567 raise Exception("GAS result not reported (Enrollee)")
1568 if "result=TIMEOUT" not in ev:
1569 raise Exception("Unexpected GAS result (Enrollee): " + ev)
1570 dev[0].set("ext_mgmt_frame_handling", "0")
1571
1572 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=15)
1573 if ev is None:
1574 raise Exception("DPP configuration failure not reported (Configurator)")
1575
1576 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=1)
1577 if ev is None:
1578 raise Exception("DPP configuration failure not reported (Enrollee)")
1579
1580 def test_dpp_akm_sha256(dev, apdev):
1581 """DPP AKM (SHA256)"""
1582 run_dpp_akm(dev, apdev, 32)
1583
1584 def test_dpp_akm_sha384(dev, apdev):
1585 """DPP AKM (SHA384)"""
1586 run_dpp_akm(dev, apdev, 48)
1587
1588 def test_dpp_akm_sha512(dev, apdev):
1589 """DPP AKM (SHA512)"""
1590 run_dpp_akm(dev, apdev, 64)
1591
1592 def run_dpp_akm(dev, apdev, pmk_len):
1593 check_dpp_capab(dev[0])
1594 check_dpp_capab(dev[1])
1595 params = { "ssid": "dpp",
1596 "wpa": "2",
1597 "wpa_key_mgmt": "DPP",
1598 "rsn_pairwise": "CCMP",
1599 "ieee80211w": "2" }
1600 try:
1601 hapd = hostapd.add_ap(apdev[0], params)
1602 except:
1603 raise HwsimSkip("DPP not supported")
1604
1605 id = dev[0].connect("dpp", key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
1606 wait_connect=False)
1607 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=2)
1608 if not ev:
1609 raise Exception("Network mismatch not reported")
1610 dev[0].request("DISCONNECT")
1611 dev[0].dump_monitor()
1612
1613 bssid = hapd.own_addr()
1614 pmkid = 16*'11'
1615 akmp = 2**23
1616 pmk = pmk_len*'22'
1617 cmd = "PMKSA_ADD %d %s %s %s 30240 43200 %d 0" % (id, bssid, pmkid, pmk, akmp)
1618 if "OK" not in dev[0].request(cmd):
1619 raise Exception("PMKSA_ADD failed (wpa_supplicant)")
1620 dev[0].select_network(id, freq="2412")
1621 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=2)
1622 dev[0].request("DISCONNECT")
1623 dev[0].dump_monitor()
1624 if not ev:
1625 raise Exception("Association attempt was not rejected")
1626 if "status_code=53" not in ev:
1627 raise Exception("Unexpected status code: " + ev)
1628
1629 addr = dev[0].own_addr()
1630 cmd = "PMKSA_ADD %s %s %s 0 %d" % (addr, pmkid, pmk, akmp)
1631 if "OK" not in hapd.request(cmd):
1632 raise Exception("PMKSA_ADD failed (hostapd)")
1633
1634 dev[0].select_network(id, freq="2412")
1635 dev[0].wait_connected()
1636 val = dev[0].get_status_field("key_mgmt")
1637 if val != "DPP":
1638 raise Exception("Unexpected key_mgmt: " + val)
1639
1640 params1_csign = "3059301306072a8648ce3d020106082a8648ce3d03010703420004d02e5bd81a120762b5f0f2994777f5d40297238a6c294fd575cdf35fabec44c050a6421c401d98d659fd2ed13c961cc8287944dd3202f516977800d3ab2f39ee"
1641 params1_ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwOHF4TlNYRzRWemdCV3BjVUdNSmc1czNvbElOVFJsRVQ1aERpNkRKY3ZjIiwieSI6IlVhaGFYQXpKRVpRQk1YaHRUQnlZZVlrOWtJYjk5UDA3UV9NcW9TVVZTVEkifX0.a5_nfMVr7Qe1SW0ZL3u6oQRm5NUCYUSfixDAJOUFN3XUfECBZ6E8fm8xjeSfdOytgRidTz0CTlIRjzPQo82dmQ"
1642 params1_ap_netaccesskey = "30770201010420f6531d17f29dfab655b7c9e923478d5a345164c489aadd44a3519c3e9dcc792da00a06082a8648ce3d030107a14403420004d3cab13525c6e15ce0056a5c506309839b37a2520d4d19444f98438ba0c972f751a85a5c0cc911940131786d4c1c9879893d9086fdf4fd3b43f32aa125154932"
1643 params1_sta_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiZWMzR3NqQ3lQMzVBUUZOQUJJdEltQnN4WXVyMGJZX1dES1lfSE9zUGdjNCIsInkiOiJTRS1HVllkdWVnTFhLMU1TQXZNMEx2QWdLREpTNWoyQVhCbE9PMTdUSTRBIn19.PDK9zsGlK-e1pEOmNxVeJfCS8pNeay6ckIS1TXCQsR64AR-9wFPCNVjqOxWvVKltehyMFqVAtOcv0IrjtMJFqQ"
1644 params1_sta_netaccesskey = "30770201010420bc33380c26fd2168b69cd8242ed1df07ba89aa4813f8d4e8523de6ca3f8dd28ba00a06082a8648ce3d030107a1440342000479cdc6b230b23f7e40405340048b48981b3162eaf46d8fd60ca63f1ceb0f81ce484f8655876e7a02d72b531202f3342ef020283252e63d805c194e3b5ed32380"
1645
1646 def test_dpp_network_introduction(dev, apdev):
1647 """DPP network introduction"""
1648 check_dpp_capab(dev[0])
1649 check_dpp_capab(dev[1])
1650
1651 params = { "ssid": "dpp",
1652 "wpa": "2",
1653 "wpa_key_mgmt": "DPP",
1654 "ieee80211w": "2",
1655 "rsn_pairwise": "CCMP",
1656 "dpp_connector": params1_ap_connector,
1657 "dpp_csign": params1_csign,
1658 "dpp_netaccesskey": params1_ap_netaccesskey }
1659 try:
1660 hapd = hostapd.add_ap(apdev[0], params)
1661 except:
1662 raise HwsimSkip("DPP not supported")
1663
1664 id = dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
1665 ieee80211w="2",
1666 dpp_csign=params1_csign,
1667 dpp_connector=params1_sta_connector,
1668 dpp_netaccesskey=params1_sta_netaccesskey)
1669 val = dev[0].get_status_field("key_mgmt")
1670 if val != "DPP":
1671 raise Exception("Unexpected key_mgmt: " + val)
1672
1673 def test_dpp_and_sae_akm(dev, apdev):
1674 """DPP and SAE AKMs"""
1675 check_dpp_capab(dev[0])
1676 check_dpp_capab(dev[1])
1677 if "SAE" not in dev[1].get_capability("auth_alg"):
1678 raise HwsimSkip("SAE not supported")
1679
1680 params = { "ssid": "dpp+sae",
1681 "wpa": "2",
1682 "wpa_key_mgmt": "DPP SAE",
1683 "ieee80211w": "2",
1684 "rsn_pairwise": "CCMP",
1685 "sae_password": "sae-password",
1686 "dpp_connector": params1_ap_connector,
1687 "dpp_csign": params1_csign,
1688 "dpp_netaccesskey": params1_ap_netaccesskey }
1689 try:
1690 hapd = hostapd.add_ap(apdev[0], params)
1691 except:
1692 raise HwsimSkip("DPP not supported")
1693
1694 id = dev[0].connect("dpp+sae", key_mgmt="DPP", scan_freq="2412",
1695 ieee80211w="2",
1696 dpp_csign=params1_csign,
1697 dpp_connector=params1_sta_connector,
1698 dpp_netaccesskey=params1_sta_netaccesskey)
1699 val = dev[0].get_status_field("key_mgmt")
1700 if val != "DPP":
1701 raise Exception("Unexpected key_mgmt for DPP: " + val)
1702
1703 id = dev[1].connect("dpp+sae", key_mgmt="SAE", scan_freq="2412",
1704 ieee80211w="2", psk="sae-password")
1705 val = dev[1].get_status_field("key_mgmt")
1706 if val != "SAE":
1707 raise Exception("Unexpected key_mgmt for SAE: " + val)
1708
1709 def test_dpp_ap_config(dev, apdev):
1710 """DPP and AP configuration"""
1711 run_dpp_ap_config(dev, apdev)
1712
1713 def test_dpp_ap_config_p256_p256(dev, apdev):
1714 """DPP and AP configuration (P-256 + P-256)"""
1715 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-256")
1716
1717 def test_dpp_ap_config_p256_p384(dev, apdev):
1718 """DPP and AP configuration (P-256 + P-384)"""
1719 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-384")
1720
1721 def test_dpp_ap_config_p256_p521(dev, apdev):
1722 """DPP and AP configuration (P-256 + P-521)"""
1723 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-521")
1724
1725 def test_dpp_ap_config_p384_p256(dev, apdev):
1726 """DPP and AP configuration (P-384 + P-256)"""
1727 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-256")
1728
1729 def test_dpp_ap_config_p384_p384(dev, apdev):
1730 """DPP and AP configuration (P-384 + P-384)"""
1731 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-384")
1732
1733 def test_dpp_ap_config_p384_p521(dev, apdev):
1734 """DPP and AP configuration (P-384 + P-521)"""
1735 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-521")
1736
1737 def test_dpp_ap_config_p521_p256(dev, apdev):
1738 """DPP and AP configuration (P-521 + P-256)"""
1739 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-256")
1740
1741 def test_dpp_ap_config_p521_p384(dev, apdev):
1742 """DPP and AP configuration (P-521 + P-384)"""
1743 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-384")
1744
1745 def test_dpp_ap_config_p521_p521(dev, apdev):
1746 """DPP and AP configuration (P-521 + P-521)"""
1747 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-521")
1748
1749 def test_dpp_ap_config_reconfig_configurator(dev, apdev):
1750 """DPP and AP configuration with Configurator reconfiguration"""
1751 run_dpp_ap_config(dev, apdev, reconf_configurator=True)
1752
1753 def update_hapd_config(hapd):
1754 ev = hapd.wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
1755 if ev is None:
1756 raise Exception("SSID not reported (AP)")
1757 ssid = ev.split(' ')[1]
1758
1759 ev = hapd.wait_event(["DPP-CONNECTOR"], timeout=1)
1760 if ev is None:
1761 raise Exception("Connector not reported (AP)")
1762 connector = ev.split(' ')[1]
1763
1764 ev = hapd.wait_event(["DPP-C-SIGN-KEY"], timeout=1)
1765 if ev is None:
1766 raise Exception("C-sign-key not reported (AP)")
1767 p = ev.split(' ')
1768 csign = p[1]
1769
1770 ev = hapd.wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
1771 if ev is None:
1772 raise Exception("netAccessKey not reported (AP)")
1773 p = ev.split(' ')
1774 net_access_key = p[1]
1775 net_access_key_expiry = p[2] if len(p) > 2 else None
1776
1777 logger.info("Update AP configuration to use key_mgmt=DPP")
1778 hapd.disable()
1779 hapd.set("ssid", ssid)
1780 hapd.set("wpa", "2")
1781 hapd.set("wpa_key_mgmt", "DPP")
1782 hapd.set("ieee80211w", "2")
1783 hapd.set("rsn_pairwise", "CCMP")
1784 hapd.set("dpp_connector", connector)
1785 hapd.set("dpp_csign", csign)
1786 hapd.set("dpp_netaccesskey", net_access_key)
1787 if net_access_key_expiry:
1788 hapd.set("dpp_netaccesskey_expiry", net_access_key_expiry)
1789 hapd.enable()
1790
1791 def run_dpp_ap_config(dev, apdev, curve=None, conf_curve=None,
1792 reconf_configurator=False):
1793 check_dpp_capab(dev[0])
1794 check_dpp_capab(dev[1])
1795 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
1796 check_dpp_capab(hapd)
1797
1798 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
1799 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
1800
1801 cmd = "DPP_CONFIGURATOR_ADD"
1802 if conf_curve:
1803 cmd += " curve=" + conf_curve
1804 res = dev[0].request(cmd)
1805 if "FAIL" in res:
1806 raise Exception("Failed to add configurator")
1807 conf_id = int(res)
1808
1809 if reconf_configurator:
1810 csign = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
1811 if "FAIL" in csign or len(csign) == 0:
1812 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
1813
1814 id = dev[0].dpp_qr_code(uri)
1815
1816 cmd = "DPP_AUTH_INIT peer=%d conf=ap-dpp configurator=%d" % (id, conf_id)
1817 if "OK" not in dev[0].request(cmd):
1818 raise Exception("Failed to initiate DPP Authentication")
1819 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1820 if ev is None:
1821 raise Exception("DPP authentication did not succeed (Responder)")
1822 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1823 if ev is None:
1824 raise Exception("DPP authentication did not succeed (Initiator)")
1825 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
1826 if ev is None:
1827 raise Exception("DPP configuration not completed (Configurator)")
1828 ev = hapd.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
1829 if ev is None:
1830 raise Exception("DPP configuration not completed (Enrollee)")
1831 if "DPP-CONF-FAILED" in ev:
1832 raise Exception("DPP configuration failed")
1833
1834 update_hapd_config(hapd)
1835
1836 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve)
1837 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
1838
1839 id0b = dev[0].dpp_qr_code(uri1)
1840
1841 if reconf_configurator:
1842 res = dev[0].request("DPP_CONFIGURATOR_REMOVE %d" % conf_id)
1843 if "OK" not in res:
1844 raise Exception("DPP_CONFIGURATOR_REMOVE failed")
1845 cmd = "DPP_CONFIGURATOR_ADD"
1846 if conf_curve:
1847 cmd += " curve=" + conf_curve
1848 cmd += " key=" + csign
1849 res = dev[0].request(cmd)
1850 if "FAIL" in res:
1851 raise Exception("Failed to add configurator (reconf)")
1852 conf_id = int(res)
1853
1854 cmd = "DPP_LISTEN 2412"
1855 if "OK" not in dev[1].request(cmd):
1856 raise Exception("Failed to start listen operation")
1857 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id0b, conf_id)
1858 if "OK" not in dev[0].request(cmd):
1859 raise Exception("Failed to initiate DPP Authentication")
1860 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1861 if ev is None:
1862 raise Exception("DPP authentication did not succeed (Responder)")
1863 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
1864 if ev is None:
1865 raise Exception("DPP authentication did not succeed (Initiator)")
1866 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
1867 if ev is None:
1868 raise Exception("DPP configuration not completed (Configurator)")
1869 ev = dev[1].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
1870 if ev is None:
1871 raise Exception("DPP configuration not completed (Enrollee)")
1872 dev[1].request("DPP_STOP_LISTEN")
1873
1874 ev = dev[1].wait_event(["DPP-CONFOBJ-SSID"], timeout=1)
1875 if ev is None:
1876 raise Exception("SSID not reported")
1877 ssid = ev.split(' ')[1]
1878
1879 ev = dev[1].wait_event(["DPP-CONNECTOR"], timeout=1)
1880 if ev is None:
1881 raise Exception("Connector not reported")
1882 connector = ev.split(' ')[1]
1883
1884 ev = dev[1].wait_event(["DPP-C-SIGN-KEY"], timeout=1)
1885 if ev is None:
1886 raise Exception("C-sign-key not reported")
1887 p = ev.split(' ')
1888 csign = p[1]
1889
1890 ev = dev[1].wait_event(["DPP-NET-ACCESS-KEY"], timeout=1)
1891 if ev is None:
1892 raise Exception("netAccessKey not reported")
1893 p = ev.split(' ')
1894 net_access_key = p[1]
1895 net_access_key_expiry = p[2] if len(p) > 2 else None
1896
1897 dev[1].dump_monitor()
1898
1899 id = dev[1].connect(ssid, key_mgmt="DPP", ieee80211w="2", scan_freq="2412",
1900 only_add_network=True)
1901 dev[1].set_network_quoted(id, "dpp_connector", connector)
1902 dev[1].set_network(id, "dpp_csign", csign)
1903 dev[1].set_network(id, "dpp_netaccesskey", net_access_key)
1904 if net_access_key_expiry:
1905 dev[1].set_network(id, "dpp_netaccess_expiry", net_access_key_expiry)
1906
1907 logger.info("Check data connection")
1908 dev[1].select_network(id, freq="2412")
1909 dev[1].wait_connected()
1910
1911 def test_dpp_auto_connect_1(dev, apdev):
1912 """DPP and auto connect (1)"""
1913 try:
1914 run_dpp_auto_connect(dev, apdev, 1)
1915 finally:
1916 dev[0].set("dpp_config_processing", "0")
1917
1918 def test_dpp_auto_connect_2(dev, apdev):
1919 """DPP and auto connect (2)"""
1920 try:
1921 run_dpp_auto_connect(dev, apdev, 2)
1922 finally:
1923 dev[0].set("dpp_config_processing", "0")
1924
1925 def test_dpp_auto_connect_2_connect_cmd(dev, apdev):
1926 """DPP and auto connect (2) using connect_cmd"""
1927 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
1928 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1")
1929 dev_new = [ wpas, dev[1] ]
1930 try:
1931 run_dpp_auto_connect(dev_new, apdev, 2)
1932 finally:
1933 wpas.set("dpp_config_processing", "0")
1934
1935 def run_dpp_auto_connect(dev, apdev, processing):
1936 check_dpp_capab(dev[0])
1937 check_dpp_capab(dev[1])
1938
1939 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1940 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708"
1941 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg"
1942 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b"
1943
1944 params = { "ssid": "test",
1945 "wpa": "2",
1946 "wpa_key_mgmt": "DPP",
1947 "ieee80211w": "2",
1948 "rsn_pairwise": "CCMP",
1949 "dpp_connector": ap_connector,
1950 "dpp_csign": csign_pub,
1951 "dpp_netaccesskey": ap_netaccesskey }
1952 try:
1953 hapd = hostapd.add_ap(apdev[0], params)
1954 except:
1955 raise HwsimSkip("DPP not supported")
1956
1957 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
1958 res = dev[1].request(cmd)
1959 if "FAIL" in res:
1960 raise Exception("DPP_CONFIGURATOR_ADD failed")
1961 conf_id = int(res)
1962
1963 dev[0].set("dpp_config_processing", str(processing))
1964 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
1965 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
1966
1967 id1 = dev[1].dpp_qr_code(uri0)
1968
1969 cmd = "DPP_LISTEN 2412"
1970 if "OK" not in dev[0].request(cmd):
1971 raise Exception("Failed to start listen operation")
1972
1973 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
1974 if "OK" not in dev[1].request(cmd):
1975 raise Exception("Failed to initiate DPP Authentication")
1976 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=10)
1977 if ev is None:
1978 raise Exception("DPP configuration not completed (Configurator)")
1979 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=2)
1980 if ev is None:
1981 raise Exception("DPP configuration not completed (Enrollee)")
1982 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
1983 if ev is None:
1984 raise Exception("DPP network profile not generated")
1985 id = ev.split(' ')[1]
1986
1987 if processing == 1:
1988 dev[0].select_network(id, freq=2412)
1989
1990 dev[0].wait_connected()
1991 hwsim_utils.test_connectivity(dev[0], hapd)
1992
1993 def test_dpp_auto_connect_legacy(dev, apdev):
1994 """DPP and auto connect (legacy)"""
1995 try:
1996 run_dpp_auto_connect_legacy(dev, apdev)
1997 finally:
1998 dev[0].set("dpp_config_processing", "0")
1999
2000 def test_dpp_auto_connect_legacy_sae_1(dev, apdev):
2001 """DPP and auto connect (legacy SAE)"""
2002 try:
2003 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', psk_sae=True)
2004 finally:
2005 dev[0].set("dpp_config_processing", "0")
2006
2007 def test_dpp_auto_connect_legacy_sae_2(dev, apdev):
2008 """DPP and auto connect (legacy SAE)"""
2009 try:
2010 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', sae_only=True)
2011 finally:
2012 dev[0].set("dpp_config_processing", "0")
2013
2014 def test_dpp_auto_connect_legacy_psk_sae_1(dev, apdev):
2015 """DPP and auto connect (legacy PSK+SAE)"""
2016 try:
2017 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
2018 psk_sae=True)
2019 finally:
2020 dev[0].set("dpp_config_processing", "0")
2021
2022 def test_dpp_auto_connect_legacy_psk_sae_2(dev, apdev):
2023 """DPP and auto connect (legacy PSK+SAE)"""
2024 try:
2025 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae',
2026 sae_only=True)
2027 finally:
2028 dev[0].set("dpp_config_processing", "0")
2029
2030 def test_dpp_auto_connect_legacy_psk_sae_3(dev, apdev):
2031 """DPP and auto connect (legacy PSK+SAE)"""
2032 try:
2033 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae')
2034 finally:
2035 dev[0].set("dpp_config_processing", "0")
2036
2037 def run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk',
2038 psk_sae=False, sae_only=False):
2039 check_dpp_capab(dev[0])
2040 check_dpp_capab(dev[1])
2041
2042 params = hostapd.wpa2_params(ssid="dpp-legacy",
2043 passphrase="secret passphrase")
2044 if sae_only:
2045 params['wpa_key_mgmt'] = 'SAE'
2046 params['ieee80211w'] = '2'
2047 elif psk_sae:
2048 params['wpa_key_mgmt'] = 'WPA-PSK SAE'
2049 params['ieee80211w'] = '1'
2050 params['sae_require_mfp'] = '1'
2051
2052 hapd = hostapd.add_ap(apdev[0], params)
2053
2054 dev[0].set("dpp_config_processing", "2")
2055 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
2056 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2057
2058 id1 = dev[1].dpp_qr_code(uri0)
2059
2060 cmd = "DPP_LISTEN 2412"
2061 if "OK" not in dev[0].request(cmd):
2062 raise Exception("Failed to start listen operation")
2063
2064 cmd = "DPP_AUTH_INIT peer=%d conf=%s ssid=%s pass=%s" % (id1, conf,
2065 binascii.hexlify(b"dpp-legacy").decode(),
2066 binascii.hexlify(b"secret passphrase").decode())
2067 if "OK" not in dev[1].request(cmd):
2068 raise Exception("Failed to initiate DPP Authentication")
2069 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=10)
2070 if ev is None:
2071 raise Exception("DPP configuration not completed (Configurator)")
2072 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=2)
2073 if ev is None:
2074 raise Exception("DPP configuration not completed (Enrollee)")
2075 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
2076 if ev is None:
2077 raise Exception("DPP network profile not generated")
2078 id = ev.split(' ')[1]
2079
2080 dev[0].wait_connected()
2081
2082 def test_dpp_auto_connect_legacy_pmf_required(dev, apdev):
2083 """DPP and auto connect (legacy, PMF required)"""
2084 try:
2085 run_dpp_auto_connect_legacy_pmf_required(dev, apdev)
2086 finally:
2087 dev[0].set("dpp_config_processing", "0")
2088
2089 def run_dpp_auto_connect_legacy_pmf_required(dev, apdev):
2090 check_dpp_capab(dev[0])
2091 check_dpp_capab(dev[1])
2092
2093 params = hostapd.wpa2_params(ssid="dpp-legacy",
2094 passphrase="secret passphrase")
2095 params['wpa_key_mgmt'] = "WPA-PSK-SHA256"
2096 params['ieee80211w'] = "2"
2097 hapd = hostapd.add_ap(apdev[0], params)
2098
2099 dev[0].set("dpp_config_processing", "2")
2100 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
2101 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2102
2103 id1 = dev[1].dpp_qr_code(uri0)
2104
2105 cmd = "DPP_LISTEN 2412"
2106 if "OK" not in dev[0].request(cmd):
2107 raise Exception("Failed to start listen operation")
2108
2109 cmd = "DPP_AUTH_INIT peer=%d conf=sta-psk ssid=%s pass=%s" % (id1,
2110 binascii.hexlify(b"dpp-legacy").decode(),
2111 binascii.hexlify(b"secret passphrase").decode())
2112 if "OK" not in dev[1].request(cmd):
2113 raise Exception("Failed to initiate DPP Authentication")
2114 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=10)
2115 if ev is None:
2116 raise Exception("DPP configuration not completed (Configurator)")
2117 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=2)
2118 if ev is None:
2119 raise Exception("DPP configuration not completed (Enrollee)")
2120 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
2121 if ev is None:
2122 raise Exception("DPP network profile not generated")
2123 id = ev.split(' ')[1]
2124
2125 dev[0].wait_connected()
2126
2127 def test_dpp_qr_code_auth_responder_configurator(dev, apdev):
2128 """DPP QR Code and responder as the configurator"""
2129 run_dpp_qr_code_auth_responder_configurator(dev, apdev, "")
2130
2131 def test_dpp_qr_code_auth_responder_configurator_group_id(dev, apdev):
2132 """DPP QR Code and responder as the configurator with group_id)"""
2133 run_dpp_qr_code_auth_responder_configurator(dev, apdev,
2134 " group_id=test-group")
2135
2136 def run_dpp_qr_code_auth_responder_configurator(dev, apdev, extra):
2137 check_dpp_capab(dev[0])
2138 check_dpp_capab(dev[1])
2139 cmd = "DPP_CONFIGURATOR_ADD"
2140 res = dev[0].request(cmd)
2141 if "FAIL" in res:
2142 raise Exception("Failed to add configurator")
2143 conf_id = int(res)
2144
2145 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
2146 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2147
2148 id1 = dev[1].dpp_qr_code(uri0)
2149
2150 dev[0].set("dpp_configurator_params",
2151 " conf=sta-dpp configurator=%d%s" % (conf_id, extra))
2152 cmd = "DPP_LISTEN 2412 role=configurator"
2153 if "OK" not in dev[0].request(cmd):
2154 raise Exception("Failed to start listen operation")
2155 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
2156 if "OK" not in dev[1].request(cmd):
2157 raise Exception("Failed to initiate DPP Authentication")
2158 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2159 if ev is None:
2160 raise Exception("DPP authentication did not succeed (Responder)")
2161 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2162 if ev is None:
2163 raise Exception("DPP authentication did not succeed (Initiator)")
2164 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
2165 if ev is None:
2166 raise Exception("DPP configuration not completed (Configurator)")
2167 ev = dev[1].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2168 if ev is None:
2169 raise Exception("DPP configuration not completed (Enrollee)")
2170 dev[0].request("DPP_STOP_LISTEN")
2171 dev[0].dump_monitor()
2172 dev[1].dump_monitor()
2173
2174 def test_dpp_qr_code_hostapd_init(dev, apdev):
2175 """DPP QR Code and hostapd as initiator"""
2176 check_dpp_capab(dev[0])
2177 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
2178 "channel": "6" })
2179 check_dpp_capab(hapd)
2180
2181 cmd = "DPP_CONFIGURATOR_ADD"
2182 res = dev[0].request(cmd)
2183 if "FAIL" in res:
2184 raise Exception("Failed to add configurator")
2185 conf_id = int(res)
2186
2187 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True)
2188 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2189
2190 dev[0].set("dpp_configurator_params",
2191 " conf=ap-dpp configurator=%d" % conf_id)
2192 cmd = "DPP_LISTEN 2437 role=configurator"
2193 if "OK" not in dev[0].request(cmd):
2194 raise Exception("Failed to start listen operation")
2195
2196 id1 = hapd.dpp_qr_code(uri0)
2197
2198 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
2199 if "OK" not in hapd.request(cmd):
2200 raise Exception("Failed to initiate DPP Authentication")
2201 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2202 if ev is None:
2203 raise Exception("DPP authentication did not succeed (Responder)")
2204 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2205 if ev is None:
2206 raise Exception("DPP authentication did not succeed (Initiator)")
2207 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
2208 if ev is None:
2209 raise Exception("DPP configuration not completed (Configurator)")
2210 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2211 if ev is None:
2212 raise Exception("DPP configuration not completed (Enrollee)")
2213 dev[0].request("DPP_STOP_LISTEN")
2214 dev[0].dump_monitor()
2215
2216 def test_dpp_qr_code_hostapd_init_offchannel(dev, apdev):
2217 """DPP QR Code and hostapd as initiator (offchannel)"""
2218 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, None)
2219
2220 def test_dpp_qr_code_hostapd_init_offchannel_neg_freq(dev, apdev):
2221 """DPP QR Code and hostapd as initiator (offchannel, neg_freq)"""
2222 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, "neg_freq=2437")
2223
2224 def run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, extra):
2225 check_dpp_capab(dev[0])
2226 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
2227 "channel": "6" })
2228 check_dpp_capab(hapd)
2229
2230 cmd = "DPP_CONFIGURATOR_ADD"
2231 res = dev[0].request(cmd)
2232 if "FAIL" in res:
2233 raise Exception("Failed to add configurator")
2234 conf_id = int(res)
2235
2236 id0 = dev[0].dpp_bootstrap_gen(chan="81/1,81/11", mac=True)
2237 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2238
2239 dev[0].set("dpp_configurator_params",
2240 " conf=ap-dpp configurator=%d" % conf_id)
2241 cmd = "DPP_LISTEN 2462 role=configurator"
2242 if "OK" not in dev[0].request(cmd):
2243 raise Exception("Failed to start listen operation")
2244
2245 id1 = hapd.dpp_qr_code(uri0)
2246
2247 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
2248 if extra:
2249 cmd += " " + extra
2250 if "OK" not in hapd.request(cmd):
2251 raise Exception("Failed to initiate DPP Authentication")
2252 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2253 if ev is None:
2254 raise Exception("DPP authentication did not succeed (Responder)")
2255 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2256 if ev is None:
2257 raise Exception("DPP authentication did not succeed (Initiator)")
2258 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
2259 if ev is None:
2260 raise Exception("DPP configuration not completed (Configurator)")
2261 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2262 if ev is None:
2263 raise Exception("DPP configuration not completed (Enrollee)")
2264 dev[0].request("DPP_STOP_LISTEN")
2265 dev[0].dump_monitor()
2266
2267 def test_dpp_test_vector_p_256(dev, apdev):
2268 """DPP P-256 test vector (mutual auth)"""
2269 check_dpp_capab(dev[0])
2270 check_dpp_capab(dev[1])
2271
2272 # Responder bootstrapping key
2273 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
2274 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107")
2275 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2276
2277 # Responder protocol keypair override
2278 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
2279 dev[0].set("dpp_protocol_key_override",
2280 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2281
2282 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
2283
2284 # Initiator bootstrapping key
2285 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
2286 id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107")
2287 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2288
2289 # Initiator protocol keypair override
2290 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
2291 dev[1].set("dpp_protocol_key_override",
2292 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2293
2294 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
2295
2296 id1peer = dev[1].dpp_qr_code(uri0)
2297 id0peer = dev[0].dpp_qr_code(uri1)
2298
2299 cmd = "DPP_LISTEN 2462 qr=mutual"
2300 if "OK" not in dev[0].request(cmd):
2301 raise Exception("Failed to start listen operation")
2302
2303 cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
2304 if "OK" not in dev[1].request(cmd):
2305 raise Exception("Failed to initiate operation")
2306
2307 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2308 if ev is None:
2309 raise Exception("DPP authentication did not succeed (Initiator)")
2310 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2311 if ev is None:
2312 raise Exception("DPP authentication did not succeed (Responder)")
2313
2314 def test_dpp_test_vector_p_256_b(dev, apdev):
2315 """DPP P-256 test vector (Responder-only auth)"""
2316 check_dpp_capab(dev[0])
2317 check_dpp_capab(dev[1])
2318
2319 # Responder bootstrapping key
2320 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
2321 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107")
2322 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2323
2324 # Responder protocol keypair override
2325 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
2326 dev[0].set("dpp_protocol_key_override",
2327 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2328
2329 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
2330
2331 # Initiator bootstrapping key
2332 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
2333 id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107")
2334 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2335
2336 # Initiator protocol keypair override
2337 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
2338 dev[1].set("dpp_protocol_key_override",
2339 "30310201010420" + priv + "a00a06082a8648ce3d030107")
2340
2341 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
2342
2343 id1peer = dev[1].dpp_qr_code(uri0)
2344
2345 cmd = "DPP_LISTEN 2462"
2346 if "OK" not in dev[0].request(cmd):
2347 raise Exception("Failed to start listen operation")
2348
2349 cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
2350 if "OK" not in dev[1].request(cmd):
2351 raise Exception("Failed to initiate operation")
2352
2353 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2354 if ev is None:
2355 raise Exception("DPP authentication did not succeed (Initiator)")
2356 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2357 if ev is None:
2358 raise Exception("DPP authentication did not succeed (Responder)")
2359
2360 def der_priv_key_p_521(priv):
2361 if len(priv) != 2 * 66:
2362 raise Exception("Unexpected der_priv_key_p_521 parameter: " + priv)
2363 der_prefix = "3081500201010442"
2364 der_postfix = "a00706052b81040023"
2365 return der_prefix + priv + der_postfix
2366
2367 def test_dpp_test_vector_p_521(dev, apdev):
2368 """DPP P-521 test vector (mutual auth)"""
2369 check_dpp_capab(dev[0])
2370 check_dpp_capab(dev[1])
2371
2372 # Responder bootstrapping key
2373 priv = "0061e54f518cdf859735da3dd64c6f72c2f086f41a6fd52915152ea2fe0f24ddaecd8883730c9c9fd82cf7c043a41021696388cf5190b731dd83638bcd56d8b6c743"
2374 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True,
2375 key=der_priv_key_p_521(priv))
2376 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
2377
2378 # Responder protocol keypair override
2379 priv = "01d8b7b17cd1b0a33f7c66fb4220999329cdaf4f8b44b2ffadde8ab8ed8abffa9f5358c5b1caae26709ca4fb78e52a4d08f2e4f24111a36a6f440d20a0000ff51597"
2380 dev[0].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
2381
2382 dev[0].set("dpp_nonce_override",
2383 "d749a782012eb0a8595af30b2dfc8d0880d004ebddb55ecc5afbdef18c400e01")
2384
2385 # Initiator bootstrapping key
2386 priv = "0060c10df14af5ef27f6e362d31bdd9eeb44be77a323ba64b08f3f03d58b92cbfe05c182a91660caa081ca344243c47b5aa088bcdf738840eb35f0218b9f26881e02"
2387 id1 = dev[1].dpp_bootstrap_gen(key=der_priv_key_p_521(priv))
2388 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
2389
2390 # Initiator protocol keypair override
2391 priv = "019c1c08caaeec38fb931894699b095bc3ab8c1ec7ef0622d2e3eba821477c8c6fca41774f21166ad98aebda37c067d9aa08a8a2e1b5c44c61f2bae02a61f85d9661"
2392 dev[1].set("dpp_protocol_key_override", der_priv_key_p_521(priv))
2393
2394 dev[1].set("dpp_nonce_override",
2395 "de972af3847bec3ba2aedd9f5c21cfdec7bf0bc5fe8b276cbcd0267807fb15b0")
2396
2397 id1peer = dev[1].dpp_qr_code(uri0)
2398 id0peer = dev[0].dpp_qr_code(uri1)
2399
2400 cmd = "DPP_LISTEN 2462 qr=mutual"
2401 if "OK" not in dev[0].request(cmd):
2402 raise Exception("Failed to start listen operation")
2403
2404 cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
2405 if "OK" not in dev[1].request(cmd):
2406 raise Exception("Failed to initiate operation")
2407
2408 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2409 if ev is None:
2410 raise Exception("DPP authentication did not succeed (Initiator)")
2411 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2412 if ev is None:
2413 raise Exception("DPP authentication did not succeed (Responder)")
2414
2415 def test_dpp_pkex(dev, apdev):
2416 """DPP and PKEX"""
2417 run_dpp_pkex(dev, apdev)
2418
2419 def test_dpp_pkex_p256(dev, apdev):
2420 """DPP and PKEX (P-256)"""
2421 run_dpp_pkex(dev, apdev, "P-256")
2422
2423 def test_dpp_pkex_p384(dev, apdev):
2424 """DPP and PKEX (P-384)"""
2425 run_dpp_pkex(dev, apdev, "P-384")
2426
2427 def test_dpp_pkex_p521(dev, apdev):
2428 """DPP and PKEX (P-521)"""
2429 run_dpp_pkex(dev, apdev, "P-521")
2430
2431 def test_dpp_pkex_bp256(dev, apdev):
2432 """DPP and PKEX (BP-256)"""
2433 run_dpp_pkex(dev, apdev, "brainpoolP256r1")
2434
2435 def test_dpp_pkex_bp384(dev, apdev):
2436 """DPP and PKEX (BP-384)"""
2437 run_dpp_pkex(dev, apdev, "brainpoolP384r1")
2438
2439 def test_dpp_pkex_bp512(dev, apdev):
2440 """DPP and PKEX (BP-512)"""
2441 run_dpp_pkex(dev, apdev, "brainpoolP512r1")
2442
2443 def test_dpp_pkex_config(dev, apdev):
2444 """DPP and PKEX with initiator as the configurator"""
2445 check_dpp_capab(dev[1])
2446
2447 cmd = "DPP_CONFIGURATOR_ADD"
2448 res = dev[1].request(cmd)
2449 if "FAIL" in res:
2450 raise Exception("Failed to add configurator")
2451 conf_id = int(res)
2452
2453 run_dpp_pkex(dev, apdev,
2454 init_extra="conf=sta-dpp configurator=%d" % (conf_id),
2455 check_config=True)
2456
2457 def test_dpp_pkex_no_identifier(dev, apdev):
2458 """DPP and PKEX without identifier"""
2459 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r=None)
2460
2461 def test_dpp_pkex_identifier_mismatch(dev, apdev):
2462 """DPP and PKEX with different identifiers"""
2463 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r="bar",
2464 expect_no_resp=True)
2465
2466 def test_dpp_pkex_identifier_mismatch2(dev, apdev):
2467 """DPP and PKEX with initiator using identifier and the responder not"""
2468 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r=None,
2469 expect_no_resp=True)
2470
2471 def test_dpp_pkex_identifier_mismatch3(dev, apdev):
2472 """DPP and PKEX with responder using identifier and the initiator not"""
2473 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r="bar",
2474 expect_no_resp=True)
2475
2476 def run_dpp_pkex(dev, apdev, curve=None, init_extra="", check_config=False,
2477 identifier_i="test", identifier_r="test",
2478 expect_no_resp=False):
2479 check_dpp_capab(dev[0], curve and "brainpool" in curve)
2480 check_dpp_capab(dev[1], curve and "brainpool" in curve)
2481
2482 id0 = dev[0].dpp_bootstrap_gen(type="pkex", curve=curve)
2483 id1 = dev[1].dpp_bootstrap_gen(type="pkex", curve=curve)
2484
2485 identifier = " identifier=" + identifier_r if identifier_r else ""
2486 cmd = "DPP_PKEX_ADD own=%d%s code=secret" % (id0, identifier)
2487 res = dev[0].request(cmd)
2488 if "FAIL" in res:
2489 raise Exception("Failed to set PKEX data (responder)")
2490 cmd = "DPP_LISTEN 2437"
2491 if "OK" not in dev[0].request(cmd):
2492 raise Exception("Failed to start listen operation")
2493
2494 identifier = " identifier=" + identifier_i if identifier_i else ""
2495 cmd = "DPP_PKEX_ADD own=%d%s init=1 %s code=secret" % (id1, identifier,
2496 init_extra)
2497 res = dev[1].request(cmd)
2498 if "FAIL" in res:
2499 raise Exception("Failed to set PKEX data (initiator)")
2500
2501 if expect_no_resp:
2502 ev = dev[0].wait_event(["DPP-RX"], timeout=10)
2503 if ev is None:
2504 raise Exception("DPP PKEX frame not received")
2505 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=1)
2506 if ev is not None:
2507 raise Exception("DPP authentication succeeded")
2508 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=0.1)
2509 if ev is not None:
2510 raise Exception("DPP authentication succeeded")
2511 return
2512
2513 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2514 if ev is None:
2515 raise Exception("DPP authentication did not succeed (Initiator)")
2516 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2517 if ev is None:
2518 raise Exception("DPP authentication did not succeed (Responder)")
2519
2520 if check_config:
2521 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
2522 if ev is None:
2523 raise Exception("DPP configuration not completed (Configurator)")
2524 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2525 if ev is None:
2526 raise Exception("DPP configuration not completed (Enrollee)")
2527
2528 def test_dpp_pkex_5ghz(dev, apdev):
2529 """DPP and PKEX on 5 GHz"""
2530 try:
2531 dev[0].request("SET country US")
2532 dev[1].request("SET country US")
2533 ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1)
2534 if ev is None:
2535 ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"],
2536 timeout=1)
2537 run_dpp_pkex_5ghz(dev, apdev)
2538 finally:
2539 dev[0].request("SET country 00")
2540 dev[1].request("SET country 00")
2541 subprocess.call(['iw', 'reg', 'set', '00'])
2542 time.sleep(0.1)
2543
2544 def run_dpp_pkex_5ghz(dev, apdev):
2545 check_dpp_capab(dev[0])
2546 check_dpp_capab(dev[1])
2547
2548 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
2549 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2550
2551 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2552 res = dev[0].request(cmd)
2553 if "FAIL" in res:
2554 raise Exception("Failed to set PKEX data (responder)")
2555 cmd = "DPP_LISTEN 5745"
2556 if "OK" not in dev[0].request(cmd):
2557 raise Exception("Failed to start listen operation")
2558
2559 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % (id1)
2560 res = dev[1].request(cmd)
2561 if "FAIL" in res:
2562 raise Exception("Failed to set PKEX data (initiator)")
2563
2564 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout=20)
2565 if ev is None or "DPP-AUTH-SUCCESS" not in ev:
2566 raise Exception("DPP authentication did not succeed (Initiator)")
2567 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2568 if ev is None:
2569 raise Exception("DPP authentication did not succeed (Responder)")
2570
2571 def test_dpp_pkex_test_vector(dev, apdev):
2572 """DPP and PKEX (P-256) test vector"""
2573 check_dpp_capab(dev[0])
2574 check_dpp_capab(dev[1])
2575
2576 init_addr = "ac:64:91:f4:52:07"
2577 resp_addr = "6e:5e:ce:6e:f3:dd"
2578
2579 identifier = "joes_key"
2580 code = "thisisreallysecret"
2581
2582 # Initiator bootstrapping private key
2583 init_priv = "5941b51acfc702cdc1c347264beb2920db88eb1a0bf03a211868b1632233c269"
2584
2585 # Responder bootstrapping private key
2586 resp_priv = "2ae8956293f49986b6d0b8169a86805d9232babb5f6813fdfe96f19d59536c60"
2587
2588 # Initiator x/X keypair override
2589 init_x_priv = "8365c5ed93d751bef2d92b410dc6adfd95670889183fac1bd66759ad85c3187a"
2590
2591 # Responder y/Y keypair override
2592 resp_y_priv = "d98faa24d7dd3f592665d71a95c862bfd02c4c48acb0c515a41cbc6e929675ea"
2593
2594 p256_prefix = "30310201010420"
2595 p256_postfix = "a00a06082a8648ce3d030107"
2596
2597 dev[0].set("dpp_pkex_own_mac_override", resp_addr)
2598 dev[0].set("dpp_pkex_peer_mac_override", init_addr)
2599 dev[1].set("dpp_pkex_own_mac_override", init_addr)
2600 dev[1].set("dpp_pkex_peer_mac_override", resp_addr)
2601
2602 # Responder bootstrapping key
2603 id0 = dev[0].dpp_bootstrap_gen(type="pkex",
2604 key=p256_prefix + resp_priv + p256_postfix)
2605
2606 # Responder y/Y keypair override
2607 dev[0].set("dpp_pkex_ephemeral_key_override",
2608 p256_prefix + resp_y_priv + p256_postfix)
2609
2610 # Initiator bootstrapping key
2611 id1 = dev[1].dpp_bootstrap_gen(type="pkex",
2612 key=p256_prefix + init_priv + p256_postfix)
2613
2614 # Initiator x/X keypair override
2615 dev[1].set("dpp_pkex_ephemeral_key_override",
2616 p256_prefix + init_x_priv + p256_postfix)
2617
2618 cmd = "DPP_PKEX_ADD own=%d identifier=%s code=%s" % (id0, identifier, code)
2619 res = dev[0].request(cmd)
2620 if "FAIL" in res:
2621 raise Exception("Failed to set PKEX data (responder)")
2622 cmd = "DPP_LISTEN 2437"
2623 if "OK" not in dev[0].request(cmd):
2624 raise Exception("Failed to start listen operation")
2625
2626 cmd = "DPP_PKEX_ADD own=%d identifier=%s init=1 code=%s" % (id1, identifier, code)
2627 res = dev[1].request(cmd)
2628 if "FAIL" in res:
2629 raise Exception("Failed to set PKEX data (initiator)")
2630
2631 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2632 if ev is None:
2633 raise Exception("DPP authentication did not succeed (Initiator)")
2634 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2635 if ev is None:
2636 raise Exception("DPP authentication did not succeed (Responder)")
2637
2638 def test_dpp_pkex_code_mismatch(dev, apdev):
2639 """DPP and PKEX with mismatching code"""
2640 check_dpp_capab(dev[0])
2641 check_dpp_capab(dev[1])
2642
2643 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
2644 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2645
2646 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2647 res = dev[0].request(cmd)
2648 if "FAIL" in res:
2649 raise Exception("Failed to set PKEX data (responder)")
2650 cmd = "DPP_LISTEN 2437"
2651 if "OK" not in dev[0].request(cmd):
2652 raise Exception("Failed to start listen operation")
2653
2654 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=unknown" % id1
2655 res = dev[1].request(cmd)
2656 if "FAIL" in res:
2657 raise Exception("Failed to set PKEX data (initiator)")
2658
2659 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
2660 if ev is None:
2661 raise Exception("Failure not reported")
2662 if "possible PKEX code mismatch" not in ev:
2663 raise Exception("Unexpected result: " + ev)
2664
2665 dev[0].dump_monitor()
2666 dev[1].dump_monitor()
2667
2668 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
2669 res = dev[1].request(cmd)
2670 if "FAIL" in res:
2671 raise Exception("Failed to set PKEX data (initiator, retry)")
2672
2673 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2674 if ev is None:
2675 raise Exception("DPP authentication did not succeed (Initiator, retry)")
2676 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2677 if ev is None:
2678 raise Exception("DPP authentication did not succeed (Responder, retry)")
2679
2680 def test_dpp_pkex_code_mismatch_limit(dev, apdev):
2681 """DPP and PKEX with mismatching code limit"""
2682 check_dpp_capab(dev[0])
2683 check_dpp_capab(dev[1])
2684
2685 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
2686 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2687
2688 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2689 res = dev[0].request(cmd)
2690 if "FAIL" in res:
2691 raise Exception("Failed to set PKEX data (responder)")
2692 cmd = "DPP_LISTEN 2437"
2693 if "OK" not in dev[0].request(cmd):
2694 raise Exception("Failed to start listen operation")
2695
2696 for i in range(5):
2697 dev[0].dump_monitor()
2698 dev[1].dump_monitor()
2699 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=unknown" % id1
2700 res = dev[1].request(cmd)
2701 if "FAIL" in res:
2702 raise Exception("Failed to set PKEX data (initiator)")
2703
2704 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
2705 if ev is None:
2706 raise Exception("Failure not reported")
2707 if "possible PKEX code mismatch" not in ev:
2708 raise Exception("Unexpected result: " + ev)
2709
2710 ev = dev[0].wait_event(["DPP-PKEX-T-LIMIT"], timeout=1)
2711 if ev is None:
2712 raise Exception("PKEX t limit not reported")
2713
2714 def test_dpp_pkex_curve_mismatch(dev, apdev):
2715 """DPP and PKEX with mismatching curve"""
2716 check_dpp_capab(dev[0])
2717 check_dpp_capab(dev[1])
2718
2719 id0 = dev[0].dpp_bootstrap_gen(type="pkex", curve="P-256")
2720 id1 = dev[1].dpp_bootstrap_gen(type="pkex", curve="P-384")
2721
2722 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2723 res = dev[0].request(cmd)
2724 if "FAIL" in res:
2725 raise Exception("Failed to set PKEX data (responder)")
2726 cmd = "DPP_LISTEN 2437"
2727 if "OK" not in dev[0].request(cmd):
2728 raise Exception("Failed to start listen operation")
2729
2730 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
2731 res = dev[1].request(cmd)
2732 if "FAIL" in res:
2733 raise Exception("Failed to set PKEX data (initiator)")
2734
2735 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
2736 if ev is None:
2737 raise Exception("Failure not reported (dev 0)")
2738 if "Mismatching PKEX curve: peer=20 own=19" not in ev:
2739 raise Exception("Unexpected result: " + ev)
2740
2741 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
2742 if ev is None:
2743 raise Exception("Failure not reported (dev 1)")
2744 if "Peer indicated mismatching PKEX group - proposed 19" not in ev:
2745 raise Exception("Unexpected result: " + ev)
2746
2747 def test_dpp_pkex_curve_mismatch_failure(dev, apdev):
2748 """DPP and PKEX with mismatching curve (local failure)"""
2749 run_dpp_pkex_curve_mismatch_failure(dev, apdev, "=dpp_pkex_rx_exchange_req")
2750
2751 def test_dpp_pkex_curve_mismatch_failure2(dev, apdev):
2752 """DPP and PKEX with mismatching curve (local failure 2)"""
2753 run_dpp_pkex_curve_mismatch_failure(dev, apdev,
2754 "dpp_pkex_build_exchange_resp")
2755
2756 def run_dpp_pkex_curve_mismatch_failure(dev, apdev, func):
2757 check_dpp_capab(dev[0])
2758 check_dpp_capab(dev[1])
2759
2760 id0 = dev[0].dpp_bootstrap_gen(type="pkex", curve="P-256")
2761 id1 = dev[1].dpp_bootstrap_gen(type="pkex", curve="P-384")
2762
2763 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2764 res = dev[0].request(cmd)
2765 if "FAIL" in res:
2766 raise Exception("Failed to set PKEX data (responder)")
2767 cmd = "DPP_LISTEN 2437"
2768 if "OK" not in dev[0].request(cmd):
2769 raise Exception("Failed to start listen operation")
2770
2771 with alloc_fail(dev[0], 1, func):
2772 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
2773 res = dev[1].request(cmd)
2774 if "FAIL" in res:
2775 raise Exception("Failed to set PKEX data (initiator)")
2776
2777 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
2778 if ev is None:
2779 raise Exception("Failure not reported (dev 0)")
2780 if "Mismatching PKEX curve: peer=20 own=19" not in ev:
2781 raise Exception("Unexpected result: " + ev)
2782
2783 def test_dpp_pkex_exchange_resp_processing_failure(dev, apdev):
2784 """DPP and PKEX with local failure in processing Exchange Resp"""
2785 check_dpp_capab(dev[0])
2786 check_dpp_capab(dev[1])
2787
2788 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
2789 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2790
2791 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2792 res = dev[0].request(cmd)
2793 if "FAIL" in res:
2794 raise Exception("Failed to set PKEX data (responder)")
2795 cmd = "DPP_LISTEN 2437"
2796 if "OK" not in dev[0].request(cmd):
2797 raise Exception("Failed to start listen operation")
2798
2799 with fail_test(dev[1], 1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_resp"):
2800 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
2801 res = dev[1].request(cmd)
2802 if "FAIL" in res:
2803 raise Exception("Failed to set PKEX data (initiator)")
2804 wait_fail_trigger(dev[1], "GET_FAIL")
2805
2806 def test_dpp_pkex_commit_reveal_req_processing_failure(dev, apdev):
2807 """DPP and PKEX with local failure in processing Commit Reveal Req"""
2808 check_dpp_capab(dev[0])
2809 check_dpp_capab(dev[1])
2810
2811 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
2812 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2813
2814 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2815 res = dev[0].request(cmd)
2816 if "FAIL" in res:
2817 raise Exception("Failed to set PKEX data (responder)")
2818 cmd = "DPP_LISTEN 2437"
2819 if "OK" not in dev[0].request(cmd):
2820 raise Exception("Failed to start listen operation")
2821
2822 with alloc_fail(dev[0], 1,
2823 "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"):
2824 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
2825 res = dev[1].request(cmd)
2826 if "FAIL" in res:
2827 raise Exception("Failed to set PKEX data (initiator)")
2828 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
2829
2830 def test_dpp_pkex_config2(dev, apdev):
2831 """DPP and PKEX with responder as the configurator"""
2832 check_dpp_capab(dev[0])
2833
2834 cmd = "DPP_CONFIGURATOR_ADD"
2835 res = dev[0].request(cmd)
2836 if "FAIL" in res:
2837 raise Exception("Failed to add configurator")
2838 conf_id = int(res)
2839
2840 dev[0].set("dpp_configurator_params",
2841 " conf=sta-dpp configurator=%d" % conf_id)
2842 run_dpp_pkex2(dev, apdev)
2843
2844 def run_dpp_pkex2(dev, apdev, curve=None, init_extra=""):
2845 check_dpp_capab(dev[0])
2846 check_dpp_capab(dev[1])
2847
2848 id0 = dev[0].dpp_bootstrap_gen(type="pkex", curve=curve)
2849 id1 = dev[1].dpp_bootstrap_gen(type="pkex", curve=curve)
2850
2851 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2852 res = dev[0].request(cmd)
2853 if "FAIL" in res:
2854 raise Exception("Failed to set PKEX data (responder)")
2855 cmd = "DPP_LISTEN 2437 role=configurator"
2856 if "OK" not in dev[0].request(cmd):
2857 raise Exception("Failed to start listen operation")
2858
2859 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 role=enrollee %s code=secret" % (id1, init_extra)
2860 res = dev[1].request(cmd)
2861 if "FAIL" in res:
2862 raise Exception("Failed to set PKEX data (initiator)")
2863
2864 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2865 if ev is None:
2866 raise Exception("DPP authentication did not succeed (Initiator)")
2867 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2868 if ev is None:
2869 raise Exception("DPP authentication did not succeed (Responder)")
2870
2871 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
2872 if ev is None:
2873 raise Exception("DPP configuration not completed (Configurator)")
2874 ev = dev[1].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2875 if ev is None:
2876 raise Exception("DPP configuration not completed (Enrollee)")
2877
2878 def test_dpp_pkex_no_responder(dev, apdev):
2879 """DPP and PKEX with no responder (retry behavior)"""
2880 check_dpp_capab(dev[0])
2881
2882 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
2883
2884 cmd = "DPP_PKEX_ADD own=%d init=1 identifier=test code=secret" % (id0)
2885 res = dev[0].request(cmd)
2886 if "FAIL" in res:
2887 raise Exception("Failed to set PKEX data (initiator)")
2888
2889 for i in range(15):
2890 ev = dev[0].wait_event(["DPP-TX ", "DPP-FAIL"], timeout=5)
2891 if ev is None:
2892 raise Exception("DPP PKEX failure not reported")
2893 if "DPP-FAIL" not in ev:
2894 continue
2895 if "No response from PKEX peer" not in ev:
2896 raise Exception("Unexpected failure reason: " + ev)
2897 break
2898
2899 def test_dpp_pkex_after_retry(dev, apdev):
2900 """DPP and PKEX completing after retry"""
2901 check_dpp_capab(dev[0])
2902
2903 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
2904
2905 cmd = "DPP_PKEX_ADD own=%d init=1 identifier=test code=secret" % (id0)
2906 res = dev[0].request(cmd)
2907 if "FAIL" in res:
2908 raise Exception("Failed to set PKEX data (initiator)")
2909
2910 time.sleep(0.1)
2911 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
2912
2913 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id1)
2914 res = dev[1].request(cmd)
2915 if "FAIL" in res:
2916 raise Exception("Failed to set PKEX data (responder)")
2917 cmd = "DPP_LISTEN 2437"
2918 if "OK" not in dev[1].request(cmd):
2919 raise Exception("Failed to start listen operation")
2920
2921 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=10)
2922 if ev is None:
2923 raise Exception("DPP authentication did not succeed (Responder)")
2924 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2925 if ev is None:
2926 raise Exception("DPP authentication did not succeed (Initiator)")
2927 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
2928 if ev is None:
2929 raise Exception("DPP configuration not completed (Configurator)")
2930 # Ignore Enrollee result since configurator was not set here
2931
2932 def test_dpp_pkex_hostapd_responder(dev, apdev):
2933 """DPP PKEX with hostapd as responder"""
2934 check_dpp_capab(dev[0])
2935 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
2936 "channel": "6" })
2937 check_dpp_capab(hapd)
2938
2939 id_h = hapd.dpp_bootstrap_gen(type="pkex")
2940
2941 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id_h)
2942 res = hapd.request(cmd)
2943 if "FAIL" in res:
2944 raise Exception("Failed to set PKEX data (responder/hostapd)")
2945
2946 cmd = "DPP_CONFIGURATOR_ADD"
2947 res = dev[0].request(cmd)
2948 if "FAIL" in res:
2949 raise Exception("Failed to add configurator")
2950 conf_id = int(res)
2951
2952 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
2953
2954 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=ap-dpp configurator=%d code=secret" % (id0, conf_id)
2955 res = dev[0].request(cmd)
2956 if "FAIL" in res:
2957 raise Exception("Failed to set PKEX data (initiator/wpa_supplicant)")
2958
2959 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2960 if ev is None:
2961 raise Exception("DPP authentication did not succeed (Initiator)")
2962 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
2963 if ev is None:
2964 raise Exception("DPP authentication did not succeed (Responder)")
2965 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
2966 if ev is None:
2967 raise Exception("DPP configuration not completed (Configurator)")
2968 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
2969 if ev is None:
2970 raise Exception("DPP configuration not completed (Enrollee)")
2971 dev[0].request("DPP_STOP_LISTEN")
2972 dev[0].dump_monitor()
2973
2974 def test_dpp_pkex_hostapd_initiator(dev, apdev):
2975 """DPP PKEX with hostapd as initiator"""
2976 check_dpp_capab(dev[0])
2977 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
2978 "channel": "6" })
2979 check_dpp_capab(hapd)
2980
2981 cmd = "DPP_CONFIGURATOR_ADD"
2982 res = dev[0].request(cmd)
2983 if "FAIL" in res:
2984 raise Exception("Failed to add configurator")
2985 conf_id = int(res)
2986
2987 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
2988
2989 dev[0].set("dpp_configurator_params",
2990 " conf=ap-dpp configurator=%d" % conf_id)
2991
2992 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
2993 res = dev[0].request(cmd)
2994 if "FAIL" in res:
2995 raise Exception("Failed to set PKEX data (responder/wpa_supplicant)")
2996
2997 cmd = "DPP_LISTEN 2437 role=configurator"
2998 if "OK" not in dev[0].request(cmd):
2999 raise Exception("Failed to start listen operation")
3000
3001 id_h = hapd.dpp_bootstrap_gen(type="pkex")
3002
3003 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 role=enrollee code=secret" % (id_h)
3004 res = hapd.request(cmd)
3005 if "FAIL" in res:
3006 raise Exception("Failed to set PKEX data (initiator/hostapd)")
3007
3008 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3009 if ev is None:
3010 raise Exception("DPP authentication did not succeed (Initiator)")
3011 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3012 if ev is None:
3013 raise Exception("DPP authentication did not succeed (Responder)")
3014 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
3015 if ev is None:
3016 raise Exception("DPP configuration not completed (Configurator)")
3017 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3018 if ev is None:
3019 raise Exception("DPP configuration not completed (Enrollee)")
3020 dev[0].request("DPP_STOP_LISTEN")
3021 dev[0].dump_monitor()
3022
3023 def test_dpp_hostapd_configurator(dev, apdev):
3024 """DPP with hostapd as configurator/initiator"""
3025 check_dpp_capab(dev[0])
3026 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
3027 "channel": "1" })
3028 check_dpp_capab(hapd)
3029
3030 cmd = "DPP_CONFIGURATOR_ADD"
3031 res = hapd.request(cmd)
3032 if "FAIL" in res:
3033 raise Exception("Failed to add configurator")
3034 conf_id = int(res)
3035
3036 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3037 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3038
3039 id1 = hapd.dpp_qr_code(uri0)
3040
3041 res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id0)
3042 if "FAIL" in res:
3043 raise Exception("DPP_BOOTSTRAP_INFO failed")
3044 if "type=QRCODE" not in res:
3045 raise Exception("DPP_BOOTSTRAP_INFO did not report correct type")
3046 if "mac_addr=" + dev[0].own_addr() not in res:
3047 raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr")
3048
3049 cmd = "DPP_LISTEN 2412"
3050 if "OK" not in dev[0].request(cmd):
3051 raise Exception("Failed to start listen operation")
3052 cmd = "DPP_AUTH_INIT peer=%d configurator=%d conf=sta-dpp" % (id1, conf_id)
3053 if "OK" not in hapd.request(cmd):
3054 raise Exception("Failed to initiate DPP Authentication")
3055
3056 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3057 if ev is None:
3058 raise Exception("DPP authentication did not succeed (Responder)")
3059 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3060 if ev is None:
3061 raise Exception("DPP authentication did not succeed (Initiator)")
3062 ev = hapd.wait_event(["DPP-CONF-SENT"], timeout=5)
3063 if ev is None:
3064 raise Exception("DPP configuration not completed (Configurator)")
3065 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3066 if ev is None:
3067 raise Exception("DPP configuration not completed (Enrollee)")
3068 dev[0].request("DPP_STOP_LISTEN")
3069 dev[0].dump_monitor()
3070
3071 def test_dpp_hostapd_configurator_responder(dev, apdev):
3072 """DPP with hostapd as configurator/responder"""
3073 check_dpp_capab(dev[0])
3074 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured",
3075 "channel": "1" })
3076 check_dpp_capab(hapd)
3077
3078 cmd = "DPP_CONFIGURATOR_ADD"
3079 res = hapd.request(cmd)
3080 if "FAIL" in res:
3081 raise Exception("Failed to add configurator")
3082 conf_id = int(res)
3083
3084 hapd.set("dpp_configurator_params",
3085 " conf=sta-dpp configurator=%d" % conf_id)
3086
3087 id0 = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
3088 uri0 = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3089
3090 id1 = dev[0].dpp_qr_code(uri0)
3091
3092 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % (id1)
3093 if "OK" not in dev[0].request(cmd):
3094 raise Exception("Failed to initiate DPP Authentication")
3095
3096 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3097 if ev is None:
3098 raise Exception("DPP authentication did not succeed (Responder)")
3099 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3100 if ev is None:
3101 raise Exception("DPP authentication did not succeed (Initiator)")
3102 ev = hapd.wait_event(["DPP-CONF-SENT"], timeout=5)
3103 if ev is None:
3104 raise Exception("DPP configuration not completed (Configurator)")
3105 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3106 if ev is None:
3107 raise Exception("DPP configuration not completed (Enrollee)")
3108 dev[0].request("DPP_STOP_LISTEN")
3109 dev[0].dump_monitor()
3110
3111 def test_dpp_own_config(dev, apdev):
3112 """DPP configurator signing own connector"""
3113 try:
3114 run_dpp_own_config(dev, apdev)
3115 finally:
3116 dev[0].set("dpp_config_processing", "0")
3117
3118 def test_dpp_own_config_group_id(dev, apdev):
3119 """DPP configurator signing own connector"""
3120 try:
3121 run_dpp_own_config(dev, apdev, extra=" group_id=test-group")
3122 finally:
3123 dev[0].set("dpp_config_processing", "0")
3124
3125 def test_dpp_own_config_curve_mismatch(dev, apdev):
3126 """DPP configurator signing own connector using mismatching curve"""
3127 try:
3128 run_dpp_own_config(dev, apdev, own_curve="BP-384", expect_failure=True)
3129 finally:
3130 dev[0].set("dpp_config_processing", "0")
3131
3132 def run_dpp_own_config(dev, apdev, own_curve=None, expect_failure=False,
3133 extra=""):
3134 check_dpp_capab(dev[0], own_curve and "BP" in own_curve)
3135 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
3136 check_dpp_capab(hapd)
3137
3138 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
3139 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
3140
3141 cmd = "DPP_CONFIGURATOR_ADD"
3142 res = dev[0].request(cmd)
3143 if "FAIL" in res:
3144 raise Exception("Failed to add configurator")
3145 conf_id = int(res)
3146
3147 id = dev[0].dpp_qr_code(uri)
3148
3149 cmd = "DPP_AUTH_INIT peer=%d conf=ap-dpp configurator=%d%s" % (id, conf_id, extra)
3150 if "OK" not in dev[0].request(cmd):
3151 raise Exception("Failed to initiate DPP Authentication")
3152 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3153 if ev is None:
3154 raise Exception("DPP authentication did not succeed (Responder)")
3155 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3156 if ev is None:
3157 raise Exception("DPP authentication did not succeed (Initiator)")
3158 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5)
3159 if ev is None:
3160 raise Exception("DPP configuration not completed (Configurator)")
3161 ev = hapd.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3162 if ev is None:
3163 raise Exception("DPP configuration not completed (Enrollee)")
3164
3165 update_hapd_config(hapd)
3166
3167 dev[0].set("dpp_config_processing", "1")
3168 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d%s" % (conf_id, extra)
3169 if own_curve:
3170 cmd += " curve=" + own_curve
3171 res = dev[0].request(cmd)
3172 if "FAIL" in res:
3173 raise Exception("Failed to generate own configuration")
3174
3175 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
3176 if ev is None:
3177 raise Exception("DPP network profile not generated")
3178 id = ev.split(' ')[1]
3179 dev[0].select_network(id, freq="2412")
3180 if expect_failure:
3181 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1)
3182 if ev is not None:
3183 raise Exception("Unexpected connection")
3184 dev[0].request("DISCONNECT")
3185 else:
3186 dev[0].wait_connected()
3187
3188 def test_dpp_own_config_ap(dev, apdev):
3189 """DPP configurator (AP) signing own connector"""
3190 try:
3191 run_dpp_own_config_ap(dev, apdev)
3192 finally:
3193 dev[0].set("dpp_config_processing", "0")
3194
3195 def test_dpp_own_config_ap_group_id(dev, apdev):
3196 """DPP configurator (AP) signing own connector (group_id)"""
3197 try:
3198 run_dpp_own_config_ap(dev, apdev, extra=" group_id=test-group")
3199 finally:
3200 dev[0].set("dpp_config_processing", "0")
3201
3202 def test_dpp_own_config_ap_reconf(dev, apdev):
3203 """DPP configurator (AP) signing own connector and configurator reconf"""
3204 try:
3205 run_dpp_own_config_ap(dev, apdev)
3206 finally:
3207 dev[0].set("dpp_config_processing", "0")
3208
3209 def run_dpp_own_config_ap(dev, apdev, reconf_configurator=False, extra=""):
3210 check_dpp_capab(dev[0])
3211 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
3212 check_dpp_capab(hapd)
3213
3214 cmd = "DPP_CONFIGURATOR_ADD"
3215 res = hapd.request(cmd)
3216 if "FAIL" in res:
3217 raise Exception("Failed to add configurator")
3218 conf_id = int(res)
3219
3220 if reconf_configurator:
3221 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
3222 if "FAIL" in csign or len(csign) == 0:
3223 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
3224
3225 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d%s" % (conf_id, extra)
3226 res = hapd.request(cmd)
3227 if "FAIL" in res:
3228 raise Exception("Failed to generate own configuration")
3229 update_hapd_config(hapd)
3230
3231 if reconf_configurator:
3232 res = hapd.request("DPP_CONFIGURATOR_REMOVE %d" % conf_id)
3233 if "OK" not in res:
3234 raise Exception("DPP_CONFIGURATOR_REMOVE failed")
3235 cmd = "DPP_CONFIGURATOR_ADD key=" + csign
3236 res = hapd.request(cmd)
3237 if "FAIL" in res:
3238 raise Exception("Failed to add configurator (reconf)")
3239 conf_id = int(res)
3240
3241 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3242 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
3243
3244 id = hapd.dpp_qr_code(uri)
3245
3246 dev[0].set("dpp_config_processing", "2")
3247 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
3248 raise Exception("Failed to start listen operation")
3249 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d%s" % (id, conf_id, extra)
3250 if "OK" not in hapd.request(cmd):
3251 raise Exception("Failed to initiate DPP Authentication")
3252 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3253 if ev is None:
3254 raise Exception("DPP authentication did not succeed (Initiator)")
3255 ev = hapd.wait_event(["DPP-CONF-SENT"], timeout=5)
3256 if ev is None:
3257 raise Exception("DPP configuration not completed (Configurator)")
3258 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
3259 if ev is None:
3260 raise Exception("DPP configuration not completed (Enrollee)")
3261 if "DPP-CONF-RECEIVED" not in ev:
3262 raise Exception("DPP configuration failed (Enrollee)")
3263
3264 dev[0].wait_connected()
3265
3266 def test_dpp_intro_mismatch(dev, apdev):
3267 """DPP network introduction mismatch cases"""
3268 try:
3269 wpas = None
3270 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
3271 wpas.interface_add("wlan5")
3272 check_dpp_capab(wpas)
3273 run_dpp_intro_mismatch(dev, apdev, wpas)
3274 finally:
3275 dev[0].set("dpp_config_processing", "0")
3276 dev[2].set("dpp_config_processing", "0")
3277 if wpas:
3278 wpas.set("dpp_config_processing", "0")
3279
3280 def run_dpp_intro_mismatch(dev, apdev, wpas):
3281 check_dpp_capab(dev[0])
3282 check_dpp_capab(dev[1])
3283 check_dpp_capab(dev[2])
3284
3285 logger.info("Start AP in unconfigured state")
3286 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
3287 check_dpp_capab(hapd)
3288
3289 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True)
3290 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h)
3291
3292 logger.info("Provision AP with DPP configuration")
3293 res = dev[1].request("DPP_CONFIGURATOR_ADD")
3294 if "FAIL" in res:
3295 raise Exception("Failed to add configurator")
3296 conf_id = int(res)
3297
3298 id = dev[1].dpp_qr_code(uri)
3299
3300 dev[1].set("dpp_groups_override", '[{"groupId":"a","netRole":"ap"}]')
3301 cmd = "DPP_AUTH_INIT peer=%d conf=ap-dpp configurator=%d" % (id, conf_id)
3302 if "OK" not in dev[1].request(cmd):
3303 raise Exception("Failed to initiate DPP Authentication")
3304 update_hapd_config(hapd)
3305
3306 logger.info("Provision STA0 with DPP Connector that has mismatching groupId")
3307 dev[0].set("dpp_config_processing", "2")
3308 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
3309 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3310
3311 id1 = dev[1].dpp_qr_code(uri0)
3312
3313 cmd = "DPP_LISTEN 2412"
3314 if "OK" not in dev[0].request(cmd):
3315 raise Exception("Failed to start listen operation")
3316
3317 dev[1].set("dpp_groups_override", '[{"groupId":"b","netRole":"sta"}]')
3318 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
3319 if "OK" not in dev[1].request(cmd):
3320 raise Exception("Failed to initiate DPP Authentication")
3321 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
3322 if ev is None:
3323 raise Exception("DPP configuration not completed (Configurator for STA0)")
3324 ev = dev[0].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3325 if ev is None:
3326 raise Exception("DPP configuration not completed (Enrollee STA0)")
3327
3328 logger.info("Provision STA2 with DPP Connector that has mismatching C-sign-key")
3329 dev[2].set("dpp_config_processing", "2")
3330 id2 = dev[2].dpp_bootstrap_gen(chan="81/1", mac=True)
3331 uri2 = dev[2].request("DPP_BOOTSTRAP_GET_URI %d" % id2)
3332
3333 id1 = dev[1].dpp_qr_code(uri2)
3334
3335 cmd = "DPP_LISTEN 2412"
3336 if "OK" not in dev[2].request(cmd):
3337 raise Exception("Failed to start listen operation")
3338
3339 res = dev[1].request("DPP_CONFIGURATOR_ADD")
3340 if "FAIL" in res:
3341 raise Exception("Failed to add configurator")
3342 conf_id_2 = int(res)
3343 dev[1].set("dpp_groups_override", '')
3344 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id_2)
3345 if "OK" not in dev[1].request(cmd):
3346 raise Exception("Failed to initiate DPP Authentication")
3347 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
3348 if ev is None:
3349 raise Exception("DPP configuration not completed (Configurator for STA2)")
3350 ev = dev[2].wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3351 if ev is None:
3352 raise Exception("DPP configuration not completed (Enrollee STA2)")
3353
3354 logger.info("Provision STA5 with DPP Connector that has mismatching netAccessKey EC group")
3355 wpas.set("dpp_config_processing", "2")
3356 id5 = wpas.dpp_bootstrap_gen(chan="81/1", mac=True, curve="P-521")
3357 uri5 = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id5)
3358
3359 id1 = dev[1].dpp_qr_code(uri5)
3360
3361 cmd = "DPP_LISTEN 2412"
3362 if "OK" not in wpas.request(cmd):
3363 raise Exception("Failed to start listen operation")
3364
3365 dev[1].set("dpp_groups_override", '')
3366 cmd = "DPP_AUTH_INIT peer=%d conf=sta-dpp configurator=%d" % (id1, conf_id)
3367 if "OK" not in dev[1].request(cmd):
3368 raise Exception("Failed to initiate DPP Authentication")
3369 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5)
3370 if ev is None:
3371 raise Exception("DPP configuration not completed (Configurator for STA0)")
3372 ev = wpas.wait_event(["DPP-CONF-RECEIVED"], timeout=5)
3373 if ev is None:
3374 raise Exception("DPP configuration not completed (Enrollee STA5)")
3375
3376 logger.info("Verify network introduction results")
3377 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
3378 if ev is None:
3379 raise Exception("DPP network introduction result not seen on STA0")
3380 if "status=8" not in ev:
3381 raise Exception("Unexpected network introduction result on STA0: " + ev)
3382
3383 ev = dev[2].wait_event(["DPP-INTRO"], timeout=5)
3384 if ev is None:
3385 raise Exception("DPP network introduction result not seen on STA2")
3386 if "status=8" not in ev:
3387 raise Exception("Unexpected network introduction result on STA2: " + ev)
3388
3389 ev = wpas.wait_event(["DPP-INTRO"], timeout=10)
3390 if ev is None:
3391 raise Exception("DPP network introduction result not seen on STA5")
3392 if "status=7" not in ev:
3393 raise Exception("Unexpected network introduction result on STA5: " + ev)
3394
3395 def run_dpp_proto_init(dev, test_dev, test, mutual=False, unicast=True,
3396 listen=True, chan="81/1", init_enrollee=False,
3397 incompatible_roles=False):
3398 check_dpp_capab(dev[0])
3399 check_dpp_capab(dev[1])
3400 dev[test_dev].set("dpp_test", str(test))
3401
3402 cmd = "DPP_CONFIGURATOR_ADD"
3403 if init_enrollee:
3404 res = dev[0].request(cmd)
3405 else:
3406 res = dev[1].request(cmd)
3407 if "FAIL" in res:
3408 raise Exception("Failed to add configurator")
3409 conf_id = int(res)
3410
3411 id0 = dev[0].dpp_bootstrap_gen(chan=chan, mac=unicast)
3412 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
3413
3414 id1 = dev[1].dpp_qr_code(uri0)
3415
3416 if mutual:
3417 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True)
3418 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b)
3419
3420 id0b = dev[0].dpp_qr_code(uri1b)
3421
3422 cmd = "DPP_LISTEN 2412 qr=mutual"
3423 else:
3424 cmd = "DPP_LISTEN 2412"
3425
3426 if init_enrollee:
3427 if incompatible_roles:
3428 cmd += " role=enrollee"
3429 else:
3430 cmd += " role=configurator"
3431 dev[0].set("dpp_configurator_params",
3432 " conf=sta-dpp configurator=%d" % conf_id)
3433 elif incompatible_roles:
3434 cmd += " role=enrollee"
3435
3436 if listen:
3437 if "OK" not in dev[0].request(cmd):
3438 raise Exception("Failed to start listen operation")
3439
3440 if init_enrollee:
3441 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % (id1)
3442 else:
3443 cmd = "DPP_AUTH_INIT peer=%d configurator=%d conf=sta-dpp" % (id1, conf_id)
3444 if incompatible_roles:
3445 cmd += " role=enrollee"
3446 if mutual:
3447 cmd += " own=%d" % id1b
3448 if "OK" not in dev[1].request(cmd):
3449 raise Exception("Failed to initiate DPP Authentication")
3450
3451 def test_dpp_proto_after_wrapped_data_auth_req(dev, apdev):
3452 """DPP protocol testing - attribute after Wrapped Data in Auth Req"""
3453 run_dpp_proto_init(dev, 1, 1)
3454 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3455 if ev is None:
3456 raise Exception("DPP Authentication Request not seen")
3457 if "type=0" not in ev or "ignore=invalid-attributes" not in ev:
3458 raise Exception("Unexpected RX info: " + ev)
3459 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
3460 if ev is not None:
3461 raise Exception("Unexpected DPP message seen")
3462
3463 def test_dpp_auth_req_stop_after_ack(dev, apdev):
3464 """DPP initiator stopping after ACK, but no response"""
3465 run_dpp_proto_init(dev, 1, 1, listen=True)
3466 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3467 if ev is None:
3468 raise Exception("Authentication failure not reported")
3469
3470 def test_dpp_auth_req_retries(dev, apdev):
3471 """DPP initiator retries with no ACK"""
3472 check_dpp_capab(dev[1])
3473 dev[1].set("dpp_init_max_tries", "3")
3474 dev[1].set("dpp_init_retry_time", "1000")
3475 dev[1].set("dpp_resp_wait_time", "100")
3476 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False)
3477
3478 for i in range(3):
3479 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3480 if ev is None:
3481 raise Exception("Auth Req not sent (%d)" % i)
3482
3483 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3484 if ev is None:
3485 raise Exception("Authentication failure not reported")
3486
3487 def test_dpp_auth_req_retries_multi_chan(dev, apdev):
3488 """DPP initiator retries with no ACK and multiple channels"""
3489 check_dpp_capab(dev[1])
3490 dev[1].set("dpp_init_max_tries", "3")
3491 dev[1].set("dpp_init_retry_time", "1000")
3492 dev[1].set("dpp_resp_wait_time", "100")
3493 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False,
3494 chan="81/1,81/6,81/11")
3495
3496 for i in range(3 * 3):
3497 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3498 if ev is None:
3499 raise Exception("Auth Req not sent (%d)" % i)
3500
3501 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3502 if ev is None:
3503 raise Exception("Authentication failure not reported")
3504
3505 def test_dpp_proto_after_wrapped_data_auth_resp(dev, apdev):
3506 """DPP protocol testing - attribute after Wrapped Data in Auth Resp"""
3507 run_dpp_proto_init(dev, 0, 2)
3508 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
3509 if ev is None:
3510 raise Exception("DPP Authentication Response not seen")
3511 if "type=1" not in ev or "ignore=invalid-attributes" not in ev:
3512 raise Exception("Unexpected RX info: " + ev)
3513 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
3514 if ev is None or "type=0" not in ev:
3515 raise Exception("DPP Authentication Request not seen")
3516 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
3517 if ev is not None:
3518 raise Exception("Unexpected DPP message seen")
3519
3520 def test_dpp_proto_after_wrapped_data_auth_conf(dev, apdev):
3521 """DPP protocol testing - attribute after Wrapped Data in Auth Conf"""
3522 run_dpp_proto_init(dev, 1, 3)
3523 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3524 if ev is None or "type=0" not in ev:
3525 raise Exception("DPP Authentication Request not seen")
3526 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
3527 if ev is None:
3528 raise Exception("DPP Authentication Confirm not seen")
3529 if "type=2" not in ev or "ignore=invalid-attributes" not in ev:
3530 raise Exception("Unexpected RX info: " + ev)
3531
3532 def test_dpp_proto_after_wrapped_data_conf_req(dev, apdev):
3533 """DPP protocol testing - attribute after Wrapped Data in Conf Req"""
3534 run_dpp_proto_init(dev, 0, 6)
3535 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=10)
3536 if ev is None:
3537 raise Exception("DPP Configuration failure not seen")
3538
3539 def test_dpp_proto_after_wrapped_data_conf_resp(dev, apdev):
3540 """DPP protocol testing - attribute after Wrapped Data in Conf Resp"""
3541 run_dpp_proto_init(dev, 1, 7)
3542 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=10)
3543 if ev is None:
3544 raise Exception("DPP Configuration failure not seen")
3545
3546 def test_dpp_proto_zero_i_capab(dev, apdev):
3547 """DPP protocol testing - zero I-capability in Auth Req"""
3548 run_dpp_proto_init(dev, 1, 8)
3549 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3550 if ev is None:
3551 raise Exception("DPP failure not seen")
3552 if "Invalid role in I-capabilities 0x00" not in ev:
3553 raise Exception("Unexpected failure: " + ev)
3554 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
3555 if ev is not None:
3556 raise Exception("Unexpected DPP message seen")
3557
3558 def test_dpp_proto_zero_r_capab(dev, apdev):
3559 """DPP protocol testing - zero R-capability in Auth Resp"""
3560 run_dpp_proto_init(dev, 0, 9)
3561 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
3562 if ev is None:
3563 raise Exception("DPP failure not seen")
3564 if "Unexpected role in R-capabilities 0x00" not in ev:
3565 raise Exception("Unexpected failure: " + ev)
3566 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
3567 if ev is None or "type=0" not in ev:
3568 raise Exception("DPP Authentication Request not seen")
3569 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
3570 if ev is not None:
3571 raise Exception("Unexpected DPP message seen")
3572
3573 def run_dpp_proto_auth_req_missing(dev, test, reason, mutual=False):
3574 run_dpp_proto_init(dev, 1, test, mutual=mutual)
3575 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3576 if ev is None:
3577 raise Exception("DPP failure not seen")
3578 if reason not in ev:
3579 raise Exception("Unexpected failure: " + ev)
3580 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1)
3581 if ev is not None:
3582 raise Exception("Unexpected DPP message seen")
3583
3584 def test_dpp_proto_auth_req_no_r_bootstrap_key(dev, apdev):
3585 """DPP protocol testing - no R-bootstrap key in Auth Req"""
3586 run_dpp_proto_auth_req_missing(dev, 10, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
3587
3588 def test_dpp_proto_auth_req_invalid_r_bootstrap_key(dev, apdev):
3589 """DPP protocol testing - invalid R-bootstrap key in Auth Req"""
3590 run_dpp_proto_auth_req_missing(dev, 68, "No matching own bootstrapping key found - ignore message")
3591
3592 def test_dpp_proto_auth_req_no_i_bootstrap_key(dev, apdev):
3593 """DPP protocol testing - no I-bootstrap key in Auth Req"""
3594 run_dpp_proto_auth_req_missing(dev, 11, "Missing or invalid required Initiator Bootstrapping Key Hash attribute")
3595
3596 def test_dpp_proto_auth_req_invalid_i_bootstrap_key(dev, apdev):
3597 """DPP protocol testing - invalid I-bootstrap key in Auth Req"""
3598 run_dpp_proto_init(dev, 1, 69, mutual=True)
3599 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5)
3600 if ev is None:
3601 raise Exception("DPP scan request not seen")
3602 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5)
3603 if ev is None:
3604 raise Exception("DPP response pending indivation not seen")
3605
3606 def test_dpp_proto_auth_req_no_i_proto_key(dev, apdev):
3607 """DPP protocol testing - no I-proto key in Auth Req"""
3608 run_dpp_proto_auth_req_missing(dev, 12, "Missing required Initiator Protocol Key attribute")
3609
3610 def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev):
3611 """DPP protocol testing - invalid I-proto key in Auth Req"""
3612 run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key")
3613
3614 def test_dpp_proto_auth_req_no_i_nonce(dev, apdev):
3615 """DPP protocol testing - no I-nonce in Auth Req"""
3616 run_dpp_proto_auth_req_missing(dev, 13, "Missing or invalid I-nonce")
3617
3618 def test_dpp_proto_auth_req_invalid_i_nonce(dev, apdev):
3619 """DPP protocol testing - invalid I-nonce in Auth Req"""
3620 run_dpp_proto_auth_req_missing(dev, 81, "Missing or invalid I-nonce")
3621
3622 def test_dpp_proto_auth_req_no_i_capab(dev, apdev):
3623 """DPP protocol testing - no I-capab in Auth Req"""
3624 run_dpp_proto_auth_req_missing(dev, 14, "Missing or invalid I-capab")
3625
3626 def test_dpp_proto_auth_req_no_wrapped_data(dev, apdev):
3627 """DPP protocol testing - no Wrapped Data in Auth Req"""
3628 run_dpp_proto_auth_req_missing(dev, 15, "Missing or invalid required Wrapped Data attribute")
3629
3630 def run_dpp_proto_auth_resp_missing(dev, test, reason,
3631 incompatible_roles=False):
3632 run_dpp_proto_init(dev, 0, test, mutual=True,
3633 incompatible_roles=incompatible_roles)
3634 if reason is None:
3635 time.sleep(0.1)
3636 return
3637 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
3638 if ev is None:
3639 raise Exception("DPP failure not seen")
3640 if reason not in ev:
3641 raise Exception("Unexpected failure: " + ev)
3642 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
3643 if ev is None or "type=0" not in ev:
3644 raise Exception("DPP Authentication Request not seen")
3645 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
3646 if ev is not None:
3647 raise Exception("Unexpected DPP message seen")
3648
3649 def test_dpp_proto_auth_resp_no_status(dev, apdev):
3650 """DPP protocol testing - no Status in Auth Resp"""
3651 run_dpp_proto_auth_resp_missing(dev, 16, "Missing or invalid required DPP Status attribute")
3652
3653 def test_dpp_proto_auth_resp_status_no_status(dev, apdev):
3654 """DPP protocol testing - no Status in Auth Resp(status)"""
3655 run_dpp_proto_auth_resp_missing(dev, 16,
3656 "Missing or invalid required DPP Status attribute",
3657 incompatible_roles=True)
3658
3659 def test_dpp_proto_auth_resp_invalid_status(dev, apdev):
3660 """DPP protocol testing - invalid Status in Auth Resp"""
3661 run_dpp_proto_auth_resp_missing(dev, 74, "Responder reported failure")
3662
3663 def test_dpp_proto_auth_resp_no_r_bootstrap_key(dev, apdev):
3664 """DPP protocol testing - no R-bootstrap key in Auth Resp"""
3665 run_dpp_proto_auth_resp_missing(dev, 17, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
3666
3667 def test_dpp_proto_auth_resp_status_no_r_bootstrap_key(dev, apdev):
3668 """DPP protocol testing - no R-bootstrap key in Auth Resp(status)"""
3669 run_dpp_proto_auth_resp_missing(dev, 17,
3670 "Missing or invalid required Responder Bootstrapping Key Hash attribute",
3671 incompatible_roles=True)
3672
3673 def test_dpp_proto_auth_resp_invalid_r_bootstrap_key(dev, apdev):
3674 """DPP protocol testing - invalid R-bootstrap key in Auth Resp"""
3675 run_dpp_proto_auth_resp_missing(dev, 70, "Unexpected Responder Bootstrapping Key Hash value")
3676
3677 def test_dpp_proto_auth_resp_status_invalid_r_bootstrap_key(dev, apdev):
3678 """DPP protocol testing - invalid R-bootstrap key in Auth Resp(status)"""
3679 run_dpp_proto_auth_resp_missing(dev, 70,
3680 "Unexpected Responder Bootstrapping Key Hash value",
3681 incompatible_roles=True)
3682
3683 def test_dpp_proto_auth_resp_no_i_bootstrap_key(dev, apdev):
3684 """DPP protocol testing - no I-bootstrap key in Auth Resp"""
3685 run_dpp_proto_auth_resp_missing(dev, 18, None)
3686
3687 def test_dpp_proto_auth_resp_status_no_i_bootstrap_key(dev, apdev):
3688 """DPP protocol testing - no I-bootstrap key in Auth Resp(status)"""
3689 run_dpp_proto_auth_resp_missing(dev, 18, None, incompatible_roles=True)
3690
3691 def test_dpp_proto_auth_resp_invalid_i_bootstrap_key(dev, apdev):
3692 """DPP protocol testing - invalid I-bootstrap key in Auth Resp"""
3693 run_dpp_proto_auth_resp_missing(dev, 71, "Initiator Bootstrapping Key Hash attribute did not match")
3694
3695 def test_dpp_proto_auth_resp_status_invalid_i_bootstrap_key(dev, apdev):
3696 """DPP protocol testing - invalid I-bootstrap key in Auth Resp(status)"""
3697 run_dpp_proto_auth_resp_missing(dev, 71,
3698 "Initiator Bootstrapping Key Hash attribute did not match",
3699 incompatible_roles=True)
3700
3701 def test_dpp_proto_auth_resp_no_r_proto_key(dev, apdev):
3702 """DPP protocol testing - no R-Proto Key in Auth Resp"""
3703 run_dpp_proto_auth_resp_missing(dev, 19, "Missing required Responder Protocol Key attribute")
3704
3705 def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev):
3706 """DPP protocol testing - invalid R-Proto Key in Auth Resp"""
3707 run_dpp_proto_auth_resp_missing(dev, 67, "Invalid Responder Protocol Key")
3708
3709 def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev):
3710 """DPP protocol testing - no R-nonce in Auth Resp"""
3711 run_dpp_proto_auth_resp_missing(dev, 20, "Missing or invalid R-nonce")
3712
3713 def test_dpp_proto_auth_resp_no_i_nonce(dev, apdev):
3714 """DPP protocol testing - no I-nonce in Auth Resp"""
3715 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce")
3716
3717 def test_dpp_proto_auth_resp_status_no_i_nonce(dev, apdev):
3718 """DPP protocol testing - no I-nonce in Auth Resp(status)"""
3719 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce",
3720 incompatible_roles=True)
3721
3722 def test_dpp_proto_auth_resp_no_r_capab(dev, apdev):
3723 """DPP protocol testing - no R-capab in Auth Resp"""
3724 run_dpp_proto_auth_resp_missing(dev, 22, "Missing or invalid R-capabilities")
3725
3726 def test_dpp_proto_auth_resp_no_r_auth(dev, apdev):
3727 """DPP protocol testing - no R-auth in Auth Resp"""
3728 run_dpp_proto_auth_resp_missing(dev, 23, "Missing or invalid Secondary Wrapped Data")
3729
3730 def test_dpp_proto_auth_resp_no_wrapped_data(dev, apdev):
3731 """DPP protocol testing - no Wrapped Data in Auth Resp"""
3732 run_dpp_proto_auth_resp_missing(dev, 24, "Missing or invalid required Wrapped Data attribute")
3733
3734 def test_dpp_proto_auth_resp_i_nonce_mismatch(dev, apdev):
3735 """DPP protocol testing - I-nonce mismatch in Auth Resp"""
3736 run_dpp_proto_init(dev, 0, 30, mutual=True)
3737 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
3738 if ev is None:
3739 raise Exception("DPP failure not seen")
3740 if "I-nonce mismatch" not in ev:
3741 raise Exception("Unexpected failure: " + ev)
3742 ev = dev[0].wait_event(["DPP-RX"], timeout=1)
3743 if ev is None or "type=0" not in ev:
3744 raise Exception("DPP Authentication Request not seen")
3745 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1)
3746 if ev is not None:
3747 raise Exception("Unexpected DPP message seen")
3748
3749 def test_dpp_proto_auth_resp_incompatible_r_capab(dev, apdev):
3750 """DPP protocol testing - Incompatible R-capab in Auth Resp"""
3751 run_dpp_proto_init(dev, 0, 31, mutual=True)
3752 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
3753 if ev is None:
3754 raise Exception("DPP failure not seen")
3755 if "Unexpected role in R-capabilities 0x02" not in ev:
3756 raise Exception("Unexpected failure: " + ev)
3757 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3758 if ev is None:
3759 raise Exception("DPP failure not seen")
3760 if "Peer reported incompatible R-capab role" not in ev:
3761 raise Exception("Unexpected failure: " + ev)
3762
3763 def test_dpp_proto_auth_resp_r_auth_mismatch(dev, apdev):
3764 """DPP protocol testing - R-auth mismatch in Auth Resp"""
3765 run_dpp_proto_init(dev, 0, 32, mutual=True)
3766 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
3767 if ev is None:
3768 raise Exception("DPP failure not seen")
3769 if "Mismatching Responder Authenticating Tag" not in ev:
3770 raise Exception("Unexpected failure: " + ev)
3771 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3772 if ev is None:
3773 raise Exception("DPP failure not seen")
3774 if "Peer reported authentication failure" not in ev:
3775 raise Exception("Unexpected failure: " + ev)
3776
3777 def test_dpp_proto_auth_resp_r_auth_mismatch_failure(dev, apdev):
3778 """DPP protocol testing - Auth Conf RX processing failure"""
3779 with alloc_fail(dev[0], 1, "dpp_auth_conf_rx_failure"):
3780 run_dpp_proto_init(dev, 0, 32, mutual=True)
3781 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3782 if ev is None:
3783 raise Exception("DPP failure not seen")
3784 if "Authentication failed" not in ev:
3785 raise Exception("Unexpected failure: " + ev)
3786
3787 def test_dpp_proto_auth_resp_r_auth_mismatch_failure2(dev, apdev):
3788 """DPP protocol testing - Auth Conf RX processing failure 2"""
3789 with fail_test(dev[0], 1, "dpp_auth_conf_rx_failure"):
3790 run_dpp_proto_init(dev, 0, 32, mutual=True)
3791 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3792 if ev is None:
3793 raise Exception("DPP failure not seen")
3794 if "AES-SIV decryption failed" not in ev:
3795 raise Exception("Unexpected failure: " + ev)
3796
3797 def run_dpp_proto_auth_conf_missing(dev, test, reason):
3798 run_dpp_proto_init(dev, 1, test, mutual=True)
3799 if reason is None:
3800 time.sleep(0.1)
3801 return
3802 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3803 if ev is None:
3804 raise Exception("DPP failure not seen")
3805 if reason not in ev:
3806 raise Exception("Unexpected failure: " + ev)
3807
3808 def test_dpp_proto_auth_conf_no_status(dev, apdev):
3809 """DPP protocol testing - no Status in Auth Conf"""
3810 run_dpp_proto_auth_conf_missing(dev, 25, "Missing or invalid required DPP Status attribute")
3811
3812 def test_dpp_proto_auth_conf_invalid_status(dev, apdev):
3813 """DPP protocol testing - invalid Status in Auth Conf"""
3814 run_dpp_proto_auth_conf_missing(dev, 75, "Authentication failed")
3815
3816 def test_dpp_proto_auth_conf_no_r_bootstrap_key(dev, apdev):
3817 """DPP protocol testing - no R-bootstrap key in Auth Conf"""
3818 run_dpp_proto_auth_conf_missing(dev, 26, "Missing or invalid required Responder Bootstrapping Key Hash attribute")
3819
3820 def test_dpp_proto_auth_conf_invalid_r_bootstrap_key(dev, apdev):
3821 """DPP protocol testing - invalid R-bootstrap key in Auth Conf"""
3822 run_dpp_proto_auth_conf_missing(dev, 72, "Responder Bootstrapping Key Hash mismatch")
3823
3824 def test_dpp_proto_auth_conf_no_i_bootstrap_key(dev, apdev):
3825 """DPP protocol testing - no I-bootstrap key in Auth Conf"""
3826 run_dpp_proto_auth_conf_missing(dev, 27, "Missing Initiator Bootstrapping Key Hash attribute")
3827
3828 def test_dpp_proto_auth_conf_invalid_i_bootstrap_key(dev, apdev):
3829 """DPP protocol testing - invalid I-bootstrap key in Auth Conf"""
3830 run_dpp_proto_auth_conf_missing(dev, 73, "Initiator Bootstrapping Key Hash mismatch")
3831
3832 def test_dpp_proto_auth_conf_no_i_auth(dev, apdev):
3833 """DPP protocol testing - no I-Auth in Auth Conf"""
3834 run_dpp_proto_auth_conf_missing(dev, 28, "Missing or invalid Initiator Authenticating Tag")
3835
3836 def test_dpp_proto_auth_conf_no_wrapped_data(dev, apdev):
3837 """DPP protocol testing - no Wrapped Data in Auth Conf"""
3838 run_dpp_proto_auth_conf_missing(dev, 29, "Missing or invalid required Wrapped Data attribute")
3839
3840 def test_dpp_proto_auth_conf_i_auth_mismatch(dev, apdev):
3841 """DPP protocol testing - I-auth mismatch in Auth Conf"""
3842 run_dpp_proto_init(dev, 1, 33, mutual=True)
3843 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3844 if ev is None:
3845 raise Exception("DPP failure not seen")
3846 if "Mismatching Initiator Authenticating Tag" not in ev:
3847 raise Excception("Unexpected failure: " + ev)
3848
3849 def test_dpp_proto_auth_conf_replaced_by_resp(dev, apdev):
3850 """DPP protocol testing - Auth Conf replaced by Resp"""
3851 run_dpp_proto_init(dev, 1, 65, mutual=True)
3852 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3853 if ev is None:
3854 raise Exception("DPP failure not seen")
3855 if "Unexpected Authentication Response" not in ev:
3856 raise Excception("Unexpected failure: " + ev)
3857
3858 def run_dpp_proto_conf_req_missing(dev, test, reason):
3859 run_dpp_proto_init(dev, 0, test)
3860 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
3861 if ev is None:
3862 raise Exception("DPP failure not seen")
3863 if reason not in ev:
3864 raise Exception("Unexpected failure: " + ev)
3865
3866 def test_dpp_proto_conf_req_no_e_nonce(dev, apdev):
3867 """DPP protocol testing - no E-nonce in Conf Req"""
3868 run_dpp_proto_conf_req_missing(dev, 51,
3869 "Missing or invalid Enrollee Nonce attribute")
3870
3871 def test_dpp_proto_conf_req_invalid_e_nonce(dev, apdev):
3872 """DPP protocol testing - invalid E-nonce in Conf Req"""
3873 run_dpp_proto_conf_req_missing(dev, 83,
3874 "Missing or invalid Enrollee Nonce attribute")
3875
3876 def test_dpp_proto_conf_req_no_config_attr_obj(dev, apdev):
3877 """DPP protocol testing - no Config Attr Obj in Conf Req"""
3878 run_dpp_proto_conf_req_missing(dev, 52,
3879 "Missing or invalid Config Attributes attribute")
3880
3881 def test_dpp_proto_conf_req_invalid_config_attr_obj(dev, apdev):
3882 """DPP protocol testing - invalid Config Attr Obj in Conf Req"""
3883 run_dpp_proto_conf_req_missing(dev, 76,
3884 "Unsupported wi-fi_tech")
3885
3886 def test_dpp_proto_conf_req_no_wrapped_data(dev, apdev):
3887 """DPP protocol testing - no Wrapped Data in Conf Req"""
3888 run_dpp_proto_conf_req_missing(dev, 53,
3889 "Missing or invalid required Wrapped Data attribute")
3890
3891 def run_dpp_proto_conf_resp_missing(dev, test, reason):
3892 run_dpp_proto_init(dev, 1, test)
3893 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
3894 if ev is None:
3895 raise Exception("DPP failure not seen")
3896 if reason not in ev:
3897 raise Exception("Unexpected failure: " + ev)
3898
3899 def test_dpp_proto_conf_resp_no_e_nonce(dev, apdev):
3900 """DPP protocol testing - no E-nonce in Conf Resp"""
3901 run_dpp_proto_conf_resp_missing(dev, 54,
3902 "Missing or invalid Enrollee Nonce attribute")
3903
3904 def test_dpp_proto_conf_resp_no_config_obj(dev, apdev):
3905 """DPP protocol testing - no Config Object in Conf Resp"""
3906 run_dpp_proto_conf_resp_missing(dev, 55,
3907 "Missing required Configuration Object attribute")
3908
3909 def test_dpp_proto_conf_resp_no_status(dev, apdev):
3910 """DPP protocol testing - no Status in Conf Resp"""
3911 run_dpp_proto_conf_resp_missing(dev, 56,
3912 "Missing or invalid required DPP Status attribute")
3913
3914 def test_dpp_proto_conf_resp_no_wrapped_data(dev, apdev):
3915 """DPP protocol testing - no Wrapped Data in Conf Resp"""
3916 run_dpp_proto_conf_resp_missing(dev, 57,
3917 "Missing or invalid required Wrapped Data attribute")
3918
3919 def test_dpp_proto_conf_resp_invalid_status(dev, apdev):
3920 """DPP protocol testing - invalid Status in Conf Resp"""
3921 run_dpp_proto_conf_resp_missing(dev, 58,
3922 "Configurator rejected configuration")
3923
3924 def test_dpp_proto_conf_resp_e_nonce_mismatch(dev, apdev):
3925 """DPP protocol testing - E-nonce mismatch in Conf Resp"""
3926 run_dpp_proto_conf_resp_missing(dev, 59,
3927 "Enrollee Nonce mismatch")
3928
3929 def test_dpp_proto_stop_at_auth_req(dev, apdev):
3930 """DPP protocol testing - stop when receiving Auth Req"""
3931 run_dpp_proto_init(dev, 0, 87)
3932 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
3933 if ev is None:
3934 raise Exception("Authentication init failure not reported")
3935
3936 def test_dpp_proto_stop_at_auth_resp(dev, apdev):
3937 """DPP protocol testing - stop when receiving Auth Resp"""
3938 run_dpp_proto_init(dev, 1, 88)
3939
3940 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
3941 if ev is None:
3942 raise Exception("Auth Req TX not seen")
3943
3944 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
3945 if ev is None:
3946 raise Exception("Auth Resp TX not seen")
3947
3948 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
3949 if ev is not None:
3950 raise Exception("Unexpected Auth Conf TX")
3951
3952 def test_dpp_proto_stop_at_auth_conf(dev, apdev):
3953 """DPP protocol testing - stop when receiving Auth Conf"""
3954 run_dpp_proto_init(dev, 0, 89, init_enrollee=True)
3955 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=10)
3956 if ev is None:
3957 raise Exception("Enrollee did not start GAS")
3958 ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=10)
3959 if ev is None:
3960 raise Exception("Enrollee did not time out GAS")
3961 if "result=TIMEOUT" not in ev:
3962 raise Exception("Unexpected GAS result: " + ev)
3963
3964 def test_dpp_proto_stop_at_auth_conf_tx(dev, apdev):
3965 """DPP protocol testing - stop when transmitting Auth Conf (Registrar)"""
3966 run_dpp_proto_init(dev, 1, 89, init_enrollee=True)
3967 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=10)
3968 if ev is None:
3969 raise Exception("Authentication did not succeed (Initiator)")
3970 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3971 if ev is None:
3972 raise Exception("Authentication did not succeed (Responder)")
3973 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=0.1)
3974 if ev is not None:
3975 raise Exception("Unexpected GAS query")
3976
3977 # There is currently no timeout on GAS server side, so no event to wait for
3978 # in this case.
3979
3980 def test_dpp_proto_stop_at_auth_conf_tx2(dev, apdev):
3981 """DPP protocol testing - stop when transmitting Auth Conf (Enrollee)"""
3982 run_dpp_proto_init(dev, 1, 89)
3983 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=10)
3984 if ev is None:
3985 raise Exception("Authentication did not succeed (Initiator)")
3986 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
3987 if ev is None:
3988 raise Exception("Authentication did not succeed (Responder)")
3989
3990 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5)
3991 if ev is None or "result=TIMEOUT" not in ev:
3992 raise Exception("GAS query did not time out")
3993
3994 def test_dpp_proto_stop_at_conf_req(dev, apdev):
3995 """DPP protocol testing - stop when receiving Auth Req"""
3996 run_dpp_proto_init(dev, 1, 90)
3997 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=10)
3998 if ev is None:
3999 raise Exception("Enrollee did not start GAS")
4000 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10)
4001 if ev is None:
4002 raise Exception("Enrollee did not time out GAS")
4003 if "result=TIMEOUT" not in ev:
4004 raise Exception("Unexpected GAS result: " + ev)
4005
4006 def run_dpp_proto_init_pkex(dev, test_dev, test):
4007 check_dpp_capab(dev[0])
4008 check_dpp_capab(dev[1])
4009 dev[test_dev].set("dpp_test", str(test))
4010
4011 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
4012 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
4013
4014 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4015 res = dev[0].request(cmd)
4016 if "FAIL" in res:
4017 raise Exception("Failed to set PKEX data (responder)")
4018 cmd = "DPP_LISTEN 2437"
4019 if "OK" not in dev[0].request(cmd):
4020 raise Exception("Failed to start listen operation")
4021
4022 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 code=secret" % id1
4023 res = dev[1].request(cmd)
4024 if "FAIL" in res:
4025 raise Exception("Failed to set PKEX data (initiator)")
4026
4027 def test_dpp_proto_after_wrapped_data_pkex_cr_req(dev, apdev):
4028 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Req"""
4029 run_dpp_proto_init_pkex(dev, 1, 4)
4030 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
4031 if ev is None or "type=7" not in ev:
4032 raise Exception("PKEX Exchange Request not seen")
4033 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
4034 if ev is None or "type=9" not in ev:
4035 raise Exception("PKEX Commit-Reveal Request not seen")
4036 if "ignore=invalid-attributes" not in ev:
4037 raise Exception("Unexpected RX info: " + ev)
4038
4039 def test_dpp_proto_after_wrapped_data_pkex_cr_resp(dev, apdev):
4040 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Resp"""
4041 run_dpp_proto_init_pkex(dev, 0, 5)
4042 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
4043 if ev is None or "type=8" not in ev:
4044 raise Exception("PKEX Exchange Response not seen")
4045 ev = dev[1].wait_event(["DPP-RX"], timeout=5)
4046 if ev is None or "type=10" not in ev:
4047 raise Exception("PKEX Commit-Reveal Response not seen")
4048 if "ignore=invalid-attributes" not in ev:
4049 raise Exception("Unexpected RX info: " + ev)
4050
4051 def run_dpp_proto_pkex_req_missing(dev, test, reason):
4052 run_dpp_proto_init_pkex(dev, 1, test)
4053 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
4054 if ev is None:
4055 raise Exception("DPP failure not seen")
4056 if reason not in ev:
4057 raise Exception("Unexpected failure: " + ev)
4058
4059 def run_dpp_proto_pkex_resp_missing(dev, test, reason):
4060 run_dpp_proto_init_pkex(dev, 0, test)
4061 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
4062 if ev is None:
4063 raise Exception("DPP failure not seen")
4064 if reason not in ev:
4065 raise Exception("Unexpected failure: " + ev)
4066
4067 def test_dpp_proto_pkex_exchange_req_no_finite_cyclic_group(dev, apdev):
4068 """DPP protocol testing - no Finite Cyclic Group in PKEX Exchange Request"""
4069 run_dpp_proto_pkex_req_missing(dev, 34,
4070 "Missing or invalid Finite Cyclic Group attribute")
4071
4072 def test_dpp_proto_pkex_exchange_req_no_encrypted_key(dev, apdev):
4073 """DPP protocol testing - no Encrypted Key in PKEX Exchange Request"""
4074 run_dpp_proto_pkex_req_missing(dev, 35,
4075 "Missing Encrypted Key attribute")
4076
4077 def test_dpp_proto_pkex_exchange_resp_no_status(dev, apdev):
4078 """DPP protocol testing - no Status in PKEX Exchange Response"""
4079 run_dpp_proto_pkex_resp_missing(dev, 36, "No DPP Status attribute")
4080
4081 def test_dpp_proto_pkex_exchange_resp_no_encrypted_key(dev, apdev):
4082 """DPP protocol testing - no Encrypted Key in PKEX Exchange Response"""
4083 run_dpp_proto_pkex_resp_missing(dev, 37, "Missing Encrypted Key attribute")
4084
4085 def test_dpp_proto_pkex_cr_req_no_bootstrap_key(dev, apdev):
4086 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Request"""
4087 run_dpp_proto_pkex_req_missing(dev, 38,
4088 "No valid peer bootstrapping key found")
4089
4090 def test_dpp_proto_pkex_cr_req_no_i_auth_tag(dev, apdev):
4091 """DPP protocol testing - no I-Auth Tag in PKEX Commit-Reveal Request"""
4092 run_dpp_proto_pkex_req_missing(dev, 39, "No valid u (I-Auth tag) found")
4093
4094 def test_dpp_proto_pkex_cr_req_no_wrapped_data(dev, apdev):
4095 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Request"""
4096 run_dpp_proto_pkex_req_missing(dev, 40, "Missing or invalid required Wrapped Data attribute")
4097
4098 def test_dpp_proto_pkex_cr_resp_no_bootstrap_key(dev, apdev):
4099 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Response"""
4100 run_dpp_proto_pkex_resp_missing(dev, 41,
4101 "No valid peer bootstrapping key found")
4102
4103 def test_dpp_proto_pkex_cr_resp_no_r_auth_tag(dev, apdev):
4104 """DPP protocol testing - no R-Auth Tag in PKEX Commit-Reveal Response"""
4105 run_dpp_proto_pkex_resp_missing(dev, 42, "No valid v (R-Auth tag) found")
4106
4107 def test_dpp_proto_pkex_cr_resp_no_wrapped_data(dev, apdev):
4108 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Response"""
4109 run_dpp_proto_pkex_resp_missing(dev, 43, "Missing or invalid required Wrapped Data attribute")
4110
4111 def test_dpp_proto_pkex_exchange_req_invalid_encrypted_key(dev, apdev):
4112 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Request"""
4113 run_dpp_proto_pkex_req_missing(dev, 44,
4114 "Invalid Encrypted Key value")
4115
4116 def test_dpp_proto_pkex_exchange_resp_invalid_encrypted_key(dev, apdev):
4117 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Response"""
4118 run_dpp_proto_pkex_resp_missing(dev, 45,
4119 "Invalid Encrypted Key value")
4120
4121 def test_dpp_proto_pkex_exchange_resp_invalid_status(dev, apdev):
4122 """DPP protocol testing - invalid Status in PKEX Exchange Response"""
4123 run_dpp_proto_pkex_resp_missing(dev, 46,
4124 "PKEX failed (peer indicated failure)")
4125
4126 def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev):
4127 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request"""
4128 run_dpp_proto_pkex_req_missing(dev, 47,
4129 "Peer bootstrapping key is invalid")
4130
4131 def test_dpp_proto_pkex_cr_resp_invalid_bootstrap_key(dev, apdev):
4132 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Response"""
4133 run_dpp_proto_pkex_resp_missing(dev, 48,
4134 "Peer bootstrapping key is invalid")
4135
4136 def test_dpp_proto_pkex_cr_req_i_auth_tag_mismatch(dev, apdev):
4137 """DPP protocol testing - I-auth tag mismatch in PKEX Commit-Reveal Request"""
4138 run_dpp_proto_pkex_req_missing(dev, 49, "No valid u (I-Auth tag) found")
4139
4140 def test_dpp_proto_pkex_cr_resp_r_auth_tag_mismatch(dev, apdev):
4141 """DPP protocol testing - R-auth tag mismatch in PKEX Commit-Reveal Response"""
4142 run_dpp_proto_pkex_resp_missing(dev, 50, "No valid v (R-Auth tag) found")
4143
4144 def test_dpp_proto_stop_at_pkex_exchange_resp(dev, apdev):
4145 """DPP protocol testing - stop when receiving PKEX Exchange Response"""
4146 run_dpp_proto_init_pkex(dev, 1, 84)
4147
4148 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4149 if ev is None:
4150 raise Exception("PKEX Exchange Req TX not seen")
4151
4152 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
4153 if ev is None:
4154 raise Exception("PKEX Exchange Resp not seen")
4155
4156 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
4157 if ev is not None:
4158 raise Exception("Unexpected PKEX CR Req TX")
4159
4160 def test_dpp_proto_stop_at_pkex_cr_req(dev, apdev):
4161 """DPP protocol testing - stop when receiving PKEX CR Request"""
4162 run_dpp_proto_init_pkex(dev, 0, 85)
4163
4164 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4165 if ev is None:
4166 raise Exception("PKEX Exchange Req TX not seen")
4167
4168 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
4169 if ev is None:
4170 raise Exception("PKEX Exchange Resp not seen")
4171
4172 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4173 if ev is None:
4174 raise Exception("PKEX CR Req TX not seen")
4175
4176 ev = dev[0].wait_event(["DPP-TX "], timeout=0.1)
4177 if ev is not None:
4178 raise Exception("Unexpected PKEX CR Resp TX")
4179
4180 def test_dpp_proto_stop_at_pkex_cr_resp(dev, apdev):
4181 """DPP protocol testing - stop when receiving PKEX CR Response"""
4182 run_dpp_proto_init_pkex(dev, 1, 86)
4183
4184 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4185 if ev is None:
4186 raise Exception("PKEX Exchange Req TX not seen")
4187
4188 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
4189 if ev is None:
4190 raise Exception("PKEX Exchange Resp not seen")
4191
4192 ev = dev[1].wait_event(["DPP-TX "], timeout=5)
4193 if ev is None:
4194 raise Exception("PKEX CR Req TX not seen")
4195
4196 ev = dev[0].wait_event(["DPP-TX "], timeout=5)
4197 if ev is None:
4198 raise Exception("PKEX CR Resp TX not seen")
4199
4200 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1)
4201 if ev is not None:
4202 raise Exception("Unexpected Auth Req TX")
4203
4204 def test_dpp_proto_network_introduction(dev, apdev):
4205 """DPP protocol testing - network introduction"""
4206 check_dpp_capab(dev[0])
4207 check_dpp_capab(dev[1])
4208
4209 params = { "ssid": "dpp",
4210 "wpa": "2",
4211 "wpa_key_mgmt": "DPP",
4212 "ieee80211w": "2",
4213 "rsn_pairwise": "CCMP",
4214 "dpp_connector": params1_ap_connector,
4215 "dpp_csign": params1_csign,
4216 "dpp_netaccesskey": params1_ap_netaccesskey }
4217 try:
4218 hapd = hostapd.add_ap(apdev[0], params)
4219 except:
4220 raise HwsimSkip("DPP not supported")
4221
4222 for test in [ 60, 61, 80, 82 ]:
4223 dev[0].set("dpp_test", str(test))
4224 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
4225 dpp_csign=params1_csign,
4226 dpp_connector=params1_sta_connector,
4227 dpp_netaccesskey=params1_sta_netaccesskey,
4228 wait_connect=False)
4229
4230 ev = dev[0].wait_event(["DPP-TX"], timeout=10)
4231 if ev is None or "type=5" not in ev:
4232 raise Exception("Peer Discovery Request TX not reported")
4233 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=2)
4234 if ev is None or "result=SUCCESS" not in ev:
4235 raise Exception("Peer Discovery Request TX status not reported")
4236
4237 ev = hapd.wait_event(["DPP-RX"], timeout=10)
4238 if ev is None or "type=5" not in ev:
4239 raise Exception("Peer Discovery Request RX not reported")
4240
4241 if test == 80:
4242 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
4243 if ev is None:
4244 raise Exception("DPP-INTRO not reported for test 80")
4245 if "status=7" not in ev:
4246 raise Exception("Unexpected result in test 80: " + ev)
4247
4248 dev[0].request("REMOVE_NETWORK all")
4249 dev[0].dump_monitor()
4250 hapd.dump_monitor()
4251 dev[0].set("dpp_test", "0")
4252
4253 for test in [ 62, 63, 64, 77, 78, 79 ]:
4254 hapd.set("dpp_test", str(test))
4255 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
4256 dpp_csign=params1_csign,
4257 dpp_connector=params1_sta_connector,
4258 dpp_netaccesskey=params1_sta_netaccesskey,
4259 wait_connect=False)
4260
4261 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
4262 if ev is None:
4263 raise Exception("Peer introduction result not reported (test %d)" % test)
4264 if test == 77:
4265 if "fail=transaction_id_mismatch" not in ev:
4266 raise Exception("Connector validation failure not reported")
4267 elif test == 78:
4268 if "status=254" not in ev:
4269 raise Exception("Invalid status value not reported")
4270 elif test == 79:
4271 if "fail=peer_connector_validation_failed" not in ev:
4272 raise Exception("Connector validation failure not reported")
4273 elif "status=" in ev:
4274 raise Exception("Unexpected peer introduction result (test %d): " % test + ev)
4275
4276 dev[0].request("REMOVE_NETWORK all")
4277 dev[0].dump_monitor()
4278 hapd.dump_monitor()
4279 hapd.set("dpp_test", "0")
4280
4281 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2",
4282 dpp_csign=params1_csign, dpp_connector=params1_sta_connector,
4283 dpp_netaccesskey=params1_sta_netaccesskey)
4284
4285 def test_dpp_qr_code_no_chan_list_unicast(dev, apdev):
4286 """DPP QR Code and no channel list (unicast)"""
4287 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, None)
4288
4289 def test_dpp_qr_code_chan_list_unicast(dev, apdev):
4290 """DPP QR Code and 2.4 GHz channels (unicast)"""
4291 run_dpp_qr_code_chan_list(dev, apdev, True, 2417,
4292 "81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13")
4293
4294 def test_dpp_qr_code_chan_list_no_peer_unicast(dev, apdev):
4295 """DPP QR Code and channel list and no peer (unicast)"""
4296 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, "81/1,81/6,81/11",
4297 no_wait=True)
4298 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5)
4299 if ev is None:
4300 raise Exception("Initiation failure not reported")
4301
4302 def test_dpp_qr_code_no_chan_list_broadcast(dev, apdev):
4303 """DPP QR Code and no channel list (broadcast)"""
4304 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, None)
4305
4306 def test_dpp_qr_code_chan_list_broadcast(dev, apdev):
4307 """DPP QR Code and some 2.4 GHz channels (broadcast)"""
4308 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, "81/1,81/6,81/11",
4309 timeout=10)
4310
4311 def run_dpp_qr_code_chan_list(dev, apdev, unicast, listen_freq, chanlist,
4312 no_wait=False, timeout=5):
4313 check_dpp_capab(dev[0])
4314 check_dpp_capab(dev[1])
4315 dev[1].set("dpp_init_max_tries", "3")
4316 dev[1].set("dpp_init_retry_time", "100")
4317 dev[1].set("dpp_resp_wait_time", "1000")
4318
4319 logger.info("dev0 displays QR Code")
4320 id0 = dev[0].dpp_bootstrap_gen(chan=chanlist, mac=unicast)
4321 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4322
4323 logger.info("dev1 scans QR Code")
4324 id1 = dev[1].dpp_qr_code(uri0)
4325
4326 logger.info("dev1 initiates DPP Authentication")
4327 cmd = "DPP_LISTEN %d" % listen_freq
4328 if "OK" not in dev[0].request(cmd):
4329 raise Exception("Failed to start listen operation")
4330 cmd = "DPP_AUTH_INIT peer=%d" % id1
4331 if "OK" not in dev[1].request(cmd):
4332 raise Exception("Failed to initiate DPP Authentication")
4333 if no_wait:
4334 return
4335 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=timeout)
4336 if ev is None:
4337 raise Exception("DPP authentication did not succeed (Responder)")
4338 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
4339 if ev is None:
4340 raise Exception("DPP authentication did not succeed (Initiator)")
4341 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5)
4342 if ev is None:
4343 raise Exception("DPP configuration not completed (Enrollee)")
4344 dev[0].request("DPP_STOP_LISTEN")
4345 dev[0].dump_monitor()
4346 dev[1].dump_monitor()
4347
4348 def test_dpp_qr_code_chan_list_no_match(dev, apdev):
4349 """DPP QR Code and no matching supported channel"""
4350 check_dpp_capab(dev[0])
4351 check_dpp_capab(dev[1])
4352
4353 id0 = dev[0].dpp_bootstrap_gen(chan="123/123")
4354 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4355
4356 id1 = dev[1].dpp_qr_code(uri0)
4357
4358 cmd = "DPP_AUTH_INIT peer=%d" % id1
4359 if "FAIL" not in dev[1].request(cmd):
4360 raise Exception("DPP Authentication started unexpectedly")
4361
4362 def test_dpp_pkex_alloc_fail(dev, apdev):
4363 """DPP/PKEX and memory allocation failures"""
4364 check_dpp_capab(dev[0])
4365 check_dpp_capab(dev[1])
4366
4367 tests = [ (1, "=dpp_keygen_configurator"),
4368 (1, "base64_gen_encode;dpp_keygen_configurator") ]
4369 for count, func in tests:
4370 with alloc_fail(dev[1], count, func):
4371 cmd = "DPP_CONFIGURATOR_ADD"
4372 res = dev[1].request(cmd)
4373 if "FAIL" not in res:
4374 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
4375
4376 cmd = "DPP_CONFIGURATOR_ADD"
4377 res = dev[1].request(cmd)
4378 if "FAIL" in res:
4379 raise Exception("Failed to add configurator")
4380 conf_id = int(res)
4381
4382 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
4383 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
4384
4385 # Local error cases on the Initiator
4386 tests = [ (1, "dpp_get_pubkey_point"),
4387 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_req"),
4388 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_req"),
4389 (1, "dpp_alloc_msg;dpp_auth_build_req"),
4390 (1, "dpp_alloc_msg;dpp_auth_build_conf"),
4391 (1, "dpp_bootstrap_key_hash"),
4392 (1, "dpp_auth_init"),
4393 (1, "=dpp_auth_resp_rx"),
4394 (2, "=dpp_auth_resp_rx"),
4395 (1, "dpp_build_conf_start"),
4396 (1, "dpp_build_conf_obj_dpp"),
4397 (2, "dpp_build_conf_obj_dpp"),
4398 (3, "dpp_build_conf_obj_dpp"),
4399 (4, "dpp_build_conf_obj_dpp"),
4400 (5, "dpp_build_conf_obj_dpp"),
4401 (6, "dpp_build_conf_obj_dpp"),
4402 (7, "dpp_build_conf_obj_dpp"),
4403 (8, "dpp_build_conf_obj_dpp"),
4404 (1, "dpp_conf_req_rx"),
4405 (2, "dpp_conf_req_rx"),
4406 (3, "dpp_conf_req_rx"),
4407 (4, "dpp_conf_req_rx"),
4408 (5, "dpp_conf_req_rx"),
4409 (6, "dpp_conf_req_rx"),
4410 (7, "dpp_conf_req_rx"),
4411 (1, "dpp_pkex_init"),
4412 (2, "dpp_pkex_init"),
4413 (3, "dpp_pkex_init"),
4414 (1, "dpp_pkex_derive_z"),
4415 (1, "=dpp_pkex_rx_commit_reveal_resp"),
4416 (1, "dpp_get_pubkey_point;dpp_build_jwk"),
4417 (2, "dpp_get_pubkey_point;dpp_build_jwk"),
4418 (1, "dpp_get_pubkey_point;dpp_auth_init") ]
4419 for count, func in tests:
4420 dev[0].request("DPP_STOP_LISTEN")
4421 dev[1].request("DPP_STOP_LISTEN")
4422 dev[0].dump_monitor()
4423 dev[1].dump_monitor()
4424
4425 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4426 res = dev[0].request(cmd)
4427 if "FAIL" in res:
4428 raise Exception("Failed to set PKEX data (responder)")
4429 cmd = "DPP_LISTEN 2437"
4430 if "OK" not in dev[0].request(cmd):
4431 raise Exception("Failed to start listen operation")
4432
4433 with alloc_fail(dev[1], count, func):
4434 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=sta-dpp configurator=%d code=secret" % (id1, conf_id)
4435 dev[1].request(cmd)
4436 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL", max_iter=100)
4437 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
4438 if ev:
4439 dev[0].request("DPP_STOP_LISTEN")
4440 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
4441
4442 # Local error cases on the Responder
4443 tests = [ (1, "dpp_get_pubkey_point"),
4444 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_resp"),
4445 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_resp"),
4446 (1, "dpp_alloc_msg;dpp_auth_build_resp"),
4447 (1, "dpp_get_pubkey_point;dpp_auth_build_resp_ok"),
4448 (1, "=dpp_auth_req_rx"),
4449 (2, "=dpp_auth_req_rx"),
4450 (1, "=dpp_auth_conf_rx"),
4451 (1, "json_parse;dpp_parse_jws_prot_hdr"),
4452 (1, "json_get_member_base64url;dpp_parse_jws_prot_hdr"),
4453 (1, "json_get_member_base64url;dpp_parse_jwk"),
4454 (2, "json_get_member_base64url;dpp_parse_jwk"),
4455 (1, "json_parse;dpp_parse_connector"),
4456 (1, "dpp_parse_jwk;dpp_parse_connector"),
4457 (1, "dpp_parse_jwk;dpp_parse_cred_dpp"),
4458 (1, "dpp_get_pubkey_point;dpp_check_pubkey_match"),
4459 (1, "base64_gen_decode;dpp_process_signed_connector"),
4460 (1, "dpp_parse_jws_prot_hdr;dpp_process_signed_connector"),
4461 (2, "base64_gen_decode;dpp_process_signed_connector"),
4462 (3, "base64_gen_decode;dpp_process_signed_connector"),
4463 (4, "base64_gen_decode;dpp_process_signed_connector"),
4464 (1, "json_parse;dpp_parse_conf_obj"),
4465 (1, "dpp_conf_resp_rx"),
4466 (1, "=dpp_pkex_derive_z"),
4467 (1, "=dpp_pkex_rx_exchange_req"),
4468 (2, "=dpp_pkex_rx_exchange_req"),
4469 (3, "=dpp_pkex_rx_exchange_req"),
4470 (1, "=dpp_pkex_rx_commit_reveal_req"),
4471 (1, "dpp_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"),
4472 (1, "dpp_bootstrap_key_hash") ]
4473 for count, func in tests:
4474 dev[0].request("DPP_STOP_LISTEN")
4475 dev[1].request("DPP_STOP_LISTEN")
4476 dev[0].dump_monitor()
4477 dev[1].dump_monitor()
4478
4479 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4480 res = dev[0].request(cmd)
4481 if "FAIL" in res:
4482 raise Exception("Failed to set PKEX data (responder)")
4483 cmd = "DPP_LISTEN 2437"
4484 if "OK" not in dev[0].request(cmd):
4485 raise Exception("Failed to start listen operation")
4486
4487 with alloc_fail(dev[0], count, func):
4488 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=sta-dpp configurator=%d code=secret" % (id1, conf_id)
4489 dev[1].request(cmd)
4490 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL", max_iter=100)
4491 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
4492 if ev:
4493 dev[0].request("DPP_STOP_LISTEN")
4494 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
4495
4496 def test_dpp_pkex_test_fail(dev, apdev):
4497 """DPP/PKEX and local failures"""
4498 check_dpp_capab(dev[0])
4499 check_dpp_capab(dev[1])
4500
4501 tests = [ (1, "dpp_keygen_configurator") ]
4502 for count, func in tests:
4503 with fail_test(dev[1], count, func):
4504 cmd = "DPP_CONFIGURATOR_ADD"
4505 res = dev[1].request(cmd)
4506 if "FAIL" not in res:
4507 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success")
4508
4509 tests = [ (1, "dpp_keygen") ]
4510 for count, func in tests:
4511 with fail_test(dev[1], count, func):
4512 cmd = "DPP_BOOTSTRAP_GEN type=pkex"
4513 res = dev[1].request(cmd)
4514 if "FAIL" not in res:
4515 raise Exception("Unexpected DPP_BOOTSTRAP_GEN success")
4516
4517 cmd = "DPP_CONFIGURATOR_ADD"
4518 res = dev[1].request(cmd)
4519 if "FAIL" in res:
4520 raise Exception("Failed to add configurator")
4521 conf_id = int(res)
4522
4523 id0 = dev[0].dpp_bootstrap_gen(type="pkex")
4524 id1 = dev[1].dpp_bootstrap_gen(type="pkex")
4525
4526 # Local error cases on the Initiator
4527 tests = [ (1, "aes_siv_encrypt;dpp_auth_build_req"),
4528 (1, "os_get_random;dpp_auth_init"),
4529 (1, "dpp_derive_k1;dpp_auth_init"),
4530 (1, "dpp_hkdf_expand;dpp_derive_k1;dpp_auth_init"),
4531 (1, "dpp_gen_i_auth;dpp_auth_build_conf"),
4532 (1, "aes_siv_encrypt;dpp_auth_build_conf"),
4533 (1, "dpp_derive_k2;dpp_auth_resp_rx"),
4534 (1, "dpp_hkdf_expand;dpp_derive_k2;dpp_auth_resp_rx"),
4535 (1, "dpp_derive_ke;dpp_auth_resp_rx"),
4536 (1, "dpp_hkdf_expand;dpp_derive_ke;dpp_auth_resp_rx"),
4537 (1, "dpp_gen_r_auth;dpp_auth_resp_rx"),
4538 (1, "aes_siv_encrypt;dpp_build_conf_resp"),
4539 (1, "dpp_pkex_derive_Qi;dpp_pkex_build_exchange_req"),
4540 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_req"),
4541 (1, "hmac_sha256_vector;dpp_pkex_rx_exchange_resp"),
4542 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_resp"),
4543 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_resp"),
4544 (1, "dpp_bootstrap_key_hash") ]
4545 for count, func in tests:
4546 dev[0].request("DPP_STOP_LISTEN")
4547 dev[1].request("DPP_STOP_LISTEN")
4548 dev[0].dump_monitor()
4549 dev[1].dump_monitor()
4550
4551 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4552 res = dev[0].request(cmd)
4553 if "FAIL" in res:
4554 raise Exception("Failed to set PKEX data (responder)")
4555 cmd = "DPP_LISTEN 2437"
4556 if "OK" not in dev[0].request(cmd):
4557 raise Exception("Failed to start listen operation")
4558
4559 with fail_test(dev[1], count, func):
4560 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=sta-dpp configurator=%d code=secret" % (id1, conf_id)
4561 dev[1].request(cmd)
4562 wait_fail_trigger(dev[1], "GET_FAIL", max_iter=100)
4563 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
4564 if ev:
4565 dev[0].request("DPP_STOP_LISTEN")
4566 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
4567
4568 # Local error cases on the Responder
4569 tests = [ (1, "aes_siv_encrypt;dpp_auth_build_resp"),
4570 (1, "aes_siv_encrypt;dpp_auth_build_resp;dpp_auth_build_resp_ok"),
4571 (1, "os_get_random;dpp_build_conf_req"),
4572 (1, "aes_siv_encrypt;dpp_build_conf_req"),
4573 (1, "os_get_random;dpp_auth_build_resp_ok"),
4574 (1, "dpp_derive_k2;dpp_auth_build_resp_ok"),
4575 (1, "dpp_derive_ke;dpp_auth_build_resp_ok"),
4576 (1, "dpp_gen_r_auth;dpp_auth_build_resp_ok"),
4577 (1, "aes_siv_encrypt;dpp_auth_build_resp_ok"),
4578 (1, "dpp_derive_k1;dpp_auth_req_rx"),
4579 (1, "aes_siv_decrypt;dpp_auth_req_rx"),
4580 (1, "aes_siv_decrypt;dpp_auth_conf_rx"),
4581 (1, "dpp_gen_i_auth;dpp_auth_conf_rx"),
4582 (1, "dpp_check_pubkey_match"),
4583 (1, "aes_siv_decrypt;dpp_conf_resp_rx"),
4584 (1, "hmac_sha256_kdf;dpp_pkex_derive_z"),
4585 (1, "dpp_pkex_derive_Qi;dpp_pkex_rx_exchange_req"),
4586 (1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_req"),
4587 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_resp"),
4588 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_req"),
4589 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req"),
4590 (2, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req") ]
4591 for count, func in tests:
4592 dev[0].request("DPP_STOP_LISTEN")
4593 dev[1].request("DPP_STOP_LISTEN")
4594 dev[0].dump_monitor()
4595 dev[1].dump_monitor()
4596
4597 cmd = "DPP_PKEX_ADD own=%d identifier=test code=secret" % (id0)
4598 res = dev[0].request(cmd)
4599 if "FAIL" in res:
4600 raise Exception("Failed to set PKEX data (responder)")
4601 cmd = "DPP_LISTEN 2437"
4602 if "OK" not in dev[0].request(cmd):
4603 raise Exception("Failed to start listen operation")
4604
4605 with fail_test(dev[0], count, func):
4606 cmd = "DPP_PKEX_ADD own=%d identifier=test init=1 conf=sta-dpp configurator=%d code=secret" % (id1, conf_id)
4607 dev[1].request(cmd)
4608 wait_fail_trigger(dev[0], "GET_FAIL", max_iter=100)
4609 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01)
4610 if ev:
4611 dev[0].request("DPP_STOP_LISTEN")
4612 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3)
4613
4614 def test_dpp_keygen_configurator_error(dev, apdev):
4615 """DPP Configurator keygen error case"""
4616 check_dpp_capab(dev[0])
4617 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD curve=unknown"):
4618 raise Exception("Unexpected success of invalid DPP_CONFIGURATOR_ADD")
4619
4620 def rx_process_frame(dev):
4621 msg = dev.mgmt_rx()
4622 if "OK" not in dev.request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(
4623 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())):
4624 raise Exception("MGMT_RX_PROCESS failed")
4625 return msg
4626
4627 def wait_auth_success(responder, initiator):
4628 ev = responder.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
4629 if ev is None:
4630 raise Exception("DPP authentication did not succeed (Responder)")
4631 ev = initiator.wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
4632 if ev is None:
4633 raise Exception("DPP authentication did not succeed (Initiator)")
4634
4635 def wait_conf_completion(configurator, enrollee):
4636 ev = configurator.wait_event(["DPP-CONF-SENT"], timeout=5)
4637 if ev is None:
4638 raise Exception("DPP configuration not completed (Configurator)")
4639 ev = enrollee.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"],
4640 timeout=5)
4641 if ev is None:
4642 raise Exception("DPP configuration not completed (Enrollee)")
4643
4644 def start_dpp(dev):
4645 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4646 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4647
4648 id1 = dev[1].dpp_qr_code(uri0)
4649
4650 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' '
4651 dev[0].set("dpp_config_obj_override", conf)
4652
4653 dev[0].set("ext_mgmt_frame_handling", "1")
4654 cmd = "DPP_LISTEN 2412"
4655 if "OK" not in dev[0].request(cmd):
4656 raise Exception("Failed to start listen operation")
4657 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
4658 if "OK" not in dev[1].request(cmd):
4659 raise Exception("Failed to initiate DPP Authentication")
4660
4661 def test_dpp_gas_timeout_handling(dev, apdev):
4662 """DPP and GAS timeout handling"""
4663 check_dpp_capab(dev[0])
4664 check_dpp_capab(dev[1])
4665 start_dpp(dev)
4666
4667 # DPP Authentication Request
4668 rx_process_frame(dev[0])
4669
4670 # DPP Authentication Confirmation
4671 rx_process_frame(dev[0])
4672
4673 wait_auth_success(dev[0], dev[1])
4674
4675 # DPP Configuration Request (GAS Initial Request frame)
4676 rx_process_frame(dev[0])
4677
4678 # DPP Configuration Request (GAS Comeback Request frame)
4679 rx_process_frame(dev[0])
4680
4681 # Wait for GAS timeout
4682 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=5)
4683 if ev is None:
4684 raise Exception("DPP configuration not completed (Enrollee)")
4685
4686 def test_dpp_gas_comeback_after_failure(dev, apdev):
4687 """DPP and GAS comeback after failure"""
4688 check_dpp_capab(dev[0])
4689 check_dpp_capab(dev[1])
4690 start_dpp(dev)
4691
4692 # DPP Authentication Request
4693 rx_process_frame(dev[0])
4694
4695 # DPP Authentication Confirmation
4696 rx_process_frame(dev[0])
4697
4698 wait_auth_success(dev[0], dev[1])
4699
4700 # DPP Configuration Request (GAS Initial Request frame)
4701 rx_process_frame(dev[0])
4702
4703 # DPP Configuration Request (GAS Comeback Request frame)
4704 msg = dev[0].mgmt_rx()
4705 frame = binascii.hexlify(msg['frame']).decode()
4706 with alloc_fail(dev[0], 1, "gas_build_comeback_resp;gas_server_handle_rx_comeback_req"):
4707 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
4708 raise Exception("MGMT_RX_PROCESS failed")
4709 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
4710 # Try the same frame again - this is expected to fail since the response has
4711 # already been freed.
4712 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
4713 raise Exception("MGMT_RX_PROCESS failed")
4714
4715 # DPP Configuration Request (GAS Comeback Request frame retry)
4716 msg = dev[0].mgmt_rx()
4717
4718 def test_dpp_gas(dev, apdev):
4719 """DPP and GAS protocol testing"""
4720 check_dpp_capab(dev[0])
4721 check_dpp_capab(dev[1])
4722 start_dpp(dev)
4723
4724 # DPP Authentication Request
4725 rx_process_frame(dev[0])
4726
4727 # DPP Authentication Confirmation
4728 rx_process_frame(dev[0])
4729
4730 wait_auth_success(dev[0], dev[1])
4731
4732 # DPP Configuration Request (GAS Initial Request frame)
4733 msg = dev[0].mgmt_rx()
4734
4735 # Protected Dual of GAS Initial Request frame (dropped by GAS server)
4736 if msg == None:
4737 raise Exception("MGMT_RX_PROCESS failed. <Please retry>")
4738 frame = binascii.hexlify(msg['frame'])
4739 frame = frame[0:48] + b"09" + frame[50:]
4740 frame = frame.decode()
4741 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
4742 raise Exception("MGMT_RX_PROCESS failed")
4743
4744 with alloc_fail(dev[0], 1, "gas_server_send_resp"):
4745 frame = binascii.hexlify(msg['frame']).decode()
4746 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
4747 raise Exception("MGMT_RX_PROCESS failed")
4748 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
4749
4750 with alloc_fail(dev[0], 1, "gas_build_initial_resp;gas_server_send_resp"):
4751 frame = binascii.hexlify(msg['frame']).decode()
4752 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
4753 raise Exception("MGMT_RX_PROCESS failed")
4754 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
4755
4756 # Add extra data after Query Request field to trigger
4757 # "GAS: Ignored extra data after Query Request field"
4758 frame = binascii.hexlify(msg['frame']).decode() + "00"
4759 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
4760 raise Exception("MGMT_RX_PROCESS failed")
4761
4762 # DPP Configuration Request (GAS Comeback Request frame)
4763 rx_process_frame(dev[0])
4764
4765 # DPP Configuration Request (GAS Comeback Request frame)
4766 rx_process_frame(dev[0])
4767
4768 # DPP Configuration Request (GAS Comeback Request frame)
4769 rx_process_frame(dev[0])
4770
4771 wait_conf_completion(dev[0], dev[1])
4772
4773 def test_dpp_truncated_attr(dev, apdev):
4774 """DPP and truncated attribute"""
4775 check_dpp_capab(dev[0])
4776 check_dpp_capab(dev[1])
4777 start_dpp(dev)
4778
4779 # DPP Authentication Request
4780 msg = dev[0].mgmt_rx()
4781 frame = msg['frame']
4782
4783 # DPP: Truncated message - not enough room for the attribute - dropped
4784 frame1 = binascii.hexlify(frame[0:36]).decode()
4785 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame1)):
4786 raise Exception("MGMT_RX_PROCESS failed")
4787 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
4788 if ev is None or "ignore=invalid-attributes" not in ev:
4789 raise Exception("Invalid attribute error not reported")
4790
4791 # DPP: Unexpected octets (3) after the last attribute
4792 frame2 = binascii.hexlify(frame).decode() + "000000"
4793 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
4794 raise Exception("MGMT_RX_PROCESS failed")
4795 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
4796 if ev is None or "ignore=invalid-attributes" not in ev:
4797 raise Exception("Invalid attribute error not reported")
4798
4799 def test_dpp_bootstrap_key_autogen_issues(dev, apdev):
4800 """DPP bootstrap key autogen issues"""
4801 check_dpp_capab(dev[0])
4802 check_dpp_capab(dev[1])
4803
4804 logger.info("dev0 displays QR Code")
4805 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4806 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4807
4808 logger.info("dev1 scans QR Code")
4809 id1 = dev[1].dpp_qr_code(uri0)
4810
4811 logger.info("dev1 initiates DPP Authentication")
4812 cmd = "DPP_LISTEN 2412"
4813 if "OK" not in dev[0].request(cmd):
4814 raise Exception("Failed to start listen operation")
4815 with alloc_fail(dev[1], 1, "dpp_autogen_bootstrap_key"):
4816 cmd = "DPP_AUTH_INIT peer=%d" % id1
4817 if "FAIL" not in dev[1].request(cmd):
4818 raise Exception("Failure not reported")
4819 with alloc_fail(dev[1], 2, "=dpp_autogen_bootstrap_key"):
4820 cmd = "DPP_AUTH_INIT peer=%d" % id1
4821 if "FAIL" not in dev[1].request(cmd):
4822 raise Exception("Failure not reported")
4823 with fail_test(dev[1], 1, "dpp_keygen;dpp_autogen_bootstrap_key"):
4824 cmd = "DPP_AUTH_INIT peer=%d" % id1
4825 if "FAIL" not in dev[1].request(cmd):
4826 raise Exception("Failure not reported")
4827 dev[0].request("DPP_STOP_LISTEN")
4828
4829 def test_dpp_auth_resp_status_failure(dev, apdev):
4830 """DPP and Auth Resp(status) build failure"""
4831 with alloc_fail(dev[0], 1, "dpp_auth_build_resp"):
4832 run_dpp_proto_auth_resp_missing(dev, 99999, None,
4833 incompatible_roles=True)
4834
4835 def test_dpp_auth_resp_aes_siv_issue(dev, apdev):
4836 """DPP Auth Resp AES-SIV issue"""
4837 check_dpp_capab(dev[0])
4838 check_dpp_capab(dev[1])
4839
4840 logger.info("dev0 displays QR Code")
4841 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4842 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4843
4844 logger.info("dev1 scans QR Code")
4845 id1 = dev[1].dpp_qr_code(uri0)
4846
4847 logger.info("dev1 initiates DPP Authentication")
4848 cmd = "DPP_LISTEN 2412"
4849 if "OK" not in dev[0].request(cmd):
4850 raise Exception("Failed to start listen operation")
4851 cmd = "DPP_AUTH_INIT peer=%d" % id1
4852 with fail_test(dev[1], 1, "aes_siv_decrypt;dpp_auth_resp_rx"):
4853 if "OK" not in dev[1].request(cmd):
4854 raise Exception("Failed to initiate DPP Authentication")
4855 ev = dev[1].wait_event(["DPP-FAIL"], timeout=5)
4856 if ev is None or "AES-SIV decryption failed" not in ev:
4857 raise Exception("AES-SIV decryption failure not reported")
4858 dev[0].request("DPP_STOP_LISTEN")
4859
4860 def test_dpp_invalid_legacy_params(dev, apdev):
4861 """DPP invalid legacy parameters"""
4862 check_dpp_capab(dev[0])
4863 check_dpp_capab(dev[1])
4864
4865 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4866 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4867
4868 id1 = dev[1].dpp_qr_code(uri0)
4869
4870 # No pass/psk
4871 cmd = "DPP_AUTH_INIT peer=%d conf=sta-psk ssid=%s" % (id1, binascii.hexlify(b"dpp-legacy").decode())
4872 if "FAIL" not in dev[1].request(cmd):
4873 raise Exception("Invalid command not rejected")
4874
4875 def test_dpp_invalid_legacy_params2(dev, apdev):
4876 """DPP invalid legacy parameters 2"""
4877 check_dpp_capab(dev[0])
4878 check_dpp_capab(dev[1])
4879
4880 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4881 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4882
4883 id1 = dev[1].dpp_qr_code(uri0)
4884
4885 dev[0].set("dpp_configurator_params",
4886 " conf=sta-psk ssid=%s" % (binascii.hexlify(b"dpp-legacy").decode()))
4887 cmd = "DPP_LISTEN 2412 role=configurator"
4888 if "OK" not in dev[0].request(cmd):
4889 raise Exception("Failed to start listen operation")
4890
4891 # No pass/psk
4892 cmd = "DPP_AUTH_INIT peer=%d role=enrollee" % id1
4893 if "OK" not in dev[1].request(cmd):
4894 raise Exception("Failed to initiate DPP Authentication")
4895 ev = dev[0].wait_event(["DPP: Failed to set configurator parameters"],
4896 timeout=5)
4897 if ev is None:
4898 raise Exception("DPP configuration failure not reported")
4899
4900 def test_dpp_legacy_params_failure(dev, apdev):
4901 """DPP legacy parameters local failure"""
4902 check_dpp_capab(dev[0])
4903 check_dpp_capab(dev[1])
4904
4905 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
4906 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
4907
4908 id1 = dev[1].dpp_qr_code(uri0)
4909
4910 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
4911 raise Exception("Failed to start listen operation")
4912
4913 cmd = "DPP_AUTH_INIT peer=%d conf=sta-psk pass=%s ssid=%s" % (id1,
4914 binascii.hexlify(b"passphrase").decode(),
4915 binascii.hexlify(b"dpp-legacy").decode())
4916 with alloc_fail(dev[1], 1, "dpp_build_conf_obj_legacy"):
4917 if "OK" not in dev[1].request(cmd):
4918 raise Exception("Failed to initiate DPP")
4919 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=5)
4920 if ev is None:
4921 raise Exception("DPP configuration failure not reported")
4922
4923 def test_dpp_invalid_configurator_key(dev, apdev):
4924 """DPP invalid configurator key"""
4925 check_dpp_capab(dev[0])
4926
4927 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=aa"):
4928 raise Exception("Invalid key accepted")
4929
4930 with alloc_fail(dev[0], 1, "dpp_keygen_configurator"):
4931 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
4932 raise Exception("Error not reported")
4933
4934 with alloc_fail(dev[0], 1, "dpp_get_pubkey_point;dpp_keygen_configurator"):
4935 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
4936 raise Exception("Error not reported")
4937
4938 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen_configurator"):
4939 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
4940 raise Exception("Error not reported")
4941
4942 with fail_test(dev[0], 1, "dpp_keygen_configurator"):
4943 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256):
4944 raise Exception("Error not reported")
4945
4946 def test_dpp_own_config_sign_fail(dev, apdev):
4947 """DPP own config signing failure"""
4948 check_dpp_capab(dev[0])
4949 res = dev[0].request("DPP_CONFIGURATOR_ADD")
4950 if "FAIL" in res:
4951 raise Exception("Failed to add configurator")
4952 conf_id = int(res)
4953 tests = [ "",
4954 " ",
4955 " conf=sta-dpp",
4956 " configurator=%d" % conf_id,
4957 " conf=sta-dpp configurator=%d curve=unsupported" % conf_id ]
4958 for t in tests:
4959 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_SIGN " + t):
4960 raise Exception("Invalid command accepted: " + t)
4961
4962 def test_dpp_peer_intro_failures(dev, apdev):
4963 """DPP peer introduction failures"""
4964 try:
4965 run_dpp_peer_intro_failures(dev, apdev)
4966 finally:
4967 dev[0].set("dpp_config_processing", "0")
4968
4969 def run_dpp_peer_intro_failures(dev, apdev):
4970 check_dpp_capab(dev[0])
4971 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
4972 check_dpp_capab(hapd)
4973
4974 res = hapd.request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256)
4975 if "FAIL" in res:
4976 raise Exception("Failed to add configurator")
4977 conf_id = int(res)
4978 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id)
4979 if "FAIL" in csign or len(csign) == 0:
4980 raise Exception("DPP_CONFIGURATOR_GET_KEY failed")
4981
4982 res = dev[0].request("DPP_CONFIGURATOR_ADD key=" + csign)
4983 if "FAIL" in res:
4984 raise Exception("Failed to add configurator")
4985 conf_id2 = int(res)
4986 csign2 = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id2)
4987
4988 if csign != csign2:
4989 raise Exception("Unexpected difference in configurator key")
4990
4991 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d" % conf_id
4992 res = hapd.request(cmd)
4993 if "FAIL" in res:
4994 raise Exception("Failed to generate own configuration")
4995 update_hapd_config(hapd)
4996
4997 dev[0].set("dpp_config_processing", "1")
4998 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
4999 res = dev[0].request(cmd)
5000 if "FAIL" in res:
5001 raise Exception("Failed to generate own configuration")
5002 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1)
5003 if ev is None:
5004 raise Exception("DPP network profile not generated")
5005 id = ev.split(' ')[1]
5006 dev[0].select_network(id, freq=2412)
5007 dev[0].wait_connected()
5008 dev[0].request("DISCONNECT")
5009 dev[0].wait_disconnected()
5010 dev[0].dump_monitor()
5011
5012 tests = [ "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOltdLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJiVmFMRGlBT09OQmFjcVFVN1pYamFBVEtEMVhhbDVlUExqOUZFZUl3VkN3IiwieSI6Il95c25JR1hTYjBvNEsyMWg0anZmSkZxMHdVNnlPNWp1VUFPd3FuM0dHVHMifX0.WgzZBOJaisWBRxvtXPbVYPXU7OIZxs6sZD-cPOLmJVTIYZKdMkSOMvP5b6si_j61FIrjhm43tmGq1P6cpoxB_g",
5013 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7fV0sIm5ldEFjY2Vzc0tleSI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkJhY3BWSDNpNDBrZklNS0RHa1FFRzhCODBCaEk4cEFmTWpLbzM5NlFZT2ciLCJ5IjoiMjBDYjhDNjRsSjFzQzV2NXlKMnBFZXRRempxMjI4YVV2cHMxNmQ0M3EwQSJ9fQ.dG2y8VvZQJ5hfob8E5F2FAeR7Nd700qstYkxDgA2QfARaNMZ0_SfKfoG-yKXsIZNM-TvGBfACgfhagG9Oaw_Xw",
5014 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJkc2VmcmJWWlhad0RMWHRpLWlObDBBYkFIOXpqeFFKd0R1SUd5NzNuZGU0IiwieSI6IjZFQnExN3cwYW1fZlh1OUQ4UGxWYk9XZ2I3b19DcTUxWHlmSG8wcHJyeDQifX0.caBvdDUtXrhnS61-juVZ_2FQdprepv0yZjC04G4ERvLUpeX7cgu0Hp-A1aFDogP1PEFGpkaEdcAWRQnSSRiIKQ" ]
5015 for t in tests:
5016 dev[0].set_network_quoted(id, "dpp_connector", t)
5017 dev[0].select_network(id, freq=2412)
5018 ev = dev[0].wait_event(["DPP-INTRO"], timeout=5)
5019 if ev is None or "status=8" not in ev:
5020 raise Exception("Introduction failure not reported")
5021 dev[0].request("DISCONNECT")
5022 dev[0].dump_monitor()
5023
5024 def test_dpp_peer_intro_local_failures(dev, apdev):
5025 """DPP peer introduction local failures"""
5026 check_dpp_capab(dev[0])
5027 check_dpp_capab(dev[1])
5028
5029 params = { "ssid": "dpp",
5030 "wpa": "2",
5031 "wpa_key_mgmt": "DPP",
5032 "ieee80211w": "2",
5033 "rsn_pairwise": "CCMP",
5034 "dpp_connector": params1_ap_connector,
5035 "dpp_csign": params1_csign,
5036 "dpp_netaccesskey": params1_ap_netaccesskey }
5037 try:
5038 hapd = hostapd.add_ap(apdev[0], params)
5039 except:
5040 raise HwsimSkip("DPP not supported")
5041
5042 tests = [ "dpp_derive_pmk",
5043 "dpp_hkdf_expand;dpp_derive_pmk",
5044 "dpp_derive_pmkid" ]
5045 for func in tests:
5046 with fail_test(dev[0], 1, func):
5047 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5048 ieee80211w="2",
5049 dpp_csign=params1_csign,
5050 dpp_connector=params1_sta_connector,
5051 dpp_netaccesskey=params1_sta_netaccesskey,
5052 wait_connect=False)
5053 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
5054 if ev is None or "fail=peer_connector_validation_failed" not in ev:
5055 raise Exception("Introduction failure not reported")
5056 dev[0].request("REMOVE_NETWORK all")
5057 dev[0].dump_monitor()
5058
5059 tests = [ (1, "base64_gen_decode;dpp_peer_intro"),
5060 (1, "json_parse;dpp_peer_intro"),
5061 (50, "json_parse;dpp_peer_intro"),
5062 (1, "=dpp_peer_intro"),
5063 (1, "dpp_parse_jwk") ]
5064 for count,func in tests:
5065 with alloc_fail(dev[0], count, func):
5066 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5067 ieee80211w="2",
5068 dpp_csign=params1_csign,
5069 dpp_connector=params1_sta_connector,
5070 dpp_netaccesskey=params1_sta_netaccesskey,
5071 wait_connect=False)
5072 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10)
5073 if ev is None or "fail=peer_connector_validation_failed" not in ev:
5074 raise Exception("Introduction failure not reported")
5075 dev[0].request("REMOVE_NETWORK all")
5076 dev[0].dump_monitor()
5077
5078 parts = params1_ap_connector.split('.')
5079 for ap_connector in [ '.'.join(parts[0:2]), '.'.join(parts[0:1]) ]:
5080 hapd.set("dpp_connector", ap_connector)
5081 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5082 ieee80211w="2",
5083 dpp_csign=params1_csign,
5084 dpp_connector=params1_sta_connector,
5085 dpp_netaccesskey=params1_sta_netaccesskey,
5086 wait_connect=False)
5087 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
5088 if ev is None:
5089 raise Exception("No TX status reported")
5090 dev[0].request("REMOVE_NETWORK all")
5091 dev[0].dump_monitor()
5092
5093 hapd.set("dpp_netaccesskey", "00")
5094 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5095 ieee80211w="2",
5096 dpp_csign=params1_csign,
5097 dpp_connector=params1_sta_connector,
5098 dpp_netaccesskey=params1_sta_netaccesskey,
5099 wait_connect=False)
5100 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
5101 if ev is None:
5102 raise Exception("No TX status reported")
5103 dev[0].request("REMOVE_NETWORK all")
5104 dev[0].dump_monitor()
5105
5106 hapd.set("dpp_csign", "00")
5107 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412",
5108 ieee80211w="2",
5109 dpp_csign=params1_csign,
5110 dpp_connector=params1_sta_connector,
5111 dpp_netaccesskey=params1_sta_netaccesskey,
5112 wait_connect=False)
5113 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10)
5114 if ev is None:
5115 raise Exception("No TX status reported")
5116 dev[0].request("REMOVE_NETWORK all")
5117 dev[0].dump_monitor()
5118
5119 def run_dpp_configurator_id_unknown(dev):
5120 check_dpp_capab(dev)
5121 res = dev.request("DPP_CONFIGURATOR_ADD")
5122 if "FAIL" in res:
5123 raise Exception("Failed to add configurator")
5124 conf_id = int(res)
5125 if "FAIL" not in dev.request("DPP_CONFIGURATOR_GET_KEY %d" % (conf_id + 1)):
5126 raise Exception("DPP_CONFIGURATOR_GET_KEY with incorrect id accepted")
5127
5128 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % (conf_id + 1)
5129 if "FAIL" not in dev.request(cmd):
5130 raise Exception("DPP_CONFIGURATOR_SIGN with incorrect id accepted")
5131
5132 def test_dpp_configurator_id_unknown(dev, apdev):
5133 """DPP and unknown configurator id"""
5134 run_dpp_configurator_id_unknown(dev[0])
5135 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
5136 run_dpp_configurator_id_unknown(hapd)
5137
5138 def run_dpp_bootstrap_gen_failures(dev, hostapd):
5139 check_dpp_capab(dev)
5140
5141 tests = [ "type=unsupported",
5142 "type=qrcode chan=-1",
5143 "type=qrcode mac=a",
5144 "type=qrcode key=qq",
5145 "type=qrcode key=",
5146 "type=qrcode info=abc\tdef" ]
5147 for t in tests:
5148 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN " + t):
5149 raise Exception("Command accepted unexpectedly")
5150
5151 id = dev.dpp_bootstrap_gen()
5152 uri = dev.request("DPP_BOOTSTRAP_GET_URI %d" % id)
5153 if not uri.startswith("DPP:"):
5154 raise Exception("Could not get URI")
5155 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI 0"):
5156 raise Exception("Failure not reported")
5157 info = dev.request("DPP_BOOTSTRAP_INFO %d" % id)
5158 if not info.startswith("type=QRCODE"):
5159 raise Exception("Could not get info")
5160 if "FAIL" not in dev.request("DPP_BOOTSTRAP_REMOVE 0"):
5161 raise Exception("Failure not reported")
5162 if "FAIL" in dev.request("DPP_BOOTSTRAP_REMOVE *"):
5163 raise Exception("Failed to remove bootstrap info")
5164 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI %d" % id):
5165 raise Exception("Failure not reported")
5166 if "FAIL" not in dev.request("DPP_BOOTSTRAP_INFO %d" % id):
5167 raise Exception("Failure not reported")
5168
5169 func = "hostapd_dpp_bootstrap_gen" if hostapd else "wpas_dpp_bootstrap_gen"
5170 with alloc_fail(dev, 1, "=" + func):
5171 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
5172 raise Exception("Command accepted unexpectedly")
5173
5174 with alloc_fail(dev, 2, "=" + func):
5175 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"):
5176 raise Exception("Command accepted unexpectedly")
5177
5178 with alloc_fail(dev, 1, "get_param"):
5179 dev.request("DPP_BOOTSTRAP_GEN type=qrcode curve=foo")
5180
5181 def test_dpp_bootstrap_gen_failures(dev, apdev):
5182 """DPP_BOOTSTRAP_GEN/REMOVE/GET_URI/INFO error cases"""
5183 run_dpp_bootstrap_gen_failures(dev[0], False)
5184 hapd = hostapd.add_ap(apdev[0], { "ssid": "unconfigured" })
5185 run_dpp_bootstrap_gen_failures(hapd, True)
5186
5187 def test_dpp_listen_continue(dev, apdev):
5188 """DPP and continue listen state"""
5189 check_dpp_capab(dev[0])
5190 check_dpp_capab(dev[1])
5191
5192 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
5193 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
5194
5195 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
5196 raise Exception("Failed to start listen operation")
5197 time.sleep(5.1)
5198
5199 id = dev[1].dpp_qr_code(uri)
5200 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % id):
5201 raise Exception("Failed to initiate DPP Authentication")
5202 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2)
5203 if ev is None:
5204 raise Exception("DPP configuration result not seen (Enrollee)")
5205 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2)
5206 if ev is None:
5207 raise Exception("DPP configuration result not seen (Responder)")
5208 dev[0].request("DPP_STOP_LISTEN")
5209 dev[1].request("DPP_STOP_LISTEN")
5210
5211 def test_dpp_network_addition_failure(dev, apdev):
5212 """DPP network addition failure"""
5213 try:
5214 run_dpp_network_addition_failure(dev, apdev)
5215 finally:
5216 dev[0].set("dpp_config_processing", "0")
5217
5218 def run_dpp_network_addition_failure(dev, apdev):
5219 check_dpp_capab(dev[0])
5220
5221 res = dev[0].request("DPP_CONFIGURATOR_ADD")
5222 if "FAIL" in res:
5223 raise Exception("Failed to add configurator")
5224 conf_id = int(res)
5225
5226 dev[0].set("dpp_config_processing", "1")
5227 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id
5228 tests = [ (1, "=wpas_dpp_add_network"),
5229 (2, "=wpas_dpp_add_network"),
5230 (3, "=wpas_dpp_add_network"),
5231 (4, "=wpas_dpp_add_network"),
5232 (1, "wpa_config_add_network;wpas_dpp_add_network") ]
5233 for count,func in tests:
5234 with alloc_fail(dev[0], count, func):
5235 res = dev[0].request(cmd)
5236 if "FAIL" in res:
5237 raise Exception("Failed to generate own configuration")
5238 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
5239 if ev is None:
5240 raise Exception("Config object not processed")
5241 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
5242 dev[0].dump_monitor()
5243
5244 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-psk pass=%s configurator=%d" % (binascii.hexlify(b"passphrase").decode(), conf_id)
5245 tests = [ (1, "wpa_config_set_quoted;wpas_dpp_add_network") ]
5246 for count,func in tests:
5247 with alloc_fail(dev[0], count, func):
5248 res = dev[0].request(cmd)
5249 if "FAIL" in res:
5250 raise Exception("Failed to generate own configuration")
5251 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2)
5252 if ev is None:
5253 raise Exception("Config object not processed")
5254 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL")
5255 dev[0].dump_monitor()
5256
5257 def test_dpp_two_initiators(dev, apdev):
5258 """DPP and two initiators"""
5259 check_dpp_capab(dev[0])
5260 check_dpp_capab(dev[1])
5261 check_dpp_capab(dev[2])
5262
5263 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
5264 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id)
5265
5266 if "OK" not in dev[0].request("DPP_LISTEN 2412"):
5267 raise Exception("Failed to start listen operation")
5268
5269 id1 = dev[1].dpp_qr_code(uri)
5270 id2 = dev[2].dpp_qr_code(uri)
5271
5272 if "OK" not in dev[1].request("DPP_AUTH_INIT peer=%d" % id1):
5273 raise Exception("Failed to initiate DPP Authentication")
5274 ev = dev[0].wait_event(["DPP-RX"], timeout=5)
5275 if ev is None:
5276 raise Exeption("No DPP Authentication Request seen")
5277 if "OK" not in dev[2].request("DPP_AUTH_INIT peer=%d" % id2):
5278 raise Exception("Failed to initiate DPP Authentication (2)")
5279
5280 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5)
5281 if ev is None:
5282 raise Exeption("No DPP failure seen")
5283 if "DPP-FAIL Already in DPP authentication exchange - ignore new one" not in ev:
5284 raise Exception("Second DPP authentication exchange not reported as ignored")
5285
5286 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2)
5287 if ev is None:
5288 raise Exception("DPP configuration result not seen (Enrollee)")
5289 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2)
5290 if ev is None:
5291 raise Exception("DPP configuration result not seen (Responder)")
5292
5293 dev[0].request("DPP_STOP_LISTEN")
5294 dev[1].request("DPP_STOP_LISTEN")
5295 dev[2].request("DPP_STOP_LISTEN")
5296
5297 def test_dpp_conf_file_update(dev, apdev, params):
5298 """DPP provisioning updating wpa_supplicant configuration file"""
5299 config = os.path.join(params['logdir'], 'dpp_conf_file_update.conf')
5300 with open(config, "w") as f:
5301 f.write("update_config=1\n")
5302 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5')
5303 wpas.interface_add("wlan5", config=config)
5304 wpas.set("dpp_config_processing", "1")
5305 run_dpp_qr_code_auth_unicast([ wpas, dev[1] ], apdev, None,
5306 init_extra="conf=sta-dpp",
5307 require_conf_success=True,
5308 configurator=True)
5309 wpas.interface_remove("wlan5")
5310
5311 with open(config, "r") as f:
5312 res = f.read()
5313 for i in [ "network={", "dpp_connector=", "key_mgmt=DPP", "ieee80211w=2",
5314 "dpp_netaccesskey=", "dpp_csign=" ]:
5315 if i not in res:
5316 raise Exception("Configuration file missing '%s'" % i)
5317
5318 wpas.interface_add("wlan5", config=config)
5319 if len(wpas.list_networks()) != 1:
5320 raise Exception("Unexpected number of networks")
5321
5322 def test_dpp_duplicated_auth_resp(dev, apdev):
5323 """DPP and duplicated Authentication Response"""
5324 check_dpp_capab(dev[0])
5325 check_dpp_capab(dev[1])
5326
5327 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True)
5328 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
5329 id1 = dev[1].dpp_qr_code(uri0)
5330
5331 dev[0].set("ext_mgmt_frame_handling", "1")
5332 dev[1].set("ext_mgmt_frame_handling", "1")
5333
5334 cmd = "DPP_LISTEN 2412"
5335 if "OK" not in dev[0].request(cmd):
5336 raise Exception("Failed to start listen operation")
5337
5338 cmd = "DPP_AUTH_INIT peer=%d" % id1
5339 if "OK" not in dev[1].request(cmd):
5340 raise Exception("Failed to initiate DPP Authentication")
5341
5342 # DPP Authentication Request
5343 rx_process_frame(dev[0])
5344
5345 # DPP Authentication Response
5346 msg = rx_process_frame(dev[1])
5347 frame = binascii.hexlify(msg['frame']).decode()
5348 # Duplicated frame
5349 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)):
5350 raise Exception("MGMT_RX_PROCESS failed")
5351 # Modified frame - nonzero status
5352 if frame[2*32:2*37] != "0010010000":
5353 raise Exception("Could not find Status attribute")
5354 frame2 = frame[0:2*32] + "0010010001" + frame[2*37:]
5355 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
5356 raise Exception("MGMT_RX_PROCESS failed")
5357 frame2 = frame[0:2*32] + "00100100ff" + frame[2*37:]
5358 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)):
5359 raise Exception("MGMT_RX_PROCESS failed")
5360
5361 # DPP Authentication Confirmation
5362 rx_process_frame(dev[0])
5363
5364 wait_auth_success(dev[0], dev[1])
5365
5366 # DPP Configuration Request
5367 rx_process_frame(dev[1])
5368
5369 # DPP Configuration Response
5370 rx_process_frame(dev[0])
5371
5372 wait_conf_completion(dev[1], dev[0])
Unnamed repository; edit this file 'description' to name the repository.