1# Test cases for Device Provisioning Protocol (DPP) 2# Copyright (c) 2017, Qualcomm Atheros, Inc. 3# Copyright (c) 2018-2019, The Linux Foundation 4# Copyright (c) 2021-2022, Qualcomm Innovation Center, Inc. 5# 6# This software may be distributed under the terms of the BSD license. 7# See README for more details. 8 9import base64 10import binascii 11import hashlib 12import logging 13logger = logging.getLogger() 14import os 15import socket 16import struct 17import subprocess 18import time 19try: 20 from socketserver import StreamRequestHandler, TCPServer 21except ImportError: 22 from SocketServer import StreamRequestHandler, TCPServer 23 24import hostapd 25import hwsim_utils 26from hwsim import HWSimRadio 27from utils import * 28from wpasupplicant import WpaSupplicant 29from wlantest import WlantestCapture 30 31try: 32 import OpenSSL 33 openssl_imported = True 34except ImportError: 35 openssl_imported = False 36 37def check_dpp_capab(dev, brainpool=False, min_ver=1): 38 if "UNKNOWN COMMAND" in dev.request("DPP_BOOTSTRAP_GET_URI 0"): 39 raise HwsimSkip("DPP not supported") 40 if brainpool: 41 tls = dev.request("GET tls_library") 42 if (not tls.startswith("OpenSSL") or "run=BoringSSL" in tls) and not tls.startswith("wolfSSL"): 43 raise HwsimSkip("Crypto library does not support Brainpool curves: " + tls) 44 capa = dev.request("GET_CAPABILITY dpp") 45 ver = 1 46 if capa.startswith("DPP="): 47 ver = int(capa[4:]) 48 if ver < min_ver: 49 raise HwsimSkip("DPP version %d not supported" % min_ver) 50 return ver 51 52def wait_dpp_fail(dev, expected=None): 53 ev = dev.wait_event(["DPP-FAIL"], timeout=5) 54 if ev is None: 55 raise Exception("Failure not reported") 56 if expected and expected not in ev: 57 raise Exception("Unexpected result: " + ev) 58 59def test_dpp_qr_code_parsing(dev, apdev): 60 """DPP QR Code parsing""" 61 check_dpp_capab(dev[0]) 62 id = [] 63 64 tests = ["DPP:C:81/1,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;", 65 "DPP:C:81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13,82/14,83/1,83/2,83/3,83/4,83/5,83/6,83/7,83/8,83/9,84/5,84/6,84/7,84/8,84/9,84/10,84/11,84/12,84/13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;", 66 "DPP:C:81/1,2,3,4,5,6,7,8,9,10,11,12,13,82/14,83/1,2,3,4,5,6,7,8,9,84/5,6,7,8,9,10,11,12,13,115/36;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;", 67 "DPP:C:81/1,2,3;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkq/24e0rsrfMP9K1Tm8gx+ovP0I=;;", 68 "DPP:H:192.168.1.1;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;", 69 "DPP:H:192.168.1.1:12345;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;", 70 "DPP:H:fe80::1234:5678:9abc:def0;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;", 71 "DPP:H:[fe80::1234:5678:9abc:def0]:12345;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;", 72 "DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;", 73 "DPP:I:;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"] 74 for uri in tests: 75 id.append(dev[0].dpp_qr_code(uri)) 76 77 uri2 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id[-1]) 78 if uri != uri2: 79 raise Exception("Returned URI does not match") 80 81 tests = ["foo", 82 "DPP:", 83 "DPP:;;", 84 "DPP:C:1/2;M:;K;;", 85 "DPP:I:;M:01020304050;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;", 86 "DPP:K:" + base64.b64encode(b"hello").decode() + ";;", 87 "DPP:K:MEkwEwYHKoZIzj0CAQYIKoZIzj0DAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;", 88 "DPP:K:MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANNZaZA4T/kRDjnmpI1ACOJhAuTIIEk2KFOpS6XPpGF+EVr/ao3XemkE0/nzXmGaLzLqTUCJknSdxTnVPeWfCVsCAwEAAQ==;;", 89 "DPP:K:MIIBCjCB0wYHKoZIzj0CATCBxwIBATAkBgcqhkjOPQEBAhkA/////////////////////v//////////MEsEGP////////////////////7//////////AQYZCEFGeWcgOcPp+mrciQwSf643uzBRrmxAxUAMEWub8hCL2TtV5Uo04Eg6uEhltUEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDECAQEDMgAEXiJuIWt1Q/CPCkuULechh37UsXPmbUANOeN5U9sOQROE4o/NEFeFEejROHYwwehF;;", 90 "DPP:I:foo\tbar;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;", 91 "DPP:C:1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;", 92 "DPP:C:81/1a;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;", 93 "DPP:C:1/2000,81/-1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;", 94 "DPP:C:-1/1;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADM2206avxHJaHXgLMkqa24e0rsrfMP9K1Tm8gx+ovP0I=;;"] 95 for t in tests: 96 res = dev[0].request("DPP_QR_CODE " + t) 97 if "FAIL" not in res: 98 raise Exception("Accepted invalid QR Code: " + t) 99 100 logger.info("ID: " + str(id)) 101 if len(id) != len(set(id)): 102 raise Exception("Duplicate ID returned") 103 104 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_REMOVE 12345678"): 105 raise Exception("DPP_BOOTSTRAP_REMOVE accepted unexpectedly") 106 if "OK" not in dev[0].request("DPP_BOOTSTRAP_REMOVE %d" % id[1]): 107 raise Exception("DPP_BOOTSTRAP_REMOVE failed") 108 109 id = dev[0].dpp_bootstrap_gen() 110 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id) 111 logger.info("Generated URI: " + uri) 112 113 dev[0].dpp_qr_code(uri) 114 115 id = dev[0].dpp_bootstrap_gen(chan="81/1,115/36", mac="010203040506", 116 info="foo") 117 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id) 118 logger.info("Generated URI: " + uri) 119 120 dev[0].dpp_qr_code(uri) 121 122def test_dpp_uri_version(dev, apdev): 123 """DPP URI version information""" 124 check_dpp_capab(dev[0], min_ver=2) 125 126 id0 = dev[0].dpp_bootstrap_gen() 127 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 128 logger.info("Generated URI: " + uri) 129 130 id1 = dev[0].dpp_qr_code(uri) 131 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 132 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id1) 133 logger.info("Parsed URI info:\n" + info) 134 capa = dev[0].request("GET_CAPABILITY dpp") 135 ver = 1 136 if capa.startswith("DPP="): 137 ver = int(capa[4:]) 138 if "version=%d" % ver not in info.splitlines(): 139 raise Exception("Unexpected version information (with indication)") 140 141 dev[0].set("dpp_version_override", "1") 142 id0 = dev[0].dpp_bootstrap_gen() 143 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 144 logger.info("Generated URI: " + uri) 145 146 id1 = dev[0].dpp_qr_code(uri) 147 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 148 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id1) 149 logger.info("Parsed URI info:\n" + info) 150 if "version=0" not in info.splitlines(): 151 raise Exception("Unexpected version information (without indication)") 152 153def test_dpp_uri_supported_curves(dev, apdev): 154 """DPP URI supported curves""" 155 check_dpp_capab(dev[0], min_ver=3) 156 157 tests = [("P-256", "1"), 158 ("P-384", "2"), 159 ("P-521", "4"), 160 ("BP-256", "8"), 161 ("BP-384", "01"), 162 ("BP-512", "02"), 163 ("P-256:P-384:P-521", "7"), 164 ("P-256:BP-512", "12"), 165 ("P-256:P-384:BP-384", "31"), 166 ("P-256:P-384:P-521:BP-256:BP-384:BP-512", "f3")] 167 for t in tests: 168 logger.info("Supported list: " + t[0]) 169 id0 = dev[0].dpp_bootstrap_gen(supported_curves=t[0]) 170 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 171 logger.info("Generated URI: " + uri) 172 if ";B:%s;" % t[1] not in uri: 173 raise Exception("Supported curves(1) not indicated correctly: " + uri) 174 175 id1 = dev[0].dpp_qr_code(uri) 176 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 177 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id1) 178 logger.info("Parsed URI info:\n" + info) 179 if "supp_curves=" + t[0] not in info.splitlines(): 180 raise Exception("supp_curves not indicated correctly in info") 181 182def test_dpp_uri_host(dev, apdev): 183 """DPP URI host""" 184 check_dpp_capab(dev[0], min_ver=3) 185 186 tests = [("192.168.1.1", "192.168.1.1 8908"), 187 ("192.168.1.1:12345", "192.168.1.1 12345"), 188 ("fe80::1234:5678:9abc:def0", "fe80::1234:5678:9abc:def0 8908"), 189 ("[fe80::1234:5678:9abc:def0]:12345", 190 "fe80::1234:5678:9abc:def0 12345")] 191 for t in tests: 192 logger.info("host: " + t[0]) 193 id0 = dev[0].dpp_bootstrap_gen(host=t[0]) 194 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 195 logger.info("Generated URI: " + uri) 196 if ";H:%s;" % t[0] not in uri: 197 raise Exception("host not indicated correctly: " + uri) 198 199 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id0) 200 logger.info("Parsed URI info:\n" + info) 201 if "host=" + t[1] not in info.splitlines(): 202 raise Exception("host not indicated correctly in info") 203 204def test_dpp_qr_code_parsing_fail(dev, apdev): 205 """DPP QR Code parsing local failure""" 206 check_dpp_capab(dev[0]) 207 with alloc_fail(dev[0], 1, "dpp_parse_uri_info"): 208 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"): 209 raise Exception("DPP_QR_CODE failure not reported") 210 211 with alloc_fail(dev[0], 1, "dpp_parse_uri_pk"): 212 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"): 213 raise Exception("DPP_QR_CODE failure not reported") 214 215 with fail_test(dev[0], 1, "dpp_parse_uri_pk"): 216 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"): 217 raise Exception("DPP_QR_CODE failure not reported") 218 219 with alloc_fail(dev[0], 1, "dpp_parse_uri"): 220 if "FAIL" not in dev[0].request("DPP_QR_CODE DPP:I:SN=4774LH2b4044;M:010203040506;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgADURzxmttZoIRIPWGoQMV00XHWCAQIhXruVWOz0NjlkIA=;;"): 221 raise Exception("DPP_QR_CODE failure not reported") 222 223dpp_key_p256 = "30570201010420777fc55dc51e967c10ec051b91d860b5f1e6c934e48d5daffef98d032c64b170a00a06082a8648ce3d030107a124032200020c804188c7f85beb6e91070d2b3e5e39b90ca77b4d3c5251bc1844d6ca29dcad" 224dpp_key_p384 = "307402010104302f56fdd83b5345cacb630eb7c22fa5ad5daba37307c95191e2a75756d137003bd8b32dbcb00eb5650c1eb499ecfcaec0a00706052b81040022a13403320003615ec2141b5b77aebb6523f8a012755f9a34405a8398d2ceeeebca7f5ce868bf55056cba4c4ec62fad3ed26dd29e0f23" 225dpp_key_p521 = "308198020101044200c8010d5357204c252551aaf4e210343111e503fd1dc615b257058997c49b6b643c975226e93be8181cca3d83a7072defd161dfbdf433c19abe1f2ad51867a05761a00706052b81040023a1460344000301cdf3608b1305fe34a1f976095dcf001182b9973354efe156291a66830292f9babd8f412ad462958663e7a75d1d0610abdfc3dd95d40669f7ab3bc001668cfb3b7c" 226dpp_key_bp256 = "3058020101042057133a676fb60bf2a3e6797e19833c7b0f89dc192ab99ab5fa377ae23a157765a00b06092b2403030208010107a12403220002945d9bf7ce30c9c1ac0ff21ca62b984d5bb80ff69d2be8c9716ab39a10d2caf0" 227dpp_key_bp384 = "307802010104304902df9f3033a9b7128554c0851dc7127c3573eed150671dae74c0013e9896a9b1c22b6f7d43d8a2ebb7cd474dc55039a00b06092b240303020801010ba13403320003623cb5e68787f351faababf3425161571560add2e6f9a306fcbffb507735bf955bb46dd20ba246b0d5cadce73e5bd6a6" 228dpp_key_bp512 = "30819802010104405803494226eb7e50bf0e90633f37e7e35d33f5fa502165eeba721d927f9f846caf12e925701d18e123abaaaf4a7edb4fc4de21ce18bc10c4d12e8b3439f74e40a00b06092b240303020801010da144034200033b086ccd47486522d35dc16fbb2229642c2e9e87897d45abbf21f9fb52acb5a6272b31d1b227c3e53720769cc16b4cb181b26cd0d35fe463218aaedf3b6ec00a" 229 230def test_dpp_qr_code_curves(dev, apdev): 231 """DPP QR Code and supported curves""" 232 check_dpp_capab(dev[0]) 233 tests = [("prime256v1", dpp_key_p256), 234 ("secp384r1", dpp_key_p384), 235 ("secp521r1", dpp_key_p521)] 236 for curve, hex in tests: 237 id = dev[0].dpp_bootstrap_gen(key=hex) 238 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id) 239 if "FAIL" in info: 240 raise Exception("Failed to get info for " + curve) 241 if "curve=" + curve not in info: 242 raise Exception("Curve mismatch for " + curve) 243 244def test_dpp_qr_code_curves_brainpool(dev, apdev): 245 """DPP QR Code and supported Brainpool curves""" 246 check_dpp_capab(dev[0], brainpool=True) 247 tests = [("brainpoolP256r1", dpp_key_bp256), 248 ("brainpoolP384r1", dpp_key_bp384), 249 ("brainpoolP512r1", dpp_key_bp512)] 250 for curve, hex in tests: 251 id = dev[0].dpp_bootstrap_gen(key=hex) 252 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id) 253 if "FAIL" in info: 254 raise Exception("Failed to get info for " + curve) 255 if "curve=" + curve not in info: 256 raise Exception("Curve mismatch for " + curve) 257 258def test_dpp_qr_code_unsupported_curve(dev, apdev): 259 """DPP QR Code and unsupported curve""" 260 check_dpp_capab(dev[0]) 261 262 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode curve=unsupported") 263 if "FAIL" not in id: 264 raise Exception("Unsupported curve accepted") 265 266 tests = ["30", 267 "305f02010104187f723ed9e1b41979ec5cd02eb82696efc76b40e277661049a00a06082a8648ce3d030101a134033200043f292614dea97c43f500f069e79ae9fb48f8b07369180de5eec8fa2bc9eea5af7a46dc335f52f10cb1c0e9464201d41b"] 268 for hex in tests: 269 id = dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode key=" + hex) 270 if "FAIL" not in id: 271 raise Exception("Unsupported/invalid curve accepted") 272 273def test_dpp_qr_code_keygen_fail(dev, apdev): 274 """DPP QR Code and keygen failure""" 275 check_dpp_capab(dev[0]) 276 277 with alloc_fail(dev[0], 1, 278 "crypto_ec_key_get_subject_public_key;dpp_keygen"): 279 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"): 280 raise Exception("Failure not reported") 281 282 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen"): 283 if "FAIL" not in dev[0].request("DPP_BOOTSTRAP_GEN type=qrcode"): 284 raise Exception("Failure not reported") 285 286def test_dpp_qr_code_curve_select(dev, apdev): 287 """DPP QR Code and curve selection""" 288 check_dpp_capab(dev[0], brainpool=True) 289 check_dpp_capab(dev[1], brainpool=True) 290 291 bi = [] 292 for key in [dpp_key_p256, dpp_key_p384, dpp_key_p521, 293 dpp_key_bp256, dpp_key_bp384, dpp_key_bp512]: 294 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, key=key) 295 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id) 296 for i in info.splitlines(): 297 if '=' in i: 298 name, val = i.split('=') 299 if name == "curve": 300 curve = val 301 break 302 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id) 303 bi.append((curve, uri)) 304 305 for curve, uri in bi: 306 logger.info("Curve: " + curve) 307 logger.info("URI: " + uri) 308 309 dev[0].dpp_listen(2412) 310 dev[1].dpp_auth_init(uri=uri) 311 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0], 312 allow_enrollee_failure=True, stop_responder=True, 313 stop_initiator=True) 314 315def test_dpp_qr_code_auth_broadcast(dev, apdev): 316 """DPP QR Code and authentication exchange (broadcast)""" 317 check_dpp_capab(dev[0]) 318 check_dpp_capab(dev[1]) 319 logger.info("dev0 displays QR Code") 320 id0 = dev[0].dpp_bootstrap_gen(chan="81/1") 321 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 322 logger.info("dev1 scans QR Code and initiates DPP Authentication") 323 dev[0].dpp_listen(2412) 324 dev[1].dpp_auth_init(uri=uri0) 325 wait_auth_success(dev[0], dev[1], stop_responder=True, timeout=20) 326 327def test_dpp_qr_code_auth_unicast(dev, apdev): 328 """DPP QR Code and authentication exchange (unicast)""" 329 run_dpp_qr_code_auth_unicast(dev, apdev, None) 330 331def test_dpp_qr_code_auth_unicast_ap_enrollee(dev, apdev): 332 """DPP QR Code and authentication exchange (AP enrollee)""" 333 run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="ap") 334 335def run_dpp_configurator_enrollee(dev, apdev, conf_curve=None): 336 run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="configurator", 337 configurator=True, conf_curve=conf_curve, 338 conf="configurator") 339 ev = dev[0].wait_event(["DPP-CONFIGURATOR-ID"], timeout=2) 340 if ev is None: 341 raise Exception("No Configurator instance added") 342 343def test_dpp_configurator_enrollee(dev, apdev): 344 """DPP Configurator enrolling""" 345 run_dpp_configurator_enrollee(dev, apdev) 346 347def test_dpp_configurator_enrollee_prime256v1(dev, apdev): 348 """DPP Configurator enrolling (prime256v1)""" 349 run_dpp_configurator_enrollee(dev, apdev, conf_curve="prime256v1") 350 351def test_dpp_configurator_enrollee_secp384r1(dev, apdev): 352 """DPP Configurator enrolling (secp384r1)""" 353 run_dpp_configurator_enrollee(dev, apdev, conf_curve="secp384r1") 354 355def test_dpp_configurator_enrollee_secp521r1(dev, apdev): 356 """DPP Configurator enrolling (secp521r1)""" 357 run_dpp_configurator_enrollee(dev, apdev, conf_curve="secp521r1") 358 359def test_dpp_configurator_enrollee_brainpoolP256r1(dev, apdev): 360 """DPP Configurator enrolling (brainpoolP256r1)""" 361 run_dpp_configurator_enrollee(dev, apdev, conf_curve="brainpoolP256r1") 362 363def test_dpp_configurator_enrollee_brainpoolP384r1(dev, apdev): 364 """DPP Configurator enrolling (brainpoolP384r1)""" 365 run_dpp_configurator_enrollee(dev, apdev, conf_curve="brainpoolP384r1") 366 367def test_dpp_configurator_enrollee_brainpoolP512r1(dev, apdev): 368 """DPP Configurator enrolling (brainpoolP512r1)""" 369 run_dpp_configurator_enrollee(dev, apdev, conf_curve="brainpoolP512r1") 370 371def test_dpp_configurator_enroll_conf(dev, apdev): 372 """DPP Configurator enrolling followed by use of the new Configurator""" 373 check_dpp_capab(dev[0], min_ver=2) 374 try: 375 dev[0].set("dpp_config_processing", "2") 376 run_dpp_configurator_enroll_conf(dev, apdev) 377 finally: 378 dev[0].set("dpp_config_processing", "0", allow_fail=True) 379 380def run_dpp_configurator_enroll_conf(dev, apdev): 381 run_dpp_qr_code_auth_unicast(dev, apdev, None, netrole="configurator", 382 configurator=True, conf="configurator", 383 qr="mutual", stop_responder=False) 384 ev = dev[0].wait_event(["DPP-CONFIGURATOR-ID"], timeout=2) 385 if ev is None: 386 raise Exception("No Configurator instance added") 387 dev[1].reset() 388 dev[0].dump_monitor() 389 390 ssid = "test-network" 391 passphrase = "test-passphrase" 392 dev[0].set("dpp_configurator_params", 393 "conf=sta-psk ssid=%s pass=%s" % (binascii.hexlify(ssid.encode()).decode(), binascii.hexlify(passphrase.encode()).decode())) 394 dev[0].dpp_listen(2412, role="configurator") 395 id0 = dev[0].dpp_bootstrap_gen(chan="81/1") 396 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 397 dev[1].dpp_auth_init(uri=uri0, role="enrollee") 398 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1]) 399 400def test_dpp_qr_code_curve_prime256v1(dev, apdev): 401 """DPP QR Code and curve prime256v1""" 402 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1") 403 404def test_dpp_qr_code_curve_secp384r1(dev, apdev): 405 """DPP QR Code and curve secp384r1""" 406 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1") 407 408def test_dpp_qr_code_curve_secp521r1(dev, apdev): 409 """DPP QR Code and curve secp521r1""" 410 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1") 411 412def test_dpp_qr_code_curve_brainpoolP256r1(dev, apdev): 413 """DPP QR Code and curve brainpoolP256r1""" 414 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP256r1") 415 416def test_dpp_qr_code_curve_brainpoolP384r1(dev, apdev): 417 """DPP QR Code and curve brainpoolP384r1""" 418 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP384r1") 419 420def test_dpp_qr_code_curve_brainpoolP512r1(dev, apdev): 421 """DPP QR Code and curve brainpoolP512r1""" 422 run_dpp_qr_code_auth_unicast(dev, apdev, "brainpoolP512r1") 423 424def test_dpp_qr_code_set_key(dev, apdev): 425 """DPP QR Code and fixed bootstrapping key""" 426 run_dpp_qr_code_auth_unicast(dev, apdev, None, key="30770201010420e5143ac74682cc6869a830e8f5301a5fa569130ac329b1d7dd6f2a7495dbcbe1a00a06082a8648ce3d030107a144034200045e13e167c33dbc7d85541e5509600aa8139bbb3e39e25898992c5d01be92039ee2850f17e71506ded0d6b25677441eae249f8e225c68dd15a6354dca54006383") 427 428def run_dpp_qr_code_auth_unicast(dev, apdev, curve, netrole=None, key=None, 429 require_conf_success=False, init_extra=None, 430 require_conf_failure=False, 431 configurator=False, conf_curve=None, 432 net_access_key_curve=None, 433 conf=None, qr=None, stop_responder=True): 434 min_ver = 3 if net_access_key_curve else 1 435 brainpool = (curve and "brainpool" in curve) or \ 436 (conf_curve and "brainpool" in conf_curve) 437 check_dpp_capab(dev[0], brainpool, min_ver=min_ver) 438 check_dpp_capab(dev[1], brainpool, min_ver=min_ver) 439 if configurator: 440 conf_id = dev[1].dpp_configurator_add(curve=conf_curve, 441 net_access_key_curve=net_access_key_curve) 442 else: 443 conf_id = None 444 445 if qr == "mutual": 446 logger.info("dev1 displays QR Code and dev0 scans it") 447 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve) 448 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 449 id1c = dev[0].dpp_qr_code(uri1) 450 else: 451 id1 = None 452 453 logger.info("dev0 displays QR Code") 454 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve, key=key) 455 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 456 457 logger.info("dev1 scans QR Code and initiates DPP Authentication") 458 dev[0].dpp_listen(2412, netrole=netrole, qr=qr) 459 dev[1].dpp_auth_init(uri=uri0, extra=init_extra, configurator=conf_id, 460 conf=conf, own=id1) 461 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0], 462 allow_enrollee_failure=not require_conf_success, 463 allow_configurator_failure=not require_conf_success, 464 require_configurator_failure=require_conf_failure, 465 stop_responder=stop_responder) 466 467def test_dpp_qr_code_auth_mutual(dev, apdev): 468 """DPP QR Code and authentication exchange (mutual)""" 469 check_dpp_capab(dev[0]) 470 check_dpp_capab(dev[1]) 471 logger.info("dev0 displays QR Code") 472 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 473 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 474 475 logger.info("dev1 displays QR Code") 476 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True) 477 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b) 478 479 logger.info("dev0 scans QR Code") 480 id0b = dev[0].dpp_qr_code(uri1b) 481 482 logger.info("dev1 scans QR Code and initiates DPP Authentication") 483 dev[0].dpp_listen(2412) 484 dev[1].dpp_auth_init(uri=uri0, own=id1b) 485 486 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5) 487 if ev is None: 488 raise Exception("DPP authentication direction not indicated (Initiator)") 489 if "mutual=1" not in ev: 490 raise Exception("Mutual authentication not used") 491 492 wait_auth_success(dev[0], dev[1], stop_responder=True) 493 494def test_dpp_qr_code_auth_mutual2(dev, apdev): 495 """DPP QR Code and authentication exchange (mutual2)""" 496 check_dpp_capab(dev[0]) 497 check_dpp_capab(dev[1]) 498 logger.info("dev0 displays QR Code") 499 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 500 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 501 502 logger.info("dev1 displays QR Code") 503 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True) 504 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b) 505 506 logger.info("dev1 scans QR Code and initiates DPP Authentication") 507 dev[0].dpp_listen(2412, qr="mutual") 508 dev[1].dpp_auth_init(uri=uri0, own=id1b) 509 510 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5) 511 if ev is None: 512 raise Exception("Pending response not reported") 513 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5) 514 if ev is None: 515 raise Exception("QR Code scan for mutual authentication not requested") 516 517 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=1) 518 if ev is None: 519 raise Exception("No TX status reported for response") 520 time.sleep(0.1) 521 522 logger.info("dev0 scans QR Code") 523 id0b = dev[0].dpp_qr_code(uri1b) 524 525 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5) 526 if ev is None: 527 raise Exception("DPP authentication direction not indicated (Initiator)") 528 if "mutual=1" not in ev: 529 raise Exception("Mutual authentication not used") 530 531 wait_auth_success(dev[0], dev[1], stop_responder=True) 532 533def test_dpp_qr_code_auth_mutual_p_256(dev, apdev): 534 """DPP QR Code and authentication exchange (mutual, autogen P-256)""" 535 run_dpp_qr_code_auth_mutual(dev, apdev, "P-256") 536 537def test_dpp_qr_code_auth_mutual_p_384(dev, apdev): 538 """DPP QR Code and authentication exchange (mutual, autogen P-384)""" 539 run_dpp_qr_code_auth_mutual(dev, apdev, "P-384") 540 541def test_dpp_qr_code_auth_mutual_p_521(dev, apdev): 542 """DPP QR Code and authentication exchange (mutual, autogen P-521)""" 543 run_dpp_qr_code_auth_mutual(dev, apdev, "P-521") 544 545def test_dpp_qr_code_auth_mutual_bp_256(dev, apdev): 546 """DPP QR Code and authentication exchange (mutual, autogen BP-256)""" 547 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-256") 548 549def test_dpp_qr_code_auth_mutual_bp_384(dev, apdev): 550 """DPP QR Code and authentication exchange (mutual, autogen BP-384)""" 551 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-384") 552 553def test_dpp_qr_code_auth_mutual_bp_512(dev, apdev): 554 """DPP QR Code and authentication exchange (mutual, autogen BP-512)""" 555 run_dpp_qr_code_auth_mutual(dev, apdev, "BP-512") 556 557def run_dpp_qr_code_auth_mutual(dev, apdev, curve): 558 check_dpp_capab(dev[0], curve and "BP-" in curve) 559 check_dpp_capab(dev[1], curve and "BP-" in curve) 560 logger.info("dev0 displays QR Code") 561 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve) 562 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 563 logger.info("dev1 scans QR Code and initiates DPP Authentication") 564 dev[0].dpp_listen(2412, qr="mutual") 565 dev[1].dpp_auth_init(uri=uri0) 566 567 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5) 568 if ev is None: 569 raise Exception("Pending response not reported") 570 uri = ev.split(' ')[1] 571 572 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5) 573 if ev is None: 574 raise Exception("QR Code scan for mutual authentication not requested") 575 576 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=1) 577 if ev is None: 578 raise Exception("No TX status reported for response") 579 time.sleep(0.1) 580 581 logger.info("dev0 scans QR Code") 582 dev[0].dpp_qr_code(uri) 583 584 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5) 585 if ev is None: 586 raise Exception("DPP authentication direction not indicated (Initiator)") 587 if "mutual=1" not in ev: 588 raise Exception("Mutual authentication not used") 589 590 wait_auth_success(dev[0], dev[1], stop_responder=True) 591 592def test_dpp_auth_resp_retries(dev, apdev): 593 """DPP Authentication Response retries""" 594 check_dpp_capab(dev[0]) 595 check_dpp_capab(dev[1]) 596 dev[0].set("dpp_resp_max_tries", "3") 597 dev[0].set("dpp_resp_retry_time", "100") 598 599 logger.info("dev0 displays QR Code") 600 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 601 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 602 logger.info("dev1 displays QR Code") 603 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True) 604 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b) 605 logger.info("dev1 scans QR Code and initiates DPP Authentication") 606 dev[0].dpp_listen(2412, qr="mutual") 607 dev[1].dpp_auth_init(uri=uri0, own=id1b) 608 609 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5) 610 if ev is None: 611 raise Exception("Pending response not reported") 612 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5) 613 if ev is None: 614 raise Exception("QR Code scan for mutual authentication not requested") 615 616 # Stop Initiator from listening to frames to force retransmission of the 617 # DPP Authentication Response frame with Status=0 618 dev[1].request("DPP_STOP_LISTEN") 619 620 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=1) 621 if ev is None: 622 raise Exception("No TX status reported for response") 623 time.sleep(0.1) 624 625 dev[1].dump_monitor() 626 dev[0].dump_monitor() 627 628 logger.info("dev0 scans QR Code") 629 id0b = dev[0].dpp_qr_code(uri1b) 630 631 ev = dev[0].wait_event(["DPP-TX "], timeout=5) 632 if ev is None or "type=1" not in ev: 633 raise Exception("DPP Authentication Response not sent") 634 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=5) 635 if ev is None: 636 raise Exception("TX status for DPP Authentication Response not reported") 637 if "result=no-ACK" not in ev: 638 raise Exception("Unexpected TX status for Authentication Response: " + ev) 639 640 ev = dev[0].wait_event(["DPP-TX "], timeout=15) 641 if ev is None or "type=1" not in ev: 642 raise Exception("DPP Authentication Response retransmission not sent") 643 644def test_dpp_qr_code_auth_mutual_not_used(dev, apdev): 645 """DPP QR Code and authentication exchange (mutual not used)""" 646 check_dpp_capab(dev[0]) 647 check_dpp_capab(dev[1]) 648 logger.info("dev0 displays QR Code") 649 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 650 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 651 logger.info("dev1 displays QR Code") 652 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True) 653 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b) 654 logger.info("dev0 does not scan QR Code") 655 logger.info("dev1 scans QR Code and initiates DPP Authentication") 656 dev[0].dpp_listen(2412) 657 dev[1].dpp_auth_init(uri=uri0, own=id1b) 658 659 ev = dev[1].wait_event(["DPP-AUTH-DIRECTION"], timeout=5) 660 if ev is None: 661 raise Exception("DPP authentication direction not indicated (Initiator)") 662 if "mutual=0" not in ev: 663 raise Exception("Mutual authentication not used") 664 665 wait_auth_success(dev[0], dev[1], stop_responder=True) 666 667def test_dpp_qr_code_auth_mutual_curve_mismatch(dev, apdev): 668 """DPP QR Code and authentication exchange (mutual/mismatch)""" 669 check_dpp_capab(dev[0]) 670 check_dpp_capab(dev[1]) 671 logger.info("dev0 displays QR Code") 672 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 673 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 674 logger.info("dev1 displays QR Code") 675 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve="secp384r1") 676 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b) 677 logger.info("dev0 scans QR Code") 678 id0b = dev[0].dpp_qr_code(uri1b) 679 logger.info("dev1 scans QR Code") 680 dev[1].dpp_auth_init(uri=uri0, own=id1b, expect_fail=True) 681 682def test_dpp_qr_code_auth_hostapd_mutual2(dev, apdev): 683 """DPP QR Code and authentication exchange (hostapd mutual2)""" 684 check_dpp_capab(dev[0]) 685 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 686 check_dpp_capab(hapd) 687 logger.info("AP displays QR Code") 688 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 689 uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 690 logger.info("dev0 displays QR Code") 691 id0b = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 692 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b) 693 logger.info("dev0 scans QR Code and initiates DPP Authentication") 694 hapd.dpp_listen(2412, qr="mutual") 695 dev[0].dpp_auth_init(uri=uri_h, own=id0b) 696 697 ev = dev[0].wait_event(["DPP-RESPONSE-PENDING"], timeout=5) 698 if ev is None: 699 raise Exception("Pending response not reported") 700 ev = hapd.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5) 701 if ev is None: 702 raise Exception("QR Code scan for mutual authentication not requested") 703 704 ev = hapd.wait_event(["DPP-TX-STATUS"], timeout=1) 705 if ev is None: 706 raise Exception("No TX status reported for response") 707 time.sleep(0.1) 708 709 logger.info("AP scans QR Code") 710 hapd.dpp_qr_code(uri0) 711 712 wait_auth_success(hapd, dev[0], stop_responder=True) 713 714def test_dpp_qr_code_listen_continue(dev, apdev): 715 """DPP QR Code and listen operation needing continuation""" 716 check_dpp_capab(dev[0]) 717 check_dpp_capab(dev[1]) 718 logger.info("dev0 displays QR Code") 719 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 720 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 721 dev[0].dpp_listen(2412) 722 logger.info("Wait for listen to expire and get restarted") 723 time.sleep(5.5) 724 logger.info("dev1 scans QR Code and initiates DPP Authentication") 725 dev[1].dpp_auth_init(uri=uri0) 726 wait_auth_success(dev[0], dev[1], stop_responder=True) 727 728def test_dpp_qr_code_auth_initiator_enrollee(dev, apdev): 729 """DPP QR Code and authentication exchange (Initiator in Enrollee role)""" 730 try: 731 run_dpp_qr_code_auth_initiator_enrollee(dev, apdev) 732 finally: 733 dev[0].set("gas_address3", "0") 734 dev[1].set("gas_address3", "0") 735 736def run_dpp_qr_code_auth_initiator_enrollee(dev, apdev): 737 check_dpp_capab(dev[0]) 738 check_dpp_capab(dev[1]) 739 dev[0].request("SET gas_address3 1") 740 dev[1].request("SET gas_address3 1") 741 logger.info("dev0 displays QR Code") 742 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 743 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 744 logger.info("dev1 scans QR Code and initiates DPP Authentication") 745 dev[0].dpp_listen(2412) 746 dev[1].dpp_auth_init(uri=uri0, role="enrollee") 747 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1], 748 allow_enrollee_failure=True, stop_responder=True) 749 750def test_dpp_qr_code_auth_initiator_either_1(dev, apdev): 751 """DPP QR Code and authentication exchange (Initiator in either role)""" 752 run_dpp_qr_code_auth_initiator_either(dev, apdev, None, dev[1], dev[0]) 753 754def test_dpp_qr_code_auth_initiator_either_2(dev, apdev): 755 """DPP QR Code and authentication exchange (Initiator in either role)""" 756 run_dpp_qr_code_auth_initiator_either(dev, apdev, "enrollee", 757 dev[1], dev[0]) 758 759def test_dpp_qr_code_auth_initiator_either_3(dev, apdev): 760 """DPP QR Code and authentication exchange (Initiator in either role)""" 761 run_dpp_qr_code_auth_initiator_either(dev, apdev, "configurator", 762 dev[0], dev[1]) 763 764def run_dpp_qr_code_auth_initiator_either(dev, apdev, resp_role, 765 conf_dev, enrollee_dev): 766 check_dpp_capab(dev[0]) 767 check_dpp_capab(dev[1]) 768 logger.info("dev0 displays QR Code") 769 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 770 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 771 logger.info("dev1 scans QR Code and initiates DPP Authentication") 772 dev[0].dpp_listen(2412, role=resp_role) 773 dev[1].dpp_auth_init(uri=uri0, role="either") 774 wait_auth_success(dev[0], dev[1], configurator=conf_dev, 775 enrollee=enrollee_dev, allow_enrollee_failure=True, 776 stop_responder=True) 777 778def run_init_incompatible_roles(dev, role="enrollee"): 779 check_dpp_capab(dev[0]) 780 check_dpp_capab(dev[1]) 781 logger.info("dev0 displays QR Code") 782 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 783 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 784 785 logger.info("dev1 scans QR Code") 786 id1 = dev[1].dpp_qr_code(uri0) 787 788 logger.info("dev1 initiates DPP Authentication") 789 dev[0].dpp_listen(2412, role=role) 790 return id1 791 792def test_dpp_qr_code_auth_incompatible_roles(dev, apdev): 793 """DPP QR Code and authentication exchange (incompatible roles)""" 794 id1 = run_init_incompatible_roles(dev) 795 dev[1].dpp_auth_init(peer=id1, role="enrollee") 796 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5) 797 if ev is None: 798 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out") 799 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1) 800 if ev is None: 801 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out") 802 dev[1].dpp_auth_init(peer=id1, role="configurator") 803 wait_auth_success(dev[0], dev[1], stop_responder=True) 804 805def test_dpp_qr_code_auth_incompatible_roles2(dev, apdev): 806 """DPP QR Code and authentication exchange (incompatible roles 2)""" 807 id1 = run_init_incompatible_roles(dev, role="configurator") 808 dev[1].dpp_auth_init(peer=id1, role="configurator") 809 ev = dev[1].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5) 810 if ev is None: 811 raise Exception("DPP-NOT-COMPATIBLE event on initiator timed out") 812 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1) 813 if ev is None: 814 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out") 815 816def test_dpp_qr_code_auth_incompatible_roles_failure(dev, apdev): 817 """DPP QR Code and authentication exchange (incompatible roles failure)""" 818 id1 = run_init_incompatible_roles(dev, role="configurator") 819 with alloc_fail(dev[0], 1, "dpp_auth_build_resp_status"): 820 dev[1].dpp_auth_init(peer=id1, role="configurator") 821 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=1) 822 if ev is None: 823 raise Exception("DPP-NOT-COMPATIBLE event on responder timed out") 824 825def test_dpp_qr_code_auth_incompatible_roles_failure2(dev, apdev): 826 """DPP QR Code and authentication exchange (incompatible roles failure 2)""" 827 id1 = run_init_incompatible_roles(dev, role="configurator") 828 with alloc_fail(dev[1], 1, "dpp_auth_resp_rx_status"): 829 dev[1].dpp_auth_init(peer=id1, role="configurator") 830 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL") 831 832def test_dpp_qr_code_auth_incompatible_roles_failure3(dev, apdev): 833 """DPP QR Code and authentication exchange (incompatible roles failure 3)""" 834 id1 = run_init_incompatible_roles(dev, role="configurator") 835 with fail_test(dev[1], 1, "dpp_auth_resp_rx_status"): 836 dev[1].dpp_auth_init(peer=id1, role="configurator") 837 wait_dpp_fail(dev[1], "AES-SIV decryption failed") 838 839def test_dpp_qr_code_auth_neg_chan(dev, apdev): 840 """DPP QR Code and authentication exchange with requested different channel""" 841 check_dpp_capab(dev[0]) 842 check_dpp_capab(dev[1]) 843 conf_id = dev[1].dpp_configurator_add() 844 logger.info("dev0 displays QR Code") 845 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 846 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 847 logger.info("dev1 scans QR Code and initiates DPP Authentication") 848 dev[0].dpp_listen(2412) 849 dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", neg_freq=2462, 850 configurator=conf_id) 851 852 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 853 if ev is None: 854 raise Exception("DPP Authentication Request not sent") 855 if "freq=2412 type=0" not in ev: 856 raise Exception("Unexpected TX data for Authentication Request: " + ev) 857 858 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 859 if ev is None: 860 raise Exception("DPP Authentication Request not received") 861 if "freq=2412 type=0" not in ev: 862 raise Exception("Unexpected RX data for Authentication Request: " + ev) 863 864 ev = dev[1].wait_event(["DPP-TX-STATUS"], timeout=5) 865 if ev is None: 866 raise Exception("TX status for DPP Authentication Request not reported") 867 if "freq=2412 result=SUCCESS" not in ev: 868 raise Exception("Unexpected TX status for Authentication Request: " + ev) 869 870 ev = dev[0].wait_event(["DPP-TX "], timeout=5) 871 if ev is None: 872 raise Exception("DPP Authentication Response not sent") 873 if "freq=2462 type=1" not in ev: 874 raise Exception("Unexpected TX data for Authentication Response: " + ev) 875 876 ev = dev[1].wait_event(["DPP-RX"], timeout=5) 877 if ev is None: 878 raise Exception("DPP Authentication Response not received") 879 if "freq=2462 type=1" not in ev: 880 raise Exception("Unexpected RX data for Authentication Response: " + ev) 881 882 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 883 if ev is None: 884 raise Exception("DPP Authentication Confirm not sent") 885 if "freq=2462 type=2" not in ev: 886 raise Exception("Unexpected TX data for Authentication Confirm: " + ev) 887 888 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 889 if ev is None: 890 raise Exception("DPP Authentication Confirm not received") 891 if "freq=2462 type=2" not in ev: 892 raise Exception("Unexpected RX data for Authentication Confirm: " + ev) 893 894 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0], 895 stop_responder=True) 896 897def test_dpp_config_legacy(dev, apdev): 898 """DPP Config Object for legacy network using passphrase""" 899 check_dpp_capab(dev[1]) 900 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' 901 dev[1].set("dpp_config_obj_override", conf) 902 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 903 require_conf_success=True) 904 905def test_dpp_config_legacy_psk_hex(dev, apdev): 906 """DPP Config Object for legacy network using PSK""" 907 check_dpp_capab(dev[1]) 908 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"' + 32*"12" + '"}}' 909 dev[1].set("dpp_config_obj_override", conf) 910 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 911 require_conf_success=True) 912 913def test_dpp_config_fragmentation(dev, apdev): 914 """DPP Config Object for legacy network requiring fragmentation""" 915 check_dpp_capab(dev[1]) 916 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 917 dev[1].set("dpp_config_obj_override", conf) 918 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 919 require_conf_success=True) 920 921def test_dpp_config_legacy_gen(dev, apdev): 922 """Generate DPP Config Object for legacy network""" 923 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 924 init_extra="conf=sta-psk pass=%s" % binascii.hexlify(b"passphrase").decode(), 925 require_conf_success=True) 926 927def test_dpp_config_legacy_gen_psk(dev, apdev): 928 """Generate DPP Config Object for legacy network (PSK)""" 929 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 930 init_extra="conf=sta-psk psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef", 931 require_conf_success=True) 932 933def test_dpp_config_legacy_gen_two_conf(dev, apdev): 934 """Generate DPP Config Object for legacy network (two config objects)""" 935 check_dpp_capab(dev[0]) 936 ssid1 = "test1" 937 pass1 = "passphrase for psk" 938 ssid2 = "test-2" 939 pass2 = "password for sae" 940 ssid1h = binascii.hexlify(ssid1.encode()).decode() 941 pass1h = binascii.hexlify(pass1.encode()).decode() 942 ssid2h = binascii.hexlify(ssid2.encode()).decode() 943 pass2h = binascii.hexlify(pass2.encode()).decode() 944 extra = "conf=sta-psk pass=%s ssid=%s @CONF-OBJ-SEP@ conf=sta-sae pass=%s ssid=%s" % (pass1h, ssid1h, pass2h, ssid2h) 945 try: 946 dev[0].set("dpp_config_processing", "1") 947 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 948 init_extra=extra, 949 require_conf_success=True) 950 finally: 951 dev[0].set("dpp_config_processing", "0", allow_fail=True) 952 953 ev = dev[0].wait_event(["DPP-CONFOBJ-AKM"], timeout=5) 954 if ev is None or ev.split()[1] != "psk": 955 raise Exception("Unexpected confobj 1 AKM: " + str(ev)) 956 ev = dev[0].wait_event(["DPP-CONFOBJ-SSID"], timeout=5) 957 if ev is None or ev.split()[1] != ssid1: 958 raise Exception("Unexpected confobj 1 SSID: " + str(ev)) 959 ev = dev[0].wait_event(["DPP-CONFOBJ-PASS"], timeout=5) 960 if ev is None or ev.split()[1] != pass1h: 961 raise Exception("Unexpected confobj 1 pass: " + str(ev)) 962 963 ev = dev[0].wait_event(["DPP-CONFOBJ-AKM"], timeout=5) 964 if ev is None or ev.split()[1] != "sae": 965 raise Exception("Unexpected confobj 2 AKM: " + str(ev)) 966 ev = dev[0].wait_event(["DPP-CONFOBJ-SSID"], timeout=5) 967 if ev is None or ev.split()[1] != ssid2: 968 raise Exception("Unexpected confobj 2 SSID: " + str(ev)) 969 ev = dev[0].wait_event(["DPP-CONFOBJ-PASS"], timeout=5) 970 if ev is None or ev.split()[1] != pass2h: 971 raise Exception("Unexpected confobj 2 pass: " + str(ev)) 972 973 val = dev[0].get_network(0, "ssid") 974 if val != '"' + ssid1 + '"': 975 raise Exception("Unexpected network 1 ssid: " + val) 976 val = dev[0].get_network(0, "key_mgmt") 977 if val != "WPA-PSK FT-PSK WPA-PSK-SHA256": 978 raise Exception("Unexpected network 1 key_mgmt: " + val) 979 980 val = dev[0].get_network(1, "ssid") 981 if val != '"' + ssid2 + '"': 982 raise Exception("Unexpected network 2 ssid: " + val) 983 val = dev[0].get_network(1, "key_mgmt") 984 if val != "SAE FT-SAE": 985 raise Exception("Unexpected network 2 key_mgmt: " + val) 986 987def test_dpp_config_legacy_gen_two_conf_psk(dev, apdev): 988 """Generate DPP Config Object for legacy network (two config objects, psk)""" 989 check_dpp_capab(dev[0]) 990 ssid1 = "test1" 991 psk1 = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" 992 ssid2 = "test-2" 993 pass2 = "password for sae" 994 ssid1h = binascii.hexlify(ssid1.encode()).decode() 995 ssid2h = binascii.hexlify(ssid2.encode()).decode() 996 pass2h = binascii.hexlify(pass2.encode()).decode() 997 extra = "conf=sta-psk psk=%s ssid=%s @CONF-OBJ-SEP@ conf=sta-sae pass=%s ssid=%s" % (psk1, ssid1h, pass2h, ssid2h) 998 try: 999 dev[0].set("dpp_config_processing", "1") 1000 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1001 init_extra=extra, 1002 require_conf_success=True) 1003 finally: 1004 dev[0].set("dpp_config_processing", "0", allow_fail=True) 1005 1006 ev = dev[0].wait_event(["DPP-CONFOBJ-AKM"], timeout=5) 1007 if ev is None or ev.split()[1] != "psk": 1008 raise Exception("Unexpected confobj 1 AKM: " + str(ev)) 1009 ev = dev[0].wait_event(["DPP-CONFOBJ-SSID"], timeout=5) 1010 if ev is None or ev.split()[1] != ssid1: 1011 raise Exception("Unexpected confobj 1 SSID: " + str(ev)) 1012 ev = dev[0].wait_event(["DPP-CONFOBJ-PSK"], timeout=5) 1013 if ev is None or ev.split()[1] != psk1: 1014 raise Exception("Unexpected confobj 1 psk: " + str(ev)) 1015 1016 ev = dev[0].wait_event(["DPP-CONFOBJ-AKM"], timeout=5) 1017 if ev is None or ev.split()[1] != "sae": 1018 raise Exception("Unexpected confobj 2 AKM: " + str(ev)) 1019 ev = dev[0].wait_event(["DPP-CONFOBJ-SSID"], timeout=5) 1020 if ev is None or ev.split()[1] != ssid2: 1021 raise Exception("Unexpected confobj 2 SSID: " + str(ev)) 1022 ev = dev[0].wait_event(["DPP-CONFOBJ-PASS"], timeout=5) 1023 if ev is None or ev.split()[1] != pass2h: 1024 raise Exception("Unexpected confobj 2 pass: " + str(ev)) 1025 1026 val = dev[0].get_network(0, "ssid") 1027 if val != '"' + ssid1 + '"': 1028 raise Exception("Unexpected network 1 ssid: " + val) 1029 val = dev[0].get_network(0, "key_mgmt") 1030 if val != "WPA-PSK FT-PSK WPA-PSK-SHA256": 1031 raise Exception("Unexpected network 1 key_mgmt: " + val) 1032 1033 val = dev[0].get_network(1, "ssid") 1034 if val != '"' + ssid2 + '"': 1035 raise Exception("Unexpected network 2 ssid: " + val) 1036 val = dev[0].get_network(1, "key_mgmt") 1037 if val != "SAE FT-SAE": 1038 raise Exception("Unexpected network 2 key_mgmt: " + val) 1039 1040def test_dpp_config_legacy_gen_sta_ap_conf(dev, apdev): 1041 """Generate DPP Config Object for legacy network (sta and ap config)""" 1042 ssid1 = "test-AP" 1043 pass1 = "password for AP sae" 1044 ssid2 = "test-STA" 1045 pass2 = "password for STA sae" 1046 ssid1h = binascii.hexlify(ssid1.encode()).decode() 1047 pass1h = binascii.hexlify(pass1.encode()).decode() 1048 ssid2h = binascii.hexlify(ssid2.encode()).decode() 1049 pass2h = binascii.hexlify(pass2.encode()).decode() 1050 extra = "conf=ap-sae pass=%s ssid=%s @CONF-OBJ-SEP@ conf=sta-sae pass=%s ssid=%s" % (pass1h, ssid1h, pass2h, ssid2h) 1051 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1052 init_extra=extra, 1053 require_conf_success=True) 1054 1055 ev = dev[0].wait_event(["DPP-CONFOBJ-AKM"], timeout=5) 1056 if ev is None or ev.split()[1] != "sae": 1057 raise Exception("Unexpected confobj 2 AKM: " + str(ev)) 1058 ev = dev[0].wait_event(["DPP-CONFOBJ-SSID"], timeout=5) 1059 if ev is None or ev.split()[1] != ssid2: 1060 raise Exception("Unexpected confobj 2 SSID: " + str(ev)) 1061 ev = dev[0].wait_event(["DPP-CONFOBJ-PASS"], timeout=5) 1062 if ev is None or ev.split()[1] != pass2h: 1063 raise Exception("Unexpected confobj 2 pass: " + str(ev)) 1064 1065 ev = dev[0].wait_event(["DPP-CONFOBJ-AKM"], timeout=1) 1066 if ev is not None: 1067 raise Exception("Unexpected second confobj") 1068 1069def test_dpp_config_dpp_gen_prime256v1(dev, apdev): 1070 """Generate DPP Config Object for DPP network (P-256)""" 1071 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1072 init_extra="conf=sta-dpp", 1073 require_conf_success=True, 1074 configurator=True) 1075 1076def test_dpp_config_dpp_gen_secp384r1(dev, apdev): 1077 """Generate DPP Config Object for DPP network (P-384)""" 1078 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1", 1079 init_extra="conf=sta-dpp", 1080 require_conf_success=True, 1081 configurator=True) 1082 1083def test_dpp_config_dpp_gen_secp521r1(dev, apdev): 1084 """Generate DPP Config Object for DPP network (P-521)""" 1085 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1", 1086 init_extra="conf=sta-dpp", 1087 require_conf_success=True, 1088 configurator=True) 1089 1090def test_dpp_config_dpp_gen_prime256v1_prime256v1(dev, apdev): 1091 """Generate DPP Config Object for DPP network (P-256 + P-256)""" 1092 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1093 init_extra="conf=sta-dpp", 1094 require_conf_success=True, 1095 configurator=True, 1096 conf_curve="prime256v1") 1097 1098def test_dpp_config_dpp_gen_prime256v1_secp384r1(dev, apdev): 1099 """Generate DPP Config Object for DPP network (P-256 + P-384)""" 1100 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1101 init_extra="conf=sta-dpp", 1102 require_conf_success=True, 1103 configurator=True, 1104 conf_curve="secp384r1") 1105 1106def test_dpp_config_dpp_gen_prime256v1_secp521r1(dev, apdev): 1107 """Generate DPP Config Object for DPP network (P-256 + P-521)""" 1108 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1109 init_extra="conf=sta-dpp", 1110 require_conf_success=True, 1111 configurator=True, 1112 conf_curve="secp521r1") 1113 1114def test_dpp_config_dpp_gen_secp384r1_prime256v1(dev, apdev): 1115 """Generate DPP Config Object for DPP network (P-384 + P-256)""" 1116 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1", 1117 init_extra="conf=sta-dpp", 1118 require_conf_success=True, 1119 configurator=True, 1120 conf_curve="prime256v1") 1121 1122def test_dpp_config_dpp_gen_secp384r1_secp384r1(dev, apdev): 1123 """Generate DPP Config Object for DPP network (P-384 + P-384)""" 1124 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1", 1125 init_extra="conf=sta-dpp", 1126 require_conf_success=True, 1127 configurator=True, 1128 conf_curve="secp384r1") 1129 1130def test_dpp_config_dpp_gen_secp384r1_secp521r1(dev, apdev): 1131 """Generate DPP Config Object for DPP network (P-384 + P-521)""" 1132 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1", 1133 init_extra="conf=sta-dpp", 1134 require_conf_success=True, 1135 configurator=True, 1136 conf_curve="secp521r1") 1137 1138def test_dpp_config_dpp_gen_secp521r1_prime256v1(dev, apdev): 1139 """Generate DPP Config Object for DPP network (P-521 + P-256)""" 1140 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1", 1141 init_extra="conf=sta-dpp", 1142 require_conf_success=True, 1143 configurator=True, 1144 conf_curve="prime256v1") 1145 1146def test_dpp_config_dpp_gen_secp521r1_secp384r1(dev, apdev): 1147 """Generate DPP Config Object for DPP network (P-521 + P-384)""" 1148 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1", 1149 init_extra="conf=sta-dpp", 1150 require_conf_success=True, 1151 configurator=True, 1152 conf_curve="secp384r1") 1153 1154def test_dpp_config_dpp_gen_secp521r1_secp521r1(dev, apdev): 1155 """Generate DPP Config Object for DPP network (P-521 + P-521)""" 1156 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1", 1157 init_extra="conf=sta-dpp", 1158 require_conf_success=True, 1159 configurator=True, 1160 conf_curve="secp521r1") 1161 1162def test_dpp_config_dpp_gen_prime256v1_secp384r1_secp384r1(dev, apdev): 1163 """Generate DPP Config Object for DPP network (P-256 + P-384 + P-384)""" 1164 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1165 init_extra="conf=sta-dpp", 1166 require_conf_success=True, 1167 configurator=True, 1168 conf_curve="secp384r1", 1169 net_access_key_curve="secp384r1") 1170 1171def test_dpp_config_dpp_gen_expiry(dev, apdev): 1172 """Generate DPP Config Object for DPP network with expiry value""" 1173 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1174 init_extra="conf=sta-dpp expiry=%d" % (time.time() + 1000), 1175 require_conf_success=True, 1176 configurator=True) 1177 1178def test_dpp_config_dpp_gen_expired_key(dev, apdev): 1179 """Generate DPP Config Object for DPP network with expiry value""" 1180 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1181 init_extra="conf=sta-dpp expiry=%d" % (time.time() - 10), 1182 require_conf_failure=True, 1183 configurator=True) 1184 1185def test_dpp_config_dpp_gen_3rd_party(dev, apdev): 1186 """Generate DPP Config Object for DPP network with 3rd party information""" 1187 check_dpp_capab(dev[0]) 1188 check_dpp_capab(dev[1]) 1189 try: 1190 dev[0].set("dpp_extra_conf_req_name", "org.example") 1191 json = '{"c":1,"d":"test"}' 1192 dev[0].set("dpp_extra_conf_req_value", json) 1193 run_dpp_config_dpp_gen_3rd_party(dev, apdev) 1194 finally: 1195 dev[0].set("dpp_extra_conf_req_name", "", allow_fail=True) 1196 dev[0].set("dpp_extra_conf_req_value", "", allow_fail=True) 1197 1198def run_dpp_config_dpp_gen_3rd_party(dev, apdev): 1199 extra = "conf_extra_name=org.example conf_extra_value=" 1200 json = '{"a":1,"b":"test"}' 1201 extra += binascii.hexlify(json.encode()).decode() 1202 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1203 init_extra="conf=sta-dpp " + extra, 1204 require_conf_success=True, 1205 configurator=True) 1206 1207def test_dpp_config_dpp_override_prime256v1(dev, apdev): 1208 """DPP Config Object override (P-256)""" 1209 check_dpp_capab(dev[0]) 1210 check_dpp_capab(dev[1]) 1211 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}' 1212 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1") 1213 dev[1].set("dpp_config_obj_override", conf) 1214 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1215 require_conf_success=True) 1216 1217def test_dpp_config_dpp_override_secp384r1(dev, apdev): 1218 """DPP Config Object override (P-384)""" 1219 check_dpp_capab(dev[0]) 1220 check_dpp_capab(dev[1]) 1221 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJabi1iMndjbjRLM2pGQklkYmhGZkpVTHJTXzdESS0yMWxFQi02R3gxNjl3IiwiYWxnIjoiRVMzODQifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0zODQiLCJ4IjoickdrSGg1UUZsOUtfWjdqYUZkVVhmbThoY1RTRjM1b25Xb1NIRXVsbVNzWW9oX1RXZGpoRjhiVGdiS0ZRN2tBViIsInkiOiJBbU1QVDA5VmFENWpGdzMwTUFKQlp2VkZXeGNlVVlKLXR5blQ0bVJ5N0xOZWxhZ0dEWHpfOExaRlpOU2FaNUdLIn19.Yn_F7m-bbOQ5PlaYQJ9-1qsuqYQ6V-rAv8nWw1COKiCYwwbt3WFBJ8DljY0dPrlg5CHJC4saXwkytpI-CpELW1yUdzYb4Lrun07d20Eo_g10ICyOl5sqQCAUElKMe_Xr","csign":{"kty":"EC","crv":"P-384","x":"dmTyXXiPV2Y8a01fujL-jo08gvzyby23XmzOtzjAiujKQZZgPJsbhfEKrZDlc6ey","y":"H5Z0av5c7bqInxYb2_OOJdNiMhVf3zlcULR0516ZZitOY4U31KhL4wl4KGV7g2XW","kid":"Zn-b2wcn4K3jFBIdbhFfJULrS_7DI-21lEB-6Gx169w"}}}' 1222 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1") 1223 dev[1].set("dpp_config_obj_override", conf) 1224 run_dpp_qr_code_auth_unicast(dev, apdev, "secp384r1", 1225 require_conf_success=True) 1226 1227def test_dpp_config_dpp_override_secp521r1(dev, apdev): 1228 """DPP Config Object override (P-521)""" 1229 check_dpp_capab(dev[0]) 1230 check_dpp_capab(dev[1]) 1231 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJMZkhKY3hnV2ZKcG1uS2IwenZRT0F2VDB2b0ZKc0JjZnBmYzgxY3Y5ZXFnIiwiYWxnIjoiRVM1MTIifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC01MjEiLCJ4IjoiQVJlUFBrMFNISkRRR2NWbnlmM3lfbTlaQllHNjFJeElIbDN1NkdwRHVhMkU1WVd4TE1BSUtMMnZuUGtlSGFVRXljRmZaZlpYZ2JlNkViUUxMVkRVUm1VUSIsInkiOiJBWUtaYlNwUkFFNjJVYm9YZ2c1ZWRBVENzbEpzTlpwcm9RR1dUcW9Md04weXkzQkVoT3ZRZmZrOWhaR2lKZ295TzFobXFRRVRrS0pXb2tIYTBCQUpLSGZtIn19.ACEZLyPk13cM_OFScpLoCElQ2t1sxq5z2d_W_3_QslTQQe5SFiH_o8ycL4632YLAH4RV0gZcMKKRMtZdHgBYHjkzASDqgY-_aYN2SBmpfl8hw0YdDlUJWX3DJf-ofqNAlTbnGmhpSg69cEAhFn41Xgvx2MdwYcPVncxxESVOtWl5zNLK","csign":{"kty":"EC","crv":"P-521","x":"ADiOI_YJOAipEXHB-SpGl4KqokX8m8h3BVYCc8dgiwssZ061-nIIY3O1SIO6Re4Jjfy53RPgzDG6jitOgOGLtzZs","y":"AZKggKaQi0ExutSpJAU3-lqDV03sBQLA9C7KabfWoAn8qD6Vk4jU0WAJdt-wBBTF9o1nVuiqS2OxMVYrxN4lOz79","kid":"LfHJcxgWfJpmnKb0zvQOAvT0voFJsBcfpfc81cv9eqg"}}}' 1232 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1") 1233 dev[1].set("dpp_config_obj_override", conf) 1234 run_dpp_qr_code_auth_unicast(dev, apdev, "secp521r1", 1235 require_conf_success=True) 1236 1237def test_dpp_config_override_objects(dev, apdev): 1238 """Generate DPP Config Object and override objects)""" 1239 check_dpp_capab(dev[1]) 1240 discovery = '{\n"ssid":"mywifi"\n}' 1241 groups = '[\n {"groupId":"home","netRole":"sta"},\n {"groupId":"cottage","netRole":"sta"}\n]' 1242 dev[1].set("dpp_discovery_override", discovery) 1243 dev[1].set("dpp_groups_override", groups) 1244 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1245 init_extra="conf=sta-dpp", 1246 require_conf_success=True, 1247 configurator=True) 1248 1249def build_conf_obj(kty="EC", crv="P-256", 1250 x="W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s", 1251 y="Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE", 1252 kid="TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU", 1253 prot_hdr='{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}', 1254 signed_connector=None, 1255 no_signed_connector=False, 1256 csign=True): 1257 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{' 1258 conf += '"akm":"dpp",' 1259 1260 if signed_connector: 1261 conn = signed_connector 1262 conf += '"signedConnector":"%s",' % conn 1263 elif not no_signed_connector: 1264 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}' 1265 sign = "_sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A" 1266 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.' 1267 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=') + '.' 1268 conn += sign 1269 conf += '"signedConnector":"%s",' % conn 1270 1271 if csign: 1272 conf += '"csign":{' 1273 if kty: 1274 conf += '"kty":"%s",' % kty 1275 if crv: 1276 conf += '"crv":"%s",' % crv 1277 if x: 1278 conf += '"x":"%s",' % x 1279 if y: 1280 conf += '"y":"%s",' % y 1281 if kid: 1282 conf += '"kid":"%s"' % kid 1283 conf = conf.rstrip(',') 1284 conf += '}' 1285 else: 1286 conf = conf.rstrip(',') 1287 1288 conf += '}}' 1289 1290 return conf 1291 1292def run_dpp_config_error(dev, apdev, conf, 1293 skip_net_access_key_mismatch=True, 1294 conf_failure=True): 1295 check_dpp_capab(dev[0]) 1296 check_dpp_capab(dev[1]) 1297 if skip_net_access_key_mismatch: 1298 dev[0].set("dpp_ignore_netaccesskey_mismatch", "1") 1299 dev[1].set("dpp_config_obj_override", conf) 1300 run_dpp_qr_code_auth_unicast(dev, apdev, "prime256v1", 1301 require_conf_success=not conf_failure, 1302 require_conf_failure=conf_failure) 1303 1304def test_dpp_config_jwk_error_no_kty(dev, apdev): 1305 """DPP Config Object JWK error - no kty""" 1306 run_dpp_config_error(dev, apdev, build_conf_obj(kty=None)) 1307 1308def test_dpp_config_jwk_error_unexpected_kty(dev, apdev): 1309 """DPP Config Object JWK error - unexpected kty""" 1310 run_dpp_config_error(dev, apdev, build_conf_obj(kty="unknown")) 1311 1312def test_dpp_config_jwk_error_no_crv(dev, apdev): 1313 """DPP Config Object JWK error - no crv""" 1314 run_dpp_config_error(dev, apdev, build_conf_obj(crv=None)) 1315 1316def test_dpp_config_jwk_error_unsupported_crv(dev, apdev): 1317 """DPP Config Object JWK error - unsupported curve""" 1318 run_dpp_config_error(dev, apdev, build_conf_obj(crv="unsupported")) 1319 1320def test_dpp_config_jwk_error_no_x(dev, apdev): 1321 """DPP Config Object JWK error - no x""" 1322 run_dpp_config_error(dev, apdev, build_conf_obj(x=None)) 1323 1324def test_dpp_config_jwk_error_invalid_x(dev, apdev): 1325 """DPP Config Object JWK error - invalid x""" 1326 run_dpp_config_error(dev, apdev, build_conf_obj(x="MTIz")) 1327 1328def test_dpp_config_jwk_error_no_y(dev, apdev): 1329 """DPP Config Object JWK error - no y""" 1330 run_dpp_config_error(dev, apdev, build_conf_obj(y=None)) 1331 1332def test_dpp_config_jwk_error_invalid_y(dev, apdev): 1333 """DPP Config Object JWK error - invalid y""" 1334 run_dpp_config_error(dev, apdev, build_conf_obj(y="MTIz")) 1335 1336def test_dpp_config_jwk_error_invalid_xy(dev, apdev): 1337 """DPP Config Object JWK error - invalid x,y""" 1338 conf = build_conf_obj(x="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY", 1339 y="MDEyMzQ1Njc4OWFiY2RlZjAxMjM0NTY3ODlhYmNkZWY") 1340 run_dpp_config_error(dev, apdev, conf) 1341 1342def test_dpp_config_jwk_error_no_kid(dev, apdev): 1343 """DPP Config Object JWK error - no kid""" 1344 # csign kid is optional field, so this results in success 1345 run_dpp_config_error(dev, apdev, build_conf_obj(kid=None), 1346 conf_failure=False) 1347 1348def test_dpp_config_jws_error_prot_hdr_not_an_object(dev, apdev): 1349 """DPP Config Object JWS error - protected header not an object""" 1350 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr="1")) 1351 1352def test_dpp_config_jws_error_prot_hdr_no_typ(dev, apdev): 1353 """DPP Config Object JWS error - protected header - no typ""" 1354 prot_hdr = '{"kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}' 1355 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr)) 1356 1357def test_dpp_config_jws_error_prot_hdr_unsupported_typ(dev, apdev): 1358 """DPP Config Object JWS error - protected header - unsupported typ""" 1359 prot_hdr = '{"typ":"unsupported","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"ES256"}' 1360 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr)) 1361 1362def test_dpp_config_jws_error_prot_hdr_no_alg(dev, apdev): 1363 """DPP Config Object JWS error - protected header - no alg""" 1364 prot_hdr = '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}' 1365 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr)) 1366 1367def test_dpp_config_jws_error_prot_hdr_unexpected_alg(dev, apdev): 1368 """DPP Config Object JWS error - protected header - unexpected alg""" 1369 prot_hdr = '{"typ":"dppCon","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU","alg":"unexpected"}' 1370 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr)) 1371 1372def test_dpp_config_jws_error_prot_hdr_no_kid(dev, apdev): 1373 """DPP Config Object JWS error - protected header - no kid""" 1374 prot_hdr = '{"typ":"dppCon","alg":"ES256"}' 1375 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr)) 1376 1377def test_dpp_config_jws_error_prot_hdr_unexpected_kid(dev, apdev): 1378 """DPP Config Object JWS error - protected header - unexpected kid""" 1379 prot_hdr = '{"typ":"dppCon","kid":"MTIz","alg":"ES256"}' 1380 run_dpp_config_error(dev, apdev, build_conf_obj(prot_hdr=prot_hdr)) 1381 1382def test_dpp_config_signed_connector_error_no_dot_1(dev, apdev): 1383 """DPP Config Object signedConnector error - no dot(1)""" 1384 conn = "MTIz" 1385 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn)) 1386 1387def test_dpp_config_signed_connector_error_no_dot_2(dev, apdev): 1388 """DPP Config Object signedConnector error - no dot(2)""" 1389 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz" 1390 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn)) 1391 1392def test_dpp_config_signed_connector_error_unexpected_signature_len(dev, apdev): 1393 """DPP Config Object signedConnector error - unexpected signature length""" 1394 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTIz" 1395 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn)) 1396 1397def test_dpp_config_signed_connector_error_invalid_signature_der(dev, apdev): 1398 """DPP Config Object signedConnector error - invalid signature DER""" 1399 conn = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.MTIz.MTI" 1400 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector=conn)) 1401 1402def test_dpp_config_no_csign(dev, apdev): 1403 """DPP Config Object error - no csign""" 1404 run_dpp_config_error(dev, apdev, build_conf_obj(csign=False)) 1405 1406def test_dpp_config_no_signed_connector(dev, apdev): 1407 """DPP Config Object error - no signedConnector""" 1408 run_dpp_config_error(dev, apdev, build_conf_obj(no_signed_connector=True)) 1409 1410def test_dpp_config_unexpected_signed_connector_char(dev, apdev): 1411 """DPP Config Object error - unexpected signedConnector character""" 1412 run_dpp_config_error(dev, apdev, build_conf_obj(signed_connector='a\nb')) 1413 1414def test_dpp_config_root_not_an_object(dev, apdev): 1415 """DPP Config Object error - root not an object""" 1416 conf = "1" 1417 run_dpp_config_error(dev, apdev, conf) 1418 1419def test_dpp_config_no_wi_fi_tech(dev, apdev): 1420 """DPP Config Object error - no wi-fi_tech""" 1421 conf = "{}" 1422 run_dpp_config_error(dev, apdev, conf) 1423 1424def test_dpp_config_unsupported_wi_fi_tech(dev, apdev): 1425 """DPP Config Object error - unsupported wi-fi_tech""" 1426 conf = '{"wi-fi_tech":"unsupported"}' 1427 run_dpp_config_error(dev, apdev, conf) 1428 1429def test_dpp_config_no_discovery(dev, apdev): 1430 """DPP Config Object error - no discovery""" 1431 conf = '{"wi-fi_tech":"infra"}' 1432 run_dpp_config_error(dev, apdev, conf) 1433 1434def test_dpp_config_no_discovery_ssid(dev, apdev): 1435 """DPP Config Object error - no discovery::ssid""" 1436 conf = '{"wi-fi_tech":"infra","discovery":{}}' 1437 run_dpp_config_error(dev, apdev, conf) 1438 1439def test_dpp_config_too_long_discovery_ssid(dev, apdev): 1440 """DPP Config Object error - too long discovery::ssid""" 1441 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"%s"}}' % (33*'A') 1442 run_dpp_config_error(dev, apdev, conf) 1443 1444def test_dpp_config_no_cred(dev, apdev): 1445 """DPP Config Object error - no cred""" 1446 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"}}' 1447 run_dpp_config_error(dev, apdev, conf) 1448 1449def test_dpp_config_no_cred_akm(dev, apdev): 1450 """DPP Config Object error - no cred::akm""" 1451 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{}}' 1452 run_dpp_config_error(dev, apdev, conf) 1453 1454def test_dpp_config_unsupported_cred_akm(dev, apdev): 1455 """DPP Config Object error - unsupported cred::akm""" 1456 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"unsupported"}}' 1457 run_dpp_config_error(dev, apdev, conf) 1458 1459def test_dpp_config_error_legacy_no_pass(dev, apdev): 1460 """DPP Config Object legacy error - no pass/psk""" 1461 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk"}}' 1462 run_dpp_config_error(dev, apdev, conf) 1463 1464def test_dpp_config_error_legacy_too_short_pass(dev, apdev): 1465 """DPP Config Object legacy error - too short pass/psk""" 1466 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"1"}}' 1467 run_dpp_config_error(dev, apdev, conf) 1468 1469def test_dpp_config_error_legacy_too_long_pass(dev, apdev): 1470 """DPP Config Object legacy error - too long pass/psk""" 1471 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"%s"}}' % (64*'A') 1472 run_dpp_config_error(dev, apdev, conf) 1473 1474def test_dpp_config_error_legacy_psk_with_sae(dev, apdev): 1475 """DPP Config Object legacy error - psk_hex with SAE""" 1476 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"sae","psk_hex":"%s"}}' % (32*"12") 1477 run_dpp_config_error(dev, apdev, conf) 1478 1479def test_dpp_config_error_legacy_no_pass_for_sae(dev, apdev): 1480 """DPP Config Object legacy error - no pass for SAE""" 1481 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk+sae","psk_hex":"%s"}}' % (32*"12") 1482 run_dpp_config_error(dev, apdev, conf) 1483 1484def test_dpp_config_error_legacy_invalid_psk(dev, apdev): 1485 """DPP Config Object legacy error - invalid psk_hex""" 1486 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (32*"qa") 1487 run_dpp_config_error(dev, apdev, conf) 1488 1489def test_dpp_config_error_legacy_too_short_psk(dev, apdev): 1490 """DPP Config Object legacy error - too short psk_hex""" 1491 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"psk","psk_hex":"%s"}}' % (31*"12") 1492 run_dpp_config_error(dev, apdev, conf) 1493 1494def get_der_int_32(val): 1495 a, b = struct.unpack('BB', val[0:2]) 1496 if a != 0x02: 1497 raise Exception("Invalid DER encoding of INTEGER") 1498 if b > len(val) - 2: 1499 raise Exception("Invalid length of INTEGER (truncated)") 1500 val = val[2:] 1501 if b == 32: 1502 r = val[0:32] 1503 elif b == 33: 1504 if val[0] != 0: 1505 raise Exception("Too large INTEGER (32)") 1506 r = val[1:33] 1507 elif b < 32: 1508 r = (32 - b) * b'\x00' + val[0:b] 1509 else: 1510 raise Exception("Invalid length of INTEGER (32): %d" % b) 1511 return r, val[b:] 1512 1513def ecdsa_sign(pkey, message, alg="sha256"): 1514 sign = OpenSSL.crypto.sign(pkey, message, alg) 1515 logger.debug("sign=" + binascii.hexlify(sign).decode()) 1516 a, b = struct.unpack('BB', sign[0:2]) 1517 if a != 0x30: 1518 raise Exception("Invalid DER encoding of ECDSA signature") 1519 if b != len(sign) - 2: 1520 raise Exception("Invalid length of ECDSA signature") 1521 sign = sign[2:] 1522 1523 r, sign = get_der_int_32(sign) 1524 s, sign = get_der_int_32(sign) 1525 if len(sign) != 0: 1526 raise Exception("Extra data at the end of ECDSA signature") 1527 1528 logger.info("r=" + binascii.hexlify(r).decode()) 1529 logger.info("s=" + binascii.hexlify(s).decode()) 1530 raw_sign = r + s 1531 return base64.urlsafe_b64encode(raw_sign).decode().rstrip('=') 1532 1533p256_priv_key = """-----BEGIN EC PRIVATE KEY----- 1534MHcCAQEEIBVQij9ah629f1pu3tarDQGQvrzHgAkgYd1jHGiLxNajoAoGCCqGSM49 1535AwEHoUQDQgAEAC9d2/JirKu72F2qLuv5jEFMD1Cqu9EiyGk7cOzn/2DJ51p2mEoW 1536n03N6XRvTC+G7WPol9Ng97NAM2sK57+F/Q== 1537-----END EC PRIVATE KEY-----""" 1538p256_pub_key_x = binascii.unhexlify("002f5ddbf262acabbbd85daa2eebf98c414c0f50aabbd122c8693b70ece7ff60") 1539p256_pub_key_y = binascii.unhexlify("c9e75a76984a169f4dcde9746f4c2f86ed63e897d360f7b340336b0ae7bf85fd") 1540 1541def run_dpp_config_connector(dev, apdev, expiry=None, payload=None, 1542 skip_net_access_key_mismatch=True, 1543 conf_failure=True): 1544 if not openssl_imported: 1545 raise HwsimSkip("OpenSSL python method not available") 1546 pkey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, 1547 p256_priv_key) 1548 x = base64.urlsafe_b64encode(p256_pub_key_x).decode().rstrip('=') 1549 y = base64.urlsafe_b64encode(p256_pub_key_y).decode().rstrip('=') 1550 1551 pubkey = b'\x04' + p256_pub_key_x + p256_pub_key_y 1552 kid = base64.urlsafe_b64encode(hashlib.sha256(pubkey).digest()).decode().rstrip('=') 1553 1554 prot_hdr = '{"typ":"dppCon","kid":"%s","alg":"ES256"}' % kid 1555 1556 if not payload: 1557 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}' 1558 if expiry: 1559 payload += ',"expiry":"%s"' % expiry 1560 payload += '}' 1561 conn = base64.urlsafe_b64encode(prot_hdr.encode()).decode().rstrip('=') + '.' 1562 conn += base64.urlsafe_b64encode(payload.encode()).decode().rstrip('=') 1563 sign = ecdsa_sign(pkey, conn) 1564 conn += '.' + sign 1565 run_dpp_config_error(dev, apdev, 1566 build_conf_obj(x=x, y=y, signed_connector=conn), 1567 skip_net_access_key_mismatch=skip_net_access_key_mismatch, 1568 conf_failure=conf_failure) 1569 1570def test_dpp_config_connector_error_ext_sign(dev, apdev): 1571 """DPP Config Object connector error - external signature calculation""" 1572 run_dpp_config_connector(dev, apdev, conf_failure=False) 1573 1574def test_dpp_config_connector_error_too_short_timestamp(dev, apdev): 1575 """DPP Config Object connector error - too short timestamp""" 1576 run_dpp_config_connector(dev, apdev, expiry="1") 1577 1578def test_dpp_config_connector_error_invalid_timestamp(dev, apdev): 1579 """DPP Config Object connector error - invalid timestamp""" 1580 run_dpp_config_connector(dev, apdev, expiry=19*"1") 1581 1582def test_dpp_config_connector_error_invalid_timestamp_date(dev, apdev): 1583 """DPP Config Object connector error - invalid timestamp date""" 1584 run_dpp_config_connector(dev, apdev, expiry="9999-99-99T99:99:99Z") 1585 1586def test_dpp_config_connector_error_invalid_time_zone(dev, apdev): 1587 """DPP Config Object connector error - invalid time zone""" 1588 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00*") 1589 1590def test_dpp_config_connector_error_invalid_time_zone_2(dev, apdev): 1591 """DPP Config Object connector error - invalid time zone 2""" 1592 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+") 1593 1594def test_dpp_config_connector_error_expired_1(dev, apdev): 1595 """DPP Config Object connector error - expired 1""" 1596 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00") 1597 1598def test_dpp_config_connector_error_expired_2(dev, apdev): 1599 """DPP Config Object connector error - expired 2""" 1600 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00Z") 1601 1602def test_dpp_config_connector_error_expired_3(dev, apdev): 1603 """DPP Config Object connector error - expired 3""" 1604 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01") 1605 1606def test_dpp_config_connector_error_expired_4(dev, apdev): 1607 """DPP Config Object connector error - expired 4""" 1608 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00+01:02") 1609 1610def test_dpp_config_connector_error_expired_5(dev, apdev): 1611 """DPP Config Object connector error - expired 5""" 1612 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01") 1613 1614def test_dpp_config_connector_error_expired_6(dev, apdev): 1615 """DPP Config Object connector error - expired 6""" 1616 run_dpp_config_connector(dev, apdev, expiry="2018-01-01T00:00:00-01:02") 1617 1618def test_dpp_config_connector_error_no_groups(dev, apdev): 1619 """DPP Config Object connector error - no groups""" 1620 payload = '{"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}' 1621 run_dpp_config_connector(dev, apdev, payload=payload) 1622 1623def test_dpp_config_connector_error_empty_groups(dev, apdev): 1624 """DPP Config Object connector error - empty groups""" 1625 payload = '{"groups":[],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}' 1626 run_dpp_config_connector(dev, apdev, payload=payload) 1627 1628def test_dpp_config_connector_error_missing_group_id(dev, apdev): 1629 """DPP Config Object connector error - missing groupId""" 1630 payload = '{"groups":[{"netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}' 1631 run_dpp_config_connector(dev, apdev, payload=payload) 1632 1633def test_dpp_config_connector_error_missing_net_role(dev, apdev): 1634 """DPP Config Object connector error - missing netRole""" 1635 payload = '{"groups":[{"groupId":"*"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}' 1636 run_dpp_config_connector(dev, apdev, payload=payload) 1637 1638def test_dpp_config_connector_error_missing_net_access_key(dev, apdev): 1639 """DPP Config Object connector error - missing netAccessKey""" 1640 payload = '{"groups":[{"groupId":"*","netRole":"sta"}]}' 1641 run_dpp_config_connector(dev, apdev, payload=payload) 1642 1643def test_dpp_config_connector_error_net_access_key_mismatch(dev, apdev): 1644 """DPP Config Object connector error - netAccessKey mismatch""" 1645 payload = '{"groups":[{"groupId":"*","netRole":"sta"}],"netAccessKey":{"kty":"EC","crv":"P-256","x":"aTF4JEGIPKSZ0Xv9zdCMjm-tn5XpMsYIVZ9wySAz1gI","y":"QGcHWA_6rbU9XDXAztoX-M5Q3suTnMaqEhULtn7SSXw"}}' 1646 run_dpp_config_connector(dev, apdev, payload=payload, 1647 skip_net_access_key_mismatch=False) 1648 1649def test_dpp_gas_timeout(dev, apdev): 1650 """DPP and GAS server timeout for a query""" 1651 check_dpp_capab(dev[0]) 1652 check_dpp_capab(dev[1]) 1653 logger.info("dev0 displays QR Code") 1654 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 1655 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 1656 1657 logger.info("dev1 scans QR Code and initiates DPP Authentication") 1658 dev[0].set("ext_mgmt_frame_handling", "1") 1659 dev[0].dpp_listen(2412) 1660 1661 # Force GAS fragmentation 1662 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 1663 dev[1].set("dpp_config_obj_override", conf) 1664 1665 dev[1].dpp_auth_init(uri=uri0) 1666 1667 # DPP Authentication Request 1668 msg = dev[0].mgmt_rx() 1669 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format( 1670 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())): 1671 raise Exception("MGMT_RX_PROCESS failed") 1672 1673 # DPP Authentication Confirmation 1674 msg = dev[0].mgmt_rx() 1675 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format( 1676 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())): 1677 raise Exception("MGMT_RX_PROCESS failed") 1678 1679 wait_auth_success(dev[0], dev[1]) 1680 1681 # DPP Configuration Response (GAS Initial Response frame) 1682 msg = dev[0].mgmt_rx() 1683 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format( 1684 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())): 1685 raise Exception("MGMT_RX_PROCESS failed") 1686 1687 # GAS Comeback Response frame 1688 msg = dev[0].mgmt_rx() 1689 # Do not continue to force timeout on GAS server 1690 1691 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10) 1692 if ev is None: 1693 raise Exception("GAS result not reported (Enrollee)") 1694 if "result=TIMEOUT" not in ev: 1695 raise Exception("Unexpected GAS result (Enrollee): " + ev) 1696 dev[0].set("ext_mgmt_frame_handling", "0") 1697 1698 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=65) 1699 if ev is None: 1700 raise Exception("DPP configuration failure not reported (Configurator)") 1701 1702 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=1) 1703 if ev is None: 1704 raise Exception("DPP configuration failure not reported (Enrollee)") 1705 1706def test_dpp_akm_sha256(dev, apdev): 1707 """DPP AKM (SHA256)""" 1708 run_dpp_akm(dev, apdev, 32) 1709 1710def test_dpp_akm_sha384(dev, apdev): 1711 """DPP AKM (SHA384)""" 1712 run_dpp_akm(dev, apdev, 48) 1713 1714def test_dpp_akm_sha512(dev, apdev): 1715 """DPP AKM (SHA512)""" 1716 run_dpp_akm(dev, apdev, 64) 1717 1718def run_dpp_akm(dev, apdev, pmk_len): 1719 check_dpp_capab(dev[0]) 1720 check_dpp_capab(dev[1]) 1721 params = {"ssid": "dpp", 1722 "wpa": "2", 1723 "wpa_key_mgmt": "DPP", 1724 "rsn_pairwise": "CCMP", 1725 "ieee80211w": "2"} 1726 try: 1727 hapd = hostapd.add_ap(apdev[0], params) 1728 except: 1729 raise HwsimSkip("DPP not supported") 1730 1731 conf = hapd.request("GET_CONFIG") 1732 if "key_mgmt=DPP" not in conf.splitlines(): 1733 logger.info("GET_CONFIG:\n" + conf) 1734 raise Exception("GET_CONFIG did not report correct key_mgmt") 1735 1736 id = dev[0].connect("dpp", key_mgmt="DPP", ieee80211w="2", scan_freq="2412", 1737 dpp_pfs="2", wait_connect=False) 1738 ev = dev[0].wait_event(["CTRL-EVENT-NETWORK-NOT-FOUND"], timeout=2) 1739 if not ev: 1740 raise Exception("Network mismatch not reported") 1741 dev[0].request("DISCONNECT") 1742 dev[0].dump_monitor() 1743 1744 bssid = hapd.own_addr() 1745 pmkid = 16*'11' 1746 akmp = 2**23 1747 pmk = pmk_len*'22' 1748 cmd = "PMKSA_ADD %d %s %s %s 30240 43200 %d 0" % (id, bssid, pmkid, pmk, akmp) 1749 if "OK" not in dev[0].request(cmd): 1750 raise Exception("PMKSA_ADD failed (wpa_supplicant)") 1751 dev[0].select_network(id, freq="2412") 1752 ev = dev[0].wait_event(["CTRL-EVENT-ASSOC-REJECT"], timeout=2) 1753 dev[0].request("DISCONNECT") 1754 dev[0].dump_monitor() 1755 if not ev: 1756 raise Exception("Association attempt was not rejected") 1757 if "status_code=53" not in ev: 1758 raise Exception("Unexpected status code: " + ev) 1759 1760 addr = dev[0].own_addr() 1761 cmd = "PMKSA_ADD %s %s %s 0 %d" % (addr, pmkid, pmk, akmp) 1762 if "OK" not in hapd.request(cmd): 1763 raise Exception("PMKSA_ADD failed (hostapd)") 1764 1765 cmd = "PMKSA_ADD %d %s %s %s 30240 43200 %d 0" % (id, bssid, pmkid, pmk, akmp) 1766 if "OK" not in dev[0].request(cmd): 1767 raise Exception("PMKSA_ADD failed (wpa_supplicant)") 1768 dev[0].select_network(id, freq="2412") 1769 dev[0].wait_connected() 1770 val = dev[0].get_status_field("key_mgmt") 1771 if val != "DPP": 1772 raise Exception("Unexpected key_mgmt: " + val) 1773 1774params1_csign = "3059301306072a8648ce3d020106082a8648ce3d03010703420004d02e5bd81a120762b5f0f2994777f5d40297238a6c294fd575cdf35fabec44c050a6421c401d98d659fd2ed13c961cc8287944dd3202f516977800d3ab2f39ee" 1775params1_ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIwOHF4TlNYRzRWemdCV3BjVUdNSmc1czNvbElOVFJsRVQ1aERpNkRKY3ZjIiwieSI6IlVhaGFYQXpKRVpRQk1YaHRUQnlZZVlrOWtJYjk5UDA3UV9NcW9TVVZTVEkifX0.a5_nfMVr7Qe1SW0ZL3u6oQRm5NUCYUSfixDAJOUFN3XUfECBZ6E8fm8xjeSfdOytgRidTz0CTlIRjzPQo82dmQ" 1776params1_ap_netaccesskey = "30770201010420f6531d17f29dfab655b7c9e923478d5a345164c489aadd44a3519c3e9dcc792da00a06082a8648ce3d030107a14403420004d3cab13525c6e15ce0056a5c506309839b37a2520d4d19444f98438ba0c972f751a85a5c0cc911940131786d4c1c9879893d9086fdf4fd3b43f32aa125154932" 1777params1_sta_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJzOEFrYjg5bTV4UGhoYk5UbTVmVVo0eVBzNU5VMkdxYXNRY3hXUWhtQVFRIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiZWMzR3NqQ3lQMzVBUUZOQUJJdEltQnN4WXVyMGJZX1dES1lfSE9zUGdjNCIsInkiOiJTRS1HVllkdWVnTFhLMU1TQXZNMEx2QWdLREpTNWoyQVhCbE9PMTdUSTRBIn19.PDK9zsGlK-e1pEOmNxVeJfCS8pNeay6ckIS1TXCQsR64AR-9wFPCNVjqOxWvVKltehyMFqVAtOcv0IrjtMJFqQ" 1778params1_sta_netaccesskey = "30770201010420bc33380c26fd2168b69cd8242ed1df07ba89aa4813f8d4e8523de6ca3f8dd28ba00a06082a8648ce3d030107a1440342000479cdc6b230b23f7e40405340048b48981b3162eaf46d8fd60ca63f1ceb0f81ce484f8655876e7a02d72b531202f3342ef020283252e63d805c194e3b5ed32380" 1779params1_sta_pk_hash = "38f1ba82b3b49ef1c9ab616e5e94a914c75af3a4d6e25b7f112741e530f3b8e6" 1780 1781def test_dpp_network_introduction(dev, apdev): 1782 """DPP network introduction""" 1783 check_dpp_capab(dev[0]) 1784 check_dpp_capab(dev[1]) 1785 1786 params = {"ssid": "dpp", 1787 "wpa": "2", 1788 "wpa_key_mgmt": "DPP", 1789 "ieee80211w": "2", 1790 "rsn_pairwise": "CCMP", 1791 "dpp_connector": params1_ap_connector, 1792 "dpp_csign": params1_csign, 1793 "dpp_netaccesskey": params1_ap_netaccesskey} 1794 try: 1795 hapd = hostapd.add_ap(apdev[0], params) 1796 except: 1797 raise HwsimSkip("DPP not supported") 1798 1799 id = dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", 1800 ieee80211w="2", 1801 dpp_csign=params1_csign, 1802 dpp_connector=params1_sta_connector, 1803 dpp_netaccesskey=params1_sta_netaccesskey) 1804 val = dev[0].get_status_field("key_mgmt") 1805 if val != "DPP": 1806 raise Exception("Unexpected key_mgmt: " + val) 1807 1808 ev = hapd.wait_sta(dev[0].own_addr()) 1809 if "dpp_pkhash=" + params1_sta_pk_hash not in ev: 1810 raise Exception("dpp_pkhash not reported correctly: " + ev) 1811 1812 sta = hapd.get_sta(dev[0].own_addr()) 1813 if 'dpp_pkhash' not in sta: 1814 raise Exception("dpp_pkhash not included in STA info") 1815 if sta['dpp_pkhash'] != params1_sta_pk_hash: 1816 raise Exception("Incorrect dpp_pkhash in STA info: " + sta['dpp_pkhash']) 1817 1818def test_dpp_network_introduction_expired(dev, apdev): 1819 """DPP network introduction with expired netaccesskey""" 1820 check_dpp_capab(dev[0]) 1821 check_dpp_capab(dev[1]) 1822 1823 params = {"ssid": "dpp", 1824 "wpa": "2", 1825 "wpa_key_mgmt": "DPP", 1826 "ieee80211w": "2", 1827 "rsn_pairwise": "CCMP", 1828 "dpp_connector": params1_ap_connector, 1829 "dpp_csign": params1_csign, 1830 "dpp_netaccesskey": params1_ap_netaccesskey, 1831 "dpp_netaccesskey_expiry": "1565530889"} 1832 try: 1833 hapd = hostapd.add_ap(apdev[0], params) 1834 except: 1835 raise HwsimSkip("DPP not supported") 1836 1837 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", 1838 ieee80211w="2", 1839 dpp_csign=params1_csign, 1840 dpp_connector=params1_sta_connector, 1841 dpp_netaccesskey=params1_sta_netaccesskey, 1842 wait_connect=False) 1843 ev = hapd.wait_event(["DPP-RX"], timeout=10) 1844 if ev is None: 1845 raise Exception("No DPP Peer Discovery Request seen") 1846 if "type=5" not in ev: 1847 raise Exception("Unexpected DPP message received: " + ev) 1848 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) 1849 dev[0].request("DISCONNECT") 1850 if ev: 1851 raise Exception("Connection reported") 1852 1853 hapd.disable() 1854 hapd.set("dpp_netaccesskey_expiry", "2565530889") 1855 hapd.enable() 1856 dev[0].request("RECONNECT") 1857 dev[0].wait_connected() 1858 1859def test_dpp_network_introduction_clear_ap(dev, apdev): 1860 """DPP network introduction with PMKSA cleared on AP""" 1861 check_dpp_capab(dev[0]) 1862 check_dpp_capab(dev[1]) 1863 1864 params = {"ssid": "dpp", 1865 "wpa": "2", 1866 "wpa_key_mgmt": "DPP", 1867 "ieee80211w": "2", 1868 "rsn_pairwise": "CCMP", 1869 "dpp_connector": params1_ap_connector, 1870 "dpp_csign": params1_csign, 1871 "dpp_netaccesskey": params1_ap_netaccesskey} 1872 try: 1873 hapd = hostapd.add_ap(apdev[0], params) 1874 except: 1875 raise HwsimSkip("DPP not supported") 1876 1877 id = dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", 1878 ieee80211w="2", 1879 dpp_csign=params1_csign, 1880 dpp_connector=params1_sta_connector, 1881 dpp_netaccesskey=params1_sta_netaccesskey) 1882 dev[0].request("DISCONNECT") 1883 dev[0].wait_disconnected() 1884 dev[0].request("RECONNECT") 1885 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "DPP-INTRO"], timeout=10) 1886 if ev is None: 1887 raise Exception("Reconnection timed out") 1888 if "DPP-INTRO" in ev: 1889 raise Exception("Unexpected network introduction on reconnection") 1890 dev[0].request("DISCONNECT") 1891 dev[0].wait_disconnected() 1892 1893 hapd.request("PMKSA_FLUSH") 1894 dev[0].request("RECONNECT") 1895 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "DPP-INTRO"], timeout=10) 1896 if ev is None: 1897 raise Exception("Reconnection timed out") 1898 if "DPP-INTRO" not in ev: 1899 raise Exception("No network introduction on reconnection(2)") 1900 1901def test_dpp_and_sae_akm(dev, apdev): 1902 """DPP and SAE AKMs""" 1903 check_dpp_capab(dev[0]) 1904 check_dpp_capab(dev[1]) 1905 check_sae_capab(dev[1]) 1906 1907 params = {"ssid": "dpp+sae", 1908 "wpa": "2", 1909 "wpa_key_mgmt": "DPP SAE", 1910 "ieee80211w": "2", 1911 "rsn_pairwise": "CCMP", 1912 "sae_password": "sae-password", 1913 "dpp_connector": params1_ap_connector, 1914 "dpp_csign": params1_csign, 1915 "dpp_netaccesskey": params1_ap_netaccesskey} 1916 try: 1917 hapd = hostapd.add_ap(apdev[0], params) 1918 except: 1919 raise HwsimSkip("DPP not supported") 1920 1921 id = dev[0].connect("dpp+sae", key_mgmt="DPP", scan_freq="2412", 1922 ieee80211w="2", 1923 dpp_csign=params1_csign, 1924 dpp_connector=params1_sta_connector, 1925 dpp_netaccesskey=params1_sta_netaccesskey) 1926 val = dev[0].get_status_field("key_mgmt") 1927 if val != "DPP": 1928 raise Exception("Unexpected key_mgmt for DPP: " + val) 1929 1930 dev[1].request("SET sae_groups ") 1931 id = dev[1].connect("dpp+sae", key_mgmt="SAE", scan_freq="2412", 1932 ieee80211w="2", psk="sae-password") 1933 val = dev[1].get_status_field("key_mgmt") 1934 if val != "SAE": 1935 raise Exception("Unexpected key_mgmt for SAE: " + val) 1936 1937def test_dpp_ap_config(dev, apdev): 1938 """DPP and AP configuration""" 1939 run_dpp_ap_config(dev, apdev) 1940 1941def test_dpp_ap_config_p256_p256(dev, apdev): 1942 """DPP and AP configuration (P-256 + P-256)""" 1943 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-256") 1944 1945def test_dpp_ap_config_p256_p384(dev, apdev): 1946 """DPP and AP configuration (P-256 + P-384)""" 1947 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-384") 1948 1949def test_dpp_ap_config_p256_p521(dev, apdev): 1950 """DPP and AP configuration (P-256 + P-521)""" 1951 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="P-521") 1952 1953def test_dpp_ap_config_p384_p256(dev, apdev): 1954 """DPP and AP configuration (P-384 + P-256)""" 1955 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-256") 1956 1957def test_dpp_ap_config_p384_p384(dev, apdev): 1958 """DPP and AP configuration (P-384 + P-384)""" 1959 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-384") 1960 1961def test_dpp_ap_config_p384_p521(dev, apdev): 1962 """DPP and AP configuration (P-384 + P-521)""" 1963 run_dpp_ap_config(dev, apdev, curve="P-384", conf_curve="P-521") 1964 1965def test_dpp_ap_config_p521_p256(dev, apdev): 1966 """DPP and AP configuration (P-521 + P-256)""" 1967 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-256") 1968 1969def test_dpp_ap_config_p521_p384(dev, apdev): 1970 """DPP and AP configuration (P-521 + P-384)""" 1971 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-384") 1972 1973def test_dpp_ap_config_p521_p521(dev, apdev): 1974 """DPP and AP configuration (P-521 + P-521)""" 1975 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="P-521") 1976 1977def test_dpp_ap_config_bp256_bp256(dev, apdev): 1978 """DPP and AP configuration (BP-256 + BP-256)""" 1979 run_dpp_ap_config(dev, apdev, curve="BP-256", conf_curve="BP-256") 1980 1981def test_dpp_ap_config_bp384_bp384(dev, apdev): 1982 """DPP and AP configuration (BP-384 + BP-384)""" 1983 run_dpp_ap_config(dev, apdev, curve="BP-384", conf_curve="BP-384") 1984 1985def test_dpp_ap_config_bp512_bp512(dev, apdev): 1986 """DPP and AP configuration (BP-512 + BP-512)""" 1987 run_dpp_ap_config(dev, apdev, curve="BP-512", conf_curve="BP-512") 1988 1989def test_dpp_ap_config_p256_bp256(dev, apdev): 1990 """DPP and AP configuration (P-256 + BP-256)""" 1991 run_dpp_ap_config(dev, apdev, curve="P-256", conf_curve="BP-256") 1992 1993def test_dpp_ap_config_bp256_p256(dev, apdev): 1994 """DPP and AP configuration (BP-256 + P-256)""" 1995 run_dpp_ap_config(dev, apdev, curve="BP-256", conf_curve="P-256") 1996 1997def test_dpp_ap_config_p521_bp512(dev, apdev): 1998 """DPP and AP configuration (P-521 + BP-512)""" 1999 run_dpp_ap_config(dev, apdev, curve="P-521", conf_curve="BP-512") 2000 2001def test_dpp_ap_config_bp512_p521(dev, apdev): 2002 """DPP and AP configuration (BP-512 + P-521)""" 2003 run_dpp_ap_config(dev, apdev, curve="BP-512", conf_curve="P-521") 2004 2005def test_dpp_ap_config_reconfig_configurator(dev, apdev): 2006 """DPP and AP configuration with Configurator reconfiguration""" 2007 run_dpp_ap_config(dev, apdev, reconf_configurator=True) 2008 2009def test_dpp_ap_config_sae(dev, apdev): 2010 """DPP and AP configuration for SAE""" 2011 run_dpp_ap_config(dev, apdev, sae=True) 2012 2013def update_hapd_config(hapd): 2014 ev = hapd.wait_event(["DPP-CONFOBJ-AKM"], timeout=1) 2015 if ev is None: 2016 raise Exception("AKM not reported (AP)") 2017 akm = ev.split(' ')[1] 2018 2019 ev = hapd.wait_event(["DPP-CONFOBJ-SSID"], timeout=1) 2020 if ev is None: 2021 raise Exception("SSID not reported (AP)") 2022 ssid = ev.split(' ')[1] 2023 2024 ev = hapd.wait_event(["DPP-CONNECTOR"], timeout=1) 2025 if ev is None: 2026 raise Exception("Connector not reported (AP)") 2027 connector = ev.split(' ')[1] 2028 2029 if akm == "sae": 2030 ev = hapd.wait_event(["DPP-CONFOBJ-PASS"], timeout=1) 2031 if ev is None: 2032 raise Exception("Password not reported (AP)") 2033 password = ev.split(' ')[1] 2034 2035 ev = hapd.wait_event(["DPP-C-SIGN-KEY"], timeout=1) 2036 if ev is None: 2037 raise Exception("C-sign-key not reported (AP)") 2038 p = ev.split(' ') 2039 csign = p[1] 2040 2041 ev = hapd.wait_event(["DPP-NET-ACCESS-KEY"], timeout=1) 2042 if ev is None: 2043 raise Exception("netAccessKey not reported (AP)") 2044 p = ev.split(' ') 2045 net_access_key = p[1] 2046 net_access_key_expiry = p[2] if len(p) > 2 else None 2047 2048 logger.info("Update AP configuration") 2049 hapd.disable() 2050 hapd.set("ssid", ssid) 2051 hapd.set("utf8_ssid", "1") 2052 hapd.set("wpa", "2") 2053 if akm == "sae": 2054 hapd.set("wpa_key_mgmt", "SAE") 2055 hapd.set("sae_password", binascii.unhexlify(password).decode()) 2056 else: 2057 hapd.set("wpa_key_mgmt", "DPP") 2058 hapd.set("ieee80211w", "2") 2059 hapd.set("rsn_pairwise", "CCMP") 2060 hapd.set("dpp_connector", connector) 2061 hapd.set("dpp_csign", csign) 2062 hapd.set("dpp_netaccesskey", net_access_key) 2063 if net_access_key_expiry: 2064 hapd.set("dpp_netaccesskey_expiry", net_access_key_expiry) 2065 hapd.enable() 2066 2067def run_dpp_ap_config(dev, apdev, curve=None, conf_curve=None, 2068 reconf_configurator=False, sae=False): 2069 if sae: 2070 check_sae_capab(dev[0]) 2071 check_sae_capab(dev[1]) 2072 dev[0].set("sae_groups", "") 2073 dev[1].set("sae_groups", "") 2074 2075 brainpool = (curve and "BP-" in curve) or \ 2076 (conf_curve and "BP-" in conf_curve) 2077 check_dpp_capab(dev[0], brainpool) 2078 check_dpp_capab(dev[1], brainpool) 2079 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 2080 check_dpp_capab(hapd) 2081 2082 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve) 2083 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 2084 2085 conf_id = dev[0].dpp_configurator_add(curve=conf_curve) 2086 2087 if reconf_configurator: 2088 csign = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id) 2089 if "FAIL" in csign or len(csign) == 0: 2090 raise Exception("DPP_CONFIGURATOR_GET_KEY failed") 2091 2092 if sae: 2093 dev[0].dpp_auth_init(uri=uri, conf="ap-sae", configurator=conf_id, 2094 passphrase="secret SAE password") 2095 else: 2096 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id) 2097 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd) 2098 update_hapd_config(hapd) 2099 2100 id1 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True, curve=curve) 2101 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 2102 2103 if reconf_configurator: 2104 dev[0].dpp_configurator_remove(conf_id) 2105 conf_id = dev[0].dpp_configurator_add(curve=conf_curve, key=csign) 2106 2107 dev[1].dpp_listen(2412) 2108 if sae: 2109 dev[0].dpp_auth_init(uri=uri1, conf="sta-sae", configurator=conf_id, 2110 passphrase="secret SAE password") 2111 else: 2112 dev[0].dpp_auth_init(uri=uri1, conf="sta-dpp", configurator=conf_id) 2113 res = wait_auth_success(dev[1], dev[0], 2114 configurator=dev[0], enrollee=dev[1], 2115 stop_responder=True) 2116 sta_pk_hash = res['initiator-auth-success-pkhash'] 2117 2118 ev = dev[1].wait_event(["DPP-CONFOBJ-SSID"], timeout=1) 2119 if ev is None: 2120 raise Exception("SSID not reported") 2121 ssid = ev.split(' ')[1] 2122 2123 ev = dev[1].wait_event(["DPP-CONNECTOR"], timeout=1) 2124 if ev is None: 2125 raise Exception("Connector not reported") 2126 connector = ev.split(' ')[1] 2127 2128 ev = dev[1].wait_event(["DPP-C-SIGN-KEY"], timeout=1) 2129 if ev is None: 2130 raise Exception("C-sign-key not reported") 2131 p = ev.split(' ') 2132 csign = p[1] 2133 2134 ev = dev[1].wait_event(["DPP-NET-ACCESS-KEY"], timeout=1) 2135 if ev is None: 2136 raise Exception("netAccessKey not reported") 2137 p = ev.split(' ') 2138 net_access_key = p[1] 2139 net_access_key_expiry = p[2] if len(p) > 2 else None 2140 2141 dev[1].dump_monitor() 2142 2143 if sae: 2144 id = dev[1].connect(ssid, key_mgmt="SAE", ieee80211w="2", 2145 scan_freq="2412", 2146 sae_password="secret SAE password", 2147 only_add_network=True) 2148 else: 2149 id = dev[1].connect(ssid, key_mgmt="DPP", ieee80211w="2", 2150 scan_freq="2412", 2151 only_add_network=True) 2152 dev[1].set_network_quoted(id, "dpp_connector", connector) 2153 dev[1].set_network(id, "dpp_csign", csign) 2154 dev[1].set_network(id, "dpp_netaccesskey", net_access_key) 2155 if net_access_key_expiry: 2156 dev[1].set_network(id, "dpp_netaccess_expiry", 2157 net_access_key_expiry) 2158 2159 logger.info("Check data connection") 2160 dev[1].select_network(id, freq="2412") 2161 dev[1].wait_connected() 2162 2163 if not sae: 2164 ev = hapd.wait_sta(dev[1].own_addr()) 2165 if "dpp_pkhash=" + sta_pk_hash not in ev: 2166 raise Exception("dpp_pkhash not reported correctly: " + ev) 2167 2168 sta = hapd.get_sta(dev[1].own_addr()) 2169 if 'dpp_pkhash' not in sta: 2170 raise Exception("dpp_pkhash not included in STA info") 2171 if sta['dpp_pkhash'] != sta_pk_hash: 2172 raise Exception("Incorrect dpp_pkhash in STA info: " + sta['dpp_pkhash']) 2173 2174 dev[1].request("DISCONNECT") 2175 dev[1].wait_disconnected() 2176 dev[1].request("RECONNECT") 2177 dev[1].wait_connected() 2178 ev = hapd.wait_sta(dev[1].own_addr()) 2179 if "dpp_pkhash=" + sta_pk_hash not in ev: 2180 raise Exception("dpp_pkhash not reported correctly(2): " + ev) 2181 2182 sta = hapd.get_sta(dev[1].own_addr()) 2183 if 'dpp_pkhash' not in sta: 2184 raise Exception("dpp_pkhash not included in STA info(2)") 2185 if sta['dpp_pkhash'] != sta_pk_hash: 2186 raise Exception("Incorrect dpp_pkhash in STA info(2): " + sta['dpp_pkhash']) 2187 2188def test_dpp_auto_connect_1(dev, apdev): 2189 """DPP and auto connect (1)""" 2190 try: 2191 run_dpp_auto_connect(dev, apdev, 1) 2192 finally: 2193 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2194 2195def test_dpp_auto_connect_2(dev, apdev): 2196 """DPP and auto connect (2)""" 2197 try: 2198 run_dpp_auto_connect(dev, apdev, 2) 2199 finally: 2200 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2201 2202def test_dpp_auto_connect_2_connect_cmd(dev, apdev): 2203 """DPP and auto connect (2) using connect_cmd""" 2204 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 2205 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1") 2206 dev_new = [wpas, dev[1]] 2207 try: 2208 run_dpp_auto_connect(dev_new, apdev, 2) 2209 finally: 2210 wpas.set("dpp_config_processing", "0", allow_fail=True) 2211 2212def test_dpp_auto_connect_2_sta_ver1(dev, apdev): 2213 """DPP and auto connect (2; STA using ver 1)""" 2214 try: 2215 run_dpp_auto_connect(dev, apdev, 2, sta_version=1) 2216 finally: 2217 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2218 2219def test_dpp_auto_connect_2_ap_ver1(dev, apdev): 2220 """DPP and auto connect (2; AP using ver 1)""" 2221 try: 2222 run_dpp_auto_connect(dev, apdev, 2, ap_version=1) 2223 finally: 2224 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2225 2226def test_dpp_auto_connect_2_ver1(dev, apdev): 2227 """DPP and auto connect (2; AP and STA using ver 1)""" 2228 try: 2229 run_dpp_auto_connect(dev, apdev, 2, ap_version=1, sta_version=1) 2230 finally: 2231 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2232 2233def test_dpp_auto_connect_2_conf_ver1(dev, apdev): 2234 """DPP and auto connect (2; Configurator using ver 1)""" 2235 try: 2236 run_dpp_auto_connect(dev, apdev, 2, sta1_version=1) 2237 finally: 2238 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2239 2240def run_dpp_auto_connect(dev, apdev, processing, ap_version=0, sta_version=0, 2241 sta1_version=0, stop_after_prov=False): 2242 check_dpp_capab(dev[0]) 2243 check_dpp_capab(dev[1]) 2244 2245 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708" 2246 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708" 2247 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg" 2248 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b" 2249 2250 params = {"ssid": "test", 2251 "wpa": "2", 2252 "wpa_key_mgmt": "DPP", 2253 "ieee80211w": "2", 2254 "rsn_pairwise": "CCMP", 2255 "dpp_connector": ap_connector, 2256 "dpp_csign": csign_pub, 2257 "dpp_netaccesskey": ap_netaccesskey} 2258 try: 2259 hapd = hostapd.add_ap(apdev[0], params) 2260 if ap_version: 2261 hapd.set("dpp_version_override", str(ap_version)) 2262 except: 2263 raise HwsimSkip("DPP not supported") 2264 2265 if sta_version: 2266 dev[0].set("dpp_version_override", str(sta_version)) 2267 if sta1_version: 2268 dev[1].set("dpp_version_override", str(sta1_version)) 2269 conf_id = dev[1].dpp_configurator_add(key=csign) 2270 dev[0].set("dpp_config_processing", str(processing)) 2271 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 2272 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2273 dev[0].dpp_listen(2412) 2274 dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", configurator=conf_id) 2275 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0]) 2276 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 2277 if ev is None: 2278 raise Exception("DPP network profile not generated") 2279 id = ev.split(' ')[1] 2280 if stop_after_prov: 2281 return id, hapd 2282 2283 if processing == 1: 2284 dev[0].select_network(id, freq=2412) 2285 2286 dev[0].wait_connected() 2287 hwsim_utils.test_connectivity(dev[0], hapd) 2288 2289def test_dpp_auto_connect_legacy(dev, apdev): 2290 """DPP and auto connect (legacy)""" 2291 try: 2292 run_dpp_auto_connect_legacy(dev, apdev) 2293 finally: 2294 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2295 2296def test_dpp_auto_connect_legacy_ssid_charset(dev, apdev): 2297 """DPP and auto connect (legacy, ssid_charset)""" 2298 try: 2299 run_dpp_auto_connect_legacy(dev, apdev, ssid_charset=12345) 2300 finally: 2301 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2302 2303def test_dpp_auto_connect_legacy_sae_1(dev, apdev): 2304 """DPP and auto connect (legacy SAE)""" 2305 try: 2306 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', psk_sae=True) 2307 finally: 2308 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2309 2310def test_dpp_auto_connect_legacy_sae_2(dev, apdev): 2311 """DPP and auto connect (legacy SAE)""" 2312 try: 2313 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', sae_only=True) 2314 finally: 2315 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2316 2317def test_dpp_auto_connect_legacy_sae_3(dev, apdev): 2318 """DPP and auto connect (legacy SAE with short password)""" 2319 try: 2320 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', sae_only=True, 2321 password="1234567") 2322 finally: 2323 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2324 2325def test_dpp_auto_connect_legacy_sae_pw_id(dev, apdev): 2326 """DPP and auto connect (legacy SAE with password identifier)""" 2327 check_dpp_capab(dev[0], min_ver=3) 2328 try: 2329 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-sae', sae_only=True, 2330 password_id="id") 2331 finally: 2332 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2333 2334def test_dpp_auto_connect_legacy_psk_sae_1(dev, apdev): 2335 """DPP and auto connect (legacy PSK+SAE)""" 2336 try: 2337 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae', 2338 psk_sae=True) 2339 finally: 2340 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2341 2342def test_dpp_auto_connect_legacy_psk_sae_2(dev, apdev): 2343 """DPP and auto connect (legacy PSK+SAE)""" 2344 try: 2345 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae', 2346 sae_only=True) 2347 finally: 2348 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2349 2350def test_dpp_auto_connect_legacy_psk_sae_3(dev, apdev): 2351 """DPP and auto connect (legacy PSK+SAE)""" 2352 try: 2353 run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk-sae') 2354 finally: 2355 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2356 2357def run_dpp_auto_connect_legacy(dev, apdev, conf='sta-psk', 2358 ssid_charset=None, 2359 psk_sae=False, sae_only=False, 2360 password="secret passphrase", 2361 password_id=None): 2362 check_dpp_capab(dev[0]) 2363 check_dpp_capab(dev[1]) 2364 2365 if sae_only and password_id: 2366 params = hostapd.wpa3_params(ssid="dpp-legacy", 2367 password=password + '|id=' + password_id) 2368 elif sae_only: 2369 params = hostapd.wpa3_params(ssid="dpp-legacy", 2370 password=password) 2371 else: 2372 params = hostapd.wpa2_params(ssid="dpp-legacy", 2373 passphrase=password) 2374 if psk_sae: 2375 params['wpa_key_mgmt'] = 'WPA-PSK SAE' 2376 params['ieee80211w'] = '1' 2377 params['sae_require_mfp'] = '1' 2378 2379 hapd = hostapd.add_ap(apdev[0], params) 2380 2381 dev[0].request("SET sae_groups ") 2382 dev[0].set("dpp_config_processing", "2") 2383 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 2384 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2385 2386 dev[0].dpp_listen(2412) 2387 dev[1].dpp_auth_init(uri=uri0, conf=conf, ssid="dpp-legacy", 2388 ssid_charset=ssid_charset, 2389 passphrase=password, password_id=password_id) 2390 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0]) 2391 if ssid_charset: 2392 ev = dev[0].wait_event(["DPP-CONFOBJ-SSID-CHARSET"], timeout=1) 2393 if ev is None: 2394 raise Exception("ssid_charset not reported") 2395 charset = ev.split(' ')[1] 2396 if charset != str(ssid_charset): 2397 raise Exception("Incorrect ssid_charset reported: " + ev) 2398 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 2399 if ev is None: 2400 raise Exception("DPP network profile not generated") 2401 id = ev.split(' ')[1] 2402 2403 dev[0].wait_connected() 2404 2405def test_dpp_auto_connect_legacy_pmf_required(dev, apdev): 2406 """DPP and auto connect (legacy, PMF required)""" 2407 try: 2408 run_dpp_auto_connect_legacy_pmf_required(dev, apdev) 2409 finally: 2410 dev[0].set("dpp_config_processing", "0", allow_fail=True) 2411 2412def run_dpp_auto_connect_legacy_pmf_required(dev, apdev): 2413 check_dpp_capab(dev[0]) 2414 check_dpp_capab(dev[1]) 2415 2416 params = hostapd.wpa2_params(ssid="dpp-legacy", 2417 passphrase="secret passphrase") 2418 params['wpa_key_mgmt'] = "WPA-PSK-SHA256" 2419 params['ieee80211w'] = "2" 2420 hapd = hostapd.add_ap(apdev[0], params) 2421 2422 dev[0].set("dpp_config_processing", "2") 2423 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 2424 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2425 dev[0].dpp_listen(2412) 2426 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", ssid="dpp-legacy", 2427 passphrase="secret passphrase") 2428 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0]) 2429 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 2430 if ev is None: 2431 raise Exception("DPP network profile not generated") 2432 dev[0].wait_connected() 2433 2434def test_dpp_qr_code_auth_responder_configurator(dev, apdev): 2435 """DPP QR Code and responder as the configurator""" 2436 run_dpp_qr_code_auth_responder_configurator(dev, apdev, "") 2437 2438def test_dpp_qr_code_auth_responder_configurator_group_id(dev, apdev): 2439 """DPP QR Code and responder as the configurator with group_id)""" 2440 run_dpp_qr_code_auth_responder_configurator(dev, apdev, 2441 " group_id=test-group") 2442 2443def run_dpp_qr_code_auth_responder_configurator(dev, apdev, extra): 2444 check_dpp_capab(dev[0]) 2445 check_dpp_capab(dev[1]) 2446 conf_id = dev[0].dpp_configurator_add() 2447 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 2448 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2449 dev[0].set("dpp_configurator_params", 2450 " conf=sta-dpp configurator=%d%s" % (conf_id, extra)) 2451 dev[0].dpp_listen(2412, role="configurator") 2452 dev[1].dpp_auth_init(uri=uri0, role="enrollee") 2453 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1], 2454 stop_responder=True) 2455 2456def test_dpp_qr_code_auth_enrollee_init_netrole(dev, apdev): 2457 """DPP QR Code and enrollee initiating with netrole specified""" 2458 check_dpp_capab(dev[0]) 2459 check_dpp_capab(dev[1]) 2460 conf_id = dev[0].dpp_configurator_add() 2461 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 2462 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2463 dev[0].set("dpp_configurator_params", 2464 " conf=configurator configurator=%d" % conf_id) 2465 dev[0].dpp_listen(2412, role="configurator") 2466 dev[1].dpp_auth_init(uri=uri0, role="enrollee", netrole="configurator") 2467 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1], 2468 stop_responder=True) 2469 dev[0].dump_monitor() 2470 dev[1].dump_monitor() 2471 2472 # verify that netrole resets back to sta, if not explicitly stated 2473 dev[0].set("dpp_configurator_params", 2474 "conf=sta-dpp configurator=%d" % conf_id) 2475 dev[0].dpp_listen(2412, role="configurator") 2476 dev[1].dpp_auth_init(uri=uri0, role="enrollee") 2477 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1], 2478 stop_responder=True) 2479 2480def test_dpp_qr_code_hostapd_init(dev, apdev): 2481 """DPP QR Code and hostapd as initiator""" 2482 check_dpp_capab(dev[0]) 2483 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 2484 "channel": "6"}) 2485 check_dpp_capab(hapd) 2486 conf_id = dev[0].dpp_configurator_add() 2487 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True) 2488 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2489 dev[0].set("dpp_configurator_params", 2490 " conf=ap-dpp configurator=%d" % conf_id) 2491 dev[0].dpp_listen(2437, role="configurator") 2492 hapd.dpp_auth_init(uri=uri0, role="enrollee") 2493 wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd, 2494 stop_responder=True) 2495 2496def test_dpp_qr_code_hostapd_init_offchannel(dev, apdev): 2497 """DPP QR Code and hostapd as initiator (offchannel)""" 2498 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, None) 2499 2500def test_dpp_qr_code_hostapd_init_offchannel_neg_freq(dev, apdev): 2501 """DPP QR Code and hostapd as initiator (offchannel, neg_freq)""" 2502 run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, "neg_freq=2437") 2503 2504def run_dpp_qr_code_hostapd_init_offchannel(dev, apdev, extra): 2505 check_dpp_capab(dev[0]) 2506 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 2507 "channel": "6"}) 2508 check_dpp_capab(hapd) 2509 conf_id = dev[0].dpp_configurator_add() 2510 id0 = dev[0].dpp_bootstrap_gen(chan="81/1,81/11", mac=True) 2511 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2512 dev[0].set("dpp_configurator_params", 2513 " conf=ap-dpp configurator=%d" % conf_id) 2514 dev[0].dpp_listen(2462, role="configurator") 2515 hapd.dpp_auth_init(uri=uri0, role="enrollee", extra=extra) 2516 wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd, 2517 stop_responder=True) 2518 2519def test_dpp_qr_code_hostapd_init_offchannel_configurator(dev, apdev): 2520 """DPP QR Code and hostapd as initiator/Configurator (offchannel)""" 2521 check_dpp_capab(dev[0]) 2522 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 2523 "channel": "11"}) 2524 check_dpp_capab(hapd) 2525 id0 = dev[0].dpp_bootstrap_gen(chan="81/1") 2526 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2527 dev[0].dpp_listen(2412) 2528 conf_id = hapd.dpp_configurator_add() 2529 hapd.dpp_auth_init(uri=uri0, configurator=conf_id, conf="sta-dpp") 2530 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0]) 2531 2532def test_dpp_qr_code_hostapd_ignore_mismatch(dev, apdev): 2533 """DPP QR Code and hostapd ignoring netaccessKey mismatch""" 2534 check_dpp_capab(dev[0]) 2535 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 2536 "channel": "6"}) 2537 check_dpp_capab(hapd) 2538 conf_id = dev[0].dpp_configurator_add() 2539 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True) 2540 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2541 dev[0].set("dpp_configurator_params", 2542 "conf=ap-dpp configurator=%d" % conf_id) 2543 conf = '{"wi-fi_tech":"infra","discovery":{"ssid":"test"},"cred":{"akm":"dpp","signedConnector":"eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJUbkdLaklsTlphYXRyRUFZcmJiamlCNjdyamtMX0FHVldYTzZxOWhESktVIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6InN0YSJ9XSwibmV0QWNjZXNzS2V5Ijp7Imt0eSI6IkVDIiwiY3J2IjoiUC0yNTYiLCJ4IjoiYVRGNEpFR0lQS1NaMFh2OXpkQ01qbS10bjVYcE1zWUlWWjl3eVNBejFnSSIsInkiOiJRR2NIV0FfNnJiVTlYRFhBenRvWC1NNVEzc3VUbk1hcUVoVUx0bjdTU1h3In19._sm6YswxMf6hJLVTyYoU1uYUeY2VVkUNjrzjSiEhY42StD_RWowStEE-9CRsdCvLmsTptZ72_g40vTFwdId20A","csign":{"kty":"EC","crv":"P-256","x":"W4-Y5N1Pkos3UWb9A5qme0KUYRtY3CVUpekx_MapZ9s","y":"Et-M4NSF4NGjvh2VCh4B1sJ9eSCZ4RNzP2DBdP137VE","kid":"TnGKjIlNZaatrEAYrbbjiB67rjkL_AGVWXO6q9hDJKU"}}}' 2544 dev[0].set("dpp_config_obj_override", conf) 2545 dev[0].dpp_listen(2437, role="configurator") 2546 hapd.set("dpp_ignore_netaccesskey_mismatch", "1") 2547 hapd.dpp_auth_init(uri=uri0, role="enrollee") 2548 wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd, 2549 stop_responder=True) 2550 2551def test_dpp_test_vector_p_256(dev, apdev): 2552 """DPP P-256 test vector (mutual auth)""" 2553 check_dpp_capab(dev[0]) 2554 check_dpp_capab(dev[1]) 2555 2556 # Responder bootstrapping key 2557 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0" 2558 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107") 2559 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2560 2561 # Responder protocol keypair override 2562 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5" 2563 dev[0].set("dpp_protocol_key_override", 2564 "30310201010420" + priv + "a00a06082a8648ce3d030107") 2565 2566 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393") 2567 2568 # Initiator bootstrapping key 2569 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb" 2570 id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107") 2571 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 2572 2573 # Initiator protocol keypair override 2574 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783" 2575 dev[1].set("dpp_protocol_key_override", 2576 "30310201010420" + priv + "a00a06082a8648ce3d030107") 2577 2578 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31") 2579 2580 dev[0].dpp_qr_code(uri1) 2581 dev[0].dpp_listen(2462, qr="mutual") 2582 dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412) 2583 wait_auth_success(dev[0], dev[1]) 2584 2585def test_dpp_test_vector_p_256_b(dev, apdev): 2586 """DPP P-256 test vector (Responder-only auth)""" 2587 check_dpp_capab(dev[0]) 2588 check_dpp_capab(dev[1]) 2589 2590 # Responder bootstrapping key 2591 priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0" 2592 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, key="30310201010420" + priv + "a00a06082a8648ce3d030107") 2593 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2594 2595 # Responder protocol keypair override 2596 priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5" 2597 dev[0].set("dpp_protocol_key_override", 2598 "30310201010420" + priv + "a00a06082a8648ce3d030107") 2599 2600 dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393") 2601 2602 # Initiator bootstrapping key 2603 priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb" 2604 id1 = dev[1].dpp_bootstrap_gen(key="30310201010420" + priv + "a00a06082a8648ce3d030107") 2605 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 2606 2607 # Initiator protocol keypair override 2608 priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783" 2609 dev[1].set("dpp_protocol_key_override", 2610 "30310201010420" + priv + "a00a06082a8648ce3d030107") 2611 2612 dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31") 2613 2614 dev[0].dpp_listen(2462) 2615 dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412) 2616 wait_auth_success(dev[0], dev[1]) 2617 2618def der_priv_key_p_521(priv): 2619 if len(priv) != 2 * 66: 2620 raise Exception("Unexpected der_priv_key_p_521 parameter: " + priv) 2621 der_prefix = "30500201010442" 2622 der_postfix = "a00706052b81040023" 2623 return der_prefix + priv + der_postfix 2624 2625def test_dpp_test_vector_p_521(dev, apdev): 2626 """DPP P-521 test vector (mutual auth)""" 2627 check_dpp_capab(dev[0]) 2628 check_dpp_capab(dev[1]) 2629 2630 # Responder bootstrapping key 2631 priv = "0061e54f518cdf859735da3dd64c6f72c2f086f41a6fd52915152ea2fe0f24ddaecd8883730c9c9fd82cf7c043a41021696388cf5190b731dd83638bcd56d8b6c743" 2632 id0 = dev[0].dpp_bootstrap_gen(chan="81/11", mac=True, 2633 key=der_priv_key_p_521(priv)) 2634 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 2635 2636 # Responder protocol keypair override 2637 priv = "01d8b7b17cd1b0a33f7c66fb4220999329cdaf4f8b44b2ffadde8ab8ed8abffa9f5358c5b1caae26709ca4fb78e52a4d08f2e4f24111a36a6f440d20a0000ff51597" 2638 dev[0].set("dpp_protocol_key_override", der_priv_key_p_521(priv)) 2639 2640 dev[0].set("dpp_nonce_override", 2641 "d749a782012eb0a8595af30b2dfc8d0880d004ebddb55ecc5afbdef18c400e01") 2642 2643 # Initiator bootstrapping key 2644 priv = "0060c10df14af5ef27f6e362d31bdd9eeb44be77a323ba64b08f3f03d58b92cbfe05c182a91660caa081ca344243c47b5aa088bcdf738840eb35f0218b9f26881e02" 2645 id1 = dev[1].dpp_bootstrap_gen(key=der_priv_key_p_521(priv)) 2646 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 2647 2648 # Initiator protocol keypair override 2649 priv = "019c1c08caaeec38fb931894699b095bc3ab8c1ec7ef0622d2e3eba821477c8c6fca41774f21166ad98aebda37c067d9aa08a8a2e1b5c44c61f2bae02a61f85d9661" 2650 dev[1].set("dpp_protocol_key_override", der_priv_key_p_521(priv)) 2651 2652 dev[1].set("dpp_nonce_override", 2653 "de972af3847bec3ba2aedd9f5c21cfdec7bf0bc5fe8b276cbcd0267807fb15b0") 2654 2655 dev[0].dpp_qr_code(uri1) 2656 dev[0].dpp_listen(2462, qr="mutual") 2657 dev[1].dpp_auth_init(uri=uri0, own=id1, neg_freq=2412) 2658 wait_auth_success(dev[0], dev[1]) 2659 2660def test_dpp_pkex(dev, apdev): 2661 """DPP and PKEX""" 2662 run_dpp_pkex(dev, apdev) 2663 2664def test_dpp_pkex_v2(dev, apdev): 2665 """DPP and PKEXv2""" 2666 run_dpp_pkex(dev, apdev, ver=2) 2667 2668def test_dpp_pkex_p256(dev, apdev): 2669 """DPP and PKEX (P-256)""" 2670 run_dpp_pkex(dev, apdev, "P-256") 2671 2672def test_dpp_pkex_p384(dev, apdev): 2673 """DPP and PKEX (P-384)""" 2674 run_dpp_pkex(dev, apdev, "P-384") 2675 2676def test_dpp_pkex_p521(dev, apdev): 2677 """DPP and PKEX (P-521)""" 2678 run_dpp_pkex(dev, apdev, "P-521") 2679 2680def test_dpp_pkex_bp256(dev, apdev): 2681 """DPP and PKEX (BP-256)""" 2682 run_dpp_pkex(dev, apdev, "brainpoolP256r1") 2683 2684def test_dpp_pkex_bp384(dev, apdev): 2685 """DPP and PKEX (BP-384)""" 2686 run_dpp_pkex(dev, apdev, "brainpoolP384r1") 2687 2688def test_dpp_pkex_bp512(dev, apdev): 2689 """DPP and PKEX (BP-512)""" 2690 run_dpp_pkex(dev, apdev, "brainpoolP512r1") 2691 2692def test_dpp_pkex_config(dev, apdev): 2693 """DPP and PKEX with initiator as the configurator""" 2694 check_dpp_capab(dev[1]) 2695 conf_id = dev[1].dpp_configurator_add() 2696 run_dpp_pkex(dev, apdev, 2697 init_extra="conf=sta-dpp configurator=%d" % (conf_id), 2698 check_config=True) 2699 2700def test_dpp_pkex_no_identifier(dev, apdev): 2701 """DPP and PKEX without identifier""" 2702 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r=None) 2703 2704def test_dpp_pkex_identifier_mismatch(dev, apdev): 2705 """DPP and PKEX with different identifiers""" 2706 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r="bar", 2707 expect_no_resp=True) 2708 2709def test_dpp_pkex_identifier_mismatch2(dev, apdev): 2710 """DPP and PKEX with initiator using identifier and the responder not""" 2711 run_dpp_pkex(dev, apdev, identifier_i="foo", identifier_r=None, 2712 expect_no_resp=True) 2713 2714def test_dpp_pkex_identifier_mismatch3(dev, apdev): 2715 """DPP and PKEX with responder using identifier and the initiator not""" 2716 run_dpp_pkex(dev, apdev, identifier_i=None, identifier_r="bar", 2717 expect_no_resp=True) 2718 2719def run_dpp_pkex(dev, apdev, curve=None, init_extra=None, check_config=False, 2720 identifier_i="test", identifier_r="test", 2721 expect_no_resp=False, ver=None): 2722 min_ver = 3 if ver else 1 2723 check_dpp_capab(dev[0], curve and "brainpool" in curve, min_ver=min_ver) 2724 check_dpp_capab(dev[1], curve and "brainpool" in curve, min_ver=min_ver) 2725 dev[0].dpp_pkex_resp(2437, identifier=identifier_r, code="secret", 2726 curve=curve) 2727 dev[1].dpp_pkex_init(identifier=identifier_i, code="secret", curve=curve, 2728 extra=init_extra, ver=ver) 2729 2730 if expect_no_resp: 2731 ev = dev[0].wait_event(["DPP-RX"], timeout=10) 2732 if ev is None: 2733 raise Exception("DPP PKEX frame not received") 2734 ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=1) 2735 if ev is not None: 2736 raise Exception("DPP authentication succeeded") 2737 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=0.1) 2738 if ev is not None: 2739 raise Exception("DPP authentication succeeded") 2740 return 2741 2742 wait_auth_success(dev[0], dev[1], 2743 configurator=dev[1] if check_config else None, 2744 enrollee=dev[0] if check_config else None) 2745 2746def test_dpp_pkex_5ghz(dev, apdev): 2747 """DPP and PKEX on 5 GHz""" 2748 try: 2749 dev[0].request("SET country US") 2750 dev[1].request("SET country US") 2751 ev = dev[0].wait_event(["CTRL-EVENT-REGDOM-CHANGE"], timeout=1) 2752 if ev is None: 2753 ev = dev[0].wait_global_event(["CTRL-EVENT-REGDOM-CHANGE"], 2754 timeout=1) 2755 run_dpp_pkex_5ghz(dev, apdev) 2756 finally: 2757 dev[0].request("SET country 00") 2758 dev[1].request("SET country 00") 2759 subprocess.call(['iw', 'reg', 'set', '00']) 2760 time.sleep(0.1) 2761 2762def run_dpp_pkex_5ghz(dev, apdev): 2763 check_dpp_capab(dev[0]) 2764 check_dpp_capab(dev[1]) 2765 dev[0].dpp_pkex_resp(5745, identifier="test", code="secret") 2766 dev[1].dpp_pkex_init(identifier="test", code="secret") 2767 wait_auth_success(dev[0], dev[1], timeout=20) 2768 2769def test_dpp_pkex_test_vector(dev, apdev): 2770 """DPP and PKEX (P-256) test vector""" 2771 check_dpp_capab(dev[0]) 2772 check_dpp_capab(dev[1]) 2773 2774 init_addr = "ac:64:91:f4:52:07" 2775 resp_addr = "6e:5e:ce:6e:f3:dd" 2776 2777 identifier = "joes_key" 2778 code = "thisisreallysecret" 2779 2780 # Initiator bootstrapping private key 2781 init_priv = "5941b51acfc702cdc1c347264beb2920db88eb1a0bf03a211868b1632233c269" 2782 2783 # Responder bootstrapping private key 2784 resp_priv = "2ae8956293f49986b6d0b8169a86805d9232babb5f6813fdfe96f19d59536c60" 2785 2786 # Initiator x/X keypair override 2787 init_x_priv = "8365c5ed93d751bef2d92b410dc6adfd95670889183fac1bd66759ad85c3187a" 2788 2789 # Responder y/Y keypair override 2790 resp_y_priv = "d98faa24d7dd3f592665d71a95c862bfd02c4c48acb0c515a41cbc6e929675ea" 2791 2792 p256_prefix = "30310201010420" 2793 p256_postfix = "a00a06082a8648ce3d030107" 2794 2795 dev[0].set("dpp_pkex_own_mac_override", resp_addr) 2796 dev[0].set("dpp_pkex_peer_mac_override", init_addr) 2797 dev[1].set("dpp_pkex_own_mac_override", init_addr) 2798 dev[1].set("dpp_pkex_peer_mac_override", resp_addr) 2799 2800 # Responder y/Y keypair override 2801 dev[0].set("dpp_pkex_ephemeral_key_override", 2802 p256_prefix + resp_y_priv + p256_postfix) 2803 2804 # Initiator x/X keypair override 2805 dev[1].set("dpp_pkex_ephemeral_key_override", 2806 p256_prefix + init_x_priv + p256_postfix) 2807 2808 dev[0].dpp_pkex_resp(2437, identifier=identifier, code=code, 2809 key=p256_prefix + resp_priv + p256_postfix) 2810 dev[1].dpp_pkex_init(identifier=identifier, code=code, 2811 key=p256_prefix + init_priv + p256_postfix) 2812 wait_auth_success(dev[0], dev[1]) 2813 2814def test_dpp_pkex_code_mismatch(dev, apdev): 2815 """DPP and PKEX with mismatching code""" 2816 check_dpp_capab(dev[0]) 2817 check_dpp_capab(dev[1]) 2818 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret") 2819 id1 = dev[1].dpp_pkex_init(identifier="test", code="unknown") 2820 wait_dpp_fail(dev[0], "possible PKEX code mismatch") 2821 dev[0].dump_monitor() 2822 dev[1].dump_monitor() 2823 dev[1].dpp_pkex_init(identifier="test", code="secret", use_id=id1) 2824 wait_auth_success(dev[0], dev[1]) 2825 2826def test_dpp_pkex_code_mismatch_limit(dev, apdev): 2827 """DPP and PKEX with mismatching code limit""" 2828 check_dpp_capab(dev[0]) 2829 check_dpp_capab(dev[1]) 2830 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret") 2831 2832 id1 = None 2833 for i in range(5): 2834 dev[0].dump_monitor() 2835 dev[1].dump_monitor() 2836 id1 = dev[1].dpp_pkex_init(identifier="test", code="unknown", 2837 use_id=id1) 2838 wait_dpp_fail(dev[0], "possible PKEX code mismatch") 2839 2840 ev = dev[0].wait_event(["DPP-PKEX-T-LIMIT"], timeout=1) 2841 if ev is None: 2842 raise Exception("PKEX t limit not reported") 2843 2844def test_dpp_pkex_curve_mismatch(dev, apdev): 2845 """DPP and PKEX with mismatching curve""" 2846 check_dpp_capab(dev[0]) 2847 check_dpp_capab(dev[1]) 2848 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve="P-256") 2849 dev[1].dpp_pkex_init(identifier="test", code="secret", curve="P-384") 2850 wait_dpp_fail(dev[0], "Mismatching PKEX curve: peer=20 own=19") 2851 wait_dpp_fail(dev[1], "Peer indicated mismatching PKEX group - proposed 19") 2852 2853def test_dpp_pkex_curve_mismatch_failure(dev, apdev): 2854 """DPP and PKEX with mismatching curve (local failure)""" 2855 run_dpp_pkex_curve_mismatch_failure(dev, apdev, "=dpp_pkex_rx_exchange_req") 2856 2857def test_dpp_pkex_curve_mismatch_failure2(dev, apdev): 2858 """DPP and PKEX with mismatching curve (local failure 2)""" 2859 run_dpp_pkex_curve_mismatch_failure(dev, apdev, 2860 "dpp_pkex_build_exchange_resp") 2861 2862def run_dpp_pkex_curve_mismatch_failure(dev, apdev, func): 2863 check_dpp_capab(dev[0]) 2864 check_dpp_capab(dev[1]) 2865 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve="P-256") 2866 2867 with alloc_fail(dev[0], 1, func): 2868 dev[1].dpp_pkex_init(identifier="test", code="secret", curve="P-384") 2869 2870 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5) 2871 if ev is None: 2872 raise Exception("Failure not reported (dev 0)") 2873 if "Mismatching PKEX curve: peer=20 own=19" not in ev: 2874 raise Exception("Unexpected result: " + ev) 2875 wait_dpp_fail(dev[0], "Mismatching PKEX curve: peer=20 own=19") 2876 2877def test_dpp_pkex_exchange_resp_processing_failure(dev, apdev): 2878 """DPP and PKEX with local failure in processing Exchange Resp""" 2879 check_dpp_capab(dev[0]) 2880 check_dpp_capab(dev[1]) 2881 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret") 2882 2883 with fail_test(dev[1], 1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_resp"): 2884 dev[1].dpp_pkex_init(identifier="test", code="secret") 2885 wait_fail_trigger(dev[1], "GET_FAIL") 2886 2887def test_dpp_pkex_commit_reveal_req_processing_failure(dev, apdev): 2888 """DPP and PKEX with local failure in processing Commit Reveal Req""" 2889 check_dpp_capab(dev[0]) 2890 check_dpp_capab(dev[1]) 2891 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret") 2892 2893 with alloc_fail(dev[0], 1, 2894 "crypto_ec_key_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"): 2895 dev[1].dpp_pkex_init(identifier="test", code="secret") 2896 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") 2897 2898def test_dpp_pkex_config2(dev, apdev): 2899 """DPP and PKEX with responder as the configurator""" 2900 check_dpp_capab(dev[0]) 2901 conf_id = dev[0].dpp_configurator_add() 2902 dev[0].set("dpp_configurator_params", 2903 " conf=sta-dpp configurator=%d" % conf_id) 2904 run_dpp_pkex2(dev, apdev) 2905 2906def run_dpp_pkex2(dev, apdev, curve=None, init_extra=""): 2907 check_dpp_capab(dev[0]) 2908 check_dpp_capab(dev[1]) 2909 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", curve=curve, 2910 listen_role="configurator") 2911 dev[1].dpp_pkex_init(identifier="test", code="secret", role="enrollee", 2912 curve=curve, extra=init_extra) 2913 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1]) 2914 2915def test_dpp_pkex_no_responder(dev, apdev): 2916 """DPP and PKEX with no responder (retry behavior)""" 2917 check_dpp_capab(dev[0]) 2918 dev[0].dpp_pkex_init(identifier="test", code="secret") 2919 2920 for i in range(15): 2921 ev = dev[0].wait_event(["DPP-TX ", "DPP-FAIL"], timeout=5) 2922 if ev is None: 2923 raise Exception("DPP PKEX failure not reported") 2924 if "DPP-FAIL" not in ev: 2925 continue 2926 if "No response from PKEX peer" not in ev: 2927 raise Exception("Unexpected failure reason: " + ev) 2928 break 2929 2930def test_dpp_pkex_after_retry(dev, apdev): 2931 """DPP and PKEX completing after retry""" 2932 check_dpp_capab(dev[0]) 2933 dev[0].dpp_pkex_init(identifier="test", code="secret") 2934 time.sleep(0.1) 2935 dev[1].dpp_pkex_resp(2437, identifier="test", code="secret") 2936 wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1], 2937 allow_enrollee_failure=True) 2938 2939def test_dpp_pkex_hostapd_responder(dev, apdev): 2940 """DPP PKEX with hostapd as responder""" 2941 check_dpp_capab(dev[0]) 2942 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 2943 "channel": "6"}) 2944 check_dpp_capab(hapd) 2945 hapd.dpp_pkex_resp(2437, identifier="test", code="secret") 2946 conf_id = dev[0].dpp_configurator_add() 2947 dev[0].dpp_pkex_init(identifier="test", code="secret", 2948 extra="conf=ap-dpp configurator=%d" % conf_id) 2949 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd, 2950 stop_initiator=True) 2951 2952def test_dpp_pkex_v2_hostapd_responder(dev, apdev): 2953 """DPP PKEXv2 with hostapd as responder""" 2954 check_dpp_capab(dev[0], min_ver=3) 2955 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 2956 "channel": "6"}) 2957 check_dpp_capab(hapd, min_ver=3) 2958 hapd.dpp_pkex_resp(2437, identifier="test", code="secret") 2959 conf_id = dev[0].dpp_configurator_add() 2960 dev[0].dpp_pkex_init(identifier="test", code="secret", 2961 extra="conf=ap-dpp configurator=%d" % conf_id, ver=2) 2962 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd, 2963 stop_initiator=True) 2964 2965def test_dpp_pkex_hostapd_initiator(dev, apdev): 2966 """DPP PKEX with hostapd as initiator""" 2967 check_dpp_capab(dev[0]) 2968 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 2969 "channel": "6"}) 2970 check_dpp_capab(hapd) 2971 conf_id = dev[0].dpp_configurator_add() 2972 dev[0].set("dpp_configurator_params", 2973 " conf=ap-dpp configurator=%d" % conf_id) 2974 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", 2975 listen_role="configurator") 2976 hapd.dpp_pkex_init(identifier="test", code="secret", role="enrollee") 2977 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd, 2978 stop_initiator=True) 2979 2980def test_dpp_pkex_v2_hostapd_initiator(dev, apdev): 2981 """DPP PKEXv2 with hostapd as initiator""" 2982 check_dpp_capab(dev[0], min_ver=3) 2983 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 2984 "channel": "6"}) 2985 check_dpp_capab(hapd, min_ver=3) 2986 conf_id = dev[0].dpp_configurator_add() 2987 dev[0].set("dpp_configurator_params", 2988 " conf=ap-dpp configurator=%d" % conf_id) 2989 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", 2990 listen_role="configurator") 2991 hapd.dpp_pkex_init(identifier="test", code="secret", role="enrollee", 2992 ver=2) 2993 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd, 2994 stop_initiator=True) 2995 2996def test_dpp_pkex_hostapd_initiator_fallback(dev, apdev): 2997 """DPP PKEX with hostapd as initiator and fallback to v1""" 2998 check_dpp_capab(dev[0]) 2999 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3000 "channel": "6"}) 3001 check_dpp_capab(hapd, min_ver=3) 3002 conf_id = dev[0].dpp_configurator_add() 3003 dev[0].set("dpp_configurator_params", 3004 " conf=ap-dpp configurator=%d" % conf_id) 3005 dev[0].dpp_listen(2437, role="configurator") 3006 hapd.dpp_pkex_init(identifier="test", code="secret", role="enrollee") 3007 while True: 3008 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 3009 if ev is None: 3010 raise Exception("DPP-RX not reported") 3011 if "type=7" in ev: 3012 logger.info("Starting PKEXv1 responder") 3013 conf_id = dev[0].dpp_configurator_add() 3014 dev[0].set("dpp_configurator_params", 3015 " conf=ap-dpp configurator=%d" % conf_id) 3016 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", 3017 listen_role="configurator") 3018 break 3019 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd, 3020 stop_initiator=True) 3021 3022def test_dpp_pkex_hostapd_initiator_no_response(dev, apdev): 3023 """DPP PKEX with hostapd as initiator and no response""" 3024 check_dpp_capab(dev[0]) 3025 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3026 "channel": "6"}) 3027 check_dpp_capab(hapd) 3028 conf_id = dev[0].dpp_configurator_add() 3029 hapd.dpp_pkex_init(identifier="test", code="secret", role="enrollee") 3030 ev = hapd.wait_event(["DPP-FAIL"], timeout=30) 3031 if not ev: 3032 raise Exception("Failure not reported") 3033 if "No response from PKEX peer" not in ev: 3034 raise Exception("Unexpected failure reason: " + ev) 3035 3036def test_dpp_pkex_hostapd_errors(dev, apdev): 3037 """DPP PKEX errors with hostapd""" 3038 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3039 "channel": "6"}) 3040 check_dpp_capab(hapd) 3041 id0 = hapd.dpp_bootstrap_gen(type="pkex") 3042 tests = ["own=%d" % id0, 3043 "own=%d identifier=foo" % id0, 3044 ""] 3045 for t in tests: 3046 if "FAIL" not in hapd.request("DPP_PKEX_ADD " + t): 3047 raise Exception("Invalid DPP_PKEX_ADD accepted: " + t) 3048 3049 res = hapd.request("DPP_PKEX_ADD own=%d code=foo" % id0) 3050 if "FAIL" in res: 3051 raise Exception("Failed to add PKEX responder") 3052 if "OK" not in hapd.request("DPP_PKEX_REMOVE " + res): 3053 raise Exception("Failed to remove PKEX responder") 3054 hapd.request("DPP_PKEX_REMOVE " + res) 3055 3056 res = hapd.request("DPP_PKEX_ADD own=%d code=foo" % id0) 3057 if "FAIL" in res: 3058 raise Exception("Failed to add PKEX responder") 3059 if "OK" not in hapd.request("DPP_PKEX_REMOVE *"): 3060 raise Exception("Failed to flush PKEX responders") 3061 hapd.request("DPP_PKEX_REMOVE *") 3062 3063def test_dpp_pkex_nak_curve_change(dev, apdev): 3064 """DPP PKEX with netAccessKey curve change""" 3065 try: 3066 run_dpp_pkex_nak_curve_change(dev, apdev) 3067 finally: 3068 dev[1].set("dpp_config_processing", "0", allow_fail=True) 3069 3070def test_dpp_pkex_nak_curve_change2(dev, apdev): 3071 """DPP PKEX with netAccessKey curve change (2)""" 3072 try: 3073 run_dpp_pkex_nak_curve_change(dev, apdev, failure=True) 3074 finally: 3075 dev[1].set("dpp_config_processing", "0", allow_fail=True) 3076 3077def run_dpp_pkex_nak_curve_change(dev, apdev, failure=False): 3078 check_dpp_capab(dev[0], min_ver=3) 3079 check_dpp_capab(dev[1], min_ver=3) 3080 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3081 "channel": "6"}) 3082 check_dpp_capab(hapd, min_ver=3) 3083 hapd.dpp_pkex_resp(2437, identifier="test-1", code="secret-1", 3084 curve="secp384r1") 3085 conf_id = dev[0].dpp_configurator_add() 3086 dev[0].dpp_pkex_init(identifier="test-1", code="secret-1", 3087 curve="secp384r1", 3088 extra="conf=ap-dpp configurator=%d" % conf_id) 3089 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd, 3090 stop_initiator=True) 3091 update_hapd_config(hapd) 3092 dev[0].dump_monitor() 3093 hapd.dump_monitor() 3094 3095 dev[1].set("dpp_config_processing", "2") 3096 dev[1].dpp_pkex_resp(2437, identifier="test-2", code="secret-2") 3097 if failure: 3098 dev[0].dpp_configurator_set(conf_id, net_access_key_curve="prime256v1") 3099 dev[0].dpp_pkex_init(identifier="test-2", code="secret-2", 3100 extra="conf=sta-dpp configurator=%d" % conf_id) 3101 wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1], 3102 stop_initiator=True) 3103 if failure: 3104 ev = dev[1].wait_event(["DPP-INTRO"], timeout=10) 3105 if ev is None: 3106 raise Exception("No DPP-INTRO message seen") 3107 if "status=7" not in ev: 3108 raise Exception("Unexpected DPP-INTRO contents: " + ev) 3109 else: 3110 dev[1].wait_connected() 3111 dev[0].dump_monitor() 3112 dev[1].dump_monitor() 3113 hapd.dump_monitor() 3114 3115def test_dpp_hostapd_configurator(dev, apdev): 3116 """DPP with hostapd as configurator/initiator""" 3117 run_dpp_hostapd_configurator(dev, apdev) 3118 3119def test_dpp_hostapd_configurator_enrollee_v1(dev, apdev): 3120 """DPP with hostapd as configurator/initiator with v1 enrollee""" 3121 check_dpp_capab(dev[0]) 3122 dev[0].set("dpp_version_override", "1") 3123 run_dpp_hostapd_configurator(dev, apdev) 3124 3125def run_dpp_hostapd_configurator(dev, apdev): 3126 check_dpp_capab(dev[0]) 3127 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3128 "channel": "1"}) 3129 check_dpp_capab(hapd) 3130 conf_id = hapd.dpp_configurator_add() 3131 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 3132 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3133 id1 = hapd.dpp_qr_code(uri0) 3134 res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1) 3135 if "FAIL" in res: 3136 raise Exception("DPP_BOOTSTRAP_INFO failed") 3137 if "type=QRCODE" not in res: 3138 raise Exception("DPP_BOOTSTRAP_INFO did not report correct type") 3139 if "mac_addr=" + dev[0].own_addr() not in res: 3140 raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr") 3141 dev[0].dpp_listen(2412) 3142 hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp") 3143 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0], 3144 stop_responder=True) 3145 3146def test_dpp_hostapd_configurator_responder(dev, apdev): 3147 """DPP with hostapd as configurator/responder""" 3148 check_dpp_capab(dev[0]) 3149 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3150 "channel": "1"}) 3151 check_dpp_capab(hapd) 3152 conf_id = hapd.dpp_configurator_add() 3153 hapd.set("dpp_configurator_params", 3154 " conf=sta-dpp configurator=%d" % conf_id) 3155 id0 = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 3156 uri0 = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3157 dev[0].dpp_auth_init(uri=uri0, role="enrollee") 3158 wait_auth_success(hapd, dev[0], configurator=hapd, enrollee=dev[0], 3159 stop_initiator=True) 3160 3161def test_dpp_hostapd_configurator_fragmentation(dev, apdev): 3162 """DPP with hostapd as configurator/initiator requiring fragmentation""" 3163 check_dpp_capab(dev[0]) 3164 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3165 "channel": "1"}) 3166 check_dpp_capab(hapd) 3167 conf_id = hapd.dpp_configurator_add() 3168 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 3169 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3170 id1 = hapd.dpp_qr_code(uri0) 3171 res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1) 3172 if "FAIL" in res: 3173 raise Exception("DPP_BOOTSTRAP_INFO failed") 3174 if "type=QRCODE" not in res: 3175 raise Exception("DPP_BOOTSTRAP_INFO did not report correct type") 3176 if "mac_addr=" + dev[0].own_addr() not in res: 3177 raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr") 3178 dev[0].dpp_listen(2412) 3179 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 3180 hapd.set("dpp_config_obj_override", conf) 3181 hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp") 3182 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0], 3183 stop_responder=True) 3184 3185def test_dpp_hostapd_enrollee_fragmentation(dev, apdev): 3186 """DPP and hostapd as Enrollee with GAS fragmentation""" 3187 check_dpp_capab(dev[0]) 3188 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3189 "channel": "6"}) 3190 check_dpp_capab(hapd) 3191 conf_id = dev[0].dpp_configurator_add() 3192 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True) 3193 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3194 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 3195 dev[0].set("dpp_config_obj_override", conf) 3196 dev[0].set("dpp_configurator_params", 3197 " conf=ap-dpp configurator=%d" % conf_id) 3198 dev[0].dpp_listen(2437, role="configurator") 3199 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3200 wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd, 3201 stop_responder=True) 3202 3203def test_dpp_hostapd_enrollee_gas_timeout(dev, apdev): 3204 """DPP and hostapd as Enrollee with GAS timeout""" 3205 check_dpp_capab(dev[0]) 3206 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3207 "channel": "6"}) 3208 check_dpp_capab(hapd) 3209 conf_id = dev[0].dpp_configurator_add() 3210 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True) 3211 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3212 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 3213 dev[0].set("dpp_config_obj_override", conf) 3214 dev[0].set("dpp_configurator_params", 3215 "conf=ap-dpp configurator=%d" % conf_id) 3216 dev[0].set("ext_mgmt_frame_handling", "1") 3217 dev[0].dpp_listen(2437, role="configurator") 3218 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3219 process_dpp_frames(dev[0]) 3220 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3221 if "result=TIMEOUT" not in ev: 3222 raise Exception("GAS timeout not reported") 3223 3224def test_dpp_hostapd_enrollee_gas_timeout_comeback(dev, apdev): 3225 """DPP and hostapd as Enrollee with GAS timeout during comeback""" 3226 check_dpp_capab(dev[0]) 3227 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3228 "channel": "6"}) 3229 check_dpp_capab(hapd) 3230 conf_id = dev[0].dpp_configurator_add() 3231 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True) 3232 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3233 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 3234 dev[0].set("dpp_config_obj_override", conf) 3235 dev[0].set("dpp_configurator_params", 3236 "conf=ap-dpp configurator=%d" % conf_id) 3237 dev[0].set("ext_mgmt_frame_handling", "1") 3238 dev[0].dpp_listen(2437, role="configurator") 3239 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3240 process_dpp_frames(dev[0], count=4) 3241 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3242 if "result=TIMEOUT" not in ev: 3243 raise Exception("GAS timeout not reported") 3244 3245def process_dpp_frames(dev, count=3): 3246 for i in range(count): 3247 msg = dev.mgmt_rx() 3248 cmd = "MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode()) 3249 if "OK" not in dev.request(cmd): 3250 raise Exception("MGMT_RX_PROCESS failed") 3251 3252def test_dpp_hostapd_enrollee_gas_errors(dev, apdev): 3253 """DPP and hostapd as Enrollee with GAS query local errors""" 3254 check_dpp_capab(dev[0]) 3255 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3256 "channel": "6"}) 3257 check_dpp_capab(hapd) 3258 conf_id = dev[0].dpp_configurator_add() 3259 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True) 3260 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3261 dev[0].set("dpp_configurator_params", 3262 "conf=ap-dpp configurator=%d" % conf_id) 3263 dev[0].set("ext_mgmt_frame_handling", "1") 3264 3265 # GAS without comeback 3266 tests = [(1, "gas_query_append;gas_query_rx_initial", 3, True), 3267 (1, "gas_query_rx_initial", 3, True), 3268 (1, "gas_query_tx_initial_req", 2, True), 3269 (1, "gas_query_ap_req", 2, False)] 3270 for count, func, frame_count, wait_ev in tests: 3271 dev[0].request("DPP_STOP_LISTEN") 3272 dev[0].dpp_listen(2437, role="configurator") 3273 dev[0].dump_monitor() 3274 hapd.dump_monitor() 3275 with alloc_fail(hapd, count, func): 3276 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3277 process_dpp_frames(dev[0], count=frame_count) 3278 if wait_ev: 3279 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3280 if not ev or "result=INTERNAL_ERROR" not in ev: 3281 raise Exception("Unexpect GAS query result: " + str(ev)) 3282 3283 # GAS with comeback 3284 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 3285 dev[0].set("dpp_config_obj_override", conf) 3286 3287 tests = [(1, "gas_query_append;gas_query_rx_comeback", 4), 3288 (1, "wpabuf_alloc;gas_query_tx_comeback_req", 3), 3289 (1, "hostapd_drv_send_action;gas_query_tx_comeback_req", 3)] 3290 for count, func, frame_count in tests: 3291 dev[0].request("DPP_STOP_LISTEN") 3292 dev[0].dpp_listen(2437, role="configurator") 3293 dev[0].dump_monitor() 3294 hapd.dump_monitor() 3295 with alloc_fail(hapd, count, func): 3296 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3297 process_dpp_frames(dev[0], count=frame_count) 3298 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3299 if not ev or "result=INTERNAL_ERROR" not in ev: 3300 raise Exception("Unexpect GAS query result: " + str(ev)) 3301 3302def test_dpp_hostapd_enrollee_gas_proto(dev, apdev): 3303 """DPP and hostapd as Enrollee with GAS query protocol testing""" 3304 check_dpp_capab(dev[0]) 3305 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3306 "channel": "6"}) 3307 check_dpp_capab(hapd) 3308 bssid = hapd.own_addr() 3309 conf_id = dev[0].dpp_configurator_add() 3310 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True) 3311 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3312 dev[0].set("dpp_configurator_params", 3313 "conf=ap-dpp configurator=%d" % conf_id) 3314 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 3315 dev[0].set("dpp_config_obj_override", conf) 3316 dev[0].set("ext_mgmt_frame_handling", "1") 3317 dev[0].dpp_listen(2437, role="configurator") 3318 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3319 process_dpp_frames(dev[0], count=3) 3320 msg = dev[0].mgmt_rx() 3321 payload = msg['payload'] 3322 dialog_token, = struct.unpack('B', payload[2:3]) 3323 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 0) 3324 # GAS: Advertisement Protocol changed between initial and comeback response from 02:00:00:00:00:00 3325 adv_proto = "6c087fdd05506f9a1a02" 3326 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3327 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3328 dev[0].request(cmd) 3329 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3330 if not ev or "result=PEER_ERROR" not in ev: 3331 raise Exception("Unexpect GAS query result: " + str(ev)) 3332 dev[0].request("DPP_STOP_LISTEN") 3333 hapd.dump_monitor() 3334 dev[0].dump_monitor() 3335 3336 dev[0].dpp_listen(2437, role="configurator") 3337 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3338 process_dpp_frames(dev[0], count=3) 3339 msg = dev[0].mgmt_rx() 3340 payload = msg['payload'] 3341 dialog_token, = struct.unpack('B', payload[2:3]) 3342 # Another comeback delay 3343 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 1) 3344 adv_proto = "6c087fdd05506f9a1a01" 3345 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3346 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3347 dev[0].request(cmd) 3348 msg = dev[0].mgmt_rx() 3349 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 1) 3350 # GAS: Invalid comeback response with non-zero frag_id and comeback_delay from 02:00:00:00:00:00 3351 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3352 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3353 dev[0].request(cmd) 3354 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3355 if not ev or "result=PEER_ERROR" not in ev: 3356 raise Exception("Unexpect GAS query result: " + str(ev)) 3357 dev[0].request("DPP_STOP_LISTEN") 3358 hapd.dump_monitor() 3359 dev[0].dump_monitor() 3360 3361 dev[0].dpp_listen(2437, role="configurator") 3362 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3363 process_dpp_frames(dev[0], count=3) 3364 msg = dev[0].mgmt_rx() 3365 payload = msg['payload'] 3366 dialog_token, = struct.unpack('B', payload[2:3]) 3367 # Valid comeback response 3368 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 0) 3369 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3370 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3371 dev[0].request(cmd) 3372 msg = dev[0].mgmt_rx() 3373 # GAS: Drop frame as possible retry of previous fragment 3374 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 0) 3375 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3376 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3377 dev[0].request(cmd) 3378 # GAS: Unexpected frag_id in response from 02:00:00:00:00:00 3379 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x82, 0) 3380 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3381 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3382 dev[0].request(cmd) 3383 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3384 if not ev or "result=PEER_ERROR" not in ev: 3385 raise Exception("Unexpect GAS query result: " + str(ev)) 3386 dev[0].request("DPP_STOP_LISTEN") 3387 hapd.dump_monitor() 3388 dev[0].dump_monitor() 3389 3390 dev[0].dpp_listen(2437, role="configurator") 3391 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3392 process_dpp_frames(dev[0], count=3) 3393 msg = dev[0].mgmt_rx() 3394 payload = msg['payload'] 3395 dialog_token, = struct.unpack('B', payload[2:3]) 3396 # GAS: Unexpected initial response from 02:00:00:00:00:00 dialog token 3 when waiting for comeback response 3397 hdr = struct.pack('<BBBHBH', 4, 11, dialog_token, 0, 0x80, 0) 3398 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3399 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3400 dev[0].request(cmd) 3401 # GAS: Allow non-zero status for outstanding comeback response 3402 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 95, 0x80, 0) 3403 # GAS: Ignore 1 octets of extra data after Query Response from 02:00:00:00:00:00 3404 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" + "ff" 3405 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3406 dev[0].request(cmd) 3407 # GAS: No pending query found for 02:00:00:00:00:00 dialog token 4 3408 hdr = struct.pack('<BBBHBH', 4, 13, (dialog_token + 1) % 256, 0, 0x80, 0) 3409 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3410 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3411 dev[0].request(cmd) 3412 # GAS: Truncated Query Response in response from 02:00:00:00:00:00 3413 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 0) 3414 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "0010" 3415 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3416 dev[0].request(cmd) 3417 # GAS: No room for GAS Response Length 3418 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 0) 3419 action = binascii.hexlify(hdr).decode() + adv_proto + "03" 3420 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3421 dev[0].request(cmd) 3422 # GAS: Unexpected Advertisement Protocol element ID 0 in response from 02:00:00:00:00:00 3423 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 0) 3424 adv_proto_broken = "0000" 3425 action = binascii.hexlify(hdr).decode() + adv_proto_broken + "0300" + "001001" 3426 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3427 dev[0].request(cmd) 3428 # GAS: No room for Advertisement Protocol element in the response from 02:00:00:00:00:00 3429 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x81, 0) 3430 adv_proto_broken = "00ff" 3431 action = binascii.hexlify(hdr).decode() + adv_proto_broken + "0300" + "001001" 3432 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3433 dev[0].request(cmd) 3434 # No room for Comeback Delay 3435 hdr = struct.pack('<BBBHBB', 4, 13, dialog_token, 0, 0x81, 0) 3436 action = binascii.hexlify(hdr).decode() 3437 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3438 dev[0].request(cmd) 3439 # No room for frag_id 3440 hdr = struct.pack('<BBBH', 4, 13, dialog_token, 0) 3441 action = binascii.hexlify(hdr).decode() 3442 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3443 dev[0].request(cmd) 3444 # GAS: Query to 02:00:00:00:00:00 dialog token 3 failed - status code 1 3445 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 1, 0x81, 0) 3446 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3447 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3448 dev[0].request(cmd) 3449 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3450 if not ev or "result=FAILURE" not in ev: 3451 raise Exception("Unexpect GAS query result: " + str(ev)) 3452 dev[0].request("DPP_STOP_LISTEN") 3453 hapd.dump_monitor() 3454 dev[0].dump_monitor() 3455 3456 dev[0].dpp_listen(2437, role="configurator") 3457 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3458 process_dpp_frames(dev[0], count=2) 3459 msg = dev[0].mgmt_rx() 3460 payload = msg['payload'] 3461 dialog_token, = struct.unpack('B', payload[2:3]) 3462 # Unexpected comeback delay 3463 hdr = struct.pack('<BBBHBH', 4, 13, dialog_token, 0, 0x80, 0) 3464 adv_proto = "6c087fdd05506f9a1a01" 3465 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3466 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3467 dev[0].request(cmd) 3468 # GAS: Query to 02:00:00:00:00:00 dialog token 3 failed - status code 1 3469 hdr = struct.pack('<BBBHBH', 4, 11, dialog_token, 1, 0x80, 0) 3470 action = binascii.hexlify(hdr).decode() + adv_proto + "0300" + "001001" 3471 cmd = "MGMT_TX %s %s freq=2437 wait_time=100 action=%s" % (bssid, bssid, action) 3472 dev[0].request(cmd) 3473 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3474 if not ev or "result=FAILURE" not in ev: 3475 raise Exception("Unexpect GAS query result: " + str(ev)) 3476 dev[0].request("DPP_STOP_LISTEN") 3477 hapd.dump_monitor() 3478 dev[0].dump_monitor() 3479 3480def test_dpp_hostapd_enrollee_gas_tx_status_errors(dev, apdev): 3481 """DPP and hostapd as Enrollee with GAS TX status errors""" 3482 check_dpp_capab(dev[0]) 3483 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3484 "channel": "6"}) 3485 check_dpp_capab(hapd) 3486 conf_id = dev[0].dpp_configurator_add() 3487 id0 = dev[0].dpp_bootstrap_gen(chan="81/6", mac=True) 3488 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3489 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 3490 dev[0].set("dpp_config_obj_override", conf) 3491 dev[0].set("dpp_configurator_params", 3492 "conf=ap-dpp configurator=%d" % conf_id) 3493 dev[0].set("ext_mgmt_frame_handling", "1") 3494 dev[0].dpp_listen(2437, role="configurator") 3495 hapd.dpp_auth_init(uri=uri0, role="enrollee") 3496 process_dpp_frames(dev[0], count=3) 3497 3498 hapd.set("ext_mgmt_frame_handling", "1") 3499 # GAS: TX status for unexpected destination 3500 frame = "d0003a01" + "222222222222" 3501 frame += hapd.own_addr().replace(':', '') + "ffffffffffff" 3502 frame += "5000" + "040a" 3503 hapd.request("MGMT_TX_STATUS_PROCESS stype=13 ok=1 buf=" + frame) 3504 3505 # GAS: No ACK to GAS request 3506 frame = "d0003a01" + dev[0].own_addr().replace(':', '') 3507 frame += hapd.own_addr().replace(':', '') + "ffffffffffff" 3508 frame += "5000" + "040a" 3509 hapd.request("MGMT_TX_STATUS_PROCESS stype=13 ok=0 buf=" + frame) 3510 3511 ev = hapd.wait_event(["GAS-QUERY-DONE"], timeout=10) 3512 if "result=TIMEOUT" not in ev: 3513 raise Exception("GAS timeout not reported") 3514 3515 # GAS: Unexpected TX status: dst=02:00:00:00:00:00 ok=1 - no query in progress 3516 hapd.request("MGMT_TX_STATUS_PROCESS stype=13 ok=1 buf=" + frame) 3517 hapd.set("ext_mgmt_frame_handling", "0") 3518 3519def test_dpp_hostapd_configurator_override_objects(dev, apdev): 3520 """DPP with hostapd as configurator and override objects""" 3521 check_dpp_capab(dev[0]) 3522 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 3523 "channel": "1"}) 3524 check_dpp_capab(hapd) 3525 conf_id = hapd.dpp_configurator_add() 3526 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 3527 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3528 id1 = hapd.dpp_qr_code(uri0) 3529 res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1) 3530 if "FAIL" in res: 3531 raise Exception("DPP_BOOTSTRAP_INFO failed") 3532 dev[0].dpp_listen(2412) 3533 discovery = '{\n"ssid":"mywifi"\n}' 3534 groups = '[\n {"groupId":"home","netRole":"sta"},\n {"groupId":"cottage","netRole":"sta"}\n]' 3535 hapd.set("dpp_discovery_override", discovery) 3536 hapd.set("dpp_groups_override", groups) 3537 hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp") 3538 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0], 3539 stop_responder=True) 3540 3541def test_dpp_own_config(dev, apdev): 3542 """DPP configurator signing own connector""" 3543 try: 3544 run_dpp_own_config(dev, apdev) 3545 finally: 3546 dev[0].set("dpp_config_processing", "0", allow_fail=True) 3547 3548def test_dpp_own_config_group_id(dev, apdev): 3549 """DPP configurator signing own connector""" 3550 try: 3551 run_dpp_own_config(dev, apdev, extra=" group_id=test-group") 3552 finally: 3553 dev[0].set("dpp_config_processing", "0", allow_fail=True) 3554 3555def test_dpp_own_config_curve_mismatch(dev, apdev): 3556 """DPP configurator signing own connector using mismatching curve""" 3557 try: 3558 run_dpp_own_config(dev, apdev, own_curve="BP-384", expect_failure=True) 3559 finally: 3560 dev[0].set("dpp_config_processing", "0", allow_fail=True) 3561 3562def run_dpp_own_config(dev, apdev, own_curve=None, expect_failure=False, 3563 extra=None): 3564 check_dpp_capab(dev[0], own_curve and "BP" in own_curve) 3565 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 3566 check_dpp_capab(hapd) 3567 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 3568 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 3569 conf_id = dev[0].dpp_configurator_add() 3570 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id, 3571 extra=extra) 3572 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd) 3573 update_hapd_config(hapd) 3574 3575 dev[0].set("dpp_config_processing", "1") 3576 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d%s" % (conf_id, extra) 3577 if own_curve: 3578 dev[0].dpp_configurator_set(conf_id, net_access_key_curve=own_curve) 3579 cmd += " curve=" + own_curve 3580 res = dev[0].request(cmd) 3581 if "FAIL" in res: 3582 raise Exception("Failed to generate own configuration") 3583 3584 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 3585 if ev is None: 3586 raise Exception("DPP network profile not generated") 3587 id = ev.split(' ')[1] 3588 dev[0].select_network(id, freq="2412") 3589 if expect_failure: 3590 ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=1) 3591 if ev is not None: 3592 raise Exception("Unexpected connection") 3593 dev[0].request("DISCONNECT") 3594 else: 3595 dev[0].wait_connected() 3596 3597def test_dpp_own_config_ap(dev, apdev): 3598 """DPP configurator (AP) signing own connector""" 3599 try: 3600 run_dpp_own_config_ap(dev, apdev) 3601 finally: 3602 dev[0].set("dpp_config_processing", "0", allow_fail=True) 3603 3604def test_dpp_own_config_ap_group_id(dev, apdev): 3605 """DPP configurator (AP) signing own connector (group_id)""" 3606 try: 3607 run_dpp_own_config_ap(dev, apdev, extra=" group_id=test-group") 3608 finally: 3609 dev[0].set("dpp_config_processing", "0", allow_fail=True) 3610 3611def test_dpp_own_config_ap_reconf(dev, apdev): 3612 """DPP configurator (AP) signing own connector and configurator reconf""" 3613 try: 3614 run_dpp_own_config_ap(dev, apdev) 3615 finally: 3616 dev[0].set("dpp_config_processing", "0", allow_fail=True) 3617 3618def run_dpp_own_config_ap(dev, apdev, reconf_configurator=False, extra=None): 3619 check_dpp_capab(dev[0]) 3620 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 3621 check_dpp_capab(hapd) 3622 conf_id = hapd.dpp_configurator_add() 3623 if reconf_configurator: 3624 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id) 3625 if "FAIL" in csign or len(csign) == 0: 3626 raise Exception("DPP_CONFIGURATOR_GET_KEY failed") 3627 3628 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d%s" % (conf_id, extra) 3629 res = hapd.request(cmd) 3630 if "FAIL" in res: 3631 raise Exception("Failed to generate own configuration") 3632 update_hapd_config(hapd) 3633 3634 if reconf_configurator: 3635 hapd.dpp_configurator_remove(conf_id) 3636 conf_id = hapd.dpp_configurator_add(key=csign) 3637 3638 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 3639 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id) 3640 dev[0].set("dpp_config_processing", "2") 3641 dev[0].dpp_listen(2412) 3642 hapd.dpp_auth_init(uri=uri, conf="sta-dpp", configurator=conf_id, 3643 extra=extra) 3644 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0]) 3645 dev[0].wait_connected() 3646 3647def test_dpp_intro_mismatch(dev, apdev): 3648 """DPP network introduction mismatch cases""" 3649 try: 3650 wpas = None 3651 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 3652 wpas.interface_add("wlan5") 3653 check_dpp_capab(wpas) 3654 run_dpp_intro_mismatch(dev, apdev, wpas) 3655 finally: 3656 dev[0].set("dpp_config_processing", "0", allow_fail=True) 3657 dev[2].set("dpp_config_processing", "0", allow_fail=True) 3658 if wpas: 3659 wpas.set("dpp_config_processing", "0", allow_fail=True) 3660 3661def run_dpp_intro_mismatch(dev, apdev, wpas): 3662 check_dpp_capab(dev[0]) 3663 check_dpp_capab(dev[1], min_ver=3) 3664 check_dpp_capab(dev[2], min_ver=3) 3665 logger.info("Start AP in unconfigured state") 3666 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 3667 check_dpp_capab(hapd) 3668 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 3669 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 3670 logger.info("Provision AP with DPP configuration") 3671 conf_id = dev[1].dpp_configurator_add() 3672 dev[1].set("dpp_groups_override", '[{"groupId":"a","netRole":"ap"}]') 3673 dev[1].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id) 3674 update_hapd_config(hapd) 3675 3676 logger.info("Provision STA0 with DPP Connector that has mismatching groupId") 3677 dev[0].set("dpp_config_processing", "2") 3678 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 3679 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3680 dev[0].dpp_listen(2412) 3681 dev[1].set("dpp_groups_override", '[{"groupId":"b","netRole":"sta"}]') 3682 dev[1].dpp_auth_init(uri=uri0, conf="sta-dpp", configurator=conf_id) 3683 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0]) 3684 3685 logger.info("Provision STA2 with DPP Connector that has mismatching C-sign-key") 3686 dev[2].set("dpp_config_processing", "2") 3687 id2 = dev[2].dpp_bootstrap_gen(chan="81/1", mac=True) 3688 uri2 = dev[2].request("DPP_BOOTSTRAP_GET_URI %d" % id2) 3689 dev[2].dpp_listen(2412) 3690 conf_id_2 = dev[1].dpp_configurator_add() 3691 dev[1].set("dpp_groups_override", '') 3692 dev[1].dpp_auth_init(uri=uri2, conf="sta-dpp", configurator=conf_id_2) 3693 wait_auth_success(dev[2], dev[1], configurator=dev[1], enrollee=dev[2]) 3694 3695 logger.info("Provision STA5 with DPP Connector that has mismatching netAccessKey EC group") 3696 wpas.set("dpp_config_processing", "2") 3697 id5 = wpas.dpp_bootstrap_gen(chan="81/1", mac=True, curve="P-521") 3698 uri5 = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id5) 3699 wpas.dpp_listen(2412) 3700 dev[1].set("dpp_groups_override", '') 3701 dev[1].dpp_configurator_set(conf_id, net_access_key_curve="P-521") 3702 dev[1].dpp_auth_init(uri=uri5, conf="sta-dpp", configurator=conf_id) 3703 wait_auth_success(wpas, dev[1], configurator=dev[1], enrollee=wpas) 3704 3705 logger.info("Verify network introduction results") 3706 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10) 3707 if ev is None: 3708 raise Exception("DPP network introduction result not seen on STA0") 3709 if "status=8" not in ev: 3710 raise Exception("Unexpected network introduction result on STA0: " + ev) 3711 3712 ev = dev[2].wait_event(["DPP-INTRO"], timeout=5) 3713 if ev is None: 3714 raise Exception("DPP network introduction result not seen on STA2") 3715 if "status=8" not in ev: 3716 raise Exception("Unexpected network introduction result on STA2: " + ev) 3717 3718 ev = wpas.wait_event(["DPP-INTRO"], timeout=10) 3719 if ev is None: 3720 raise Exception("DPP network introduction result not seen on STA5") 3721 if "status=7" not in ev: 3722 raise Exception("Unexpected network introduction result on STA5: " + ev) 3723 3724def run_dpp_proto_init(dev, test_dev, test, mutual=False, unicast=True, 3725 listen=True, chan="81/1", init_enrollee=False, 3726 incompatible_roles=False): 3727 check_dpp_capab(dev[0]) 3728 check_dpp_capab(dev[1]) 3729 dev[test_dev].set("dpp_test", str(test)) 3730 if init_enrollee: 3731 conf_id = dev[0].dpp_configurator_add() 3732 else: 3733 conf_id = dev[1].dpp_configurator_add() 3734 id0 = dev[0].dpp_bootstrap_gen(chan=chan, mac=unicast) 3735 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 3736 3737 if mutual: 3738 id1b = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True) 3739 uri1b = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1b) 3740 3741 id0b = dev[0].dpp_qr_code(uri1b) 3742 qr = "mutual" 3743 else: 3744 qr = None 3745 3746 if init_enrollee: 3747 if incompatible_roles: 3748 role = "enrollee" 3749 else: 3750 role = "configurator" 3751 dev[0].set("dpp_configurator_params", 3752 " conf=sta-dpp configurator=%d" % conf_id) 3753 elif incompatible_roles: 3754 role = "enrollee" 3755 else: 3756 role = None 3757 3758 if listen: 3759 dev[0].dpp_listen(2412, qr=qr, role=role) 3760 3761 role = None 3762 configurator = None 3763 conf = None 3764 own = None 3765 3766 if init_enrollee: 3767 role="enrollee" 3768 else: 3769 configurator=conf_id 3770 conf="sta-dpp" 3771 if incompatible_roles: 3772 role="enrollee" 3773 if mutual: 3774 own = id1b 3775 dev[1].dpp_auth_init(uri=uri0, role=role, configurator=configurator, 3776 conf=conf, own=own) 3777 return uri0, role, configurator, conf, own 3778 3779def test_dpp_proto_after_wrapped_data_auth_req(dev, apdev): 3780 """DPP protocol testing - attribute after Wrapped Data in Auth Req""" 3781 run_dpp_proto_init(dev, 1, 1) 3782 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 3783 if ev is None: 3784 raise Exception("DPP Authentication Request not seen") 3785 if "type=0" not in ev or "ignore=invalid-attributes" not in ev: 3786 raise Exception("Unexpected RX info: " + ev) 3787 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1) 3788 if ev is not None: 3789 raise Exception("Unexpected DPP message seen") 3790 3791def test_dpp_auth_req_stop_after_ack(dev, apdev): 3792 """DPP initiator stopping after ACK, but no response""" 3793 run_dpp_proto_init(dev, 1, 1, listen=True) 3794 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5) 3795 if ev is None: 3796 raise Exception("Authentication failure not reported") 3797 3798def test_dpp_auth_req_retries(dev, apdev): 3799 """DPP initiator retries with no ACK""" 3800 check_dpp_capab(dev[1]) 3801 dev[1].set("dpp_init_max_tries", "3") 3802 dev[1].set("dpp_init_retry_time", "1000") 3803 dev[1].set("dpp_resp_wait_time", "100") 3804 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False) 3805 3806 for i in range(3): 3807 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 3808 if ev is None: 3809 raise Exception("Auth Req not sent (%d)" % i) 3810 3811 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5) 3812 if ev is None: 3813 raise Exception("Authentication failure not reported") 3814 3815def test_dpp_auth_req_retries_multi_chan(dev, apdev): 3816 """DPP initiator retries with no ACK and multiple channels""" 3817 check_dpp_capab(dev[1]) 3818 dev[1].set("dpp_init_max_tries", "3") 3819 dev[1].set("dpp_init_retry_time", "1000") 3820 dev[1].set("dpp_resp_wait_time", "100") 3821 run_dpp_proto_init(dev, 1, 1, unicast=False, listen=False, 3822 chan="81/1,81/6,81/11") 3823 3824 for i in range(3 * 3): 3825 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 3826 if ev is None: 3827 raise Exception("Auth Req not sent (%d)" % i) 3828 3829 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5) 3830 if ev is None: 3831 raise Exception("Authentication failure not reported") 3832 3833def test_dpp_proto_after_wrapped_data_auth_resp(dev, apdev): 3834 """DPP protocol testing - attribute after Wrapped Data in Auth Resp""" 3835 run_dpp_proto_init(dev, 0, 2) 3836 ev = dev[1].wait_event(["DPP-RX"], timeout=5) 3837 if ev is None: 3838 raise Exception("DPP Authentication Response not seen") 3839 if "type=1" not in ev or "ignore=invalid-attributes" not in ev: 3840 raise Exception("Unexpected RX info: " + ev) 3841 ev = dev[0].wait_event(["DPP-RX"], timeout=1) 3842 if ev is None or "type=0" not in ev: 3843 raise Exception("DPP Authentication Request not seen") 3844 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1) 3845 if ev is not None: 3846 raise Exception("Unexpected DPP message seen") 3847 3848def test_dpp_proto_after_wrapped_data_auth_conf(dev, apdev): 3849 """DPP protocol testing - attribute after Wrapped Data in Auth Conf""" 3850 run_dpp_proto_init(dev, 1, 3) 3851 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 3852 if ev is None or "type=0" not in ev: 3853 raise Exception("DPP Authentication Request not seen") 3854 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 3855 if ev is None: 3856 raise Exception("DPP Authentication Confirm not seen") 3857 if "type=2" not in ev or "ignore=invalid-attributes" not in ev: 3858 raise Exception("Unexpected RX info: " + ev) 3859 3860def test_dpp_proto_after_wrapped_data_conf_req(dev, apdev): 3861 """DPP protocol testing - attribute after Wrapped Data in Conf Req""" 3862 run_dpp_proto_init(dev, 0, 6) 3863 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=10) 3864 if ev is None: 3865 raise Exception("DPP Configuration failure not seen") 3866 3867def test_dpp_proto_after_wrapped_data_conf_resp(dev, apdev): 3868 """DPP protocol testing - attribute after Wrapped Data in Conf Resp""" 3869 run_dpp_proto_init(dev, 1, 7) 3870 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=10) 3871 if ev is None: 3872 raise Exception("DPP Configuration failure not seen") 3873 3874def test_dpp_proto_zero_i_capab(dev, apdev): 3875 """DPP protocol testing - zero I-capability in Auth Req""" 3876 run_dpp_proto_init(dev, 1, 8) 3877 wait_dpp_fail(dev[0], "Invalid role in I-capabilities 0x00") 3878 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1) 3879 if ev is not None: 3880 raise Exception("Unexpected DPP message seen") 3881 3882def test_dpp_proto_zero_r_capab(dev, apdev): 3883 """DPP protocol testing - zero R-capability in Auth Resp""" 3884 run_dpp_proto_init(dev, 0, 9) 3885 wait_dpp_fail(dev[1], "Unexpected role in R-capabilities 0x00") 3886 ev = dev[0].wait_event(["DPP-RX"], timeout=1) 3887 if ev is None or "type=0" not in ev: 3888 raise Exception("DPP Authentication Request not seen") 3889 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1) 3890 if ev is not None: 3891 raise Exception("Unexpected DPP message seen") 3892 3893def run_dpp_proto_auth_req_missing(dev, test, reason, mutual=False): 3894 run_dpp_proto_init(dev, 1, test, mutual=mutual) 3895 wait_dpp_fail(dev[0], reason) 3896 ev = dev[1].wait_event(["DPP-RX"], timeout=0.1) 3897 if ev is not None: 3898 raise Exception("Unexpected DPP message seen") 3899 3900def test_dpp_proto_auth_req_no_r_bootstrap_key(dev, apdev): 3901 """DPP protocol testing - no R-bootstrap key in Auth Req""" 3902 run_dpp_proto_auth_req_missing(dev, 10, "Missing or invalid required Responder Bootstrapping Key Hash attribute") 3903 3904def test_dpp_proto_auth_req_invalid_r_bootstrap_key(dev, apdev): 3905 """DPP protocol testing - invalid R-bootstrap key in Auth Req""" 3906 run_dpp_proto_auth_req_missing(dev, 68, "No matching own bootstrapping key found - ignore message") 3907 3908def test_dpp_proto_auth_req_no_i_bootstrap_key(dev, apdev): 3909 """DPP protocol testing - no I-bootstrap key in Auth Req""" 3910 run_dpp_proto_auth_req_missing(dev, 11, "Missing or invalid required Initiator Bootstrapping Key Hash attribute") 3911 3912def test_dpp_proto_auth_req_invalid_i_bootstrap_key(dev, apdev): 3913 """DPP protocol testing - invalid I-bootstrap key in Auth Req""" 3914 run_dpp_proto_init(dev, 1, 69, mutual=True) 3915 ev = dev[0].wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5) 3916 if ev is None: 3917 raise Exception("DPP scan request not seen") 3918 ev = dev[1].wait_event(["DPP-RESPONSE-PENDING"], timeout=5) 3919 if ev is None: 3920 raise Exception("DPP response pending indication not seen") 3921 3922def test_dpp_proto_auth_req_no_i_proto_key(dev, apdev): 3923 """DPP protocol testing - no I-proto key in Auth Req""" 3924 run_dpp_proto_auth_req_missing(dev, 12, "Missing required Initiator Protocol Key attribute") 3925 3926def test_dpp_proto_auth_req_invalid_i_proto_key(dev, apdev): 3927 """DPP protocol testing - invalid I-proto key in Auth Req""" 3928 run_dpp_proto_auth_req_missing(dev, 66, "Invalid Initiator Protocol Key") 3929 3930def test_dpp_proto_auth_req_no_i_nonce(dev, apdev): 3931 """DPP protocol testing - no I-nonce in Auth Req""" 3932 run_dpp_proto_auth_req_missing(dev, 13, "Missing or invalid I-nonce") 3933 3934def test_dpp_proto_auth_req_invalid_i_nonce(dev, apdev): 3935 """DPP protocol testing - invalid I-nonce in Auth Req""" 3936 run_dpp_proto_auth_req_missing(dev, 81, "Missing or invalid I-nonce") 3937 3938def test_dpp_proto_auth_req_no_i_capab(dev, apdev): 3939 """DPP protocol testing - no I-capab in Auth Req""" 3940 run_dpp_proto_auth_req_missing(dev, 14, "Missing or invalid I-capab") 3941 3942def test_dpp_proto_auth_req_no_wrapped_data(dev, apdev): 3943 """DPP protocol testing - no Wrapped Data in Auth Req""" 3944 run_dpp_proto_auth_req_missing(dev, 15, "Missing or invalid required Wrapped Data attribute") 3945 3946def run_dpp_proto_auth_resp_missing(dev, test, reason, 3947 incompatible_roles=False): 3948 run_dpp_proto_init(dev, 0, test, mutual=True, 3949 incompatible_roles=incompatible_roles) 3950 if reason is None: 3951 if incompatible_roles: 3952 ev = dev[0].wait_event(["DPP-NOT-COMPATIBLE"], timeout=5) 3953 if ev is None: 3954 raise Exception("DPP-NOT-COMPATIBLE not reported") 3955 time.sleep(0.1) 3956 return 3957 wait_dpp_fail(dev[1], reason) 3958 ev = dev[0].wait_event(["DPP-RX"], timeout=1) 3959 if ev is None or "type=0" not in ev: 3960 raise Exception("DPP Authentication Request not seen") 3961 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1) 3962 if ev is not None: 3963 raise Exception("Unexpected DPP message seen") 3964 3965def test_dpp_proto_auth_resp_no_status(dev, apdev): 3966 """DPP protocol testing - no Status in Auth Resp""" 3967 run_dpp_proto_auth_resp_missing(dev, 16, "Missing or invalid required DPP Status attribute") 3968 3969def test_dpp_proto_auth_resp_status_no_status(dev, apdev): 3970 """DPP protocol testing - no Status in Auth Resp(status)""" 3971 run_dpp_proto_auth_resp_missing(dev, 16, 3972 "Missing or invalid required DPP Status attribute", 3973 incompatible_roles=True) 3974 3975def test_dpp_proto_auth_resp_invalid_status(dev, apdev): 3976 """DPP protocol testing - invalid Status in Auth Resp""" 3977 run_dpp_proto_auth_resp_missing(dev, 74, "Responder reported failure") 3978 3979def test_dpp_proto_auth_resp_no_r_bootstrap_key(dev, apdev): 3980 """DPP protocol testing - no R-bootstrap key in Auth Resp""" 3981 run_dpp_proto_auth_resp_missing(dev, 17, "Missing or invalid required Responder Bootstrapping Key Hash attribute") 3982 3983def test_dpp_proto_auth_resp_status_no_r_bootstrap_key(dev, apdev): 3984 """DPP protocol testing - no R-bootstrap key in Auth Resp(status)""" 3985 run_dpp_proto_auth_resp_missing(dev, 17, 3986 "Missing or invalid required Responder Bootstrapping Key Hash attribute", 3987 incompatible_roles=True) 3988 3989def test_dpp_proto_auth_resp_invalid_r_bootstrap_key(dev, apdev): 3990 """DPP protocol testing - invalid R-bootstrap key in Auth Resp""" 3991 run_dpp_proto_auth_resp_missing(dev, 70, "Unexpected Responder Bootstrapping Key Hash value") 3992 3993def test_dpp_proto_auth_resp_status_invalid_r_bootstrap_key(dev, apdev): 3994 """DPP protocol testing - invalid R-bootstrap key in Auth Resp(status)""" 3995 run_dpp_proto_auth_resp_missing(dev, 70, 3996 "Unexpected Responder Bootstrapping Key Hash value", 3997 incompatible_roles=True) 3998 3999def test_dpp_proto_auth_resp_no_i_bootstrap_key(dev, apdev): 4000 """DPP protocol testing - no I-bootstrap key in Auth Resp""" 4001 run_dpp_proto_auth_resp_missing(dev, 18, None) 4002 4003def test_dpp_proto_auth_resp_status_no_i_bootstrap_key(dev, apdev): 4004 """DPP protocol testing - no I-bootstrap key in Auth Resp(status)""" 4005 run_dpp_proto_auth_resp_missing(dev, 18, None, incompatible_roles=True) 4006 4007def test_dpp_proto_auth_resp_invalid_i_bootstrap_key(dev, apdev): 4008 """DPP protocol testing - invalid I-bootstrap key in Auth Resp""" 4009 run_dpp_proto_auth_resp_missing(dev, 71, "Initiator Bootstrapping Key Hash attribute did not match") 4010 4011def test_dpp_proto_auth_resp_status_invalid_i_bootstrap_key(dev, apdev): 4012 """DPP protocol testing - invalid I-bootstrap key in Auth Resp(status)""" 4013 run_dpp_proto_auth_resp_missing(dev, 71, 4014 "Initiator Bootstrapping Key Hash attribute did not match", 4015 incompatible_roles=True) 4016 4017def test_dpp_proto_auth_resp_no_r_proto_key(dev, apdev): 4018 """DPP protocol testing - no R-Proto Key in Auth Resp""" 4019 run_dpp_proto_auth_resp_missing(dev, 19, "Missing required Responder Protocol Key attribute") 4020 4021def test_dpp_proto_auth_resp_invalid_r_proto_key(dev, apdev): 4022 """DPP protocol testing - invalid R-Proto Key in Auth Resp""" 4023 run_dpp_proto_auth_resp_missing(dev, 67, "Invalid Responder Protocol Key") 4024 4025def test_dpp_proto_auth_resp_no_r_nonce(dev, apdev): 4026 """DPP protocol testing - no R-nonce in Auth Resp""" 4027 run_dpp_proto_auth_resp_missing(dev, 20, "Missing or invalid R-nonce") 4028 4029def test_dpp_proto_auth_resp_no_i_nonce(dev, apdev): 4030 """DPP protocol testing - no I-nonce in Auth Resp""" 4031 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce") 4032 4033def test_dpp_proto_auth_resp_status_no_i_nonce(dev, apdev): 4034 """DPP protocol testing - no I-nonce in Auth Resp(status)""" 4035 run_dpp_proto_auth_resp_missing(dev, 21, "Missing or invalid I-nonce", 4036 incompatible_roles=True) 4037 4038def test_dpp_proto_auth_resp_no_r_capab(dev, apdev): 4039 """DPP protocol testing - no R-capab in Auth Resp""" 4040 run_dpp_proto_auth_resp_missing(dev, 22, "Missing or invalid R-capabilities") 4041 4042def test_dpp_proto_auth_resp_no_r_auth(dev, apdev): 4043 """DPP protocol testing - no R-auth in Auth Resp""" 4044 run_dpp_proto_auth_resp_missing(dev, 23, "Missing or invalid Secondary Wrapped Data") 4045 4046def test_dpp_proto_auth_resp_no_wrapped_data(dev, apdev): 4047 """DPP protocol testing - no Wrapped Data in Auth Resp""" 4048 run_dpp_proto_auth_resp_missing(dev, 24, "Missing or invalid required Wrapped Data attribute") 4049 4050def test_dpp_proto_auth_resp_i_nonce_mismatch(dev, apdev): 4051 """DPP protocol testing - I-nonce mismatch in Auth Resp""" 4052 run_dpp_proto_init(dev, 0, 30, mutual=True) 4053 wait_dpp_fail(dev[1], "I-nonce mismatch") 4054 ev = dev[0].wait_event(["DPP-RX"], timeout=1) 4055 if ev is None or "type=0" not in ev: 4056 raise Exception("DPP Authentication Request not seen") 4057 ev = dev[0].wait_event(["DPP-RX"], timeout=0.1) 4058 if ev is not None: 4059 raise Exception("Unexpected DPP message seen") 4060 4061def test_dpp_proto_auth_resp_incompatible_r_capab(dev, apdev): 4062 """DPP protocol testing - Incompatible R-capab in Auth Resp""" 4063 run_dpp_proto_init(dev, 0, 31, mutual=True) 4064 wait_dpp_fail(dev[1], "Unexpected role in R-capabilities 0x02") 4065 wait_dpp_fail(dev[0], "Peer reported incompatible R-capab role") 4066 4067def test_dpp_proto_auth_resp_r_auth_mismatch(dev, apdev): 4068 """DPP protocol testing - R-auth mismatch in Auth Resp""" 4069 run_dpp_proto_init(dev, 0, 32, mutual=True) 4070 wait_dpp_fail(dev[1], "Mismatching Responder Authenticating Tag") 4071 wait_dpp_fail(dev[0], "Peer reported authentication failure") 4072 4073def test_dpp_proto_auth_resp_r_auth_mismatch_failure(dev, apdev): 4074 """DPP protocol testing - Auth Conf RX processing failure""" 4075 with alloc_fail(dev[0], 1, "dpp_auth_conf_rx_failure"): 4076 run_dpp_proto_init(dev, 0, 32, mutual=True) 4077 wait_dpp_fail(dev[0], "Authentication failed") 4078 4079def test_dpp_proto_auth_resp_r_auth_mismatch_failure2(dev, apdev): 4080 """DPP protocol testing - Auth Conf RX processing failure 2""" 4081 with fail_test(dev[0], 1, "dpp_auth_conf_rx_failure"): 4082 run_dpp_proto_init(dev, 0, 32, mutual=True) 4083 wait_dpp_fail(dev[0], "AES-SIV decryption failed") 4084 4085def run_dpp_proto_auth_conf_missing(dev, test, reason): 4086 run_dpp_proto_init(dev, 1, test, mutual=True) 4087 if reason is None: 4088 time.sleep(0.1) 4089 return 4090 wait_dpp_fail(dev[0], reason) 4091 4092def test_dpp_proto_auth_conf_no_status(dev, apdev): 4093 """DPP protocol testing - no Status in Auth Conf""" 4094 run_dpp_proto_auth_conf_missing(dev, 25, "Missing or invalid required DPP Status attribute") 4095 4096def test_dpp_proto_auth_conf_invalid_status(dev, apdev): 4097 """DPP protocol testing - invalid Status in Auth Conf""" 4098 run_dpp_proto_auth_conf_missing(dev, 75, "Authentication failed") 4099 4100def test_dpp_proto_auth_conf_no_r_bootstrap_key(dev, apdev): 4101 """DPP protocol testing - no R-bootstrap key in Auth Conf""" 4102 run_dpp_proto_auth_conf_missing(dev, 26, "Missing or invalid required Responder Bootstrapping Key Hash attribute") 4103 4104def test_dpp_proto_auth_conf_invalid_r_bootstrap_key(dev, apdev): 4105 """DPP protocol testing - invalid R-bootstrap key in Auth Conf""" 4106 run_dpp_proto_auth_conf_missing(dev, 72, "Responder Bootstrapping Key Hash mismatch") 4107 4108def test_dpp_proto_auth_conf_no_i_bootstrap_key(dev, apdev): 4109 """DPP protocol testing - no I-bootstrap key in Auth Conf""" 4110 run_dpp_proto_auth_conf_missing(dev, 27, "Missing Initiator Bootstrapping Key Hash attribute") 4111 4112def test_dpp_proto_auth_conf_invalid_i_bootstrap_key(dev, apdev): 4113 """DPP protocol testing - invalid I-bootstrap key in Auth Conf""" 4114 run_dpp_proto_auth_conf_missing(dev, 73, "Initiator Bootstrapping Key Hash mismatch") 4115 4116def test_dpp_proto_auth_conf_no_i_auth(dev, apdev): 4117 """DPP protocol testing - no I-Auth in Auth Conf""" 4118 run_dpp_proto_auth_conf_missing(dev, 28, "Missing or invalid Initiator Authenticating Tag") 4119 4120def test_dpp_proto_auth_conf_no_wrapped_data(dev, apdev): 4121 """DPP protocol testing - no Wrapped Data in Auth Conf""" 4122 run_dpp_proto_auth_conf_missing(dev, 29, "Missing or invalid required Wrapped Data attribute") 4123 4124def test_dpp_proto_auth_conf_i_auth_mismatch(dev, apdev): 4125 """DPP protocol testing - I-auth mismatch in Auth Conf""" 4126 run_dpp_proto_init(dev, 1, 33, mutual=True) 4127 wait_dpp_fail(dev[0], "Mismatching Initiator Authenticating Tag") 4128 4129def test_dpp_proto_auth_conf_replaced_by_resp(dev, apdev): 4130 """DPP protocol testing - Auth Conf replaced by Resp""" 4131 run_dpp_proto_init(dev, 1, 65, mutual=True) 4132 wait_dpp_fail(dev[0], "Unexpected Authentication Response") 4133 4134def run_dpp_proto_conf_req_missing(dev, test, reason): 4135 res = run_dpp_proto_init(dev, 0, test) 4136 wait_dpp_fail(dev[1], reason) 4137 return res 4138 4139def test_dpp_proto_conf_req_no_e_nonce(dev, apdev): 4140 """DPP protocol testing - no E-nonce in Conf Req""" 4141 res = run_dpp_proto_conf_req_missing(dev, 51, 4142 "Missing or invalid Enrollee Nonce attribute") 4143 # Verify that the DPP session has been cleared on failure during GAS request 4144 # handling. 4145 dev[0].set("dpp_test", "0") 4146 dev[1].dpp_listen(freq=2412) 4147 id0 = dev[1].dpp_bootstrap_gen(chan="81/1", mac=True) 4148 uri0 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 4149 dev[0].dpp_auth_init(uri=uri0) 4150 wait_auth_success(dev[1], dev[0]) 4151 4152def test_dpp_proto_conf_req_invalid_e_nonce(dev, apdev): 4153 """DPP protocol testing - invalid E-nonce in Conf Req""" 4154 run_dpp_proto_conf_req_missing(dev, 83, 4155 "Missing or invalid Enrollee Nonce attribute") 4156 4157def test_dpp_proto_conf_req_no_config_attr_obj(dev, apdev): 4158 """DPP protocol testing - no Config Attr Obj in Conf Req""" 4159 run_dpp_proto_conf_req_missing(dev, 52, 4160 "Missing or invalid Config Attributes attribute") 4161 4162def test_dpp_proto_conf_req_invalid_config_attr_obj(dev, apdev): 4163 """DPP protocol testing - invalid Config Attr Obj in Conf Req""" 4164 run_dpp_proto_conf_req_missing(dev, 76, 4165 "Unsupported wi-fi_tech") 4166 4167def test_dpp_proto_conf_req_no_wrapped_data(dev, apdev): 4168 """DPP protocol testing - no Wrapped Data in Conf Req""" 4169 run_dpp_proto_conf_req_missing(dev, 53, 4170 "Missing or invalid required Wrapped Data attribute") 4171 4172def run_dpp_proto_conf_resp_missing(dev, test, reason): 4173 run_dpp_proto_init(dev, 1, test) 4174 wait_dpp_fail(dev[0], reason) 4175 4176def test_dpp_proto_conf_resp_no_e_nonce(dev, apdev): 4177 """DPP protocol testing - no E-nonce in Conf Resp""" 4178 run_dpp_proto_conf_resp_missing(dev, 54, 4179 "Missing or invalid Enrollee Nonce attribute") 4180 4181def test_dpp_proto_conf_resp_no_config_obj(dev, apdev): 4182 """DPP protocol testing - no Config Object in Conf Resp""" 4183 run_dpp_proto_conf_resp_missing(dev, 55, 4184 "Missing required Configuration Object attribute") 4185 4186def test_dpp_proto_conf_resp_no_status(dev, apdev): 4187 """DPP protocol testing - no Status in Conf Resp""" 4188 run_dpp_proto_conf_resp_missing(dev, 56, 4189 "Missing or invalid required DPP Status attribute") 4190 4191def test_dpp_proto_conf_resp_no_wrapped_data(dev, apdev): 4192 """DPP protocol testing - no Wrapped Data in Conf Resp""" 4193 run_dpp_proto_conf_resp_missing(dev, 57, 4194 "Missing or invalid required Wrapped Data attribute") 4195 4196def test_dpp_proto_conf_resp_invalid_status(dev, apdev): 4197 """DPP protocol testing - invalid Status in Conf Resp""" 4198 run_dpp_proto_conf_resp_missing(dev, 58, 4199 "Configurator rejected configuration") 4200 4201def test_dpp_proto_conf_resp_e_nonce_mismatch(dev, apdev): 4202 """DPP protocol testing - E-nonce mismatch in Conf Resp""" 4203 run_dpp_proto_conf_resp_missing(dev, 59, 4204 "Enrollee Nonce mismatch") 4205 4206def test_dpp_proto_stop_at_auth_req(dev, apdev): 4207 """DPP protocol testing - stop when receiving Auth Req""" 4208 run_dpp_proto_init(dev, 0, 87) 4209 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5) 4210 if ev is None: 4211 raise Exception("Authentication init failure not reported") 4212 4213def test_dpp_proto_stop_at_auth_resp(dev, apdev): 4214 """DPP protocol testing - stop when receiving Auth Resp""" 4215 uri0, role, configurator, conf, own = run_dpp_proto_init(dev, 1, 88) 4216 4217 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 4218 if ev is None: 4219 raise Exception("Auth Req TX not seen") 4220 4221 ev = dev[0].wait_event(["DPP-TX "], timeout=5) 4222 if ev is None: 4223 raise Exception("Auth Resp TX not seen") 4224 4225 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1) 4226 if ev is not None: 4227 raise Exception("Unexpected Auth Conf TX") 4228 4229 ev = dev[0].wait_event(["DPP-FAIL"], timeout=2) 4230 if ev is None or "No Auth Confirm received" not in ev: 4231 raise Exception("DPP-FAIL for missing Auth Confirm not reported") 4232 time.sleep(0.1) 4233 4234 # Try again without special testing behavior to confirm Responder is able 4235 # to accept a new provisioning attempt. 4236 dev[1].set("dpp_test", "0") 4237 dev[1].dpp_auth_init(uri=uri0, role=role, configurator=configurator, 4238 conf=conf, own=own) 4239 wait_auth_success(dev[0], dev[1]) 4240 4241def test_dpp_proto_stop_at_auth_conf(dev, apdev): 4242 """DPP protocol testing - stop when receiving Auth Conf""" 4243 run_dpp_proto_init(dev, 0, 89, init_enrollee=True) 4244 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=10) 4245 if ev is None: 4246 raise Exception("Enrollee did not start GAS") 4247 ev = dev[1].wait_event(["GAS-QUERY-DONE"], timeout=10) 4248 if ev is None: 4249 raise Exception("Enrollee did not time out GAS") 4250 if "result=TIMEOUT" not in ev: 4251 raise Exception("Unexpected GAS result: " + ev) 4252 4253def test_dpp_proto_stop_at_auth_conf_tx(dev, apdev): 4254 """DPP protocol testing - stop when transmitting Auth Conf (Registrar)""" 4255 run_dpp_proto_init(dev, 1, 89, init_enrollee=True) 4256 wait_auth_success(dev[0], dev[1], timeout=10) 4257 ev = dev[1].wait_event(["GAS-QUERY-START"], timeout=0.1) 4258 if ev is not None: 4259 raise Exception("Unexpected GAS query") 4260 4261 # There is currently no timeout on GAS server side, so no event to wait for 4262 # in this case. 4263 4264def test_dpp_proto_stop_at_auth_conf_tx2(dev, apdev): 4265 """DPP protocol testing - stop when transmitting Auth Conf (Enrollee)""" 4266 run_dpp_proto_init(dev, 1, 89) 4267 wait_auth_success(dev[0], dev[1], timeout=10) 4268 4269 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5) 4270 if ev is None or "result=TIMEOUT" not in ev: 4271 raise Exception("GAS query did not time out") 4272 4273def test_dpp_proto_stop_at_conf_req(dev, apdev): 4274 """DPP protocol testing - stop when receiving Auth Req""" 4275 run_dpp_proto_init(dev, 1, 90) 4276 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=10) 4277 if ev is None: 4278 raise Exception("Enrollee did not start GAS") 4279 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=10) 4280 if ev is None: 4281 raise Exception("Enrollee did not time out GAS") 4282 if "result=TIMEOUT" not in ev: 4283 raise Exception("Unexpected GAS result: " + ev) 4284 4285def run_dpp_proto_init_pkex(dev, test_dev, test): 4286 check_dpp_capab(dev[0]) 4287 check_dpp_capab(dev[1]) 4288 dev[test_dev].set("dpp_test", str(test)) 4289 dev[0].dpp_pkex_resp(2437, identifier="test", code="secret") 4290 dev[1].dpp_pkex_init(identifier="test", code="secret") 4291 4292def test_dpp_proto_after_wrapped_data_pkex_cr_req(dev, apdev): 4293 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Req""" 4294 run_dpp_proto_init_pkex(dev, 1, 4) 4295 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 4296 if ev is None or ("type=7" not in ev and "type=18" not in ev): 4297 raise Exception("PKEX Exchange Request not seen") 4298 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 4299 if ev is None or "type=9" not in ev: 4300 raise Exception("PKEX Commit-Reveal Request not seen") 4301 if "ignore=invalid-attributes" not in ev: 4302 raise Exception("Unexpected RX info: " + ev) 4303 4304def test_dpp_proto_after_wrapped_data_pkex_cr_resp(dev, apdev): 4305 """DPP protocol testing - attribute after Wrapped Data in PKEX CR Resp""" 4306 run_dpp_proto_init_pkex(dev, 0, 5) 4307 ev = dev[1].wait_event(["DPP-RX"], timeout=5) 4308 if ev is None or "type=8" not in ev: 4309 raise Exception("PKEX Exchange Response not seen") 4310 ev = dev[1].wait_event(["DPP-RX"], timeout=5) 4311 if ev is None or "type=10" not in ev: 4312 raise Exception("PKEX Commit-Reveal Response not seen") 4313 if "ignore=invalid-attributes" not in ev: 4314 raise Exception("Unexpected RX info: " + ev) 4315 4316def run_dpp_proto_pkex_req_missing(dev, test, reason): 4317 run_dpp_proto_init_pkex(dev, 1, test) 4318 wait_dpp_fail(dev[0], reason) 4319 4320def run_dpp_proto_pkex_resp_missing(dev, test, reason): 4321 run_dpp_proto_init_pkex(dev, 0, test) 4322 wait_dpp_fail(dev[1], reason) 4323 4324def test_dpp_proto_pkex_exchange_req_no_finite_cyclic_group(dev, apdev): 4325 """DPP protocol testing - no Finite Cyclic Group in PKEX Exchange Request""" 4326 run_dpp_proto_pkex_req_missing(dev, 34, 4327 "Missing or invalid Finite Cyclic Group attribute") 4328 4329def test_dpp_proto_pkex_exchange_req_no_encrypted_key(dev, apdev): 4330 """DPP protocol testing - no Encrypted Key in PKEX Exchange Request""" 4331 run_dpp_proto_pkex_req_missing(dev, 35, 4332 "Missing Encrypted Key attribute") 4333 4334def test_dpp_proto_pkex_exchange_resp_no_status(dev, apdev): 4335 """DPP protocol testing - no Status in PKEX Exchange Response""" 4336 run_dpp_proto_pkex_resp_missing(dev, 36, "No DPP Status attribute") 4337 4338def test_dpp_proto_pkex_exchange_resp_no_encrypted_key(dev, apdev): 4339 """DPP protocol testing - no Encrypted Key in PKEX Exchange Response""" 4340 run_dpp_proto_pkex_resp_missing(dev, 37, "Missing Encrypted Key attribute") 4341 4342def test_dpp_proto_pkex_cr_req_no_bootstrap_key(dev, apdev): 4343 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Request""" 4344 run_dpp_proto_pkex_req_missing(dev, 38, 4345 "No valid peer bootstrapping key found") 4346 4347def test_dpp_proto_pkex_cr_req_no_i_auth_tag(dev, apdev): 4348 """DPP protocol testing - no I-Auth Tag in PKEX Commit-Reveal Request""" 4349 run_dpp_proto_pkex_req_missing(dev, 39, "No valid u (I-Auth tag) found") 4350 4351def test_dpp_proto_pkex_cr_req_no_wrapped_data(dev, apdev): 4352 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Request""" 4353 run_dpp_proto_pkex_req_missing(dev, 40, "Missing or invalid required Wrapped Data attribute") 4354 4355def test_dpp_proto_pkex_cr_resp_no_bootstrap_key(dev, apdev): 4356 """DPP protocol testing - no Bootstrap Key in PKEX Commit-Reveal Response""" 4357 run_dpp_proto_pkex_resp_missing(dev, 41, 4358 "No valid peer bootstrapping key found") 4359 4360def test_dpp_proto_pkex_cr_resp_no_r_auth_tag(dev, apdev): 4361 """DPP protocol testing - no R-Auth Tag in PKEX Commit-Reveal Response""" 4362 run_dpp_proto_pkex_resp_missing(dev, 42, "No valid v (R-Auth tag) found") 4363 4364def test_dpp_proto_pkex_cr_resp_no_wrapped_data(dev, apdev): 4365 """DPP protocol testing - no Wrapped Data in PKEX Commit-Reveal Response""" 4366 run_dpp_proto_pkex_resp_missing(dev, 43, "Missing or invalid required Wrapped Data attribute") 4367 4368def test_dpp_proto_pkex_exchange_req_invalid_encrypted_key(dev, apdev): 4369 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Request""" 4370 run_dpp_proto_pkex_req_missing(dev, 44, 4371 "Invalid Encrypted Key value") 4372 4373def test_dpp_proto_pkex_exchange_resp_invalid_encrypted_key(dev, apdev): 4374 """DPP protocol testing - invalid Encrypted Key in PKEX Exchange Response""" 4375 run_dpp_proto_pkex_resp_missing(dev, 45, 4376 "Invalid Encrypted Key value") 4377 4378def test_dpp_proto_pkex_exchange_resp_invalid_status(dev, apdev): 4379 """DPP protocol testing - invalid Status in PKEX Exchange Response""" 4380 run_dpp_proto_pkex_resp_missing(dev, 46, 4381 "PKEX failed (peer indicated failure)") 4382 4383def test_dpp_proto_pkex_cr_req_invalid_bootstrap_key(dev, apdev): 4384 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Request""" 4385 run_dpp_proto_pkex_req_missing(dev, 47, 4386 "Peer bootstrapping key is invalid") 4387 4388def test_dpp_proto_pkex_cr_resp_invalid_bootstrap_key(dev, apdev): 4389 """DPP protocol testing - invalid Bootstrap Key in PKEX Commit-Reveal Response""" 4390 run_dpp_proto_pkex_resp_missing(dev, 48, 4391 "Peer bootstrapping key is invalid") 4392 4393def test_dpp_proto_pkex_cr_req_i_auth_tag_mismatch(dev, apdev): 4394 """DPP protocol testing - I-auth tag mismatch in PKEX Commit-Reveal Request""" 4395 run_dpp_proto_pkex_req_missing(dev, 49, "No valid u (I-Auth tag) found") 4396 4397def test_dpp_proto_pkex_cr_resp_r_auth_tag_mismatch(dev, apdev): 4398 """DPP protocol testing - R-auth tag mismatch in PKEX Commit-Reveal Response""" 4399 run_dpp_proto_pkex_resp_missing(dev, 50, "No valid v (R-Auth tag) found") 4400 4401def test_dpp_proto_stop_at_pkex_exchange_resp(dev, apdev): 4402 """DPP protocol testing - stop when receiving PKEX Exchange Response""" 4403 run_dpp_proto_init_pkex(dev, 1, 84) 4404 4405 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 4406 if ev is None: 4407 raise Exception("PKEX Exchange Req TX not seen") 4408 4409 ev = dev[0].wait_event(["DPP-TX "], timeout=5) 4410 if ev is None: 4411 raise Exception("PKEX Exchange Resp not seen") 4412 4413 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1) 4414 if ev is not None: 4415 raise Exception("Unexpected PKEX CR Req TX") 4416 4417def test_dpp_proto_stop_at_pkex_cr_req(dev, apdev): 4418 """DPP protocol testing - stop when receiving PKEX CR Request""" 4419 run_dpp_proto_init_pkex(dev, 0, 85) 4420 4421 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 4422 if ev is None: 4423 raise Exception("PKEX Exchange Req TX not seen") 4424 4425 ev = dev[0].wait_event(["DPP-TX "], timeout=5) 4426 if ev is None: 4427 raise Exception("PKEX Exchange Resp not seen") 4428 4429 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 4430 if ev is None: 4431 raise Exception("PKEX CR Req TX not seen") 4432 4433 ev = dev[0].wait_event(["DPP-TX "], timeout=0.1) 4434 if ev is not None: 4435 raise Exception("Unexpected PKEX CR Resp TX") 4436 4437def test_dpp_proto_stop_at_pkex_cr_resp(dev, apdev): 4438 """DPP protocol testing - stop when receiving PKEX CR Response""" 4439 run_dpp_proto_init_pkex(dev, 1, 86) 4440 4441 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 4442 if ev is None: 4443 raise Exception("PKEX Exchange Req TX not seen") 4444 4445 ev = dev[0].wait_event(["DPP-TX "], timeout=5) 4446 if ev is None: 4447 raise Exception("PKEX Exchange Resp not seen") 4448 4449 ev = dev[1].wait_event(["DPP-TX "], timeout=5) 4450 if ev is None: 4451 raise Exception("PKEX CR Req TX not seen") 4452 4453 ev = dev[0].wait_event(["DPP-TX "], timeout=5) 4454 if ev is None: 4455 raise Exception("PKEX CR Resp TX not seen") 4456 4457 ev = dev[1].wait_event(["DPP-TX "], timeout=0.1) 4458 if ev is not None: 4459 raise Exception("Unexpected Auth Req TX") 4460 4461def test_dpp_proto_network_introduction(dev, apdev): 4462 """DPP protocol testing - network introduction""" 4463 check_dpp_capab(dev[0]) 4464 check_dpp_capab(dev[1]) 4465 4466 params = {"ssid": "dpp", 4467 "wpa": "2", 4468 "wpa_key_mgmt": "DPP", 4469 "ieee80211w": "2", 4470 "rsn_pairwise": "CCMP", 4471 "dpp_connector": params1_ap_connector, 4472 "dpp_csign": params1_csign, 4473 "dpp_netaccesskey": params1_ap_netaccesskey} 4474 try: 4475 hapd = hostapd.add_ap(apdev[0], params) 4476 except: 4477 raise HwsimSkip("DPP not supported") 4478 4479 for test in [60, 61, 80, 82]: 4480 dev[0].set("dpp_test", str(test)) 4481 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2", 4482 dpp_csign=params1_csign, 4483 dpp_connector=params1_sta_connector, 4484 dpp_netaccesskey=params1_sta_netaccesskey, 4485 wait_connect=False) 4486 4487 ev = dev[0].wait_event(["DPP-TX "], timeout=10) 4488 if ev is None or "type=5" not in ev: 4489 raise Exception("Peer Discovery Request TX not reported") 4490 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=2) 4491 if ev is None or "result=SUCCESS" not in ev: 4492 raise Exception("Peer Discovery Request TX status not reported") 4493 4494 ev = hapd.wait_event(["DPP-RX"], timeout=10) 4495 if ev is None or "type=5" not in ev: 4496 raise Exception("Peer Discovery Request RX not reported") 4497 4498 if test == 80: 4499 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10) 4500 if ev is None: 4501 raise Exception("DPP-INTRO not reported for test 80") 4502 if "status=7" not in ev: 4503 raise Exception("Unexpected result in test 80: " + ev) 4504 4505 dev[0].request("REMOVE_NETWORK all") 4506 dev[0].dump_monitor() 4507 hapd.dump_monitor() 4508 dev[0].set("dpp_test", "0") 4509 4510 for test in [62, 63, 64, 77, 78, 79]: 4511 hapd.set("dpp_test", str(test)) 4512 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2", 4513 dpp_csign=params1_csign, 4514 dpp_connector=params1_sta_connector, 4515 dpp_netaccesskey=params1_sta_netaccesskey, 4516 wait_connect=False) 4517 4518 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10) 4519 if ev is None: 4520 raise Exception("Peer introduction result not reported (test %d)" % test) 4521 if test == 77: 4522 if "fail=transaction_id_mismatch" not in ev: 4523 raise Exception("Connector validation failure not reported") 4524 elif test == 78: 4525 if "status=254" not in ev: 4526 raise Exception("Invalid status value not reported") 4527 elif test == 79: 4528 if "fail=peer_connector_validation_failed" not in ev: 4529 raise Exception("Connector validation failure not reported") 4530 elif "status=" in ev: 4531 raise Exception("Unexpected peer introduction result (test %d): " % test + ev) 4532 4533 dev[0].request("REMOVE_NETWORK all") 4534 dev[0].dump_monitor() 4535 hapd.dump_monitor() 4536 hapd.set("dpp_test", "0") 4537 4538 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", ieee80211w="2", 4539 dpp_csign=params1_csign, dpp_connector=params1_sta_connector, 4540 dpp_netaccesskey=params1_sta_netaccesskey) 4541 4542def test_dpp_hostapd_auth_conf_timeout(dev, apdev): 4543 """DPP Authentication Confirm timeout in hostapd""" 4544 check_dpp_capab(dev[0]) 4545 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 4546 check_dpp_capab(hapd) 4547 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 4548 uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 4549 hapd.dpp_listen(2412) 4550 dev[0].set("dpp_test", "88") 4551 dev[0].dpp_auth_init(uri=uri_h) 4552 ev = hapd.wait_event(["DPP-FAIL"], timeout=10) 4553 if ev is None: 4554 raise Exception("DPP-FAIL not reported") 4555 if "No Auth Confirm received" not in ev: 4556 raise Exception("Unexpected failure reason: " + ev) 4557 4558def test_dpp_hostapd_auth_resp_retries(dev, apdev): 4559 """DPP Authentication Response retries in hostapd""" 4560 check_dpp_capab(dev[0]) 4561 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 4562 check_dpp_capab(hapd) 4563 4564 hapd.set("dpp_resp_max_tries", "3") 4565 hapd.set("dpp_resp_retry_time", "100") 4566 4567 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 4568 uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 4569 id0b = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 4570 uri0b = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0b) 4571 hapd.dpp_listen(2412, qr="mutual") 4572 dev[0].dpp_auth_init(uri=uri_h, own=id0b) 4573 4574 ev = dev[0].wait_event(["DPP-RESPONSE-PENDING"], timeout=5) 4575 if ev is None: 4576 raise Exception("Pending response not reported") 4577 ev = hapd.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5) 4578 if ev is None: 4579 raise Exception("QR Code scan for mutual authentication not requested") 4580 4581 # Stop Initiator from listening to frames to force retransmission of the 4582 # DPP Authentication Response frame with Status=0 4583 dev[0].request("DPP_STOP_LISTEN") 4584 4585 ev = hapd.wait_event(["DPP-TX-STATUS"], timeout=1) 4586 if ev is None: 4587 raise Exception("No TX status reported for response") 4588 time.sleep(0.1) 4589 4590 hapd.dump_monitor() 4591 dev[0].dump_monitor() 4592 4593 id0b = hapd.dpp_qr_code(uri0b) 4594 4595 ev = hapd.wait_event(["DPP-TX "], timeout=5) 4596 if ev is None or "type=1" not in ev: 4597 raise Exception("DPP Authentication Response not sent") 4598 ev = hapd.wait_event(["DPP-TX-STATUS"], timeout=5) 4599 if ev is None: 4600 raise Exception("TX status for DPP Authentication Response not reported") 4601 if "result=FAILED" not in ev: 4602 raise Exception("Unexpected TX status for Authentication Response: " + ev) 4603 4604 ev = hapd.wait_event(["DPP-TX "], timeout=15) 4605 if ev is None or "type=1" not in ev: 4606 raise Exception("DPP Authentication Response retransmission not sent") 4607 4608def test_dpp_qr_code_no_chan_list_unicast(dev, apdev): 4609 """DPP QR Code and no channel list (unicast)""" 4610 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, None) 4611 4612def test_dpp_qr_code_chan_list_unicast(dev, apdev): 4613 """DPP QR Code and 2.4 GHz channels (unicast)""" 4614 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, 4615 "81/1,81/2,81/3,81/4,81/5,81/6,81/7,81/8,81/9,81/10,81/11,81/12,81/13") 4616 4617def test_dpp_qr_code_chan_list_unicast2(dev, apdev): 4618 """DPP QR Code and 2.4 GHz channels (unicast 2)""" 4619 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, 4620 "81/1,2,3,4,5,6,7,8,9,10,11,12,13") 4621 4622def test_dpp_qr_code_chan_list_no_peer_unicast(dev, apdev): 4623 """DPP QR Code and channel list and no peer (unicast)""" 4624 run_dpp_qr_code_chan_list(dev, apdev, True, 2417, "81/1,81/6,81/11", 4625 no_wait=True) 4626 ev = dev[1].wait_event(["DPP-AUTH-INIT-FAILED"], timeout=5) 4627 if ev is None: 4628 raise Exception("Initiation failure not reported") 4629 4630def test_dpp_qr_code_no_chan_list_broadcast(dev, apdev): 4631 """DPP QR Code and no channel list (broadcast)""" 4632 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, None, timeout=20) 4633 4634def test_dpp_qr_code_chan_list_broadcast(dev, apdev): 4635 """DPP QR Code and some 2.4 GHz channels (broadcast)""" 4636 run_dpp_qr_code_chan_list(dev, apdev, False, 2412, "81/1,81/6,81/11", 4637 timeout=10) 4638 4639def run_dpp_qr_code_chan_list(dev, apdev, unicast, listen_freq, chanlist, 4640 no_wait=False, timeout=5): 4641 check_dpp_capab(dev[0]) 4642 check_dpp_capab(dev[1]) 4643 dev[1].set("dpp_init_max_tries", "3") 4644 dev[1].set("dpp_init_retry_time", "100") 4645 dev[1].set("dpp_resp_wait_time", "1000") 4646 4647 logger.info("dev0 displays QR Code") 4648 id0 = dev[0].dpp_bootstrap_gen(chan=chanlist, mac=unicast) 4649 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 4650 logger.info("dev1 scans QR Code and initiates DPP Authentication") 4651 dev[0].dpp_listen(listen_freq) 4652 dev[1].dpp_auth_init(uri=uri0) 4653 if no_wait: 4654 return 4655 wait_auth_success(dev[0], dev[1], timeout=timeout, configurator=dev[1], 4656 enrollee=dev[0], allow_enrollee_failure=True, 4657 stop_responder=True) 4658 4659def test_dpp_qr_code_chan_list_no_match(dev, apdev): 4660 """DPP QR Code and no matching supported channel""" 4661 check_dpp_capab(dev[0]) 4662 check_dpp_capab(dev[1]) 4663 id0 = dev[0].dpp_bootstrap_gen(chan="123/123") 4664 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 4665 dev[1].dpp_auth_init(uri=uri0, expect_fail=True) 4666 4667def test_dpp_pkex_alloc_fail(dev, apdev): 4668 """DPP/PKEX and memory allocation failures""" 4669 check_dpp_capab(dev[0]) 4670 check_dpp_capab(dev[1]) 4671 4672 tests = [(1, "=dpp_keygen_configurator"), 4673 (1, "base64_gen_encode;dpp_keygen_configurator")] 4674 for count, func in tests: 4675 with alloc_fail(dev[1], count, func): 4676 cmd = "DPP_CONFIGURATOR_ADD" 4677 res = dev[1].request(cmd) 4678 if "FAIL" not in res: 4679 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success") 4680 4681 conf_id = dev[1].dpp_configurator_add() 4682 4683 id0 = None 4684 id1 = None 4685 4686 # Local error cases on the Initiator 4687 tests = [(1, "crypto_ec_key_get_pubkey_point"), 4688 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_req"), 4689 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_req"), 4690 (1, "dpp_alloc_msg;dpp_auth_build_req"), 4691 (1, "dpp_alloc_msg;dpp_auth_build_conf"), 4692 (1, "dpp_bootstrap_key_hash"), 4693 (1, "dpp_auth_init"), 4694 (1, "dpp_alloc_auth"), 4695 (1, "=dpp_auth_resp_rx"), 4696 (1, "dpp_build_conf_start"), 4697 (1, "dpp_build_conf_obj_dpp"), 4698 (2, "dpp_build_conf_obj_dpp"), 4699 (3, "dpp_build_conf_obj_dpp"), 4700 (4, "dpp_build_conf_obj_dpp"), 4701 (5, "dpp_build_conf_obj_dpp"), 4702 (6, "dpp_build_conf_obj_dpp"), 4703 (7, "dpp_build_conf_obj_dpp"), 4704 (8, "dpp_build_conf_obj_dpp"), 4705 (1, "dpp_conf_req_rx"), 4706 (2, "dpp_conf_req_rx"), 4707 (3, "dpp_conf_req_rx"), 4708 (4, "dpp_conf_req_rx"), 4709 (5, "dpp_conf_req_rx"), 4710 (6, "dpp_conf_req_rx"), 4711 (7, "dpp_conf_req_rx"), 4712 (1, "dpp_pkex_init"), 4713 (2, "dpp_pkex_init"), 4714 (3, "dpp_pkex_init"), 4715 (1, "dpp_pkex_derive_z"), 4716 (1, "=dpp_pkex_rx_commit_reveal_resp"), 4717 (1, "crypto_ec_key_get_pubkey_point;dpp_build_jwk"), 4718 (2, "crypto_ec_key_get_pubkey_point;dpp_build_jwk"), 4719 (1, "crypto_ec_key_get_pubkey_point;dpp_auth_init")] 4720 for count, func in tests: 4721 dev[0].request("DPP_STOP_LISTEN") 4722 dev[1].request("DPP_STOP_LISTEN") 4723 dev[0].dump_monitor() 4724 dev[1].dump_monitor() 4725 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", 4726 use_id=id0) 4727 4728 with alloc_fail(dev[1], count, func): 4729 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret", 4730 use_id=id1, 4731 extra="conf=sta-dpp configurator=%d" % conf_id, 4732 allow_fail=True) 4733 wait_fail_trigger(dev[1], "GET_ALLOC_FAIL", max_iter=100) 4734 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01) 4735 if ev: 4736 dev[0].request("DPP_STOP_LISTEN") 4737 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3) 4738 4739 # Local error cases on the Responder 4740 tests = [(1, "crypto_ec_key_get_pubkey_point"), 4741 (1, "dpp_alloc_msg;dpp_pkex_build_exchange_resp"), 4742 (1, "dpp_alloc_msg;dpp_pkex_build_commit_reveal_resp"), 4743 (1, "dpp_alloc_msg;dpp_auth_build_resp"), 4744 (1, "crypto_ec_key_get_pubkey_point;dpp_auth_build_resp_ok"), 4745 (1, "dpp_alloc_auth"), 4746 (1, "=dpp_auth_req_rx"), 4747 (1, "=dpp_auth_conf_rx"), 4748 (1, "json_parse;dpp_parse_jws_prot_hdr"), 4749 (1, "json_get_member_base64url;dpp_parse_jws_prot_hdr"), 4750 (1, "json_get_member_base64url;dpp_parse_jwk"), 4751 (2, "json_get_member_base64url;dpp_parse_jwk"), 4752 (1, "json_parse;dpp_parse_connector"), 4753 (1, "dpp_parse_jwk;dpp_parse_connector"), 4754 (1, "dpp_parse_jwk;dpp_parse_cred_dpp"), 4755 (1, "crypto_ec_key_get_pubkey_point;dpp_check_pubkey_match"), 4756 (1, "base64_gen_decode;dpp_process_signed_connector"), 4757 (1, "dpp_parse_jws_prot_hdr;dpp_process_signed_connector"), 4758 (2, "base64_gen_decode;dpp_process_signed_connector"), 4759 (3, "base64_gen_decode;dpp_process_signed_connector"), 4760 (4, "base64_gen_decode;dpp_process_signed_connector"), 4761 (1, "json_parse;dpp_parse_conf_obj"), 4762 (1, "dpp_conf_resp_rx"), 4763 (1, "=dpp_pkex_derive_z"), 4764 (1, "=dpp_pkex_rx_exchange_req"), 4765 (2, "=dpp_pkex_rx_exchange_req"), 4766 (3, "=dpp_pkex_rx_exchange_req"), 4767 (1, "=dpp_pkex_rx_commit_reveal_req"), 4768 (1, "crypto_ec_key_get_pubkey_point;dpp_pkex_rx_commit_reveal_req"), 4769 (1, "dpp_bootstrap_key_hash")] 4770 for count, func in tests: 4771 dev[0].request("DPP_STOP_LISTEN") 4772 dev[1].request("DPP_STOP_LISTEN") 4773 dev[0].dump_monitor() 4774 dev[1].dump_monitor() 4775 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", 4776 use_id=id0) 4777 4778 with alloc_fail(dev[0], count, func): 4779 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret", 4780 use_id=id1, 4781 extra="conf=sta-dpp configurator=%d" % conf_id) 4782 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL", max_iter=100) 4783 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01) 4784 if ev: 4785 dev[0].request("DPP_STOP_LISTEN") 4786 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3) 4787 4788def test_dpp_pkex_test_fail(dev, apdev): 4789 """DPP/PKEX and local failures""" 4790 check_dpp_capab(dev[0]) 4791 check_dpp_capab(dev[1]) 4792 4793 tests = [(1, "dpp_keygen_configurator")] 4794 for count, func in tests: 4795 with fail_test(dev[1], count, func): 4796 cmd = "DPP_CONFIGURATOR_ADD" 4797 res = dev[1].request(cmd) 4798 if "FAIL" not in res: 4799 raise Exception("Unexpected DPP_CONFIGURATOR_ADD success") 4800 4801 tests = [(1, "dpp_keygen")] 4802 for count, func in tests: 4803 with fail_test(dev[1], count, func): 4804 cmd = "DPP_BOOTSTRAP_GEN type=pkex" 4805 res = dev[1].request(cmd) 4806 if "FAIL" not in res: 4807 raise Exception("Unexpected DPP_BOOTSTRAP_GEN success") 4808 4809 conf_id = dev[1].dpp_configurator_add() 4810 4811 id0 = None 4812 id1 = None 4813 4814 # Local error cases on the Initiator 4815 tests = [(1, "aes_siv_encrypt;dpp_auth_build_req"), 4816 (1, "os_get_random;dpp_auth_init"), 4817 (1, "dpp_derive_k1;dpp_auth_init"), 4818 (1, "dpp_hkdf_expand;dpp_derive_k1;dpp_auth_init"), 4819 (1, "dpp_gen_i_auth;dpp_auth_build_conf"), 4820 (1, "aes_siv_encrypt;dpp_auth_build_conf"), 4821 (1, "dpp_derive_k2;dpp_auth_resp_rx"), 4822 (1, "dpp_hkdf_expand;dpp_derive_k2;dpp_auth_resp_rx"), 4823 (1, "dpp_derive_bk_ke;dpp_auth_resp_rx"), 4824 (1, "dpp_hkdf_expand;dpp_derive_bk_ke;dpp_auth_resp_rx"), 4825 (1, "dpp_gen_r_auth;dpp_auth_resp_rx"), 4826 (1, "aes_siv_encrypt;dpp_build_conf_resp"), 4827 (1, "dpp_pkex_derive_Qi;dpp_pkex_build_exchange_req"), 4828 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_req"), 4829 (1, "hmac_sha256_vector;dpp_pkex_rx_exchange_resp"), 4830 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_resp"), 4831 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_resp"), 4832 (1, "dpp_bootstrap_key_hash")] 4833 for count, func in tests: 4834 dev[0].request("DPP_STOP_LISTEN") 4835 dev[1].request("DPP_STOP_LISTEN") 4836 dev[0].dump_monitor() 4837 dev[1].dump_monitor() 4838 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", 4839 use_id=id0) 4840 4841 with fail_test(dev[1], count, func): 4842 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret", 4843 use_id=id1, 4844 extra="conf=sta-dpp configurator=%d" % conf_id, 4845 allow_fail=True) 4846 wait_fail_trigger(dev[1], "GET_FAIL", max_iter=100) 4847 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01) 4848 if ev: 4849 dev[0].request("DPP_STOP_LISTEN") 4850 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3) 4851 4852 # Local error cases on the Responder 4853 tests = [(1, "aes_siv_encrypt;dpp_auth_build_resp"), 4854 (1, "aes_siv_encrypt;dpp_auth_build_resp;dpp_auth_build_resp_ok"), 4855 (1, "os_get_random;dpp_build_conf_req"), 4856 (1, "aes_siv_encrypt;dpp_build_conf_req"), 4857 (1, "os_get_random;dpp_auth_build_resp_ok"), 4858 (1, "dpp_derive_k2;dpp_auth_build_resp_ok"), 4859 (1, "dpp_derive_bk_ke;dpp_auth_build_resp_ok"), 4860 (1, "dpp_gen_r_auth;dpp_auth_build_resp_ok"), 4861 (1, "aes_siv_encrypt;dpp_auth_build_resp_ok"), 4862 (1, "dpp_derive_k1;dpp_auth_req_rx"), 4863 (1, "aes_siv_decrypt;dpp_auth_req_rx"), 4864 (1, "aes_siv_decrypt;dpp_auth_conf_rx"), 4865 (1, "dpp_gen_i_auth;dpp_auth_conf_rx"), 4866 (1, "dpp_check_pubkey_match"), 4867 (1, "aes_siv_decrypt;dpp_conf_resp_rx"), 4868 (1, "hmac_sha256_kdf;dpp_pkex_derive_z"), 4869 (1, "dpp_pkex_derive_Qi;dpp_pkex_rx_exchange_req"), 4870 (1, "dpp_pkex_derive_Qr;dpp_pkex_rx_exchange_req"), 4871 (1, "aes_siv_encrypt;dpp_pkex_build_commit_reveal_resp"), 4872 (1, "aes_siv_decrypt;dpp_pkex_rx_commit_reveal_req"), 4873 (1, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req"), 4874 (2, "hmac_sha256_vector;dpp_pkex_rx_commit_reveal_req")] 4875 for count, func in tests: 4876 dev[0].request("DPP_STOP_LISTEN") 4877 dev[1].request("DPP_STOP_LISTEN") 4878 dev[0].dump_monitor() 4879 dev[1].dump_monitor() 4880 id0 = dev[0].dpp_pkex_resp(2437, identifier="test", code="secret", 4881 use_id=id0) 4882 4883 with fail_test(dev[0], count, func): 4884 id1 = dev[1].dpp_pkex_init(identifier="test", code="secret", 4885 use_id=id1, 4886 extra="conf=sta-dpp configurator=%d" % conf_id) 4887 wait_fail_trigger(dev[0], "GET_FAIL", max_iter=100) 4888 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=0.01) 4889 if ev: 4890 dev[0].request("DPP_STOP_LISTEN") 4891 dev[0].wait_event(["GAS-QUERY-DONE"], timeout=3) 4892 4893def test_dpp_keygen_configurator_error(dev, apdev): 4894 """DPP Configurator keygen error case""" 4895 check_dpp_capab(dev[0]) 4896 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD curve=unknown"): 4897 raise Exception("Unexpected success of invalid DPP_CONFIGURATOR_ADD") 4898 4899def rx_process_frame(dev, msg=None): 4900 if msg is None: 4901 msg = dev.mgmt_rx() 4902 if msg is None: 4903 raise Exception("No management frame RX reported") 4904 if "OK" not in dev.request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format( 4905 msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())): 4906 raise Exception("MGMT_RX_PROCESS failed") 4907 return msg 4908 4909def wait_auth_success(responder, initiator, configurator=None, enrollee=None, 4910 allow_enrollee_failure=False, 4911 allow_configurator_failure=False, 4912 require_configurator_failure=False, 4913 timeout=5, stop_responder=False, stop_initiator=False): 4914 res = {} 4915 ev = responder.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL", 4916 "MGMT-RX"], timeout=timeout) 4917 if ev and "MGMT-RX" in ev: 4918 res['responder-mgmt-rx'] = ev 4919 ev = responder.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], 4920 timeout=timeout) 4921 if ev is None or "DPP-AUTH-SUCCESS" not in ev: 4922 raise Exception("DPP authentication did not succeed (Responder)") 4923 for i in ev.split(' '): 4924 a = i.split('=') 4925 if len(a) < 2: 4926 continue 4927 res['responder-auth-success-' + a[0]] = a[1] 4928 ev = initiator.wait_event(["DPP-AUTH-SUCCESS", "DPP-FAIL"], timeout=5) 4929 if ev is None or "DPP-AUTH-SUCCESS" not in ev: 4930 raise Exception("DPP authentication did not succeed (Initiator)") 4931 for i in ev.split(' '): 4932 a = i.split('=') 4933 if len(a) < 2: 4934 continue 4935 res['initiator-auth-success-' + a[0]] = a[1] 4936 if configurator: 4937 ev = configurator.wait_event(["DPP-CONF-SENT", 4938 "DPP-CONF-FAILED"], timeout=5) 4939 if ev is None: 4940 raise Exception("DPP configuration not completed (Configurator)") 4941 if "DPP-CONF-FAILED" in ev and not allow_configurator_failure: 4942 raise Exception("DPP configuration did not succeed (Configurator)") 4943 if "DPP-CONF-SENT" in ev and require_configurator_failure: 4944 raise Exception("DPP configuration succeeded (Configurator)") 4945 if "DPP-CONF-SENT" in ev and "wait_conn_status=1" in ev: 4946 res['wait_conn_status'] = True 4947 if enrollee: 4948 ev = enrollee.wait_event(["DPP-CONF-RECEIVED", 4949 "DPP-CONF-FAILED"], timeout=5) 4950 if ev is None: 4951 raise Exception("DPP configuration not completed (Enrollee)") 4952 if "DPP-CONF-FAILED" in ev and not allow_enrollee_failure: 4953 raise Exception("DPP configuration did not succeed (Enrollee)") 4954 if stop_responder: 4955 responder.request("DPP_STOP_LISTEN") 4956 if stop_initiator: 4957 initiator.request("DPP_STOP_LISTEN") 4958 return res 4959 4960def wait_conf_completion(configurator, enrollee): 4961 ev = configurator.wait_event(["DPP-CONF-SENT"], timeout=5) 4962 if ev is None: 4963 raise Exception("DPP configuration not completed (Configurator)") 4964 ev = enrollee.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], 4965 timeout=5) 4966 if ev is None: 4967 raise Exception("DPP configuration not completed (Enrollee)") 4968 4969def start_dpp(dev): 4970 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 4971 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 4972 4973 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"test"},"cred":{"akm":"psk","pass":"secret passphrase"}}' + 3000*' ' 4974 dev[0].set("dpp_config_obj_override", conf) 4975 4976 dev[0].set("ext_mgmt_frame_handling", "1") 4977 dev[0].dpp_listen(2412) 4978 dev[1].dpp_auth_init(uri=uri0, role="enrollee") 4979 4980def test_dpp_gas_timeout_handling(dev, apdev): 4981 """DPP and GAS timeout handling""" 4982 check_dpp_capab(dev[0]) 4983 check_dpp_capab(dev[1]) 4984 start_dpp(dev) 4985 4986 # DPP Authentication Request 4987 rx_process_frame(dev[0]) 4988 4989 # DPP Authentication Confirmation 4990 rx_process_frame(dev[0]) 4991 4992 res = wait_auth_success(dev[0], dev[1]) 4993 if 'responder-mgmt-rx' in res: 4994 msg = dev[0].mgmt_rx_parse(res['responder-mgmt-rx']) 4995 else: 4996 msg = None 4997 4998 # DPP Configuration Request (GAS Initial Request frame) 4999 rx_process_frame(dev[0], msg) 5000 5001 # DPP Configuration Request (GAS Comeback Request frame) 5002 rx_process_frame(dev[0]) 5003 5004 # Wait for GAS timeout 5005 ev = dev[1].wait_event(["DPP-CONF-FAILED"], timeout=5) 5006 if ev is None: 5007 raise Exception("DPP configuration not completed (Enrollee)") 5008 5009def test_dpp_gas_comeback_after_failure(dev, apdev): 5010 """DPP and GAS comeback after failure""" 5011 check_dpp_capab(dev[0]) 5012 check_dpp_capab(dev[1]) 5013 start_dpp(dev) 5014 5015 # DPP Authentication Request 5016 rx_process_frame(dev[0]) 5017 5018 # DPP Authentication Confirmation 5019 rx_process_frame(dev[0]) 5020 5021 res = wait_auth_success(dev[0], dev[1]) 5022 if 'responder-mgmt-rx' in res: 5023 msg = dev[0].mgmt_rx_parse(res['responder-mgmt-rx']) 5024 else: 5025 msg = None 5026 5027 # DPP Configuration Request (GAS Initial Request frame) 5028 rx_process_frame(dev[0], msg) 5029 5030 # DPP Configuration Request (GAS Comeback Request frame) 5031 msg = dev[0].mgmt_rx() 5032 frame = binascii.hexlify(msg['frame']).decode() 5033 with alloc_fail(dev[0], 1, "gas_build_comeback_resp;gas_server_handle_rx_comeback_req"): 5034 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)): 5035 raise Exception("MGMT_RX_PROCESS failed") 5036 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") 5037 # Try the same frame again - this is expected to fail since the response has 5038 # already been freed. 5039 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)): 5040 raise Exception("MGMT_RX_PROCESS failed") 5041 5042 # DPP Configuration Request (GAS Comeback Request frame retry) 5043 msg = dev[0].mgmt_rx() 5044 5045def test_dpp_gas(dev, apdev): 5046 """DPP and GAS protocol testing""" 5047 ver0 = check_dpp_capab(dev[0]) 5048 ver1 = check_dpp_capab(dev[1]) 5049 start_dpp(dev) 5050 5051 # DPP Authentication Request 5052 rx_process_frame(dev[0]) 5053 5054 # DPP Authentication Confirmation 5055 rx_process_frame(dev[0]) 5056 5057 res = wait_auth_success(dev[0], dev[1]) 5058 5059 # DPP Configuration Request (GAS Initial Request frame) 5060 if 'responder-mgmt-rx' in res: 5061 msg = dev[0].mgmt_rx_parse(res['responder-mgmt-rx']) 5062 else: 5063 msg = dev[0].mgmt_rx() 5064 5065 # Protected Dual of GAS Initial Request frame (dropped by GAS server) 5066 if msg == None: 5067 raise Exception("GAS Initial Request frame not received") 5068 frame = binascii.hexlify(msg['frame']) 5069 frame = frame[0:48] + b"09" + frame[50:] 5070 frame = frame.decode() 5071 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)): 5072 raise Exception("MGMT_RX_PROCESS failed") 5073 5074 with alloc_fail(dev[0], 1, "gas_server_send_resp"): 5075 frame = binascii.hexlify(msg['frame']).decode() 5076 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)): 5077 raise Exception("MGMT_RX_PROCESS failed") 5078 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") 5079 5080 with alloc_fail(dev[0], 1, "gas_build_initial_resp;gas_server_send_resp"): 5081 frame = binascii.hexlify(msg['frame']).decode() 5082 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)): 5083 raise Exception("MGMT_RX_PROCESS failed") 5084 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") 5085 5086 # Add extra data after Query Request field to trigger 5087 # "GAS: Ignored extra data after Query Request field" 5088 frame = binascii.hexlify(msg['frame']).decode() + "00" 5089 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)): 5090 raise Exception("MGMT_RX_PROCESS failed") 5091 5092 # DPP Configuration Request (GAS Comeback Request frame) 5093 rx_process_frame(dev[0]) 5094 5095 # DPP Configuration Request (GAS Comeback Request frame) 5096 rx_process_frame(dev[0]) 5097 5098 # DPP Configuration Request (GAS Comeback Request frame) 5099 rx_process_frame(dev[0]) 5100 5101 if ver0 >= 2 and ver1 >= 2: 5102 # DPP Configuration Result 5103 rx_process_frame(dev[0]) 5104 5105 wait_conf_completion(dev[0], dev[1]) 5106 5107def test_dpp_truncated_attr(dev, apdev): 5108 """DPP and truncated attribute""" 5109 check_dpp_capab(dev[0]) 5110 check_dpp_capab(dev[1]) 5111 start_dpp(dev) 5112 5113 # DPP Authentication Request 5114 msg = dev[0].mgmt_rx() 5115 frame = msg['frame'] 5116 5117 # DPP: Truncated message - not enough room for the attribute - dropped 5118 frame1 = binascii.hexlify(frame[0:36]).decode() 5119 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame1)): 5120 raise Exception("MGMT_RX_PROCESS failed") 5121 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 5122 if ev is None or "ignore=invalid-attributes" not in ev: 5123 raise Exception("Invalid attribute error not reported") 5124 5125 # DPP: Unexpected octets (3) after the last attribute 5126 frame2 = binascii.hexlify(frame).decode() + "000000" 5127 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)): 5128 raise Exception("MGMT_RX_PROCESS failed") 5129 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 5130 if ev is None or "ignore=invalid-attributes" not in ev: 5131 raise Exception("Invalid attribute error not reported") 5132 5133def test_dpp_bootstrap_key_autogen_issues(dev, apdev): 5134 """DPP bootstrap key autogen issues""" 5135 check_dpp_capab(dev[0]) 5136 check_dpp_capab(dev[1]) 5137 5138 logger.info("dev0 displays QR Code") 5139 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5140 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 5141 5142 logger.info("dev1 scans QR Code") 5143 id1 = dev[1].dpp_qr_code(uri0) 5144 5145 logger.info("dev1 initiates DPP Authentication") 5146 dev[0].dpp_listen(2412) 5147 with alloc_fail(dev[1], 1, "dpp_autogen_bootstrap_key"): 5148 dev[1].dpp_auth_init(peer=id1, expect_fail=True) 5149 with alloc_fail(dev[1], 1, "dpp_gen_uri;dpp_autogen_bootstrap_key"): 5150 dev[1].dpp_auth_init(peer=id1, expect_fail=True) 5151 with fail_test(dev[1], 1, "dpp_keygen;dpp_autogen_bootstrap_key"): 5152 dev[1].dpp_auth_init(peer=id1, expect_fail=True) 5153 dev[0].request("DPP_STOP_LISTEN") 5154 5155def test_dpp_auth_resp_status_failure(dev, apdev): 5156 """DPP and Auth Resp(status) build failure""" 5157 with alloc_fail(dev[0], 1, "dpp_auth_build_resp"): 5158 run_dpp_proto_auth_resp_missing(dev, 99999, None, 5159 incompatible_roles=True) 5160 5161def test_dpp_auth_resp_aes_siv_issue(dev, apdev): 5162 """DPP Auth Resp AES-SIV issue""" 5163 check_dpp_capab(dev[0]) 5164 check_dpp_capab(dev[1]) 5165 logger.info("dev0 displays QR Code") 5166 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5167 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 5168 logger.info("dev1 scans QR Code and initiates DPP Authentication") 5169 dev[0].dpp_listen(2412) 5170 with fail_test(dev[1], 1, "aes_siv_decrypt;dpp_auth_resp_rx"): 5171 dev[1].dpp_auth_init(uri=uri0) 5172 wait_dpp_fail(dev[1], "AES-SIV decryption failed") 5173 dev[0].request("DPP_STOP_LISTEN") 5174 5175def test_dpp_invalid_legacy_params(dev, apdev): 5176 """DPP invalid legacy parameters""" 5177 check_dpp_capab(dev[0]) 5178 check_dpp_capab(dev[1]) 5179 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5180 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 5181 # No pass/psk 5182 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", ssid="dpp-legacy", 5183 expect_fail=True) 5184 5185def test_dpp_invalid_legacy_params2(dev, apdev): 5186 """DPP invalid legacy parameters 2""" 5187 check_dpp_capab(dev[0]) 5188 check_dpp_capab(dev[1]) 5189 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5190 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 5191 dev[0].set("dpp_configurator_params", 5192 " conf=sta-psk ssid=%s" % (binascii.hexlify(b"dpp-legacy").decode())) 5193 dev[0].dpp_listen(2412, role="configurator") 5194 dev[1].dpp_auth_init(uri=uri0, role="enrollee") 5195 # No pass/psk 5196 ev = dev[0].wait_event(["DPP: Failed to set configurator parameters"], 5197 timeout=5) 5198 if ev is None: 5199 raise Exception("DPP configuration failure not reported") 5200 5201def test_dpp_legacy_params_failure(dev, apdev): 5202 """DPP legacy parameters local failure""" 5203 check_dpp_capab(dev[0]) 5204 check_dpp_capab(dev[1]) 5205 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5206 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 5207 dev[0].dpp_listen(2412) 5208 with alloc_fail(dev[1], 1, "dpp_build_conf_obj_legacy"): 5209 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk", passphrase="passphrase", 5210 ssid="dpp-legacy") 5211 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=5) 5212 if ev is None: 5213 raise Exception("DPP configuration failure not reported") 5214 5215def test_dpp_invalid_configurator_key(dev, apdev): 5216 """DPP invalid configurator key""" 5217 check_dpp_capab(dev[0]) 5218 5219 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=aa"): 5220 raise Exception("Invalid key accepted") 5221 5222 with alloc_fail(dev[0], 1, "dpp_keygen_configurator"): 5223 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256): 5224 raise Exception("Error not reported") 5225 5226 with alloc_fail(dev[0], 1, 5227 "crypto_ec_key_get_pubkey_point;dpp_keygen_configurator"): 5228 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256): 5229 raise Exception("Error not reported") 5230 5231 with alloc_fail(dev[0], 1, "base64_gen_encode;dpp_keygen_configurator"): 5232 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256): 5233 raise Exception("Error not reported") 5234 5235 with fail_test(dev[0], 1, "dpp_keygen_configurator"): 5236 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_ADD key=" + dpp_key_p256): 5237 raise Exception("Error not reported") 5238 5239def test_dpp_own_config_sign_fail(dev, apdev): 5240 """DPP own config signing failure""" 5241 check_dpp_capab(dev[0]) 5242 conf_id = dev[0].dpp_configurator_add() 5243 tests = ["", 5244 " ", 5245 " conf=sta-dpp", 5246 " configurator=%d" % conf_id, 5247 " conf=sta-dpp configurator=%d curve=unsupported" % conf_id] 5248 for t in tests: 5249 if "FAIL" not in dev[0].request("DPP_CONFIGURATOR_SIGN " + t): 5250 raise Exception("Invalid command accepted: " + t) 5251 5252def test_dpp_peer_intro_failures(dev, apdev): 5253 """DPP peer introduction failures""" 5254 try: 5255 run_dpp_peer_intro_failures(dev, apdev) 5256 finally: 5257 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5258 5259def run_dpp_peer_intro_failures(dev, apdev): 5260 check_dpp_capab(dev[0]) 5261 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 5262 check_dpp_capab(hapd) 5263 5264 conf_id = hapd.dpp_configurator_add(key=dpp_key_p256) 5265 csign = hapd.request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id) 5266 if "FAIL" in csign or len(csign) == 0: 5267 raise Exception("DPP_CONFIGURATOR_GET_KEY failed") 5268 5269 conf_id2 = dev[0].dpp_configurator_add(key=csign) 5270 csign2 = dev[0].request("DPP_CONFIGURATOR_GET_KEY %d" % conf_id2) 5271 5272 if csign != csign2: 5273 raise Exception("Unexpected difference in configurator key") 5274 5275 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d" % conf_id 5276 res = hapd.request(cmd) 5277 if "FAIL" in res: 5278 raise Exception("Failed to generate own configuration") 5279 update_hapd_config(hapd) 5280 5281 dev[0].set("dpp_config_processing", "1") 5282 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id 5283 res = dev[0].request(cmd) 5284 if "FAIL" in res: 5285 raise Exception("Failed to generate own configuration") 5286 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 5287 if ev is None: 5288 raise Exception("DPP network profile not generated") 5289 id = ev.split(' ')[1] 5290 dev[0].select_network(id, freq=2412) 5291 dev[0].wait_connected() 5292 dev[0].request("DISCONNECT") 5293 dev[0].wait_disconnected() 5294 dev[0].dump_monitor() 5295 5296 tests = ["eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOltdLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJiVmFMRGlBT09OQmFjcVFVN1pYamFBVEtEMVhhbDVlUExqOUZFZUl3VkN3IiwieSI6Il95c25JR1hTYjBvNEsyMWg0anZmSkZxMHdVNnlPNWp1VUFPd3FuM0dHVHMifX0.WgzZBOJaisWBRxvtXPbVYPXU7OIZxs6sZD-cPOLmJVTIYZKdMkSOMvP5b6si_j61FIrjhm43tmGq1P6cpoxB_g", 5297 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7fV0sIm5ldEFjY2Vzc0tleSI6eyJrdHkiOiJFQyIsImNydiI6IlAtMjU2IiwieCI6IkJhY3BWSDNpNDBrZklNS0RHa1FFRzhCODBCaEk4cEFmTWpLbzM5NlFZT2ciLCJ5IjoiMjBDYjhDNjRsSjFzQzV2NXlKMnBFZXRRempxMjI4YVV2cHMxNmQ0M3EwQSJ9fQ.dG2y8VvZQJ5hfob8E5F2FAeR7Nd700qstYkxDgA2QfARaNMZ0_SfKfoG-yKXsIZNM-TvGBfACgfhagG9Oaw_Xw", 5298 "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiIwTlNSNTlxRTc0alFfZTFLVGVPV1lYY1pTWnFUaDdNXzU0aHJPcFRpaFJnIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiJkc2VmcmJWWlhad0RMWHRpLWlObDBBYkFIOXpqeFFKd0R1SUd5NzNuZGU0IiwieSI6IjZFQnExN3cwYW1fZlh1OUQ4UGxWYk9XZ2I3b19DcTUxWHlmSG8wcHJyeDQifX0.caBvdDUtXrhnS61-juVZ_2FQdprepv0yZjC04G4ERvLUpeX7cgu0Hp-A1aFDogP1PEFGpkaEdcAWRQnSSRiIKQ"] 5299 for t in tests: 5300 dev[0].set_network_quoted(id, "dpp_connector", t) 5301 dev[0].select_network(id, freq=2412) 5302 ev = dev[0].wait_event(["DPP-INTRO"], timeout=5) 5303 if ev is None or "status=8" not in ev: 5304 raise Exception("Introduction failure not reported") 5305 dev[0].request("DISCONNECT") 5306 dev[0].dump_monitor() 5307 5308def test_dpp_peer_intro_local_failures(dev, apdev): 5309 """DPP peer introduction local failures""" 5310 check_dpp_capab(dev[0]) 5311 check_dpp_capab(dev[1]) 5312 5313 params = {"ssid": "dpp", 5314 "wpa": "2", 5315 "wpa_key_mgmt": "DPP", 5316 "ieee80211w": "2", 5317 "rsn_pairwise": "CCMP", 5318 "dpp_connector": params1_ap_connector, 5319 "dpp_csign": params1_csign, 5320 "dpp_netaccesskey": params1_ap_netaccesskey} 5321 try: 5322 hapd = hostapd.add_ap(apdev[0], params) 5323 except: 5324 raise HwsimSkip("DPP not supported") 5325 5326 tests = ["dpp_derive_pmk", 5327 "dpp_hkdf_expand;dpp_derive_pmk", 5328 "dpp_derive_pmkid"] 5329 for func in tests: 5330 with fail_test(dev[0], 1, func): 5331 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", 5332 ieee80211w="2", 5333 dpp_csign=params1_csign, 5334 dpp_connector=params1_sta_connector, 5335 dpp_netaccesskey=params1_sta_netaccesskey, 5336 wait_connect=False) 5337 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10) 5338 if ev is None or "fail=peer_connector_validation_failed" not in ev: 5339 raise Exception("Introduction failure not reported") 5340 dev[0].request("REMOVE_NETWORK all") 5341 dev[0].dump_monitor() 5342 5343 tests = [(1, "base64_gen_decode;dpp_peer_intro"), 5344 (1, "json_parse;dpp_peer_intro"), 5345 (50, "json_parse;dpp_peer_intro"), 5346 (1, "=dpp_check_signed_connector;dpp_peer_intro"), 5347 (1, "dpp_parse_jwk")] 5348 for count, func in tests: 5349 with alloc_fail(dev[0], count, func): 5350 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", 5351 ieee80211w="2", 5352 dpp_csign=params1_csign, 5353 dpp_connector=params1_sta_connector, 5354 dpp_netaccesskey=params1_sta_netaccesskey, 5355 wait_connect=False) 5356 ev = dev[0].wait_event(["DPP-INTRO"], timeout=10) 5357 if ev is None or "fail=peer_connector_validation_failed" not in ev: 5358 raise Exception("Introduction failure not reported") 5359 dev[0].request("REMOVE_NETWORK all") 5360 dev[0].dump_monitor() 5361 5362 parts = params1_ap_connector.split('.') 5363 for ap_connector in ['.'.join(parts[0:2]), '.'.join(parts[0:1])]: 5364 hapd.set("dpp_connector", ap_connector) 5365 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", 5366 ieee80211w="2", 5367 dpp_csign=params1_csign, 5368 dpp_connector=params1_sta_connector, 5369 dpp_netaccesskey=params1_sta_netaccesskey, 5370 wait_connect=False) 5371 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10) 5372 if ev is None: 5373 raise Exception("No TX status reported") 5374 dev[0].request("REMOVE_NETWORK all") 5375 dev[0].dump_monitor() 5376 5377 hapd.set("dpp_netaccesskey", "00") 5378 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", 5379 ieee80211w="2", 5380 dpp_csign=params1_csign, 5381 dpp_connector=params1_sta_connector, 5382 dpp_netaccesskey=params1_sta_netaccesskey, 5383 wait_connect=False) 5384 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10) 5385 if ev is None: 5386 raise Exception("No TX status reported") 5387 dev[0].request("REMOVE_NETWORK all") 5388 dev[0].dump_monitor() 5389 5390 hapd.set("dpp_csign", "00") 5391 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", 5392 ieee80211w="2", 5393 dpp_csign=params1_csign, 5394 dpp_connector=params1_sta_connector, 5395 dpp_netaccesskey=params1_sta_netaccesskey, 5396 wait_connect=False) 5397 ev = dev[0].wait_event(["DPP-TX-STATUS"], timeout=10) 5398 if ev is None: 5399 raise Exception("No TX status reported") 5400 dev[0].request("REMOVE_NETWORK all") 5401 5402def run_dpp_configurator_id_unknown(dev): 5403 check_dpp_capab(dev) 5404 conf_id = dev.dpp_configurator_add() 5405 if "FAIL" not in dev.request("DPP_CONFIGURATOR_GET_KEY %d" % (conf_id + 1)): 5406 raise Exception("DPP_CONFIGURATOR_GET_KEY with incorrect id accepted") 5407 5408 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % (conf_id + 1) 5409 if "FAIL" not in dev.request(cmd): 5410 raise Exception("DPP_CONFIGURATOR_SIGN with incorrect id accepted") 5411 5412def test_dpp_configurator_id_unknown(dev, apdev): 5413 """DPP and unknown configurator id""" 5414 run_dpp_configurator_id_unknown(dev[0]) 5415 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 5416 run_dpp_configurator_id_unknown(hapd) 5417 5418def run_dpp_bootstrap_gen_failures(dev): 5419 check_dpp_capab(dev) 5420 5421 tests = ["type=unsupported", 5422 "type=qrcode chan=-1", 5423 "type=qrcode mac=a", 5424 "type=qrcode key=qq", 5425 "type=qrcode key=", 5426 "type=qrcode info=abc\tdef"] 5427 for t in tests: 5428 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN " + t): 5429 raise Exception("Command accepted unexpectedly") 5430 5431 id = dev.dpp_bootstrap_gen() 5432 uri = dev.request("DPP_BOOTSTRAP_GET_URI %d" % id) 5433 if not uri.startswith("DPP:"): 5434 raise Exception("Could not get URI") 5435 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI 0"): 5436 raise Exception("Failure not reported") 5437 info = dev.request("DPP_BOOTSTRAP_INFO %d" % id) 5438 if not info.startswith("type=QRCODE"): 5439 raise Exception("Could not get info") 5440 if "FAIL" not in dev.request("DPP_BOOTSTRAP_REMOVE 0"): 5441 raise Exception("Failure not reported") 5442 if "FAIL" in dev.request("DPP_BOOTSTRAP_REMOVE *"): 5443 raise Exception("Failed to remove bootstrap info") 5444 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GET_URI %d" % id): 5445 raise Exception("Failure not reported") 5446 if "FAIL" not in dev.request("DPP_BOOTSTRAP_INFO %d" % id): 5447 raise Exception("Failure not reported") 5448 5449 func = "dpp_bootstrap_gen" 5450 with alloc_fail(dev, 1, "=" + func): 5451 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"): 5452 raise Exception("Command accepted unexpectedly") 5453 5454 with alloc_fail(dev, 1, "dpp_gen_uri;dpp_bootstrap_gen"): 5455 if "FAIL" not in dev.request("DPP_BOOTSTRAP_GEN type=qrcode"): 5456 raise Exception("Command accepted unexpectedly") 5457 5458 with alloc_fail(dev, 1, "get_param"): 5459 dev.request("DPP_BOOTSTRAP_GEN type=qrcode curve=foo") 5460 5461def test_dpp_bootstrap_gen_failures(dev, apdev): 5462 """DPP_BOOTSTRAP_GEN/REMOVE/GET_URI/INFO error cases""" 5463 run_dpp_bootstrap_gen_failures(dev[0]) 5464 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 5465 run_dpp_bootstrap_gen_failures(hapd) 5466 5467def test_dpp_listen_continue(dev, apdev): 5468 """DPP and continue listen state""" 5469 check_dpp_capab(dev[0]) 5470 check_dpp_capab(dev[1]) 5471 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5472 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id) 5473 dev[0].dpp_listen(2412) 5474 time.sleep(5.1) 5475 dev[1].dpp_auth_init(uri=uri) 5476 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0], 5477 allow_enrollee_failure=True, stop_responder=True, 5478 stop_initiator=True) 5479 5480def test_dpp_network_addition_failure(dev, apdev): 5481 """DPP network addition failure""" 5482 try: 5483 run_dpp_network_addition_failure(dev, apdev) 5484 finally: 5485 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5486 5487def run_dpp_network_addition_failure(dev, apdev): 5488 check_dpp_capab(dev[0]) 5489 conf_id = dev[0].dpp_configurator_add() 5490 dev[0].set("dpp_config_processing", "1") 5491 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-dpp configurator=%d" % conf_id 5492 tests = [(1, "=wpas_dpp_add_network"), 5493 (2, "=wpas_dpp_add_network"), 5494 (3, "=wpas_dpp_add_network"), 5495 (4, "=wpas_dpp_add_network"), 5496 (1, "wpa_config_add_network;wpas_dpp_add_network")] 5497 for count, func in tests: 5498 with alloc_fail(dev[0], count, func): 5499 res = dev[0].request(cmd) 5500 if "OK" in res: 5501 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2) 5502 if ev is None: 5503 raise Exception("Config object not processed") 5504 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") 5505 dev[0].dump_monitor() 5506 5507 cmd = "DPP_CONFIGURATOR_SIGN conf=sta-psk pass=%s configurator=%d" % (binascii.hexlify(b"passphrase").decode(), conf_id) 5508 tests = [(1, "wpa_config_set_quoted;wpas_dpp_add_network")] 5509 for count, func in tests: 5510 with alloc_fail(dev[0], count, func): 5511 res = dev[0].request(cmd) 5512 if "OK" in res: 5513 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=2) 5514 if ev is None: 5515 raise Exception("Config object not processed") 5516 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") 5517 dev[0].dump_monitor() 5518 5519def test_dpp_two_initiators(dev, apdev): 5520 """DPP and two initiators""" 5521 check_dpp_capab(dev[0]) 5522 check_dpp_capab(dev[1]) 5523 check_dpp_capab(dev[2]) 5524 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5525 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id) 5526 dev[0].dpp_listen(2412) 5527 peer = dev[2].dpp_qr_code(uri) 5528 dev[1].dpp_auth_init(uri=uri) 5529 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 5530 if ev is None: 5531 raise Exeption("No DPP Authentication Request seen") 5532 dev[2].dpp_auth_init(uri=uri, peer=peer) 5533 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5) 5534 if ev is None: 5535 raise Exception("Failure not reported") 5536 skip = False 5537 if "Configurator rejected configuration" in ev: 5538 # Race condition prevented real test from being executed 5539 skip = True 5540 elif "DPP-FAIL Already in DPP authentication exchange - ignore new one" not in ev: 5541 raise Exception("Unexpected result: " + ev) 5542 5543 ev = dev[0].wait_event(["DPP-CONF-FAILED"], timeout=2) 5544 if ev is None: 5545 raise Exception("DPP configuration result not seen (Enrollee)") 5546 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=2) 5547 if ev is None: 5548 raise Exception("DPP configuration result not seen (Responder)") 5549 5550 dev[0].request("DPP_STOP_LISTEN") 5551 dev[1].request("DPP_STOP_LISTEN") 5552 dev[2].request("DPP_STOP_LISTEN") 5553 5554 if skip: 5555 raise HwsimSkip("dpp_two_initiators not fully executed due to race condition") 5556 5557def test_dpp_conf_file_update(dev, apdev, params): 5558 """DPP provisioning updating wpa_supplicant configuration file""" 5559 config = os.path.join(params['logdir'], 'dpp_conf_file_update.conf') 5560 with open(config, "w") as f: 5561 f.write("update_config=1\n") 5562 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 5563 wpas.interface_add("wlan5", config=config) 5564 check_dpp_capab(wpas) 5565 wpas.set("dpp_config_processing", "1") 5566 run_dpp_qr_code_auth_unicast([wpas, dev[1]], apdev, None, 5567 init_extra="conf=sta-dpp", 5568 require_conf_success=True, 5569 configurator=True) 5570 wpas.interface_remove("wlan5") 5571 5572 with open(config, "r") as f: 5573 res = f.read() 5574 for i in ["network={", "dpp_connector=", "key_mgmt=DPP", "ieee80211w=2", 5575 "dpp_netaccesskey=", "dpp_csign="]: 5576 if i not in res: 5577 raise Exception("Configuration file missing '%s'" % i) 5578 5579 wpas.interface_add("wlan5", config=config) 5580 if len(wpas.list_networks()) != 1: 5581 raise Exception("Unexpected number of networks") 5582 5583def test_dpp_duplicated_auth_resp(dev, apdev): 5584 """DPP and duplicated Authentication Response""" 5585 check_dpp_capab(dev[0]) 5586 check_dpp_capab(dev[1]) 5587 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5588 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 5589 dev[0].set("ext_mgmt_frame_handling", "1") 5590 dev[1].set("ext_mgmt_frame_handling", "1") 5591 dev[0].dpp_listen(2412) 5592 dev[1].dpp_auth_init(uri=uri0) 5593 5594 # DPP Authentication Request 5595 rx_process_frame(dev[0]) 5596 5597 # DPP Authentication Response 5598 msg = rx_process_frame(dev[1]) 5599 frame = binascii.hexlify(msg['frame']).decode() 5600 # Duplicated frame 5601 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame)): 5602 raise Exception("MGMT_RX_PROCESS failed") 5603 # Modified frame - nonzero status 5604 if frame[2*32:2*37] != "0010010000": 5605 raise Exception("Could not find Status attribute") 5606 frame2 = frame[0:2*32] + "0010010001" + frame[2*37:] 5607 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)): 5608 raise Exception("MGMT_RX_PROCESS failed") 5609 frame2 = frame[0:2*32] + "00100100ff" + frame[2*37:] 5610 if "OK" not in dev[1].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], frame2)): 5611 raise Exception("MGMT_RX_PROCESS failed") 5612 5613 # DPP Authentication Confirmation 5614 rx_process_frame(dev[0]) 5615 5616 wait_auth_success(dev[0], dev[1]) 5617 5618 # DPP Configuration Request 5619 rx_process_frame(dev[1]) 5620 5621 # DPP Configuration Response 5622 rx_process_frame(dev[0]) 5623 5624 wait_conf_completion(dev[1], dev[0]) 5625 5626def test_dpp_duplicated_auth_conf(dev, apdev): 5627 """DPP and duplicated Authentication Confirmation""" 5628 check_dpp_capab(dev[0]) 5629 check_dpp_capab(dev[1]) 5630 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5631 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 5632 dev[0].set("ext_mgmt_frame_handling", "1") 5633 dev[1].set("ext_mgmt_frame_handling", "1") 5634 dev[0].dpp_listen(2412) 5635 dev[1].dpp_auth_init(uri=uri0) 5636 5637 # DPP Authentication Request 5638 rx_process_frame(dev[0]) 5639 5640 # DPP Authentication Response 5641 rx_process_frame(dev[1]) 5642 5643 # DPP Authentication Confirmation 5644 msg = rx_process_frame(dev[0]) 5645 # Duplicated frame 5646 if "OK" not in dev[0].request("MGMT_RX_PROCESS freq={} datarate={} ssi_signal={} frame={}".format(msg['freq'], msg['datarate'], msg['ssi_signal'], binascii.hexlify(msg['frame']).decode())): 5647 raise Exception("MGMT_RX_PROCESS failed") 5648 5649 wait_auth_success(dev[0], dev[1]) 5650 5651 # DPP Configuration Request 5652 rx_process_frame(dev[1]) 5653 5654 # DPP Configuration Response 5655 rx_process_frame(dev[0]) 5656 5657 wait_conf_completion(dev[1], dev[0]) 5658 5659def test_dpp_enrollee_reject_config(dev, apdev): 5660 """DPP and Enrollee rejecting Config Object""" 5661 check_dpp_capab(dev[0]) 5662 check_dpp_capab(dev[1]) 5663 dev[0].set("dpp_test", "91") 5664 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5665 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 5666 dev[0].dpp_listen(2412) 5667 dev[1].dpp_auth_init(uri=uri0, conf="sta-sae", ssid="dpp-legacy", 5668 passphrase="secret passphrase") 5669 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0], 5670 allow_enrollee_failure=True, 5671 allow_configurator_failure=True) 5672 5673def test_dpp_enrollee_ap_reject_config(dev, apdev): 5674 """DPP and Enrollee AP rejecting Config Object""" 5675 check_dpp_capab(dev[0]) 5676 check_dpp_capab(dev[1]) 5677 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 5678 check_dpp_capab(hapd) 5679 hapd.set("dpp_test", "91") 5680 conf_id = dev[0].dpp_configurator_add() 5681 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 5682 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 5683 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id) 5684 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd, 5685 allow_enrollee_failure=True, 5686 allow_configurator_failure=True) 5687 5688def test_dpp_legacy_and_dpp_akm(dev, apdev): 5689 """DPP and provisoning DPP and legacy AKMs""" 5690 try: 5691 run_dpp_legacy_and_dpp_akm(dev, apdev) 5692 finally: 5693 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5694 5695def run_dpp_legacy_and_dpp_akm(dev, apdev): 5696 check_dpp_capab(dev[0], min_ver=2) 5697 check_dpp_capab(dev[1], min_ver=2) 5698 5699 csign = "30770201010420768240a3fc89d6662d9782f120527fe7fb9edc6366ab0b9c7dde96125cfd250fa00a06082a8648ce3d030107a144034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708" 5700 csign_pub = "3059301306072a8648ce3d020106082a8648ce3d030107034200042908e1baf7bf413cc66f9e878a03e8bb1835ba94b033dbe3d6969fc8575d5eb5dfda1cb81c95cee21d0cd7d92ba30541ffa05cb6296f5dd808b0c1c2a83c0708" 5701 ap_connector = "eyJ0eXAiOiJkcHBDb24iLCJraWQiOiJwYWtZbXVzd1dCdWpSYTl5OEsweDViaTVrT3VNT3dzZHRlaml2UG55ZHZzIiwiYWxnIjoiRVMyNTYifQ.eyJncm91cHMiOlt7Imdyb3VwSWQiOiIqIiwibmV0Um9sZSI6ImFwIn1dLCJuZXRBY2Nlc3NLZXkiOnsia3R5IjoiRUMiLCJjcnYiOiJQLTI1NiIsIngiOiIybU5vNXZuRkI5bEw3d1VWb1hJbGVPYzBNSEE1QXZKbnpwZXZULVVTYzVNIiwieSI6IlhzS3dqVHJlLTg5WWdpU3pKaG9CN1haeUttTU05OTl3V2ZaSVl0bi01Q3MifX0.XhjFpZgcSa7G2lHy0OCYTvaZFRo5Hyx6b7g7oYyusLC7C_73AJ4_BxEZQVYJXAtDuGvb3dXSkHEKxREP9Q6Qeg" 5702 ap_netaccesskey = "30770201010420ceba752db2ad5200fa7bc565b9c05c69b7eb006751b0b329b0279de1c19ca67ca00a06082a8648ce3d030107a14403420004da6368e6f9c507d94bef0515a1722578e73430703902f267ce97af4fe51273935ec2b08d3adefbcf588224b3261a01ed76722a630cf7df7059f64862d9fee42b" 5703 5704 ssid = "dpp-both" 5705 passphrase = "secret passphrase" 5706 params = {"ssid": ssid, 5707 "wpa": "2", 5708 "wpa_key_mgmt": "DPP WPA-PSK SAE", 5709 "ieee80211w": "1", 5710 "sae_require_mfp": '1', 5711 "rsn_pairwise": "CCMP", 5712 "wpa_passphrase": passphrase, 5713 "dpp_connector": ap_connector, 5714 "dpp_csign": csign_pub, 5715 "dpp_netaccesskey": ap_netaccesskey} 5716 try: 5717 hapd = hostapd.add_ap(apdev[0], params) 5718 except: 5719 raise HwsimSkip("DPP not supported") 5720 5721 dev[0].request("SET sae_groups ") 5722 conf_id = dev[1].dpp_configurator_add(key=csign) 5723 dev[0].set("dpp_config_processing", "1") 5724 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 5725 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 5726 dev[0].dpp_listen(2412) 5727 dev[1].dpp_auth_init(uri=uri0, conf="sta-psk-sae-dpp", ssid=ssid, 5728 passphrase=passphrase, configurator=conf_id) 5729 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0], 5730 allow_enrollee_failure=True, 5731 allow_configurator_failure=True) 5732 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 5733 if ev is None: 5734 raise Exception("DPP network profile not generated") 5735 id0 = ev.split(' ')[1] 5736 5737 key_mgmt = dev[0].get_network(id0, "key_mgmt").split(' ') 5738 for m in ["SAE", "WPA-PSK", "DPP"]: 5739 if m not in key_mgmt: 5740 raise Exception("%s missing from key_mgmt" % m) 5741 5742 dev[0].scan_for_bss(hapd.own_addr(), freq=2412) 5743 dev[0].select_network(id0, freq=2412) 5744 dev[0].wait_connected() 5745 5746 dev[0].request("DISCONNECT") 5747 dev[0].wait_disconnected() 5748 hapd.disable() 5749 5750 params = {"ssid": ssid, 5751 "wpa": "2", 5752 "wpa_key_mgmt": "WPA-PSK SAE", 5753 "ieee80211w": "1", 5754 "sae_require_mfp": '1', 5755 "rsn_pairwise": "CCMP", 5756 "wpa_passphrase": passphrase} 5757 hapd2 = hostapd.add_ap(apdev[1], params) 5758 5759 dev[0].request("BSS_FLUSH 0") 5760 dev[0].scan_for_bss(hapd2.own_addr(), freq=2412, force_scan=True, 5761 only_new=True) 5762 dev[0].select_network(id0, freq=2412) 5763 dev[0].wait_connected() 5764 5765 dev[0].request("DISCONNECT") 5766 dev[0].wait_disconnected() 5767 5768def test_dpp_controller_relay(dev, apdev, params): 5769 """DPP Controller/Relay""" 5770 try: 5771 run_dpp_controller_relay(dev, apdev, params) 5772 finally: 5773 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5774 dev[1].request("DPP_CONTROLLER_STOP") 5775 5776def test_dpp_controller_relay_chirp(dev, apdev, params): 5777 """DPP Controller/Relay with chirping""" 5778 try: 5779 run_dpp_controller_relay(dev, apdev, params, chirp=True) 5780 finally: 5781 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5782 dev[1].request("DPP_CONTROLLER_STOP") 5783 5784def test_dpp_controller_relay_chirp_duplicate(dev, apdev, params): 5785 """DPP Controller/Relay with chirping (duplicate)""" 5786 try: 5787 run_dpp_controller_relay(dev, apdev, params, chirp=True, 5788 duplicate=True) 5789 finally: 5790 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5791 dev[1].request("DPP_CONTROLLER_STOP") 5792 5793def test_dpp_controller_relay_discover(dev, apdev, params): 5794 """DPP Controller/Relay with need to discover Controller""" 5795 try: 5796 run_dpp_controller_relay(dev, apdev, params, chirp=True, discover=True) 5797 finally: 5798 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5799 dev[1].request("DPP_CONTROLLER_STOP") 5800 5801def run_dpp_controller_relay(dev, apdev, params, chirp=False, discover=False, 5802 duplicate=False): 5803 check_dpp_capab(dev[0], min_ver=2) 5804 check_dpp_capab(dev[1], min_ver=2) 5805 cap_lo = params['prefix'] + ".lo.pcap" 5806 5807 with WlantestCapture('lo', cap_lo): 5808 run_dpp_controller_relay2(dev, apdev, params, chirp, discover, 5809 duplicate) 5810 5811def run_dpp_controller_relay2(dev, apdev, params, chirp=False, discover=False, 5812 duplicate=False): 5813 # Controller 5814 conf_id = dev[1].dpp_configurator_add() 5815 dev[1].set("dpp_configurator_params", 5816 "conf=sta-dpp configurator=%d" % conf_id) 5817 id_c = dev[1].dpp_bootstrap_gen() 5818 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c) 5819 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c) 5820 pkhash = None 5821 for line in res.splitlines(): 5822 name, value = line.split('=') 5823 if name == "pkhash": 5824 pkhash = value 5825 break 5826 if not pkhash: 5827 raise Exception("Could not fetch public key hash from Controller") 5828 if "OK" not in dev[1].request("DPP_CONTROLLER_START"): 5829 raise Exception("Failed to start Controller") 5830 5831 # Relay 5832 params = {"ssid": "unconfigured", 5833 "channel": "6"} 5834 if discover: 5835 params["dpp_relay_port"] = "11111" 5836 else: 5837 params["dpp_controller"] = "ipaddr=127.0.0.1 pkhash=" + pkhash 5838 if chirp: 5839 params["channel"] = "11" 5840 params["dpp_configurator_connectivity"] = "1" 5841 relay = hostapd.add_ap(apdev[1], params) 5842 check_dpp_capab(relay) 5843 5844 # Enroll Relay to the network 5845 # TODO: Do this over TCP once direct Enrollee-over-TCP case is supported 5846 if chirp: 5847 id_h = relay.dpp_bootstrap_gen(chan="81/11", mac=True) 5848 else: 5849 id_h = relay.dpp_bootstrap_gen(chan="81/6", mac=True) 5850 uri_r = relay.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 5851 dev[1].dpp_auth_init(uri=uri_r, conf="ap-dpp", configurator=conf_id) 5852 wait_auth_success(relay, dev[1], configurator=dev[1], enrollee=relay) 5853 update_hapd_config(relay) 5854 5855 dev[0].flush_scan_cache() 5856 5857 # Initiate from Enrollee with broadcast DPP Authentication Request or 5858 # using chirping 5859 dev[0].set("dpp_config_processing", "2") 5860 if chirp: 5861 id1 = dev[0].dpp_bootstrap_gen() 5862 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 5863 idc = dev[1].dpp_qr_code(uri) 5864 dev[1].dpp_bootstrap_set(idc, conf="sta-dpp", configurator=conf_id) 5865 if duplicate: 5866 relay.set("ext_mgmt_frame_handling", "1") 5867 if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=5" % id1): 5868 raise Exception("DPP_CHIRP failed") 5869 if duplicate: 5870 for i in range(10): 5871 msg = relay.mgmt_rx(timeout=30) 5872 if msg is None: 5873 raise Exception("MGMT RX wait timed out") 5874 relay.request("MGMT_RX_PROCESS freq=2462 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(msg['frame']).decode()) 5875 if msg['subtype'] == 13: 5876 # Process duplicate Presence Announcement 5877 relay.request("MGMT_RX_PROCESS freq=2462 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(msg['frame']).decode()) 5878 break 5879 relay.set("ext_mgmt_frame_handling", "0") 5880 ev = relay.wait_event(["DPP-RX"], timeout=30) 5881 if ev is None: 5882 raise Exception("Presence Announcement not seen") 5883 if "type=13" not in ev: 5884 raise Exception("Unexpected DPP frame received: " + ev) 5885 else: 5886 dev[0].dpp_auth_init(uri=uri_c, role="enrollee") 5887 if discover: 5888 ev = relay.wait_event(["DPP-RELAY-NEEDS-CONTROLLER"], timeout=30) 5889 if ev is None: 5890 raise Exception("Relay did not indicate need for a Controller") 5891 cmd = "DPP_RELAY_ADD_CONTROLLER 127.0.0.1 " + pkhash 5892 if "OK" not in relay.request(cmd): 5893 raise Exception("Could not add Controller to Relay") 5894 5895 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0], 5896 allow_enrollee_failure=True, 5897 allow_configurator_failure=True, 5898 timeout=100 if discover else 5) 5899 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 5900 if ev is None: 5901 raise Exception("DPP network id not reported") 5902 network = int(ev.split(' ')[1]) 5903 dev[0].wait_connected() 5904 relay.wait_sta() 5905 dev[0].dump_monitor() 5906 dev[0].request("DISCONNECT") 5907 dev[0].wait_disconnected() 5908 dev[0].dump_monitor() 5909 relay.wait_sta_disconnect() 5910 5911 if "OK" not in dev[0].request("DPP_RECONFIG %s" % network): 5912 raise Exception("Failed to start reconfiguration") 5913 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=15) 5914 if ev is None: 5915 raise Exception("DPP network id not reported for reconfiguration") 5916 network2 = int(ev.split(' ')[1]) 5917 if network == network2: 5918 raise Exception("Network ID did not change") 5919 dev[0].wait_connected() 5920 relay.wait_sta() 5921 5922def test_dpp_controller_init_through_relay(dev, apdev, params): 5923 """DPP Controller initiating through Relay""" 5924 try: 5925 run_dpp_controller_init_through_relay(dev, apdev, params) 5926 finally: 5927 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5928 dev[1].request("DPP_CONTROLLER_STOP") 5929 5930def test_dpp_controller_init_through_relay_dynamic(dev, apdev, params): 5931 """DPP Controller initiating through Relay (dynamic addition)""" 5932 try: 5933 run_dpp_controller_init_through_relay(dev, apdev, params, dynamic=True) 5934 finally: 5935 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5936 dev[1].request("DPP_CONTROLLER_STOP") 5937 5938def test_dpp_controller_init_through_relay_add(dev, apdev, params): 5939 """DPP Controller initiating through Relay (add Controller connection)""" 5940 try: 5941 run_dpp_controller_init_through_relay(dev, apdev, params, add=True) 5942 finally: 5943 dev[0].set("dpp_config_processing", "0", allow_fail=True) 5944 dev[1].request("DPP_CONTROLLER_STOP") 5945 5946def run_dpp_controller_init_through_relay(dev, apdev, params, dynamic=False, 5947 add=False): 5948 check_dpp_capab(dev[0], min_ver=2) 5949 check_dpp_capab(dev[1], min_ver=2) 5950 cap_lo = os.path.join(params['prefix'], ".lo.pcap") 5951 5952 with WlantestCapture('lo', cap_lo): 5953 run_dpp_controller_init_through_relay2(dev, apdev, params, dynamic, 5954 add) 5955 5956def run_dpp_controller_init_through_relay2(dev, apdev, params, dynamic=False, 5957 add=False): 5958 # Controller 5959 conf_id = dev[1].dpp_configurator_add() 5960 dev[1].set("dpp_configurator_params", 5961 "conf=sta-dpp configurator=%d" % conf_id) 5962 if not dynamic: 5963 id_c = dev[1].dpp_bootstrap_gen() 5964 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c) 5965 pkhash = None 5966 for line in res.splitlines(): 5967 name, value = line.split('=') 5968 if name == "pkhash": 5969 pkhash = value 5970 break 5971 if not pkhash: 5972 raise Exception("Could not fetch public key hash from Controller") 5973 if "OK" not in dev[1].request("DPP_CONTROLLER_START"): 5974 raise Exception("Failed to start Controller") 5975 5976 # Relay 5977 port = 11111 5978 params = {"ssid": "unconfigured", 5979 "channel": "6", 5980 "dpp_relay_port": str(port)} 5981 if not dynamic and not add: 5982 params["dpp_controller"] = "ipaddr=127.0.0.1 pkhash=" + pkhash 5983 relay = hostapd.add_ap(apdev[0], params) 5984 check_dpp_capab(relay) 5985 5986 # Enroll Relay to the network 5987 # TODO: Do this over TCP once direct Enrollee-over-TCP case is supported 5988 id_h = relay.dpp_bootstrap_gen(chan="81/6", mac=True) 5989 uri_r = relay.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 5990 dev[1].dpp_auth_init(uri=uri_r, conf="ap-dpp", configurator=conf_id) 5991 wait_auth_success(relay, dev[1], configurator=dev[1], enrollee=relay) 5992 update_hapd_config(relay) 5993 5994 dev[0].flush_scan_cache() 5995 5996 # Initiate from Controller with broadcast DPP Authentication Request 5997 dev[0].set("dpp_config_processing", "2") 5998 dev[0].dpp_listen(2437) 5999 id_e = dev[0].dpp_bootstrap_gen() 6000 uri_e = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id_e) 6001 dev[1].dpp_auth_init(uri=uri_e, conf="sta-dpp", configurator=conf_id, 6002 tcp_addr="127.0.0.1", tcp_port=str(port)) 6003 wait_auth_success(dev[1], dev[0], configurator=dev[1], enrollee=dev[0], 6004 allow_enrollee_failure=True, 6005 allow_configurator_failure=True) 6006 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 6007 if ev is None: 6008 raise Exception("DPP network id not reported") 6009 network = int(ev.split(' ')[1]) 6010 dev[0].wait_connected() 6011 relay.wait_sta() 6012 dev[0].dump_monitor() 6013 dev[0].request("DISCONNECT") 6014 dev[0].wait_disconnected() 6015 relay.wait_sta_disconnect() 6016 dev[0].dump_monitor() 6017 6018 if add: 6019 cmd = "DPP_RELAY_ADD_CONTROLLER 127.0.0.1 " + pkhash 6020 if "OK" not in relay.request(cmd): 6021 raise Exception("Could not add Controller to Relay") 6022 if not dynamic: 6023 if "OK" not in dev[0].request("DPP_RECONFIG %s" % network): 6024 raise Exception("Failed to start reconfiguration") 6025 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=15) 6026 if ev is None: 6027 raise Exception("DPP network id not reported for reconfiguration") 6028 network2 = int(ev.split(' ')[1]) 6029 if network == network2: 6030 raise Exception("Network ID did not change") 6031 dev[0].wait_connected() 6032 if add: 6033 relay.request("DPP_RELAY_REMOVE_CONTROLLER 127.0.0.1") 6034 6035class MyTCPServer(TCPServer): 6036 def __init__(self, addr, handler): 6037 self.allow_reuse_address = True 6038 TCPServer.__init__(self, addr, handler) 6039 6040class DPPControllerServer(StreamRequestHandler): 6041 def handle(self): 6042 data = self.rfile.read() 6043 # Do not reply 6044 6045def test_dpp_relay_incomplete_connections(dev, apdev): 6046 """DPP Relay and incomplete connections""" 6047 check_dpp_capab(dev[0], min_ver=2) 6048 check_dpp_capab(dev[1], min_ver=2) 6049 6050 id_c = dev[1].dpp_bootstrap_gen() 6051 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c) 6052 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c) 6053 pkhash = None 6054 for line in res.splitlines(): 6055 name, value = line.split('=') 6056 if name == "pkhash": 6057 pkhash = value 6058 break 6059 if not pkhash: 6060 raise Exception("Could not fetch public key hash from Controller") 6061 6062 params = {"ssid": "unconfigured", 6063 "channel": "6", 6064 "dpp_controller": "ipaddr=127.0.0.1 pkhash=" + pkhash} 6065 hapd = hostapd.add_ap(apdev[0], params) 6066 check_dpp_capab(hapd) 6067 6068 server = MyTCPServer(("127.0.0.1", 8908), DPPControllerServer) 6069 server.timeout = 30 6070 6071 hapd.set("ext_mgmt_frame_handling", "1") 6072 dev[0].dpp_auth_init(uri=uri_c, role="enrollee") 6073 msg = hapd.mgmt_rx() 6074 if msg is None: 6075 raise Exception("MGMT RX wait timed out") 6076 dev[0].request("DPP_STOP_LISTEN") 6077 frame = msg['frame'] 6078 for i in range(20): 6079 if i == 14: 6080 time.sleep(20) 6081 addr = struct.pack('6B', 0x02, 0, 0, 0, 0, i) 6082 tmp = frame[0:10] + addr + frame[16:] 6083 hapd.request("MGMT_RX_PROCESS freq=2412 datarate=0 ssi_signal=-30 frame=" + binascii.hexlify(tmp).decode()) 6084 ev = hapd.wait_event(["DPP-FAIL"], timeout=0.1) 6085 if ev: 6086 raise Exception("DPP relay failed [%d]: %s" % (i + 1, ev)) 6087 6088 server.server_close() 6089 6090def test_dpp_tcp(dev, apdev, params): 6091 """DPP over TCP""" 6092 prefix = "dpp_tcp" 6093 cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap") 6094 try: 6095 run_dpp_tcp(dev[0], dev[1], cap_lo) 6096 finally: 6097 dev[1].request("DPP_CONTROLLER_STOP") 6098 6099def test_dpp_tcp_port(dev, apdev, params): 6100 """DPP over TCP and specified port""" 6101 prefix = "dpp_tcp_port" 6102 cap_lo = os.path.join(params['logdir'], prefix + ".lo.pcap") 6103 try: 6104 run_dpp_tcp(dev[0], dev[1], cap_lo, port="23456") 6105 finally: 6106 dev[1].request("DPP_CONTROLLER_STOP") 6107 6108def test_dpp_tcp_mutual(dev, apdev, params): 6109 """DPP over TCP (mutual)""" 6110 cap_lo = os.path.join(params['prefix'], ".lo.pcap") 6111 try: 6112 run_dpp_tcp(dev[0], dev[1], cap_lo, mutual=True) 6113 finally: 6114 dev[1].request("DPP_CONTROLLER_STOP") 6115 6116def test_dpp_tcp_mutual_hostapd_conf(dev, apdev, params): 6117 """DPP over TCP (mutual, hostapd as Configurator)""" 6118 cap_lo = os.path.join(params['prefix'], ".lo.pcap") 6119 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 6120 run_dpp_tcp(dev[0], hapd, cap_lo, mutual=True) 6121 6122def run_dpp_tcp(dev0, dev1, cap_lo, port=None, mutual=False): 6123 check_dpp_capab(dev0) 6124 check_dpp_capab(dev1) 6125 6126 with WlantestCapture('lo', cap_lo): 6127 run_dpp_tcp2(dev0, dev1, cap_lo, port, mutual) 6128 6129def run_dpp_tcp2(dev0, dev1, cap_lo, port=None, mutual=False): 6130 # Controller 6131 conf_id = dev1.dpp_configurator_add() 6132 dev1.set("dpp_configurator_params", 6133 " conf=sta-dpp configurator=%d" % conf_id) 6134 id_c = dev1.dpp_bootstrap_gen() 6135 uri_c = dev1.request("DPP_BOOTSTRAP_GET_URI %d" % id_c) 6136 res = dev1.request("DPP_BOOTSTRAP_INFO %d" % id_c) 6137 pkhash = None 6138 for line in res.splitlines(): 6139 name, value = line.split('=') 6140 if name == "pkhash": 6141 pkhash = value 6142 break 6143 if not pkhash: 6144 raise Exception("Could not fetch public key hash from Controller") 6145 req = "DPP_CONTROLLER_START" 6146 if port: 6147 req += " tcp_port=" + port 6148 if mutual: 6149 req += " qr=mutual" 6150 id0 = dev0.dpp_bootstrap_gen() 6151 uri0 = dev0.request("DPP_BOOTSTRAP_GET_URI %d" % id0) 6152 own = id0 6153 else: 6154 own = None 6155 if "OK" not in dev1.request(req): 6156 raise Exception("Failed to start Controller") 6157 6158 # Initiate from Enrollee with broadcast DPP Authentication Request 6159 dev0.dpp_auth_init(uri=uri_c, own=own, role="enrollee", 6160 tcp_addr="127.0.0.1", tcp_port=port) 6161 6162 if mutual: 6163 ev = dev0.wait_event(["DPP-RESPONSE-PENDING"], timeout=5) 6164 if ev is None: 6165 raise Exception("Pending response not reported") 6166 ev = dev1.wait_event(["DPP-SCAN-PEER-QR-CODE"], timeout=5) 6167 if ev is None: 6168 raise Exception("QR Code scan for mutual authentication not requested") 6169 6170 time.sleep(0.1) 6171 6172 id1 = dev1.dpp_qr_code(uri0) 6173 6174 ev = dev0.wait_event(["DPP-AUTH-DIRECTION"], timeout=5) 6175 if ev is None: 6176 raise Exception("DPP authentication direction not indicated (Initiator)") 6177 if "mutual=1" not in ev: 6178 raise Exception("Mutual authentication not used") 6179 6180 wait_auth_success(dev1, dev0, configurator=dev1, enrollee=dev0, 6181 allow_enrollee_failure=True, 6182 allow_configurator_failure=True) 6183 6184def test_dpp_tcp_conf_init(dev, apdev, params): 6185 """DPP over TCP (Configurator initiates)""" 6186 cap_lo = os.path.join(params['prefix'], ".lo.pcap") 6187 try: 6188 run_dpp_tcp_conf_init(dev[0], dev[1], cap_lo) 6189 finally: 6190 dev[1].request("DPP_CONTROLLER_STOP") 6191 6192def test_dpp_tcp_conf_init_hostapd_enrollee(dev, apdev, params): 6193 """DPP over TCP (Configurator initiates, hostapd as Enrollee)""" 6194 cap_lo = os.path.join(params['prefix'], ".lo.pcap") 6195 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 6196 run_dpp_tcp_conf_init(dev[0], hapd, cap_lo, conf="ap-dpp") 6197 6198def run_dpp_tcp_conf_init(dev0, dev1, cap_lo, port=None, conf="sta-dpp"): 6199 check_dpp_capab(dev0, min_ver=2) 6200 check_dpp_capab(dev1, min_ver=2) 6201 6202 with WlantestCapture('lo', cap_lo): 6203 run_dpp_tcp_conf_init2(dev0, dev1, cap_lo, port, conf) 6204 6205def run_dpp_tcp_conf_init2(dev0, dev1, cap_lo, port=None, conf="sta-dpp"): 6206 id_c = dev1.dpp_bootstrap_gen() 6207 uri_c = dev1.request("DPP_BOOTSTRAP_GET_URI %d" % id_c) 6208 res = dev1.request("DPP_BOOTSTRAP_INFO %d" % id_c) 6209 req = "DPP_CONTROLLER_START role=enrollee" 6210 if port: 6211 req += " tcp_port=" + port 6212 if "OK" not in dev1.request(req): 6213 raise Exception("Failed to start Controller") 6214 6215 conf_id = dev0.dpp_configurator_add() 6216 dev0.dpp_auth_init(uri=uri_c, role="configurator", conf=conf, 6217 configurator=conf_id, 6218 tcp_addr="127.0.0.1", tcp_port=port) 6219 wait_auth_success(dev1, dev0, configurator=dev0, enrollee=dev1, 6220 allow_enrollee_failure=True, 6221 allow_configurator_failure=True) 6222 6223def test_dpp_tcp_controller_management_hostapd(dev, apdev, params): 6224 """DPP Controller management in hostapd""" 6225 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 6226 check_dpp_capab(hapd) 6227 conf_id = hapd.dpp_configurator_add() 6228 if "OK" not in hapd.request("DPP_CONTROLLER_START"): 6229 raise Exception("Failed to start Controller") 6230 if "FAIL" not in hapd.request("DPP_CONTROLLER_START"): 6231 raise Exception("DPP_CONTROLLER_START succeeded while already running Controller") 6232 hapd.request("DPP_CONTROLLER_STOP") 6233 hapd.dpp_configurator_remove(conf_id) 6234 if "FAIL" not in hapd.request("DPP_CONFIGURATOR_REMOVE %d" % conf_id): 6235 raise Exception("Removal of unknown Configurator accepted") 6236 6237def test_dpp_tcp_controller_management_hostapd2(dev, apdev, params): 6238 """DPP Controller management in hostapd over interface addition/removal""" 6239 check_dpp_capab(dev[0], min_ver=2) 6240 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 6241 check_dpp_capab(hapd, min_ver=2) 6242 hapd2 = hostapd.add_ap(apdev[1], {"ssid": "unconfigured"}) 6243 check_dpp_capab(hapd2, min_ver=2) 6244 id_c = hapd.dpp_bootstrap_gen() 6245 uri_c = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_c) 6246 if "OK" not in hapd.request("DPP_CONTROLLER_START role=enrollee"): 6247 raise Exception("Failed to start Controller") 6248 6249 conf_id = dev[0].dpp_configurator_add() 6250 dev[0].dpp_auth_init(uri=uri_c, role="configurator", conf="sta-dpp", 6251 configurator=conf_id, tcp_addr="127.0.0.1") 6252 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5) 6253 if ev is None: 6254 raise Exception("DPP Authentication did not succeed") 6255 ev = dev[0].wait_event(["DPP-CONF-SENT"], timeout=5) 6256 if ev is None: 6257 raise Exception("DPP Configuration did not succeed") 6258 6259 hapd_global = hostapd.HostapdGlobal(apdev) 6260 hapd_global.remove(apdev[0]['ifname']) 6261 6262 dev[0].dpp_auth_init(uri=uri_c, role="configurator", conf="sta-dpp", 6263 configurator=conf_id, tcp_addr="127.0.0.1") 6264 ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5) 6265 if ev is not None: 6266 raise Exception("Unexpected DPP Authentication success") 6267 6268def test_dpp_tcp_controller_start_failure(dev, apdev, params): 6269 """DPP Controller startup failure""" 6270 check_dpp_capab(dev[0]) 6271 6272 try: 6273 if "OK" not in dev[0].request("DPP_CONTROLLER_START"): 6274 raise Exception("Could not start Controller") 6275 if "OK" in dev[0].request("DPP_CONTROLLER_START"): 6276 raise Exception("Second Controller start not rejected") 6277 finally: 6278 dev[0].request("DPP_CONTROLLER_STOP") 6279 6280 tests = ["dpp_controller_start", 6281 "eloop_sock_table_add_sock;?eloop_register_sock;dpp_controller_start"] 6282 for func in tests: 6283 with alloc_fail(dev[0], 1, func): 6284 if "FAIL" not in dev[0].request("DPP_CONTROLLER_START"): 6285 raise Exception("Failure not reported during OOM") 6286 6287def test_dpp_tcp_init_failure(dev, apdev, params): 6288 """DPP TCP init failure""" 6289 check_dpp_capab(dev[0]) 6290 check_dpp_capab(dev[1]) 6291 id_c = dev[1].dpp_bootstrap_gen() 6292 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c) 6293 peer = dev[0].dpp_qr_code(uri_c) 6294 tests = ["dpp_tcp_init", 6295 "eloop_sock_table_add_sock;?eloop_register_sock;dpp_tcp_init", 6296 "dpp_tcp_encaps"] 6297 cmd = "DPP_AUTH_INIT peer=%d tcp_addr=127.0.0.1" % peer 6298 for func in tests: 6299 with alloc_fail(dev[0], 1, func): 6300 if "FAIL" not in dev[0].request(cmd): 6301 raise Exception("DPP_AUTH_INIT accepted during OOM") 6302 6303def test_dpp_controller_rx_failure(dev, apdev, params): 6304 """DPP Controller RX failure""" 6305 check_dpp_capab(dev[0]) 6306 check_dpp_capab(dev[1]) 6307 try: 6308 run_dpp_controller_rx_failure(dev, apdev) 6309 finally: 6310 dev[0].request("DPP_CONTROLLER_STOP") 6311 6312def run_dpp_controller_rx_failure(dev, apdev): 6313 if "OK" not in dev[0].request("DPP_CONTROLLER_START"): 6314 raise Exception("Could not start Controller") 6315 id_c = dev[0].dpp_bootstrap_gen() 6316 uri_c = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id_c) 6317 peer = dev[1].dpp_qr_code(uri_c) 6318 tests = ["dpp_controller_tcp_cb", 6319 "eloop_sock_table_add_sock;?eloop_register_sock;dpp_controller_tcp_cb", 6320 "dpp_controller_rx", 6321 "dpp_controller_rx_auth_req", 6322 "wpabuf_alloc;=dpp_tcp_send_msg;dpp_controller_rx_auth_req"] 6323 cmd = "DPP_AUTH_INIT peer=%d tcp_addr=127.0.0.1" % peer 6324 for func in tests: 6325 with alloc_fail(dev[0], 1, func): 6326 if "OK" not in dev[1].request(cmd): 6327 raise Exception("Failed to initiate TCP connection") 6328 wait_fail_trigger(dev[0], "GET_ALLOC_FAIL") 6329 6330def test_dpp_controller_rx_errors(dev, apdev, params): 6331 """DPP Controller RX error cases""" 6332 check_dpp_capab(dev[0]) 6333 check_dpp_capab(dev[1]) 6334 try: 6335 run_dpp_controller_rx_errors(dev, apdev) 6336 finally: 6337 dev[0].request("DPP_CONTROLLER_STOP") 6338 6339def run_dpp_controller_rx_errors(dev, apdev): 6340 if "OK" not in dev[0].request("DPP_CONTROLLER_START"): 6341 raise Exception("Could not start Controller") 6342 6343 addr = ("127.0.0.1", 8908) 6344 6345 tests = [b"abc", 6346 b"abcd", 6347 b"\x00\x00\x00\x00", 6348 b"\x00\x00\x00\x01", 6349 b"\x00\x00\x00\x01\x09", 6350 b"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\xff\xff", 6351 b"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\x01\xff", 6352 b"\x00\x00\x00\x07\x09\x50\x6f\x9a\x1a\x01\x00", 6353 b"\x00\x00\x00\x08\x09\x50\x6f\x9a\x1a\x01\x00\xff", 6354 b"\x00\x00\x00\x01\x0a", 6355 b"\x00\x00\x00\x04\x0a\xff\xff\xff", 6356 b"\x00\x00\x00\x01\x0b", 6357 b"\x00\x00\x00\x08\x0b\xff\xff\xff\xff\xff\xff\xff", 6358 b"\x00\x00\x00\x08\x0b\xff\x00\x00\xff\xff\xff\xff", 6359 b"\x00\x00\x00\x08\x0b\xff\x00\x00\xff\xff\x6c\x00", 6360 b"\x00\x00\x00\x0a\x0b\xff\x00\x00\xff\xff\x6c\x02\xff\xff", 6361 b"\x00\x00\x00\x10\x0b\xff\x00\x00\xff\xff\x6c\x08\xff\xdd\x05\x50\x6f\x9a\x1a\x01", 6362 b"\x00\x00\x00\x12\x0b\xff\x00\x00\xff\xff\x6c\x08\xff\xdd\x05\x50\x6f\x9a\x1a\x01\x00\x00", 6363 b"\x00\x00\x00\x01\xff", 6364 b"\x00\x00\x00\x01\xff\xee"] 6365 #define WLAN_PA_GAS_INITIAL_REQ 10 6366 #define WLAN_PA_GAS_INITIAL_RESP 11 6367 6368 for t in tests: 6369 sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM, 6370 socket.IPPROTO_TCP) 6371 sock.settimeout(0.1) 6372 sock.connect(addr) 6373 sock.send(t) 6374 sock.shutdown(1) 6375 try: 6376 sock.recv(10) 6377 except socket.timeout: 6378 pass 6379 sock.close() 6380 6381def test_dpp_conn_status_success(dev, apdev): 6382 """DPP connection status - success""" 6383 try: 6384 run_dpp_conn_status(dev, apdev) 6385 finally: 6386 dev[0].set("dpp_config_processing", "0", allow_fail=True) 6387 6388def test_dpp_conn_status_wrong_passphrase(dev, apdev): 6389 """DPP connection status - wrong passphrase""" 6390 try: 6391 run_dpp_conn_status(dev, apdev, result=2) 6392 finally: 6393 dev[0].set("dpp_config_processing", "0", allow_fail=True) 6394 6395def test_dpp_conn_status_no_ap(dev, apdev): 6396 """DPP connection status - no AP""" 6397 try: 6398 run_dpp_conn_status(dev, apdev, result=10) 6399 finally: 6400 dev[0].set("dpp_config_processing", "0", allow_fail=True) 6401 6402def test_dpp_conn_status_connector_mismatch(dev, apdev): 6403 """DPP connection status - invalid Connector""" 6404 try: 6405 run_dpp_conn_status(dev, apdev, result=8) 6406 finally: 6407 dev[0].set("dpp_config_processing", "0", allow_fail=True) 6408 6409def test_dpp_conn_status_assoc_reject(dev, apdev): 6410 """DPP connection status - association rejection""" 6411 try: 6412 dev[0].request("TEST_ASSOC_IE 30020000") 6413 run_dpp_conn_status(dev, apdev, assoc_reject=True) 6414 finally: 6415 dev[0].set("dpp_config_processing", "0", allow_fail=True) 6416 6417def run_dpp_conn_status(dev, apdev, result=0, assoc_reject=False): 6418 check_dpp_capab(dev[0], min_ver=2) 6419 check_dpp_capab(dev[1], min_ver=2) 6420 6421 if result != 10: 6422 if result == 7 or result == 8: 6423 params = {"ssid": "dpp-status", 6424 "wpa": "2", 6425 "wpa_key_mgmt": "DPP", 6426 "ieee80211w": "2", 6427 "rsn_pairwise": "CCMP", 6428 "dpp_connector": params1_ap_connector, 6429 "dpp_csign": params1_csign, 6430 "dpp_netaccesskey": params1_ap_netaccesskey} 6431 else: 6432 if result == 2: 6433 passphrase = "wrong passphrase" 6434 else: 6435 passphrase = "secret passphrase" 6436 params = hostapd.wpa2_params(ssid="dpp-status", 6437 passphrase=passphrase) 6438 try: 6439 hapd = hostapd.add_ap(apdev[0], params) 6440 except: 6441 raise HwsimSkip("DPP not supported") 6442 6443 dev[0].request("SET sae_groups ") 6444 dev[0].set("dpp_config_processing", "2") 6445 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 6446 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 6447 6448 dev[0].dpp_listen(2412) 6449 if result == 7 or result == 8: 6450 conf = 'sta-dpp' 6451 passphrase = None 6452 configurator = dev[1].dpp_configurator_add() 6453 else: 6454 conf = 'sta-psk' 6455 passphrase = "secret passphrase" 6456 configurator = None 6457 dev[1].dpp_auth_init(uri=uri0, conf=conf, ssid="dpp-status", 6458 passphrase=passphrase, configurator=configurator, 6459 conn_status=True) 6460 res = wait_auth_success(dev[0], dev[1], configurator=dev[1], 6461 enrollee=dev[0]) 6462 if 'wait_conn_status' not in res: 6463 raise Exception("Configurator did not request connection status") 6464 6465 if assoc_reject and result == 0: 6466 result = 2 6467 ev = dev[1].wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20) 6468 if ev is None: 6469 raise Exception("No connection status reported") 6470 if "timeout" in ev: 6471 raise Exception("Connection status result timeout") 6472 if "result=%d" % result not in ev: 6473 raise Exception("Unexpected connection status result: " + ev) 6474 if "ssid=dpp-status" not in ev: 6475 raise Exception("SSID not reported") 6476 6477 if result == 0: 6478 dev[0].wait_connected() 6479 if result == 10 and "channel_list=" not in ev: 6480 raise Exception("Channel list not reported for no-AP") 6481 6482def test_dpp_conn_status_success_hostapd_configurator(dev, apdev): 6483 """DPP connection status - success with hostapd as Configurator""" 6484 try: 6485 run_dpp_conn_status_hostapd_configurator(dev, apdev) 6486 finally: 6487 dev[0].set("dpp_config_processing", "0", allow_fail=True) 6488 6489def run_dpp_conn_status_hostapd_configurator(dev, apdev): 6490 check_dpp_capab(dev[0]) 6491 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 6492 "channel": "1"}) 6493 check_dpp_capab(hapd) 6494 conf_id = hapd.dpp_configurator_add() 6495 6496 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d" % conf_id 6497 res = hapd.request(cmd) 6498 if "FAIL" in res: 6499 raise Exception("Failed to generate own configuration") 6500 update_hapd_config(hapd) 6501 6502 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 6503 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 6504 id1 = hapd.dpp_qr_code(uri0) 6505 res = hapd.request("DPP_BOOTSTRAP_INFO %d" % id1) 6506 if "FAIL" in res: 6507 raise Exception("DPP_BOOTSTRAP_INFO failed") 6508 if "type=QRCODE" not in res: 6509 raise Exception("DPP_BOOTSTRAP_INFO did not report correct type") 6510 if "mac_addr=" + dev[0].own_addr() not in res: 6511 raise Exception("DPP_BOOTSTRAP_INFO did not report correct mac_addr") 6512 dev[0].set("dpp_config_processing", "2") 6513 dev[0].dpp_listen(2412) 6514 hapd.dpp_auth_init(peer=id1, configurator=conf_id, conf="sta-dpp", 6515 conn_status=True) 6516 res = wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0]) 6517 if 'wait_conn_status' not in res: 6518 raise Exception("Configurator did not request connection status") 6519 ev = hapd.wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20) 6520 if ev is None: 6521 raise Exception("No connection status reported") 6522 if "result=0" not in ev: 6523 raise Exception("Unexpected connection status: " + ev) 6524 6525def test_dpp_mud_url(dev, apdev): 6526 """DPP MUD URL""" 6527 check_dpp_capab(dev[0]) 6528 try: 6529 dev[0].set("dpp_name", "Test Enrollee") 6530 dev[0].set("dpp_mud_url", "https://example.com/mud") 6531 run_dpp_qr_code_auth_unicast(dev, apdev, None) 6532 finally: 6533 dev[0].set("dpp_mud_url", "") 6534 dev[0].set("dpp_name", "Test") 6535 6536def test_dpp_mud_url_hostapd(dev, apdev): 6537 """DPP MUD URL from hostapd""" 6538 check_dpp_capab(dev[0]) 6539 check_dpp_capab(dev[1]) 6540 params = {"ssid": "unconfigured", 6541 "dpp_name": "AP Enrollee", 6542 "dpp_mud_url": "https://example.com/mud"} 6543 hapd = hostapd.add_ap(apdev[0], params) 6544 check_dpp_capab(hapd) 6545 6546 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 6547 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 6548 6549 conf_id = dev[0].dpp_configurator_add() 6550 dev[0].dpp_auth_init(uri=uri, conf="ap-dpp", configurator=conf_id) 6551 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd) 6552 update_hapd_config(hapd) 6553 6554def test_dpp_config_save(dev, apdev, params): 6555 """DPP configuration saving""" 6556 config = os.path.join(params['logdir'], 'dpp_config_save.conf') 6557 run_dpp_config_save(dev, apdev, config, "test", '"test"') 6558 6559def test_dpp_config_save2(dev, apdev, params): 6560 """DPP configuration saving (2)""" 6561 config = os.path.join(params['logdir'], 'dpp_config_save2.conf') 6562 run_dpp_config_save(dev, apdev, config, "\\u0001*", '012a') 6563 6564def test_dpp_config_save3(dev, apdev, params): 6565 """DPP configuration saving (3)""" 6566 config = os.path.join(params['logdir'], 'dpp_config_save3.conf') 6567 run_dpp_config_save(dev, apdev, config, "\\u0001*\\u00c2\\u00bc\\u00c3\\u009e\\u00c3\\u00bf", '012ac2bcc39ec3bf') 6568 6569def run_dpp_config_save(dev, apdev, config, conf_ssid, exp_ssid): 6570 check_dpp_capab(dev[1]) 6571 with open(config, "w") as f: 6572 f.write("update_config=1\n" + 6573 "dpp_config_processing=1\n") 6574 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 6575 wpas.interface_add("wlan5", config=config) 6576 check_dpp_capab(wpas) 6577 conf = '{"wi-fi_tech":"infra", "discovery":{"ssid":"' + conf_ssid + '"},"cred":{"akm":"psk","pass":"secret passphrase"}}' 6578 dev[1].set("dpp_config_obj_override", conf) 6579 dpp_dev = [wpas, dev[1]] 6580 run_dpp_qr_code_auth_unicast(dpp_dev, apdev, "prime256v1", 6581 require_conf_success=True) 6582 if "OK" not in wpas.request("SAVE_CONFIG"): 6583 raise Exception("Failed to save configuration file") 6584 with open(config, "r") as f: 6585 data = f.read() 6586 logger.info("Saved configuration:\n" + data) 6587 if 'ssid=' + exp_ssid + '\n' not in data: 6588 raise Exception("SSID not saved") 6589 if 'psk="secret passphrase"' not in data: 6590 raise Exception("Passphtase not saved") 6591 6592def test_dpp_nfc_uri(dev, apdev): 6593 """DPP bootstrapping via NFC URI record""" 6594 check_dpp_capab(dev[0]) 6595 check_dpp_capab(dev[1]) 6596 6597 id = dev[0].dpp_bootstrap_gen(type="nfc-uri", chan="81/1", mac=True) 6598 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id) 6599 logger.info("Generated URI: " + uri) 6600 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id) 6601 logger.info("Bootstrapping info:\n" + info) 6602 if "type=NFC-URI" not in info: 6603 raise Exception("Unexpected bootstrapping info contents") 6604 6605 dev[0].dpp_listen(2412) 6606 conf_id = dev[1].dpp_configurator_add() 6607 dev[1].dpp_auth_init(nfc_uri=uri, configurator=conf_id, conf="sta-dpp") 6608 wait_auth_success(dev[0], dev[1], configurator=dev[1], enrollee=dev[0]) 6609 6610def test_dpp_nfc_uri_hostapd(dev, apdev): 6611 """DPP bootstrapping via NFC URI record (hostapd)""" 6612 check_dpp_capab(dev[0]) 6613 6614 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 6615 check_dpp_capab(hapd) 6616 6617 id = hapd.dpp_bootstrap_gen(type="nfc-uri", chan="81/1", mac=True) 6618 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id) 6619 logger.info("Generated URI: " + uri) 6620 info = hapd.request("DPP_BOOTSTRAP_INFO %d" % id) 6621 logger.info("Bootstrapping info:\n" + info) 6622 if "type=NFC-URI" not in info: 6623 raise Exception("Unexpected bootstrapping info contents") 6624 6625 hapd.dpp_listen(2412) 6626 conf_id = dev[0].dpp_configurator_add() 6627 dev[0].dpp_auth_init(nfc_uri=uri, configurator=conf_id, conf="ap-dpp") 6628 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd) 6629 6630def test_dpp_nfc_uri_hostapd_tag_read(dev, apdev): 6631 """DPP bootstrapping via NFC URI record (hostapd reading tag)""" 6632 check_dpp_capab(dev[0]) 6633 6634 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 6635 check_dpp_capab(hapd) 6636 6637 id = dev[0].dpp_bootstrap_gen(type="nfc-uri", chan="81/1", mac=True) 6638 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id) 6639 info = dev[0].request("DPP_BOOTSTRAP_INFO %d" % id) 6640 conf_id = dev[0].dpp_configurator_add() 6641 dev[0].set("dpp_configurator_params", 6642 "conf=ap-dpp configurator=%d" % conf_id) 6643 dev[0].dpp_listen(2412) 6644 6645 hapd.dpp_auth_init(nfc_uri=uri, role="enrollee") 6646 wait_auth_success(dev[0], hapd, configurator=dev[0], enrollee=hapd) 6647 6648def test_dpp_nfc_negotiated_handover(dev, apdev): 6649 """DPP bootstrapping via NFC negotiated handover""" 6650 run_dpp_nfc_negotiated_handover(dev) 6651 6652def test_dpp_nfc_negotiated_handover_diff_curve(dev, apdev): 6653 """DPP bootstrapping via NFC negotiated handover (different curve)""" 6654 run_dpp_nfc_negotiated_handover(dev, curve0="prime256v1", 6655 curve1="secp384r1") 6656 6657def test_dpp_nfc_negotiated_handover_hostapd_sel(dev, apdev): 6658 """DPP bootstrapping via NFC negotiated handover (hostapd as selector)""" 6659 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 6660 "channel": "6"}) 6661 check_dpp_capab(hapd) 6662 run_dpp_nfc_negotiated_handover([dev[0], hapd], conf="ap-dpp") 6663 6664def test_dpp_nfc_negotiated_handover_hostapd_req(dev, apdev): 6665 """DPP bootstrapping via NFC negotiated handover (hostapd as requestor)""" 6666 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 6667 "channel": "6"}) 6668 check_dpp_capab(hapd) 6669 run_dpp_nfc_negotiated_handover([hapd, dev[0]]) 6670 6671def run_dpp_nfc_negotiated_handover(dev, curve0=None, curve1=None, 6672 conf="sta-dpp"): 6673 check_dpp_capab(dev[0]) 6674 check_dpp_capab(dev[1]) 6675 6676 id0 = dev[0].dpp_bootstrap_gen(type="nfc-uri", chan="81/6,11", mac=True, 6677 curve=curve0) 6678 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 6679 logger.info("Generated URI[0]: " + uri0) 6680 id1 = dev[1].dpp_bootstrap_gen(type="nfc-uri", chan="81/1,6,11", mac=True, 6681 curve=curve1) 6682 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 6683 logger.info("Generated URI[1]: " + uri1) 6684 6685 # dev[0] acting as NFC Handover Requestor 6686 # dev[1] acting as NFC Handover Selector 6687 res = dev[1].request("DPP_NFC_HANDOVER_REQ own=%d uri=%s" % (id1, uri0)) 6688 if "FAIL" in res: 6689 raise Exception("Failed to process NFC Handover Request") 6690 info = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id1) 6691 logger.info("Updated local bootstrapping info:\n" + info) 6692 freq = None 6693 for line in info.splitlines(): 6694 if line.startswith("use_freq="): 6695 freq = int(line.split('=')[1]) 6696 if freq is None: 6697 raise Exception("Selected channel not indicated") 6698 uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 6699 logger.info("Updated URI[1]: " + uri1) 6700 dev[1].dpp_listen(freq) 6701 res = dev[0].request("DPP_NFC_HANDOVER_SEL own=%d uri=%s" % (id0, uri1)) 6702 if "FAIL" in res: 6703 raise Exception("Failed to process NFC Handover Select") 6704 peer = int(res) 6705 6706 conf_id = dev[0].dpp_configurator_add() 6707 dev[0].dpp_auth_init(peer=peer, own=id0, configurator=conf_id, 6708 conf=conf) 6709 wait_auth_success(dev[1], dev[0], configurator=dev[0], enrollee=dev[1]) 6710 6711def test_dpp_nfc_errors_hostapd(dev, apdev): 6712 """DPP NFC operation failures in hostapd""" 6713 check_dpp_capab(dev[0]) 6714 check_dpp_capab(dev[1]) 6715 6716 id0 = dev[0].dpp_bootstrap_gen(type="nfc-uri", chan="81/11", mac=True, 6717 curve="secp384r1") 6718 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 6719 6720 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 6721 "channel": "6"}) 6722 check_dpp_capab(hapd) 6723 6724 id_h = hapd.dpp_bootstrap_gen(type="nfc-uri", chan="81/6", mac=True) 6725 uri_h = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 6726 6727 tests = ["", 6728 "own=123456789", 6729 "own=%d" % id_h, 6730 "own=%d uri=%s" % (id_h, "foo")] 6731 for t in tests: 6732 if "FAIL" not in hapd.request("DPP_NFC_HANDOVER_REQ " + t): 6733 raise Exception("Invalid DPP_NFC_HANDOVER_REQ accepted") 6734 if "FAIL" not in hapd.request("DPP_NFC_HANDOVER_SEL " + t): 6735 raise Exception("Invalid DPP_NFC_HANDOVER_SEL accepted") 6736 6737 # DPP: Peer (NFC Handover Selector) used different curve 6738 if "FAIL" not in hapd.request("DPP_NFC_HANDOVER_SEL own=%d uri=%s" % (id_h, uri0)): 6739 raise Exception("Invalid DPP_NFC_HANDOVER_SEL accepted") 6740 6741 # DPP: No common channel found 6742 if "FAIL" not in hapd.request("DPP_NFC_HANDOVER_REQ own=%d uri=%s" % (id_h, uri0)): 6743 raise Exception("DPP_NFC_HANDOVER_REQ with local error accepted") 6744 6745def test_dpp_with_p2p_device(dev, apdev): 6746 """DPP exchange when driver uses a separate P2P Device interface""" 6747 check_dpp_capab(dev[0]) 6748 with HWSimRadio(use_p2p_device=True) as (radio, iface): 6749 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 6750 wpas.interface_add(iface) 6751 check_dpp_capab(wpas) 6752 id1 = wpas.dpp_bootstrap_gen(chan="81/1", mac=True) 6753 uri1 = wpas.request("DPP_BOOTSTRAP_GET_URI %d" % id1) 6754 wpas.dpp_listen(2412) 6755 time.sleep(7) 6756 dev[0].dpp_auth_init(uri=uri1) 6757 wait_auth_success(wpas, dev[0], configurator=dev[0], enrollee=wpas, 6758 allow_enrollee_failure=True) 6759 6760@long_duration_test 6761def test_dpp_chirp(dev, apdev): 6762 """DPP chirp""" 6763 check_dpp_capab(dev[0]) 6764 dev[0].flush_scan_cache() 6765 6766 params = {"ssid": "dpp", 6767 "channel": "11"} 6768 hapd = hostapd.add_ap(apdev[0], params) 6769 check_dpp_capab(hapd) 6770 dpp_cc = False 6771 6772 id1 = dev[0].dpp_bootstrap_gen(chan="81/1") 6773 if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=5" % id1): 6774 raise Exception("DPP_CHIRP failed") 6775 chan1 = 0 6776 chan6 = 0 6777 chan11 = 0 6778 for i in range(30): 6779 ev = dev[0].wait_event(["DPP-CHIRP-STOPPED", 6780 "DPP-TX "], timeout=60) 6781 if ev is None: 6782 raise Exception("DPP chirp stop not reported") 6783 if "DPP-CHIRP-STOPPED" in ev: 6784 break 6785 if "type=13" not in ev: 6786 continue 6787 freq = int(ev.split(' ')[2].split('=')[1]) 6788 if freq == 2412: 6789 chan1 += 1 6790 elif freq == 2437: 6791 chan6 += 1 6792 elif freq == 2462: 6793 chan11 += 1 6794 if not dpp_cc: 6795 hapd.set("dpp_configurator_connectivity", "1") 6796 if "OK" not in hapd.request("UPDATE_BEACON"): 6797 raise Exception("UPDATE_BEACON failed") 6798 dpp_cc = True 6799 if chan1 != 5 or chan6 != 5 or chan11 != 1: 6800 raise Exception("Unexpected number of presence announcements sent: %d %d %d" % (chan1, chan6, chan11)) 6801 ev = hapd.wait_event(["DPP-CHIRP-RX"], timeout=1) 6802 if ev is None: 6803 raise Exception("No chirp received on the AP") 6804 if "freq=2462" not in ev: 6805 raise Exception("Chirp reception reported on unexpected channel: " + ev) 6806 if "src=" + dev[0].own_addr() not in ev: 6807 raise Exception("Unexpected chirp source reported: " + ev) 6808 6809@long_duration_test 6810def test_dpp_chirp_listen(dev, apdev): 6811 """DPP chirp with listen""" 6812 check_dpp_capab(dev[0]) 6813 check_dpp_capab(dev[1]) 6814 6815 id1 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 6816 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 6817 6818 if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=2 listen=2412" % id1): 6819 raise Exception("DPP_CHIRP failed") 6820 for i in range(30): 6821 ev = dev[0].wait_event(["DPP-CHIRP-STOPPED", 6822 "DPP-TX "], timeout=60) 6823 if ev is None: 6824 raise Exception("DPP chirp stop not reported") 6825 if "DPP-CHIRP-STOPPED" in ev: 6826 break 6827 6828def test_dpp_chirp_configurator(dev, apdev): 6829 """DPP chirp with a standalone Configurator""" 6830 check_dpp_capab(dev[0]) 6831 check_dpp_capab(dev[1]) 6832 6833 id1 = dev[0].dpp_bootstrap_gen(chan="81/1") 6834 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 6835 6836 conf_id = dev[1].dpp_configurator_add() 6837 idc = dev[1].dpp_qr_code(uri) 6838 dev[1].dpp_bootstrap_set(idc, conf="sta-dpp", configurator=conf_id) 6839 dev[1].dpp_listen(2437) 6840 6841 if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=2" % id1): 6842 raise Exception("DPP_CHIRP failed") 6843 6844 ev = dev[1].wait_event(["DPP-RX"], timeout=10) 6845 if ev is None: 6846 raise Exception("Presence Announcement not seen") 6847 if "type=13" not in ev: 6848 raise Exception("Unexpected DPP frame received: " + ev) 6849 6850 ev = dev[1].wait_event(["DPP-TX"], timeout=10) 6851 if ev is None: 6852 raise Exception("Authentication Request TX not seen") 6853 if "type=0" not in ev: 6854 raise Exception("Unexpected DPP frame TX: " + ev) 6855 if "dst=" + dev[0].own_addr() not in ev: 6856 raise Exception("Unexpected Authentication Request destination: " + ev) 6857 6858 wait_auth_success(dev[0], dev[1], dev[1], dev[0]) 6859 6860def test_dpp_chirp_ap_as_configurator(dev, apdev): 6861 """DPP chirp with an AP as a standalone Configurator""" 6862 check_dpp_capab(dev[0], min_ver=2) 6863 6864 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 6865 check_dpp_capab(hapd, min_ver=2) 6866 6867 id1 = dev[0].dpp_bootstrap_gen(chan="81/1") 6868 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 6869 6870 conf_id = hapd.dpp_configurator_add() 6871 idc = hapd.dpp_qr_code(uri) 6872 hapd.dpp_bootstrap_set(idc, conf="sta-dpp", configurator=conf_id) 6873 hapd.dpp_listen(2412) 6874 6875 if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=2" % id1): 6876 raise Exception("DPP_CHIRP failed") 6877 6878 wait_auth_success(dev[0], hapd, hapd, dev[0]) 6879 6880def test_dpp_chirp_configurator_inits(dev, apdev): 6881 """DPP chirp with a standalone Configurator initiating""" 6882 check_dpp_capab(dev[0]) 6883 check_dpp_capab(dev[1]) 6884 6885 id1 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 6886 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id1) 6887 6888 conf_id = dev[1].dpp_configurator_add() 6889 idc = dev[1].dpp_qr_code(uri) 6890 6891 if "OK" not in dev[0].request("DPP_CHIRP own=%d iter=2 listen=2412" % id1): 6892 raise Exception("DPP_CHIRP failed") 6893 for i in range(2): 6894 ev = dev[0].wait_event(["DPP-TX "], timeout=10) 6895 if ev is None or "type=13" not in ev: 6896 raise Exception("Presence Announcement not sent") 6897 6898 dev[1].dpp_auth_init(uri=uri, conf="sta-dpp", configurator=conf_id) 6899 wait_auth_success(dev[0], dev[1], dev[1], dev[0], timeout=10) 6900 6901def test_dpp_chirp_ap(dev, apdev): 6902 """DPP chirp by an AP""" 6903 check_dpp_capab(dev[0], min_ver=2) 6904 6905 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 6906 "start_disabled": "1"}) 6907 check_dpp_capab(hapd, min_ver=2) 6908 6909 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 6910 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 6911 6912 conf_id = dev[0].dpp_configurator_add() 6913 idc = dev[0].dpp_qr_code(uri) 6914 dev[0].dpp_bootstrap_set(idc, conf="ap-dpp", configurator=conf_id) 6915 dev[0].dpp_listen(2437) 6916 if "OK" not in hapd.request("DPP_CHIRP own=%d iter=5" % id_h): 6917 raise Exception("DPP_CHIRP failed") 6918 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd, 6919 timeout=20) 6920 update_hapd_config(hapd) 6921 6922@long_duration_test 6923def test_dpp_chirp_ap_5g(dev, apdev): 6924 """DPP chirp by an AP on 5 GHz""" 6925 check_dpp_capab(dev[0], min_ver=2) 6926 6927 try: 6928 hapd = None 6929 hapd2 = None 6930 6931 params = {"ssid": "unconfigured", 6932 "country_code": "US", 6933 "hw_mode": "a", 6934 "channel": "40", 6935 "dpp_configurator_connectivity": "1"} 6936 hapd2 = hostapd.add_ap(apdev[1], params) 6937 check_dpp_capab(hapd2, min_ver=2) 6938 6939 params = {"ssid": "unconfigured", 6940 "country_code": "US", 6941 "hw_mode": "a", 6942 "channel": "36", 6943 "start_disabled": "1"} 6944 hapd = hostapd.add_ap(apdev[0], params) 6945 check_dpp_capab(hapd, min_ver=2) 6946 6947 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 6948 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 6949 6950 # First, check chirping iteration and timeout 6951 if "OK" not in hapd.request("DPP_CHIRP own=%d iter=2" % id_h): 6952 raise Exception("DPP_CHIRP failed") 6953 chan1 = 0 6954 chan6 = 0 6955 chan40 = 0 6956 chan149 = 0 6957 for i in range(30): 6958 ev = hapd.wait_event(["DPP-CHIRP-STOPPED", "DPP-TX "], timeout=60) 6959 if ev is None: 6960 raise Exception("DPP chirp stop not reported") 6961 if "DPP-CHIRP-STOPPED" in ev: 6962 break 6963 if "type=13" not in ev: 6964 continue 6965 freq = int(ev.split(' ')[2].split('=')[1]) 6966 if freq == 2412: 6967 chan1 += 1 6968 elif freq == 2437: 6969 chan6 += 1 6970 elif freq == 5200: 6971 chan40 += 1 6972 elif freq == 5745: 6973 chan149 += 1 6974 if not chan1 or not chan6 or not chan40 or not chan149: 6975 raise Exception("Chirp not sent on all channels") 6976 6977 # Then, check successful chirping 6978 conf_id = dev[0].dpp_configurator_add() 6979 idc = dev[0].dpp_qr_code(uri) 6980 dev[0].dpp_bootstrap_set(idc, conf="ap-dpp", configurator=conf_id) 6981 dev[0].dpp_listen(5200) 6982 # Workaround for some strange issues in the Authentication Request frame 6983 # not getting transmitted. An extra wait of one second here seems to 6984 # avoid that?! 6985 time.sleep(1) 6986 if "OK" not in hapd.request("DPP_CHIRP own=%d iter=5" % id_h): 6987 raise Exception("DPP_CHIRP failed") 6988 wait_auth_success(hapd, dev[0], configurator=dev[0], enrollee=hapd, 6989 timeout=40) 6990 update_hapd_config(hapd) 6991 finally: 6992 clear_regdom(hapd, dev) 6993 clear_scan_cache(apdev[0]) 6994 6995def test_dpp_chirp_ap_errors(dev, apdev): 6996 """DPP chirp errors in hostapd""" 6997 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured", 6998 "start_disabled": "1"}) 6999 check_dpp_capab(hapd, min_ver=2) 7000 7001 id_h = hapd.dpp_bootstrap_gen(chan="81/1", mac=True) 7002 uri = hapd.request("DPP_BOOTSTRAP_GET_URI %d" % id_h) 7003 tests = ["", 7004 "own=%d" % (id_h + 1), 7005 "own=%d iter=-1" % id_h, 7006 "own=%d listen=0" % id_h] 7007 for t in tests: 7008 if "FAIL" not in hapd.request("DPP_CHIRP " + t): 7009 raise Exception("Invalid DPP_CHIRP accepted: " + t) 7010 if "OK" not in hapd.request("DPP_CHIRP own=%d iter=5" % id_h): 7011 raise Exception("DPP_CHIRP failed") 7012 7013 hapd.request("DPP_STOP_CHIRP") 7014 7015def start_dpp_pfs_ap(apdev, pfs, sae=False): 7016 params = {"ssid": "dpp", 7017 "wpa": "2", 7018 "wpa_key_mgmt": "DPP", 7019 "dpp_pfs": str(pfs), 7020 "ieee80211w": "2", 7021 "rsn_pairwise": "CCMP", 7022 "dpp_connector": params1_ap_connector, 7023 "dpp_csign": params1_csign, 7024 "dpp_netaccesskey": params1_ap_netaccesskey} 7025 if sae: 7026 params["wpa_key_mgmt"] = "DPP SAE" 7027 params["sae_password"] = "sae-password" 7028 try: 7029 hapd = hostapd.add_ap(apdev, params) 7030 except: 7031 raise HwsimSkip("DPP not supported") 7032 return hapd 7033 7034def run_dpp_pfs_sta(dev, pfs, fail=False, pfs_expected=None, sae=False): 7035 key_mgmt = "DPP SAE" if sae else "DPP" 7036 psk = "sae-password" if sae else None 7037 dev.connect("dpp", key_mgmt=key_mgmt, scan_freq="2412", 7038 ieee80211w="2", dpp_pfs=str(pfs), 7039 dpp_csign=params1_csign, 7040 dpp_connector=params1_sta_connector, 7041 dpp_netaccesskey=params1_sta_netaccesskey, 7042 psk=psk, 7043 wait_connect=not fail) 7044 if fail: 7045 for i in range(2): 7046 ev = dev.wait_event(["CTRL-EVENT-ASSOC-REJECT", 7047 "CTRL-EVENT-CONNECTED"], timeout=10) 7048 if ev is None: 7049 raise Exception("Connection result not reported") 7050 if "CTRL-EVENT-CONNECTED" in ev: 7051 raise Exception("Unexpected connection") 7052 dev.request("REMOVE_NETWORK all") 7053 else: 7054 if pfs_expected is not None: 7055 res = dev.get_status_field("dpp_pfs") 7056 pfs_used = res == "1" 7057 if pfs_expected != pfs_used: 7058 raise Exception("Unexpected PFS negotiation result") 7059 dev.request("REMOVE_NETWORK all") 7060 dev.wait_disconnected() 7061 dev.dump_monitor() 7062 7063def test_dpp_pfs_ap_0(dev, apdev): 7064 """DPP PFS AP default""" 7065 check_dpp_capab(dev[0]) 7066 hapd = start_dpp_pfs_ap(apdev[0], 0) 7067 run_dpp_pfs_sta(dev[0], 0, pfs_expected=True) 7068 run_dpp_pfs_sta(dev[0], 1, pfs_expected=True) 7069 run_dpp_pfs_sta(dev[0], 2, pfs_expected=False) 7070 7071def test_dpp_pfs_ap_1(dev, apdev): 7072 """DPP PFS AP required""" 7073 check_dpp_capab(dev[0]) 7074 hapd = start_dpp_pfs_ap(apdev[0], 1) 7075 run_dpp_pfs_sta(dev[0], 0, pfs_expected=True) 7076 run_dpp_pfs_sta(dev[0], 1, pfs_expected=True) 7077 run_dpp_pfs_sta(dev[0], 2, fail=True) 7078 7079def test_dpp_pfs_ap_2(dev, apdev): 7080 """DPP PFS AP not allowed""" 7081 check_dpp_capab(dev[0]) 7082 hapd = start_dpp_pfs_ap(apdev[0], 2) 7083 run_dpp_pfs_sta(dev[0], 0, pfs_expected=False) 7084 run_dpp_pfs_sta(dev[0], 1, fail=True) 7085 run_dpp_pfs_sta(dev[0], 2, pfs_expected=False) 7086 7087def test_dpp_pfs_connect_cmd(dev, apdev): 7088 """DPP PFS and cfg80211 connect command""" 7089 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 7090 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1") 7091 check_dpp_capab(wpas) 7092 hapd = start_dpp_pfs_ap(apdev[0], 0) 7093 run_dpp_pfs_sta(wpas, 0, pfs_expected=True) 7094 run_dpp_pfs_sta(wpas, 1, pfs_expected=True) 7095 run_dpp_pfs_sta(wpas, 2, pfs_expected=False) 7096 7097def test_dpp_pfs_connect_cmd_ap_2(dev, apdev): 7098 """DPP PFS and cfg80211 connect command (PFS not allowed by AP)""" 7099 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 7100 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1") 7101 check_dpp_capab(wpas) 7102 hapd = start_dpp_pfs_ap(apdev[0], 2) 7103 run_dpp_pfs_sta(wpas, 0, pfs_expected=False) 7104 run_dpp_pfs_sta(wpas, 1, fail=True) 7105 run_dpp_pfs_sta(wpas, 2, pfs_expected=False) 7106 7107def test_dpp_pfs_connect_cmd_ap_2_sae(dev, apdev): 7108 """DPP PFS and cfg80211 connect command (PFS not allowed by AP; SAE enabled)""" 7109 wpas = WpaSupplicant(global_iface='/tmp/wpas-wlan5') 7110 wpas.interface_add("wlan5", drv_params="force_connect_cmd=1") 7111 check_dpp_capab(wpas) 7112 check_sae_capab(wpas) 7113 hapd = start_dpp_pfs_ap(apdev[0], 2, sae=True) 7114 run_dpp_pfs_sta(wpas, 0, pfs_expected=False, sae=True) 7115 run_dpp_pfs_sta(wpas, 1, fail=True, sae=True) 7116 run_dpp_pfs_sta(wpas, 2, pfs_expected=False, sae=True) 7117 7118def test_dpp_pfs_ap_0_sta_ver1(dev, apdev): 7119 """DPP PFS AP default with version 1 STA""" 7120 check_dpp_capab(dev[0]) 7121 dev[0].set("dpp_version_override", "1") 7122 hapd = start_dpp_pfs_ap(apdev[0], 0) 7123 run_dpp_pfs_sta(dev[0], 0, pfs_expected=False) 7124 7125def test_dpp_pfs_errors(dev, apdev): 7126 """DPP PFS error cases""" 7127 check_dpp_capab(dev[0], min_ver=2) 7128 hapd = start_dpp_pfs_ap(apdev[0], 1) 7129 tests = [(1, "dpp_pfs_init"), 7130 (1, "crypto_ecdh_init;dpp_pfs_init"), 7131 (1, "wpabuf_alloc;dpp_pfs_init")] 7132 for count, func in tests: 7133 with alloc_fail(dev[0], count, func): 7134 dev[0].connect("dpp", key_mgmt="DPP", scan_freq="2412", 7135 ieee80211w="2", dpp_pfs="1", 7136 dpp_csign=params1_csign, 7137 dpp_connector=params1_sta_connector, 7138 dpp_netaccesskey=params1_sta_netaccesskey) 7139 dev[0].request("REMOVE_NETWORK all") 7140 dev[0].wait_disconnected() 7141 dev[0].dump_monitor() 7142 hapd.dump_monitor() 7143 7144def test_dpp_reconfig_connector(dev, apdev): 7145 """DPP reconfiguration connector""" 7146 try: 7147 run_dpp_reconfig_connector(dev, apdev) 7148 finally: 7149 dev[0].set("dpp_config_processing", "0", allow_fail=True) 7150 7151def test_dpp_reconfig_connector_different_groups(dev, apdev): 7152 """DPP reconfiguration connector with different groups""" 7153 try: 7154 run_dpp_reconfig_connector(dev, apdev, conf_curve="secp384r1") 7155 finally: 7156 dev[0].set("dpp_config_processing", "0", allow_fail=True) 7157 7158@long_duration_test 7159def test_dpp_reconfig_retries(dev, apdev): 7160 """DPP reconfiguration retries""" 7161 try: 7162 run_dpp_reconfig_connector(dev, apdev, test_retries=True) 7163 for i in range(4): 7164 ev = dev[0].wait_event(["DPP-TX "], timeout=120) 7165 if ev is None or "type=14" not in ev: 7166 raise Exception("Reconfig Announcement not sent") 7167 dev[0].request("DPP_STOP_LISTEN") 7168 finally: 7169 dev[0].set("dpp_config_processing", "0", allow_fail=True) 7170 7171def run_dpp_reconfig_connector(dev, apdev, conf_curve=None, 7172 test_retries=False): 7173 check_dpp_capab(dev[0], min_ver=2) 7174 check_dpp_capab(dev[1], min_ver=2) 7175 7176 ssid = "reconfig" 7177 passphrase = "secret passphrase" 7178 passphrase2 = "another secret passphrase" 7179 params = hostapd.wpa2_params(ssid=ssid, passphrase=passphrase) 7180 hapd = hostapd.add_ap(apdev[0], params) 7181 7182 dev[0].set("dpp_config_processing", "2") 7183 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 7184 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 7185 dev[0].dpp_listen(2412) 7186 configurator = dev[1].dpp_configurator_add(curve=conf_curve) 7187 conf = 'sta-psk' 7188 dev[1].dpp_auth_init(uri=uri0, conf=conf, ssid=ssid, 7189 passphrase=passphrase, configurator=configurator, 7190 conn_status=True) 7191 res = wait_auth_success(dev[0], dev[1], configurator=dev[1], 7192 enrollee=dev[0]) 7193 if 'wait_conn_status' not in res: 7194 raise Exception("Configurator did not request connection status") 7195 ev = dev[1].wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20) 7196 if ev is None: 7197 raise Exception("No connection status reported") 7198 dev[1].dump_monitor() 7199 7200 ev = dev[0].wait_event(["DPP-CONFOBJ-SSID"], timeout=1) 7201 if ev is None: 7202 raise Exception("SSID not reported") 7203 res_ssid = ev.split(' ')[1] 7204 if res_ssid != ssid: 7205 raise Exception("Unexpected SSID value") 7206 7207 ev = dev[0].wait_event(["DPP-CONNECTOR"], timeout=1) 7208 if ev is None: 7209 raise Exception("Connector not reported") 7210 connector = ev.split(' ')[1] 7211 7212 ev = dev[0].wait_event(["DPP-C-SIGN-KEY"], timeout=1) 7213 if ev is None: 7214 raise Exception("C-sign-key not reported") 7215 p = ev.split(' ') 7216 csign = p[1] 7217 7218 ev = dev[0].wait_event(["DPP-NET-ACCESS-KEY"], timeout=1) 7219 if ev is None: 7220 raise Exception("netAccessKey not reported") 7221 p = ev.split(' ') 7222 net_access_key = p[1] 7223 net_access_key_expiry = p[2] if len(p) > 2 else None 7224 7225 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 7226 if ev is None: 7227 raise Exception("DPP network profile not generated") 7228 id = ev.split(' ')[1] 7229 7230 dev[0].wait_connected() 7231 7232 n_key_mgmt = dev[0].get_network(id, "key_mgmt") 7233 if n_key_mgmt != "WPA-PSK FT-PSK WPA-PSK-SHA256": 7234 raise Exception("Unexpected key_mgmt: " + n_key_mgmt) 7235 n_connector = dev[0].get_network(id, "dpp_connector") 7236 if n_connector.strip('"') != connector: 7237 raise Exception("Connector mismatch: %s %s" % (n_connector, connector)) 7238 n_csign = dev[0].get_network(id, "dpp_csign") 7239 if n_csign.strip('"') != csign: 7240 raise Exception("csign mismatch: %s %s" % (n_csign, csign)) 7241 n_net_access_key = dev[0].get_network(id, "dpp_netaccesskey") 7242 if n_net_access_key.strip('"') != net_access_key: 7243 raise Exception("net_access_key mismatch: %s %s" % (n_net_access_key, 7244 net_access_key)) 7245 7246 dev[0].request("DISCONNECT") 7247 dev[0].wait_disconnected() 7248 7249 hapd.disable() 7250 hapd.set("wpa_passphrase", passphrase2) 7251 hapd.enable() 7252 7253 time.sleep(0.1) 7254 dev[0].dump_monitor() 7255 dev[1].dump_monitor() 7256 7257 if test_retries: 7258 dev[1].request("DPP_STOP_LISTEN") 7259 if "OK" not in dev[0].request("DPP_RECONFIG %s iter=10" % id): 7260 raise Exception("Failed to start reconfiguration") 7261 return 7262 7263 dev[1].set("dpp_configurator_params", 7264 "conf=sta-psk ssid=%s pass=%s conn_status=1" % (binascii.hexlify(ssid.encode()).decode(), binascii.hexlify(passphrase2.encode()).decode())) 7265 dev[1].dpp_listen(2437) 7266 7267 if "OK" not in dev[0].request("DPP_RECONFIG %s" % id): 7268 raise Exception("Failed to start reconfiguration") 7269 ev = dev[0].wait_event(["DPP-TX "], timeout=10) 7270 if ev is None or "type=14" not in ev: 7271 raise Exception("Reconfig Announcement not sent") 7272 7273 ev = dev[1].wait_event(["DPP-RX"], timeout=5) 7274 if ev is None: 7275 raise Exception("DPP Reconfig Announcement not received") 7276 if "freq=2437 type=14" not in ev: 7277 raise Exception("Unexpected RX data for Reconfig Announcement: " + ev) 7278 7279 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 7280 if ev is None or "freq=2437 type=15" not in ev: 7281 raise Exception("DPP Reconfig Authentication Request not received") 7282 7283 ev = dev[1].wait_event(["DPP-RX"], timeout=5) 7284 if ev is None or "freq=2437 type=16" not in ev: 7285 raise Exception("DPP Reconfig Authentication Response not received") 7286 7287 ev = dev[0].wait_event(["DPP-RX"], timeout=5) 7288 if ev is None or "freq=2437 type=17" not in ev: 7289 raise Exception("DPP Reconfig Authentication Confirm not received") 7290 7291 ev = dev[0].wait_event(["GAS-QUERY-START"], timeout=5) 7292 if ev is None or "freq=2437" not in ev: 7293 raise Exception("DPP Config Request (GAS) not transmitted") 7294 7295 ev = dev[1].wait_event(["DPP-CONF-REQ-RX"], timeout=5) 7296 if ev is None: 7297 raise Exception("DPP Config Request (GAS) not received") 7298 7299 ev = dev[0].wait_event(["GAS-QUERY-DONE"], timeout=5) 7300 if ev is None or "freq=2437" not in ev: 7301 raise Exception("DPP Config Response (GAS) not received") 7302 7303 ev = dev[1].wait_event(["DPP-RX"], timeout=5) 7304 if ev is None or "freq=2437 type=11" not in ev: 7305 raise Exception("DPP Config Result not received") 7306 7307 ev = dev[1].wait_event(["DPP-CONF-SENT"], timeout=5) 7308 if ev is None: 7309 raise Exception("DPP Config Response (GAS) not transmitted") 7310 7311 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=5) 7312 if ev is None: 7313 raise Exception("DPP config response reception result not indicated") 7314 if "DPP-CONF-RECEIVED" not in ev: 7315 raise Exception("Reconfiguration failed") 7316 7317 dev[0].wait_connected() 7318 7319 ev = dev[1].wait_event(["DPP-CONN-STATUS-RESULT"], timeout=20) 7320 if ev is None: 7321 raise Exception("No connection status reported") 7322 7323def test_dpp_reconfig_hostapd_configurator(dev, apdev): 7324 """DPP reconfiguration with hostapd as configurator""" 7325 try: 7326 run_dpp_reconfig_hostapd_configurator(dev, apdev) 7327 finally: 7328 dev[0].set("dpp_config_processing", "0", allow_fail=True) 7329 7330def run_dpp_reconfig_hostapd_configurator(dev, apdev): 7331 ssid = "reconfig-ap" 7332 check_dpp_capab(dev[0], min_ver=2) 7333 hapd = hostapd.add_ap(apdev[0], {"ssid": "unconfigured"}) 7334 check_dpp_capab(hapd, min_ver=2) 7335 conf_id = hapd.dpp_configurator_add() 7336 7337 cmd = "DPP_CONFIGURATOR_SIGN conf=ap-dpp configurator=%d ssid=%s" % (conf_id, binascii.hexlify(ssid.encode()).decode()) 7338 res = hapd.request(cmd) 7339 if "FAIL" in res: 7340 raise Exception("Failed to generate own configuration") 7341 hapd.set("dpp_configurator_connectivity", "1") 7342 update_hapd_config(hapd) 7343 7344 id = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 7345 uri = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id) 7346 dev[0].set("dpp_config_processing", "2") 7347 dev[0].dpp_listen(2412) 7348 hapd.dpp_auth_init(uri=uri, conf="sta-dpp", configurator=conf_id, 7349 extra="expiry=%d" % (time.time() + 10), ssid=ssid) 7350 wait_auth_success(dev[0], hapd, configurator=hapd, enrollee=dev[0]) 7351 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 7352 if ev is None: 7353 raise Exception("DPP network id not reported") 7354 network = int(ev.split(' ')[1]) 7355 dev[0].wait_connected() 7356 hapd.wait_sta() 7357 dev[0].request("DISCONNECT") 7358 dev[0].wait_disconnected() 7359 hapd.wait_sta_disconnect() 7360 dev[0].dump_monitor() 7361 time.sleep(10) 7362 if "FAIL" in dev[0].request("PMKSA_FLUSH"): 7363 raise Exception("PMKSA_FLUSH failed") 7364 dev[0].request("RECONNECT") 7365 ev = dev[0].wait_event(["DPP-MISSING-CONNECTOR", "CTRL-EVENT-CONNECTED"], 7366 timeout=15) 7367 if ev is None or "DPP-MISSING-CONNECTOR" not in ev: 7368 raise Exception("Missing Connector not reported") 7369 if "netAccessKey expired" not in ev: 7370 raise Exception("netAccessKey expiry not indicated") 7371 dev[0].request("DISCONNECT") 7372 dev[0].dump_monitor() 7373 7374 hapd.set("dpp_configurator_params", 7375 "conf=sta-dpp configurator=%d ssid=%s" % (conf_id, binascii.hexlify(ssid.encode()).decode())) 7376 7377 if "OK" not in dev[0].request("DPP_RECONFIG %s" % network): 7378 raise Exception("Failed to start reconfiguration") 7379 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=15) 7380 if ev is None: 7381 raise Exception("DPP network id not reported for reconfiguration") 7382 network2 = int(ev.split(' ')[1]) 7383 if network == network2: 7384 raise Exception("Network ID did not change") 7385 dev[0].wait_connected() 7386 hapd.wait_sta() 7387 7388def test_dpp_qr_code_auth_rand_mac_addr(dev, apdev): 7389 """DPP QR Code and authentication exchange (rand_mac_addr=1)""" 7390 flags = int(dev[0].get_driver_status_field('capa.flags'), 16) 7391 if flags & 0x0000400000000000 == 0: 7392 raise HwsimSkip("Driver does not support random GAS TA") 7393 7394 try: 7395 dev[0].set("gas_rand_mac_addr", "1") 7396 run_dpp_qr_code_auth_unicast(dev, apdev, None) 7397 finally: 7398 dev[0].set("gas_rand_mac_addr", "0") 7399 7400def dpp_sign_cert(cacert, cakey, csr_der): 7401 csr = OpenSSL.crypto.load_certificate_request(OpenSSL.crypto.FILETYPE_ASN1, 7402 csr_der) 7403 cert = OpenSSL.crypto.X509() 7404 cert.set_serial_number(12345) 7405 cert.gmtime_adj_notBefore(-10) 7406 cert.gmtime_adj_notAfter(100000) 7407 cert.set_pubkey(csr.get_pubkey()) 7408 dn = csr.get_subject() 7409 cert.set_subject(dn) 7410 cert.set_version(2) 7411 cert.add_extensions([ 7412 OpenSSL.crypto.X509Extension(b"basicConstraints", True, 7413 b"CA:FALSE"), 7414 OpenSSL.crypto.X509Extension(b"subjectKeyIdentifier", False, 7415 b"hash", subject=cert), 7416 OpenSSL.crypto.X509Extension(b"authorityKeyIdentifier", False, 7417 b"keyid:always", issuer=cacert), 7418 ]) 7419 cert.set_issuer(cacert.get_subject()) 7420 cert.sign(cakey, "sha256") 7421 return cert 7422 7423def test_dpp_enterprise(dev, apdev, params): 7424 """DPP and enterprise EAP-TLS provisioning""" 7425 check_dpp_capab(dev[0], min_ver=2) 7426 try: 7427 dev[0].set("dpp_config_processing", "2") 7428 run_dpp_enterprise(dev, apdev, params) 7429 finally: 7430 dev[0].set("dpp_config_processing", "0", allow_fail=True) 7431 7432def run_dpp_enterprise(dev, apdev, params): 7433 if not openssl_imported: 7434 raise HwsimSkip("OpenSSL python method not available") 7435 check_dpp_capab(dev[0]) 7436 check_dpp_capab(dev[1]) 7437 7438 cert_file = params['prefix'] + ".cert.pem" 7439 pkcs7_file = params['prefix'] + ".pkcs7.der" 7440 7441 params = {"ssid": "dpp-ent", 7442 "wpa": "2", 7443 "wpa_key_mgmt": "WPA-EAP", 7444 "rsn_pairwise": "CCMP", 7445 "ieee8021x": "1", 7446 "eap_server": "1", 7447 "eap_user_file": "auth_serv/eap_user.conf", 7448 "ca_cert": "auth_serv/ec-ca.pem", 7449 "server_cert": "auth_serv/ec-server.pem", 7450 "private_key": "auth_serv/ec-server.key"} 7451 hapd = hostapd.add_ap(apdev[0], params) 7452 7453 with open("auth_serv/ec-ca.pem", "rb") as f: 7454 res = f.read() 7455 cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, 7456 res) 7457 7458 with open("auth_serv/ec-ca.key", "rb") as f: 7459 res = f.read() 7460 cakey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, res) 7461 7462 conf_id = dev[1].dpp_configurator_add() 7463 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 7464 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 7465 dev[0].dpp_listen(2412) 7466 csrattrs = "MAsGCSqGSIb3DQEJBw==" 7467 id1 = dev[1].dpp_auth_init(uri=uri0, configurator=conf_id, conf="sta-dot1x", 7468 csrattrs=csrattrs, ssid="dpp-ent") 7469 7470 ev = dev[1].wait_event(["DPP-CSR"], timeout=10) 7471 if ev is None: 7472 raise Exception("Configurator did not receive CSR") 7473 id1_csr = int(ev.split(' ')[1].split('=')[1]) 7474 if id1 != id1_csr: 7475 raise Exception("Peer bootstrapping ID mismatch in CSR event") 7476 csr = ev.split(' ')[2] 7477 if not csr.startswith("csr="): 7478 raise Exception("Could not parse CSR event: " + ev) 7479 csr = csr[4:] 7480 csr = base64.b64decode(csr.encode()) 7481 logger.info("CSR: " + binascii.hexlify(csr).decode()) 7482 7483 cert = dpp_sign_cert(cacert, cakey, csr) 7484 with open(cert_file, 'wb') as f: 7485 f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, 7486 cert)) 7487 subprocess.check_call(['openssl', 'crl2pkcs7', '-nocrl', 7488 '-certfile', cert_file, 7489 '-certfile', 'auth_serv/ec-ca.pem', 7490 '-outform', 'DER', '-out', pkcs7_file]) 7491 7492 #caCert = base64.b64encode(b"TODO").decode() 7493 #res = dev[1].request("DPP_CA_SET peer=%d name=caCert value=%s" % (id1, caCert)) 7494 #if "OK" not in res: 7495 # raise Exception("Failed to set caCert") 7496 7497 name = "server.w1.fi" 7498 res = dev[1].request("DPP_CA_SET peer=%d name=trustedEapServerName value=%s" % (id1, name)) 7499 if "OK" not in res: 7500 raise Exception("Failed to set trustedEapServerName") 7501 7502 with open(pkcs7_file, 'rb') as f: 7503 pkcs7_der = f.read() 7504 certbag = base64.b64encode(pkcs7_der).decode() 7505 res = dev[1].request("DPP_CA_SET peer=%d name=certBag value=%s" % (id1, certbag)) 7506 if "OK" not in res: 7507 raise Exception("Failed to set certBag") 7508 7509 ev = dev[1].wait_event(["DPP-CONF-SENT", "DPP-CONF-FAILED"], timeout=5) 7510 if ev is None: 7511 raise Exception("DPP configuration not completed (Configurator)") 7512 if "DPP-CONF-FAILED" in ev: 7513 raise Exception("DPP configuration did not succeed (Configurator)") 7514 7515 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], 7516 timeout=1) 7517 if ev is None: 7518 raise Exception("DPP configuration not completed (Enrollee)") 7519 if "DPP-CONF-FAILED" in ev: 7520 raise Exception("DPP configuration did not succeed (Enrollee)") 7521 7522 ev = dev[0].wait_event(["DPP-CERTBAG"], timeout=1) 7523 if ev is None: 7524 raise Exception("DPP-CERTBAG not reported") 7525 certbag = base64.b64decode(ev.split(' ')[1].encode()) 7526 if certbag != pkcs7_der: 7527 raise Exception("DPP-CERTBAG mismatch") 7528 7529 #ev = dev[0].wait_event(["DPP-CACERT"], timeout=1) 7530 #if ev is None: 7531 # raise Exception("DPP-CACERT not reported") 7532 7533 ev = dev[0].wait_event(["DPP-SERVER-NAME"], timeout=1) 7534 if ev is None: 7535 raise Exception("DPP-SERVER-NAME not reported") 7536 if ev.split(' ')[1] != name: 7537 raise Exception("DPP-SERVER-NAME mismatch: " + ev) 7538 7539 ev = dev[0].wait_event(["DPP-NETWORK-ID"], timeout=1) 7540 if ev is None: 7541 raise Exception("DPP network profile not generated") 7542 id = ev.split(' ')[1] 7543 7544 dev[0].wait_connected() 7545 7546def test_dpp_enterprise_reject(dev, apdev, params): 7547 """DPP and enterprise EAP-TLS provisioning and CSR getting rejected""" 7548 check_dpp_capab(dev[0]) 7549 check_dpp_capab(dev[1]) 7550 7551 conf_id = dev[1].dpp_configurator_add() 7552 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 7553 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 7554 dev[0].dpp_listen(2412) 7555 csrattrs = "MAsGCSqGSIb3DQEJBw==" 7556 id1 = dev[1].dpp_auth_init(uri=uri0, configurator=conf_id, conf="sta-dot1x", 7557 csrattrs=csrattrs, ssid="dpp-ent") 7558 7559 ev = dev[1].wait_event(["DPP-CSR"], timeout=10) 7560 if ev is None: 7561 raise Exception("Configurator did not receive CSR") 7562 7563 res = dev[1].request("DPP_CA_SET peer=%d name=status value=5" % id1) 7564 if "OK" not in res: 7565 raise Exception("Failed to set status") 7566 7567 ev = dev[1].wait_event(["DPP-CONF-SENT", "DPP-CONF-FAILED"], timeout=5) 7568 if ev is None: 7569 raise Exception("DPP configuration not completed (Configurator)") 7570 if "DPP-CONF-FAILED" in ev: 7571 raise Exception("DPP configuration did not succeed (Configurator)") 7572 7573 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], 7574 timeout=1) 7575 if ev is None: 7576 raise Exception("DPP configuration not completed (Enrollee)") 7577 if "DPP-CONF-FAILED" not in ev: 7578 raise Exception("DPP configuration did not fail (Enrollee)") 7579 7580def test_dpp_enterprise_tcp(dev, apdev, params): 7581 """DPP over TCP for enterprise provisioning""" 7582 if not openssl_imported: 7583 raise HwsimSkip("OpenSSL python method not available") 7584 7585 try: 7586 run_dpp_enterprise_tcp(dev, apdev, params) 7587 finally: 7588 dev[1].request("DPP_CONTROLLER_STOP") 7589 7590def run_dpp_enterprise_tcp(dev, apdev, params): 7591 check_dpp_capab(dev[0]) 7592 check_dpp_capab(dev[1]) 7593 7594 cap_lo = params['prefix'] + ".lo.pcap" 7595 7596 with WlantestCapture('lo', cap_lo) as wt: 7597 _run_dpp_enterprise_tcp(dev, apdev, params, wt) 7598 7599def _run_dpp_enterprise_tcp(dev, apdev, params, wt): 7600 # Controller 7601 conf_id = dev[1].dpp_configurator_add() 7602 csrattrs = "MAsGCSqGSIb3DQEJBw==" 7603 dev[1].set("dpp_configurator_params", 7604 "conf=sta-dot1x configurator=%d csrattrs=%s" % (conf_id, csrattrs)) 7605 id_c = dev[1].dpp_bootstrap_gen() 7606 uri_c = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id_c) 7607 res = dev[1].request("DPP_BOOTSTRAP_INFO %d" % id_c) 7608 req = "DPP_CONTROLLER_START" 7609 if "OK" not in dev[1].request(req): 7610 raise Exception("Failed to start Controller") 7611 7612 dev[0].dpp_auth_init(uri=uri_c, role="enrollee", tcp_addr="127.0.0.1") 7613 run_dpp_enterprise_tcp_end(params, dev, wt) 7614 7615def run_dpp_enterprise_tcp_end(params, dev, wt): 7616 cert_file = params['prefix'] + ".cert.pem" 7617 pkcs7_file = params['prefix'] + ".pkcs7.der" 7618 7619 with open("auth_serv/ec-ca.pem", "rb") as f: 7620 res = f.read() 7621 cacert = OpenSSL.crypto.load_certificate(OpenSSL.crypto.FILETYPE_PEM, 7622 res) 7623 7624 with open("auth_serv/ec-ca.key", "rb") as f: 7625 res = f.read() 7626 cakey = OpenSSL.crypto.load_privatekey(OpenSSL.crypto.FILETYPE_PEM, res) 7627 7628 ev = dev[1].wait_event(["DPP-CSR"], timeout=10) 7629 if ev is None: 7630 raise Exception("Configurator did not receive CSR") 7631 id1_csr = int(ev.split(' ')[1].split('=')[1]) 7632 csr = ev.split(' ')[2] 7633 if not csr.startswith("csr="): 7634 raise Exception("Could not parse CSR event: " + ev) 7635 csr = csr[4:] 7636 csr = base64.b64decode(csr.encode()) 7637 logger.info("CSR: " + binascii.hexlify(csr).decode()) 7638 7639 cert = dpp_sign_cert(cacert, cakey, csr) 7640 with open(cert_file, 'wb') as f: 7641 f.write(OpenSSL.crypto.dump_certificate(OpenSSL.crypto.FILETYPE_PEM, 7642 cert)) 7643 subprocess.check_call(['openssl', 'crl2pkcs7', '-nocrl', 7644 '-certfile', cert_file, 7645 '-certfile', 'auth_serv/ec-ca.pem', 7646 '-outform', 'DER', '-out', pkcs7_file]) 7647 7648 with open(pkcs7_file, 'rb') as f: 7649 pkcs7_der = f.read() 7650 certbag = base64.b64encode(pkcs7_der).decode() 7651 res = dev[1].request("DPP_CA_SET peer=%d name=certBag value=%s" % (id1_csr, certbag)) 7652 if "OK" not in res: 7653 raise Exception("Failed to set certBag") 7654 7655 ev = dev[1].wait_event(["DPP-CONF-SENT", "DPP-CONF-FAILED"], timeout=5) 7656 if ev is None: 7657 raise Exception("DPP configuration not completed (Configurator)") 7658 if "DPP-CONF-FAILED" in ev: 7659 raise Exception("DPP configuration did not succeed (Configurator)") 7660 7661 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], 7662 timeout=1) 7663 if ev is None: 7664 raise Exception("DPP configuration not completed (Enrollee)") 7665 if "DPP-CONF-RECEIVED" not in ev: 7666 raise Exception("DPP configuration did not succeed (Enrollee)") 7667 7668def test_dpp_enterprise_tcp2(dev, apdev, params): 7669 """DPP over TCP for enterprise provisioning (Controller initiating)""" 7670 if not openssl_imported: 7671 raise HwsimSkip("OpenSSL python method not available") 7672 7673 try: 7674 run_dpp_enterprise_tcp2(dev, apdev, params) 7675 finally: 7676 dev[0].request("DPP_CONTROLLER_STOP") 7677 dev[1].request("DPP_CONTROLLER_STOP") 7678 7679def run_dpp_enterprise_tcp2(dev, apdev, params): 7680 check_dpp_capab(dev[0]) 7681 check_dpp_capab(dev[1]) 7682 7683 cap_lo = params['prefix'] + ".lo.pcap" 7684 7685 with WlantestCapture('lo', cap_lo) as wt: 7686 _run_dpp_enterprise_tcp2(dev, apdev, params, wt) 7687 7688def _run_dpp_enterprise_tcp2(dev, apdev, params, wt): 7689 # Client/Enrollee/Responder 7690 id_e = dev[0].dpp_bootstrap_gen() 7691 uri_e = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id_e) 7692 req = "DPP_CONTROLLER_START" 7693 if "OK" not in dev[0].request(req): 7694 raise Exception("Failed to start Client/Enrollee") 7695 7696 # Controller/Configurator/Initiator 7697 conf_id = dev[1].dpp_configurator_add() 7698 csrattrs = "MAsGCSqGSIb3DQEJBw==" 7699 dev[1].dpp_auth_init(uri=uri_e, role="configurator", configurator=conf_id, 7700 conf="sta-dot1x", csrattrs=csrattrs, 7701 tcp_addr="127.0.0.1") 7702 7703 run_dpp_enterprise_tcp_end(params, dev, wt) 7704 7705def test_dpp_qr_code_config_event_initiator(dev, apdev): 7706 """DPP QR Code and config event on Configurator Initiator""" 7707 run_dpp_qr_code_config_event_initiator(dev, apdev) 7708 7709def test_dpp_qr_code_config_event_initiator_set_comeback(dev, apdev): 7710 """DPP QR Code and config event on Configurator Initiator (set comeback)""" 7711 run_dpp_qr_code_config_event_initiator(dev, apdev, set_comeback=True) 7712 7713def test_dpp_qr_code_config_event_initiator_slow(dev, apdev): 7714 """DPP QR Code and config event on Configurator Initiator (slow)""" 7715 run_dpp_qr_code_config_event_initiator(dev, apdev, slow=True) 7716 7717def test_dpp_qr_code_config_event_initiator_failure(dev, apdev): 7718 """DPP QR Code and config event on Configurator Initiator (failure)""" 7719 run_dpp_qr_code_config_event_initiator(dev, apdev, failure=True) 7720 7721def test_dpp_qr_code_config_event_initiator_no_response(dev, apdev): 7722 """DPP QR Code and config event on Configurator Initiator (no response)""" 7723 run_dpp_qr_code_config_event_initiator(dev, apdev, failure=True, 7724 no_response=True) 7725 7726def run_dpp_qr_code_config_event_initiator(dev, apdev, set_comeback=False, 7727 slow=False, failure=False, 7728 no_response=False): 7729 check_dpp_capab(dev[0]) 7730 check_dpp_capab(dev[1]) 7731 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 7732 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 7733 dev[0].dpp_listen(2412) 7734 id1 = dev[1].dpp_auth_init(uri=uri0, conf="query") 7735 wait_auth_success(dev[0], dev[1]) 7736 ev = dev[1].wait_event(["DPP-CONF-NEEDED"]) 7737 if ev is None: 7738 raise Exception("Configuration query not seen") 7739 if "peer=%d " % id1 not in ev: 7740 raise Exception("Peer id mismatch: " + ev) 7741 if "net_role=sta" not in ev: 7742 raise Exception("Net role mismatch: " + ev) 7743 7744 if set_comeback: 7745 if "OK" not in dev[1].request(("DPP_CONF_SET peer=%d comeback=123" % id1)): 7746 raise Exception("DPP_CONF_SET failed") 7747 7748 if slow: 7749 time.sleep(0.100) 7750 7751 if failure: 7752 conf = "conf=failure" 7753 else: 7754 ssid = "sae" 7755 password = "password" 7756 conf = "conf=sta-sae" 7757 conf += " ssid=" + binascii.hexlify(ssid.encode()).decode() 7758 conf += " pass=" + binascii.hexlify(password.encode()).decode() 7759 if not no_response: 7760 if "OK" not in dev[1].request(("DPP_CONF_SET peer=%d " % id1) + conf): 7761 raise Exception("DPP_CONF_SET failed") 7762 7763 ev = dev[0].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=65) 7764 if ev is None: 7765 raise Exception("DPP configuration not completed (Enrollee)") 7766 if failure and "DPP-CONF-FAILED" not in ev: 7767 raise Exception("DPP configuration did not fail (Enrollee)") 7768 if (not failure) and "DPP-CONF-RECEIVED" not in ev: 7769 raise Exception("DPP configuration did not succeed (Enrollee)") 7770 time.sleep(0.01) 7771 dev[0].dump_monitor() 7772 dev[1].dump_monitor() 7773 7774def test_dpp_qr_code_config_event_initiator_both(dev, apdev): 7775 """DPP QR Code and config event on Configurator/Enrollee Initiator""" 7776 check_dpp_capab(dev[0]) 7777 check_dpp_capab(dev[1]) 7778 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 7779 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 7780 ssid = "sae" 7781 password = "password" 7782 dev[0].set("dpp_configurator_params", 7783 "conf=sta-sae ssid=%s pass=%s" % (binascii.hexlify(ssid.encode()).decode(), binascii.hexlify(password.encode()).decode())) 7784 dev[0].dpp_listen(2412, role="configurator") 7785 id1 = dev[1].dpp_auth_init(uri=uri0, conf="query", role="either") 7786 wait_auth_success(dev[0], dev[1], configurator=dev[0], enrollee=dev[1]) 7787 time.sleep(0.01) 7788 dev[0].dump_monitor() 7789 dev[1].dump_monitor() 7790 7791def test_dpp_tcp_qr_code_config_event_initiator(dev, apdev, params): 7792 """DPP over TCP (Configurator initiates with config event)""" 7793 try: 7794 run_dpp_tcp_qr_code_config_event_initiator(dev[0], dev[1]) 7795 finally: 7796 dev[1].request("DPP_CONTROLLER_STOP") 7797 7798def run_dpp_tcp_qr_code_config_event_initiator(dev0, dev1): 7799 check_dpp_capab(dev0, min_ver=2) 7800 check_dpp_capab(dev1, min_ver=2) 7801 7802 id_c = dev1.dpp_bootstrap_gen() 7803 uri_c = dev1.request("DPP_BOOTSTRAP_GET_URI %d" % id_c) 7804 res = dev1.request("DPP_BOOTSTRAP_INFO %d" % id_c) 7805 req = "DPP_CONTROLLER_START role=enrollee" 7806 if "OK" not in dev1.request(req): 7807 raise Exception("Failed to start Controller") 7808 7809 conf_id = dev0.dpp_configurator_add() 7810 id1 = dev0.dpp_auth_init(uri=uri_c, role="configurator", conf="query", 7811 tcp_addr="127.0.0.1") 7812 wait_auth_success(dev1, dev0) 7813 ev = dev0.wait_event(["DPP-CONF-NEEDED"]) 7814 if ev is None: 7815 raise Exception("Configuration query not seen") 7816 if "peer=%d " % id1 not in ev: 7817 raise Exception("Peer id mismatch: " + ev) 7818 if "net_role=sta" not in ev: 7819 raise Exception("Net role mismatch: " + ev) 7820 7821 ssid = "sae" 7822 password = "password" 7823 conf = "conf=sta-sae" 7824 conf += " ssid=" + binascii.hexlify(ssid.encode()).decode() 7825 conf += " pass=" + binascii.hexlify(password.encode()).decode() 7826 if "OK" not in dev0.request(("DPP_CONF_SET peer=%d " % id1) + conf): 7827 raise Exception("DPP_CONF_SET failed") 7828 7829 ev = dev1.wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=15) 7830 if ev is None: 7831 raise Exception("DPP configuration not completed (Enrollee)") 7832 if "DPP-CONF-RECEIVED" not in ev: 7833 raise Exception("DPP configuration did not succeed (Enrollee)") 7834 time.sleep(0.01) 7835 dev0.dump_monitor() 7836 dev1.dump_monitor() 7837 7838def test_dpp_qr_code_config_event_responder(dev, apdev): 7839 """DPP QR Code and config event on Configurator Responder""" 7840 check_dpp_capab(dev[0]) 7841 check_dpp_capab(dev[1]) 7842 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 7843 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 7844 dev[0].set("dpp_configurator_params", "conf=query") 7845 dev[0].dpp_listen(2412, role="configurator") 7846 dev[1].dpp_auth_init(uri=uri0, role="enrollee") 7847 wait_auth_success(dev[0], dev[1]) 7848 ev = dev[0].wait_event(["DPP-CONF-NEEDED"]) 7849 if ev is None: 7850 raise Exception("Configuration query not seen") 7851 if "net_role=sta" not in ev: 7852 raise Exception("Net role mismatch: " + ev) 7853 peer_id = int(ev.split()[1].split('=')[1]) 7854 7855 ssid = "sae" 7856 password = "password" 7857 conf = "conf=sta-sae" 7858 conf += " ssid=" + binascii.hexlify(ssid.encode()).decode() 7859 conf += " pass=" + binascii.hexlify(password.encode()).decode() 7860 if "OK" not in dev[0].request(("DPP_CONF_SET peer=%d " % peer_id) + conf): 7861 raise Exception("DPP_CONF_SET failed") 7862 7863 ev = dev[1].wait_event(["DPP-CONF-RECEIVED", "DPP-CONF-FAILED"], timeout=15) 7864 if ev is None: 7865 raise Exception("DPP configuration not completed (Enrollee)") 7866 if "DPP-CONF-RECEIVED" not in ev: 7867 raise Exception("DPP configuration did not succeed (Enrollee)") 7868 time.sleep(0.01) 7869 dev[0].dump_monitor() 7870 dev[1].dump_monitor() 7871 7872def test_dpp_discard_public_action(dev, apdev): 7873 """DPP and discarding Public Action frames""" 7874 check_dpp_capab(dev[0]) 7875 check_dpp_capab(dev[1]) 7876 id0 = dev[0].dpp_bootstrap_gen(chan="81/1") 7877 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 7878 dev[0].dpp_listen(2412) 7879 dev[1].set("dpp_discard_public_action", "1") 7880 dev[1].dpp_auth_init(uri=uri0) 7881 ev = dev[0].wait_event(["DPP-FAIL"], timeout=5) 7882 if ev is None: 7883 raise Exception("Failure not reported") 7884 if "No Auth Confirm received" not in ev: 7885 raise Exception("Unexpected failure reason: " + ev) 7886 7887def test_dpp_proto_stop_after_auth_hostapd(dev, apdev): 7888 """DPP protocol testing - stop after authentication exchange - hostapd Configurator behavior""" 7889 check_dpp_capab(dev[0]) 7890 7891 params = {"ssid": "dpp", 7892 "wpa": "2", 7893 "wpa_key_mgmt": "DPP", 7894 "ieee80211w": "2", 7895 "rsn_pairwise": "CCMP", 7896 "dpp_connector": params1_ap_connector, 7897 "dpp_csign": params1_csign, 7898 "dpp_netaccesskey": params1_ap_netaccesskey} 7899 try: 7900 hapd = hostapd.add_ap(apdev[0], params) 7901 except: 7902 raise HwsimSkip("DPP not supported") 7903 7904 conf_id = hapd.dpp_configurator_add() 7905 hapd.set("dpp_configurator_params", 7906 " conf=sta-dpp configurator=%d" % conf_id) 7907 7908 dev[0].set("dpp_test", "89") 7909 id0 = dev[0].dpp_bootstrap_gen(chan="81/1", mac=True) 7910 uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0) 7911 dev[0].dpp_listen(2412) 7912 7913 hapd.dpp_auth_init(uri=uri0, role="configurator", configurator=conf_id, 7914 conf="sta-dpp") 7915 ev = hapd.wait_event(["DPP-AUTH-SUCCESS"], timeout=10) 7916 if ev is None: 7917 raise Exception("DPP authentication did not succeed") 7918 7919 ev = hapd.wait_event(["DPP-CONF-FAILED"], timeout=11) 7920 if ev is None: 7921 raise Exception("DPP config failure not reported") 7922