#!/usr/bin/python # # WPS+NFC tests # Copyright (c) 2013, Jouni Malinen # # This software may be distributed under the terms of the BSD license. # See README for more details. import time import subprocess import logging logger = logging.getLogger() import hwsim_utils import hostapd def check_wpa2_connection(sta, ap, ssid, mixed=False): status = sta.get_status() if status['wpa_state'] != 'COMPLETED': raise Exception("Not fully connected") if status['bssid'] != ap['bssid']: raise Exception("Unexpected BSSID") if status['ssid'] != ssid: raise Exception("Unexpected SSID") if status['pairwise_cipher'] != 'CCMP': raise Exception("Unexpected encryption configuration") if status['group_cipher'] != 'CCMP' and not mixed: raise Exception("Unexpected encryption configuration") if status['key_mgmt'] != 'WPA2-PSK': raise Exception("Unexpected key_mgmt") hwsim_utils.test_connectivity(sta.ifname, ap['ifname']) def ap_wps_params(ssid): return { "ssid": ssid, "eap_server": "1", "wps_state": "2", "wpa_passphrase": "12345678", "wpa": "2", "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"} def test_nfc_wps_password_token_sta(dev, apdev): """NFC tag with password token on the station/Enrollee""" ssid = "test-wps-nfc-pw-token-conf" params = ap_wps_params(ssid) hostapd.add_ap(apdev[0]['ifname'], params) hapd = hostapd.Hostapd(apdev[0]['ifname']) logger.info("WPS provisioning step using password token from station") pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip() if "FAIL" in pw: raise Exception("Failed to generate password token") res = hapd.request("WPS_NFC_TAG_READ " + pw) if "FAIL" in res: raise Exception("Failed to provide NFC tag contents to hostapd") dev[0].dump_monitor() res = dev[0].request("WPS_NFC") if "FAIL" in res: raise Exception("Failed to start Enrollee using NFC password token") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) if ev is None: raise Exception("Association with the AP timed out") check_wpa2_connection(dev[0], apdev[0], ssid) def test_nfc_wps_config_token(dev, apdev): """NFC tag with configuration token from AP""" ssid = "test-wps-nfc-conf-token" params = ap_wps_params(ssid) hostapd.add_ap(apdev[0]['ifname'], params) hapd = hostapd.Hostapd(apdev[0]['ifname']) logger.info("NFC configuration token from AP to station") conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() if "FAIL" in conf: raise Exception("Failed to generate configuration token") dev[0].dump_monitor() res = dev[0].request("WPS_NFC_TAG_READ " + conf) if "FAIL" in res: raise Exception("Failed to provide NFC tag contents to wpa_supplicant") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) if ev is None: raise Exception("Association with the AP timed out") check_wpa2_connection(dev[0], apdev[0], ssid) def test_nfc_wps_config_token_init(dev, apdev): """NFC tag with configuration token from AP with auto configuration""" ssid = "test-wps-nfc-conf-token-init" hostapd.add_ap(apdev[0]['ifname'], { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) hapd = hostapd.Hostapd(apdev[0]['ifname']) logger.info("NFC configuration token from AP to station") conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() if "FAIL" in conf: raise Exception("Failed to generate configuration token") dev[0].dump_monitor() res = dev[0].request("WPS_NFC_TAG_READ " + conf) if "FAIL" in res: raise Exception("Failed to provide NFC tag contents to wpa_supplicant") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) if ev is None: raise Exception("Association with the AP timed out") check_wpa2_connection(dev[0], apdev[0], ssid, mixed=True) def test_nfc_wps_password_token_sta_init(dev, apdev): """Initial AP configuration with first WPS NFC Enrollee""" ssid = "test-wps-nfc-pw-token-init" hostapd.add_ap(apdev[0]['ifname'], { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) hapd = hostapd.Hostapd(apdev[0]['ifname']) logger.info("WPS provisioning step using password token from station") pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip() if "FAIL" in pw: raise Exception("Failed to generate password token") res = hapd.request("WPS_NFC_TAG_READ " + pw) if "FAIL" in res: raise Exception("Failed to provide NFC tag contents to hostapd") dev[0].dump_monitor() res = dev[0].request("WPS_NFC") if "FAIL" in res: raise Exception("Failed to start Enrollee using NFC password token") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) if ev is None: raise Exception("Association with the AP timed out") check_wpa2_connection(dev[0], apdev[0], ssid, mixed=True) def test_nfc_wps_password_token_ap(dev, apdev): """WPS registrar configuring an AP using AP password token""" ssid = "test-wps-nfc-pw-token-init" hostapd.add_ap(apdev[0]['ifname'], { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) hapd = hostapd.Hostapd(apdev[0]['ifname']) logger.info("WPS configuration step") pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip() if "FAIL" in pw: raise Exception("Failed to generate password token") res = hapd.request("WPS_NFC_TOKEN enable") if "FAIL" in pw: raise Exception("Failed to enable AP password token") res = dev[0].request("WPS_NFC_TAG_READ " + pw) if "FAIL" in res: raise Exception("Failed to provide NFC tag contents to wpa_supplicant") dev[0].dump_monitor() new_ssid = "test-wps-nfc-pw-token-new-ssid" new_passphrase = "1234567890" res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex")) if "FAIL" in res: raise Exception("Failed to start Registrar using NFC password token") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) if ev is None: raise Exception("Association with the AP timed out") check_wpa2_connection(dev[0], apdev[0], new_ssid, mixed=True) def test_nfc_wps_handover_init(dev, apdev): """Connect to WPS AP with NFC connection handover and move to configured state""" dev[0].request("SET ignore_old_scan_res 1") ssid = "test-wps-nfc-handover-init" hostapd.add_ap(apdev[0]['ifname'], { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) hapd = hostapd.Hostapd(apdev[0]['ifname']) logger.info("NFC connection handover") req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() if "FAIL" in req: raise Exception("Failed to generate NFC connection handover request") sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to hostapd") dev[0].dump_monitor() res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to wpa_supplicant") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) if ev is None: raise Exception("Association with the AP timed out") check_wpa2_connection(dev[0], apdev[0], ssid, mixed=True) def test_nfc_wps_handover(dev, apdev): """Connect to WPS AP with NFC connection handover""" ssid = "test-wps-nfc-handover" params = ap_wps_params(ssid) hostapd.add_ap(apdev[0]['ifname'], params) hapd = hostapd.Hostapd(apdev[0]['ifname']) logger.info("NFC connection handover") req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() if "FAIL" in req: raise Exception("Failed to generate NFC connection handover request") sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to hostapd") dev[0].dump_monitor() res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to wpa_supplicant") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30) if ev is None: raise Exception("Association with the AP timed out") check_wpa2_connection(dev[0], apdev[0], ssid) def test_nfc_wps_handover_pk_hash_mismatch_sta(dev, apdev): """WPS NFC connection handover with invalid pkhash from station (negative)""" ssid = "wps-nfc-handover-pkhash-sta" if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"): raise Exception("Could not enable wps_corrupt_pkhash") params = ap_wps_params(ssid) hostapd.add_ap(apdev[0]['ifname'], params) hapd = hostapd.Hostapd(apdev[0]['ifname']) logger.info("NFC connection handover") req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() if "FAIL" in req: raise Exception("Failed to generate NFC connection handover request") sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to hostapd") dev[0].dump_monitor() res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to wpa_supplicant") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) if ev is None: raise Exception("Timed out") if "WPS-FAIL" not in ev: raise Exception("Public key hash mismatch not detected") def test_nfc_wps_handover_pk_hash_mismatch_ap(dev, apdev): """WPS NFC connection handover with invalid pkhash from AP (negative)""" ssid = "wps-nfc-handover-pkhash-ap" params = ap_wps_params(ssid) hostapd.add_ap(apdev[0]['ifname'], params) hapd = hostapd.Hostapd(apdev[0]['ifname']) if "FAIL" in hapd.request("SET wps_corrupt_pkhash 1"): raise Exception("Could not enable wps_corrupt_pkhash") logger.info("NFC connection handover") req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() if "FAIL" in req: raise Exception("Failed to generate NFC connection handover request") sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() if "FAIL" in sel: raise Exception("Failed to generate NFC connection handover select") res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to hostapd") dev[0].dump_monitor() res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) if "FAIL" in res: raise Exception("Failed to report NFC connection handover to to wpa_supplicant") ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) if ev is None: raise Exception("Timed out") if "WPS-FAIL" not in ev: raise Exception("Public key hash mismatch not detected")