tests: DPP P-256 test vectors

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/common/dpp.c b/src/common/dpp.c
index ac9ce34522c7a5259fcb964e950672f8dffc728a..5970747553ac4a62647637d9521dc57231f350b1 100644 (file)
--- a/src/common/dpp.c
+++ b/src/common/dpp.c
@@ -36,6 +36,8 @@ u8 dpp_pkex_ephemeral_key_override[600];
 size_t dpp_pkex_ephemeral_key_override_len = 0;
 u8 dpp_protocol_key_override[600];
 size_t dpp_protocol_key_override_len = 0;
+u8 dpp_nonce_override[DPP_MAX_NONCE_LEN];
+size_t dpp_nonce_override_len = 0;
 
 static int dpp_test_gen_invalid_key(struct wpabuf *msg,
                                    const struct dpp_curve_params *curve);
@@ -2086,11 +2088,26 @@ struct dpp_authentication * dpp_auth_init(void *msg_ctx,
            dpp_prepare_channel_list(auth, own_modes, num_modes) < 0)
                goto fail;
 
+#ifdef CONFIG_TESTING_OPTIONS
+       if (dpp_nonce_override_len > 0) {
+               wpa_printf(MSG_INFO, "DPP: TESTING - override I-nonce");
+               nonce_len = dpp_nonce_override_len;
+               os_memcpy(auth->i_nonce, dpp_nonce_override, nonce_len);
+       } else {
+               nonce_len = auth->curve->nonce_len;
+               if (random_get_bytes(auth->i_nonce, nonce_len)) {
+                       wpa_printf(MSG_ERROR,
+                                  "DPP: Failed to generate I-nonce");
+                       goto fail;
+               }
+       }
+#else /* CONFIG_TESTING_OPTIONS */
        nonce_len = auth->curve->nonce_len;
        if (random_get_bytes(auth->i_nonce, nonce_len)) {
                wpa_printf(MSG_ERROR, "DPP: Failed to generate I-nonce");
                goto fail;
        }
+#endif /* CONFIG_TESTING_OPTIONS */
        wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len);
 
 #ifdef CONFIG_TESTING_OPTIONS
@@ -2616,11 +2633,26 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
        if (!auth->own_bi)
                return -1;
 
+#ifdef CONFIG_TESTING_OPTIONS
+       if (dpp_nonce_override_len > 0) {
+               wpa_printf(MSG_INFO, "DPP: TESTING - override R-nonce");
+               nonce_len = dpp_nonce_override_len;
+               os_memcpy(auth->r_nonce, dpp_nonce_override, nonce_len);
+       } else {
+               nonce_len = auth->curve->nonce_len;
+               if (random_get_bytes(auth->r_nonce, nonce_len)) {
+                       wpa_printf(MSG_ERROR,
+                                  "DPP: Failed to generate R-nonce");
+                       goto fail;
+               }
+       }
+#else /* CONFIG_TESTING_OPTIONS */
        nonce_len = auth->curve->nonce_len;
        if (random_get_bytes(auth->r_nonce, nonce_len)) {
                wpa_printf(MSG_ERROR, "DPP: Failed to generate R-nonce");
                goto fail;
        }
+#endif /* CONFIG_TESTING_OPTIONS */
        wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
 
 #ifdef CONFIG_TESTING_OPTIONS

diff --git a/src/common/dpp.h b/src/common/dpp.h
index 659cb5f63f5da5963a3a0288b00218ccc472760b..79a5b251c8f19e856aeedfe57547d9dd37f91ff7 100644 (file)
--- a/src/common/dpp.h
+++ b/src/common/dpp.h
@@ -341,6 +341,8 @@ extern u8 dpp_pkex_ephemeral_key_override[600];
 extern size_t dpp_pkex_ephemeral_key_override_len;
 extern u8 dpp_protocol_key_override[600];
 extern size_t dpp_protocol_key_override_len;
+extern u8 dpp_nonce_override[DPP_MAX_NONCE_LEN];
+extern size_t dpp_nonce_override_len;
 #endif /* CONFIG_TESTING_OPTIONS */
 
 void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);

diff --git a/tests/hwsim/test_dpp.py b/tests/hwsim/test_dpp.py
index 9fa3361141feeb190035675c7419ee218934dc27..7224c39dab658f3802d78206e51dbe2352a16360 100644 (file)
--- a/tests/hwsim/test_dpp.py
+++ b/tests/hwsim/test_dpp.py
@@ -1766,6 +1766,127 @@ def test_dpp_qr_code_hostapd_init(dev, apdev):
     dev[0].request("DPP_STOP_LISTEN")
     dev[0].dump_monitor()
 
+def test_dpp_test_vector_p_256(dev, apdev):
+    """DPP P-256 test vector (mutual auth)"""
+    check_dpp_capab(dev[0])
+    check_dpp_capab(dev[1])
+
+    # Responder bootstrapping key
+    priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
+    addr = dev[0].own_addr().replace(':', '')
+    cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=30310201010420" + priv + "a00a06082a8648ce3d030107"
+    res = dev[0].request(cmd)
+    if "FAIL" in res:
+        raise Exception("Failed to generate bootstrapping info")
+    id0 = int(res)
+    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
+
+    # Responder protocol keypair override
+    priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
+    dev[0].set("dpp_protocol_key_override",
+               "30310201010420" + priv + "a00a06082a8648ce3d030107")
+
+    dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
+
+    # Initiator bootstrapping key
+    priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
+    cmd = "DPP_BOOTSTRAP_GEN type=qrcode key=30310201010420" + priv + "a00a06082a8648ce3d030107"
+    res = dev[1].request(cmd)
+    if "FAIL" in res:
+        raise Exception("Failed to generate bootstrapping info")
+    id1 = int(res)
+    uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
+
+    # Initiator protocol keypair override
+    priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
+    dev[1].set("dpp_protocol_key_override",
+               "30310201010420" + priv + "a00a06082a8648ce3d030107")
+
+    dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
+
+    res = dev[1].request("DPP_QR_CODE " + uri0)
+    if "FAIL" in res:
+        raise Exception("Failed to parse QR Code URI")
+    id1peer = int(res)
+
+    res = dev[0].request("DPP_QR_CODE " + uri1)
+    if "FAIL" in res:
+        raise Exception("Failed to parse QR Code URI")
+    id0peer = int(res)
+
+    cmd = "DPP_LISTEN 2462 qr=mutual"
+    if "OK" not in dev[0].request(cmd):
+        raise Exception("Failed to start listen operation")
+
+    cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
+    if "OK" not in dev[1].request(cmd):
+        raise Exception("Failed to initiate operation")
+
+    ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
+    if ev is None:
+        raise Exception("DPP authentication did not succeed (Initiator)")
+    ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
+    if ev is None:
+        raise Exception("DPP authentication did not succeed (Responder)")
+
+def test_dpp_test_vector_p_256_b(dev, apdev):
+    """DPP P-256 test vector (Responder-only auth)"""
+    check_dpp_capab(dev[0])
+    check_dpp_capab(dev[1])
+
+    # Responder bootstrapping key
+    priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
+    addr = dev[0].own_addr().replace(':', '')
+    cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=30310201010420" + priv + "a00a06082a8648ce3d030107"
+    res = dev[0].request(cmd)
+    if "FAIL" in res:
+        raise Exception("Failed to generate bootstrapping info")
+    id0 = int(res)
+    uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
+
+    # Responder protocol keypair override
+    priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
+    dev[0].set("dpp_protocol_key_override",
+               "30310201010420" + priv + "a00a06082a8648ce3d030107")
+
+    dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
+
+    # Initiator bootstrapping key
+    priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
+    cmd = "DPP_BOOTSTRAP_GEN type=qrcode key=30310201010420" + priv + "a00a06082a8648ce3d030107"
+    res = dev[1].request(cmd)
+    if "FAIL" in res:
+        raise Exception("Failed to generate bootstrapping info")
+    id1 = int(res)
+    uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
+
+    # Initiator protocol keypair override
+    priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
+    dev[1].set("dpp_protocol_key_override",
+               "30310201010420" + priv + "a00a06082a8648ce3d030107")
+
+    dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
+
+    res = dev[1].request("DPP_QR_CODE " + uri0)
+    if "FAIL" in res:
+        raise Exception("Failed to parse QR Code URI")
+    id1peer = int(res)
+
+    cmd = "DPP_LISTEN 2462"
+    if "OK" not in dev[0].request(cmd):
+        raise Exception("Failed to start listen operation")
+
+    cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
+    if "OK" not in dev[1].request(cmd):
+        raise Exception("Failed to initiate operation")
+
+    ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
+    if ev is None:
+        raise Exception("DPP authentication did not succeed (Initiator)")
+    ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
+    if ev is None:
+        raise Exception("DPP authentication did not succeed (Responder)")
+
 def test_dpp_pkex(dev, apdev):
     """DPP and PKEX"""
     run_dpp_pkex(dev, apdev)

diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 2069be5d7bd04bc0c53374a9efa0277bf310ca88..61fc170df61618cadc4d8ed62a1bf5f7e51704d0 100644 (file)
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -643,6 +643,15 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
                        ret = -1;
                else
                        dpp_protocol_key_override_len = hex_len / 2;
+       } else if (os_strcasecmp(cmd, "dpp_nonce_override") == 0) {
+               size_t hex_len = os_strlen(value);
+
+               if (hex_len > 2 * sizeof(dpp_nonce_override))
+                       ret = -1;
+               else if (hexstr2bin(value, dpp_nonce_override, hex_len / 2))
+                       ret = -1;
+               else
+                       dpp_nonce_override_len = hex_len / 2;
 #endif /* CONFIG_TESTING_OPTIONS */
 #endif /* CONFIG_DPP */
 #ifdef CONFIG_TESTING_OPTIONS
@@ -7795,6 +7804,7 @@ static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s)
        os_memset(dpp_pkex_peer_mac_override, 0, ETH_ALEN);
        dpp_pkex_ephemeral_key_override_len = 0;
        dpp_protocol_key_override_len = 0;
+       dpp_nonce_override_len = 0;
 #endif /* CONFIG_TESTING_OPTIONS */
 #endif /* CONFIG_DPP */