mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-12-01 11:48:23 -05:00
9d7fdac5b3
It was possible for regulatory domain changes to "leak" into following test cases in number of cases where the cfg80211 BSS table remained after regulatory domain had been restored to world roaming. Try to make this less likely to occur by explicitly clearing BSS table at the end of test cases that use different regulatory domain. This makes P2P test cases that verify channel selection based on world roaming rules more robust. Signed-off-by: Jouni Malinen <j@w1.fi>
575 lines
27 KiB
Python
575 lines
27 KiB
Python
# WPS+NFC tests
|
|
# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
|
|
#
|
|
# This software may be distributed under the terms of the BSD license.
|
|
# See README for more details.
|
|
|
|
import time
|
|
import subprocess
|
|
import logging
|
|
logger = logging.getLogger()
|
|
|
|
import hwsim_utils
|
|
import hostapd
|
|
|
|
def check_wpa2_connection(sta, ap, hapd, ssid, mixed=False):
|
|
status = sta.get_status()
|
|
if status['wpa_state'] != 'COMPLETED':
|
|
raise Exception("Not fully connected")
|
|
if status['bssid'] != ap['bssid']:
|
|
raise Exception("Unexpected BSSID")
|
|
if status['ssid'] != ssid:
|
|
raise Exception("Unexpected SSID")
|
|
if status['pairwise_cipher'] != 'CCMP':
|
|
raise Exception("Unexpected encryption configuration")
|
|
if status['group_cipher'] != 'CCMP' and not mixed:
|
|
raise Exception("Unexpected encryption configuration")
|
|
if status['key_mgmt'] != 'WPA2-PSK':
|
|
raise Exception("Unexpected key_mgmt")
|
|
hwsim_utils.test_connectivity(sta, hapd)
|
|
|
|
def ap_wps_params(ssid):
|
|
return { "ssid": ssid, "eap_server": "1", "wps_state": "2",
|
|
"wpa_passphrase": "12345678", "wpa": "2",
|
|
"wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
|
|
|
|
def test_nfc_wps_password_token_sta(dev, apdev):
|
|
"""NFC tag with password token on the station/Enrollee"""
|
|
ssid = "test-wps-nfc-pw-token-conf"
|
|
params = ap_wps_params(ssid)
|
|
hostapd.add_ap(apdev[0]['ifname'], params)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("WPS provisioning step using password token from station")
|
|
wps = dev[0].request("WPS_NFC_TOKEN WPS").rstrip()
|
|
if "FAIL" in wps:
|
|
raise Exception("Failed to generate password token (WPS only)")
|
|
pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip()
|
|
if "FAIL" in pw:
|
|
raise Exception("Failed to generate password token")
|
|
res = hapd.request("WPS_NFC_TAG_READ " + pw)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to provide NFC tag contents to hostapd")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("WPS_NFC")
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to start Enrollee using NFC password token")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
|
|
|
|
def test_nfc_wps_config_token(dev, apdev):
|
|
"""NFC tag with configuration token from AP"""
|
|
ssid = "test-wps-nfc-conf-token"
|
|
params = ap_wps_params(ssid)
|
|
hostapd.add_ap(apdev[0]['ifname'], params)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("NFC configuration token from AP to station")
|
|
conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
|
|
if "FAIL" in conf:
|
|
raise Exception("Failed to generate configuration token")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("WPS_NFC_TAG_READ " + conf)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
|
|
|
|
def test_nfc_wps_config_token_init(dev, apdev):
|
|
"""NFC tag with configuration token from AP with auto configuration"""
|
|
ssid = "test-wps-nfc-conf-token-init"
|
|
hostapd.add_ap(apdev[0]['ifname'],
|
|
{ "ssid": ssid, "eap_server": "1", "wps_state": "1" })
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("NFC configuration token from AP to station")
|
|
conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
|
|
if "FAIL" in conf:
|
|
raise Exception("Failed to generate configuration token")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("WPS_NFC_TAG_READ " + conf)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True)
|
|
|
|
def test_nfc_wps_password_token_sta_init(dev, apdev):
|
|
"""Initial AP configuration with first WPS NFC Enrollee"""
|
|
ssid = "test-wps-nfc-pw-token-init"
|
|
hostapd.add_ap(apdev[0]['ifname'],
|
|
{ "ssid": ssid, "eap_server": "1", "wps_state": "1" })
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("WPS provisioning step using password token from station")
|
|
pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip()
|
|
if "FAIL" in pw:
|
|
raise Exception("Failed to generate password token")
|
|
res = hapd.request("WPS_NFC_TAG_READ " + pw)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to provide NFC tag contents to hostapd")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("WPS_NFC")
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to start Enrollee using NFC password token")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True)
|
|
|
|
def test_nfc_wps_password_token_ap(dev, apdev):
|
|
"""WPS registrar configuring an AP using AP password token"""
|
|
ssid = "test-wps-nfc-pw-token-init"
|
|
hostapd.add_ap(apdev[0]['ifname'],
|
|
{ "ssid": ssid, "eap_server": "1", "wps_state": "1" })
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("WPS configuration step")
|
|
pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip()
|
|
if "FAIL" in pw:
|
|
raise Exception("Failed to generate password token")
|
|
res = hapd.request("WPS_NFC_TOKEN enable")
|
|
if "FAIL" in pw:
|
|
raise Exception("Failed to enable AP password token")
|
|
res = dev[0].request("WPS_NFC_TAG_READ " + pw)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
|
|
dev[0].dump_monitor()
|
|
new_ssid = "test-wps-nfc-pw-token-new-ssid"
|
|
new_passphrase = "1234567890"
|
|
res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex"))
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to start Registrar using NFC password token")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, new_ssid, mixed=True)
|
|
if "FAIL" in hapd.request("WPS_NFC_TOKEN disable"):
|
|
raise Exception("Failed to disable AP password token")
|
|
if "FAIL" in hapd.request("WPS_NFC_TOKEN WPS"):
|
|
raise Exception("Unexpected WPS_NFC_TOKEN WPS failure")
|
|
|
|
def test_nfc_wps_handover_init(dev, apdev):
|
|
"""Connect to WPS AP with NFC connection handover and move to configured state"""
|
|
dev[0].request("SET ignore_old_scan_res 1")
|
|
ssid = "test-wps-nfc-handover-init"
|
|
hostapd.add_ap(apdev[0]['ifname'],
|
|
{ "ssid": ssid, "eap_server": "1", "wps_state": "1" })
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("NFC connection handover")
|
|
req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True)
|
|
|
|
def test_nfc_wps_handover_errors(dev, apdev):
|
|
"""WPS AP NFC handover report error cases"""
|
|
ssid = "test-wps-nfc-handover"
|
|
hostapd.add_ap(apdev[0]['ifname'],
|
|
{ "ssid": ssid, "eap_server": "1", "wps_state": "1" })
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER "):
|
|
raise Exception("Unexpected handover report success")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP"):
|
|
raise Exception("Unexpected handover report success")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS"):
|
|
raise Exception("Unexpected handover report success")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122"):
|
|
raise Exception("Unexpected handover report success")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 00"):
|
|
raise Exception("Unexpected handover report success")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 0 00"):
|
|
raise Exception("Unexpected handover report success")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 0"):
|
|
raise Exception("Unexpected handover report success")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 00q122 001122"):
|
|
raise Exception("Unexpected handover report success")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001q22"):
|
|
raise Exception("Unexpected handover report success")
|
|
if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP FOO 001122 00"):
|
|
raise Exception("Unexpected handover report success")
|
|
|
|
def test_nfc_wps_handover(dev, apdev):
|
|
"""Connect to WPS AP with NFC connection handover"""
|
|
ssid = "test-wps-nfc-handover"
|
|
params = ap_wps_params(ssid)
|
|
hostapd.add_ap(apdev[0]['ifname'], params)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("NFC connection handover")
|
|
req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
|
|
|
|
def test_nfc_wps_handover_5ghz(dev, apdev):
|
|
"""Connect to WPS AP with NFC connection handover on 5 GHz band"""
|
|
try:
|
|
ssid = "test-wps-nfc-handover"
|
|
params = ap_wps_params(ssid)
|
|
params["country_code"] = "FI"
|
|
params["hw_mode"] = "a"
|
|
params["channel"] = "36"
|
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
|
logger.info("NFC connection handover")
|
|
req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
|
|
finally:
|
|
dev[0].request("DISCONNECT")
|
|
if hapd:
|
|
hapd.request("DISABLE")
|
|
subprocess.call(['sudo', 'iw', 'reg', 'set', '00'])
|
|
dev[0].flush_scan_cache()
|
|
|
|
def test_nfc_wps_handover_chan14(dev, apdev):
|
|
"""Connect to WPS AP with NFC connection handover on channel 14"""
|
|
try:
|
|
ssid = "test-wps-nfc-handover"
|
|
params = ap_wps_params(ssid)
|
|
params["country_code"] = "JP"
|
|
params["hw_mode"] = "b"
|
|
params["channel"] = "14"
|
|
hapd = hostapd.add_ap(apdev[0]['ifname'], params)
|
|
logger.info("NFC connection handover")
|
|
req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
|
|
finally:
|
|
dev[0].request("DISCONNECT")
|
|
if hapd:
|
|
hapd.request("DISABLE")
|
|
subprocess.call(['sudo', 'iw', 'reg', 'set', '00'])
|
|
dev[0].flush_scan_cache()
|
|
|
|
def test_nfc_wps_handover_with_pw_token_set(dev, apdev):
|
|
"""Connect to WPS AP with NFC connection handover (wps_nfc_* set)"""
|
|
ssid = "test-wps-nfc-handover2"
|
|
params = ap_wps_params(ssid)
|
|
hostapd.add_ap(apdev[0]['ifname'], params)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
# enable a password token (which won't be used in this test case)
|
|
pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip()
|
|
if "FAIL" in pw:
|
|
raise Exception("Failed to generate password token")
|
|
res = hapd.request("WPS_NFC_TOKEN enable")
|
|
if "FAIL" in pw:
|
|
raise Exception("Failed to enable AP password token")
|
|
logger.info("NFC connection handover")
|
|
req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
|
|
|
|
def test_nfc_wps_handover_pk_hash_mismatch_sta(dev, apdev):
|
|
"""WPS NFC connection handover with invalid pkhash from station (negative)"""
|
|
ssid = "wps-nfc-handover-pkhash-sta"
|
|
if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"):
|
|
raise Exception("Could not enable wps_corrupt_pkhash")
|
|
params = ap_wps_params(ssid)
|
|
hostapd.add_ap(apdev[0]['ifname'], params)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("NFC connection handover")
|
|
req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Timed out")
|
|
if "WPS-FAIL" not in ev:
|
|
raise Exception("Public key hash mismatch not detected")
|
|
|
|
def test_nfc_wps_handover_pk_hash_mismatch_ap(dev, apdev):
|
|
"""WPS NFC connection handover with invalid pkhash from AP (negative)"""
|
|
ssid = "wps-nfc-handover-pkhash-ap"
|
|
params = ap_wps_params(ssid)
|
|
hostapd.add_ap(apdev[0]['ifname'], params)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
if "FAIL" in hapd.request("SET wps_corrupt_pkhash 1"):
|
|
raise Exception("Could not enable wps_corrupt_pkhash")
|
|
logger.info("NFC connection handover")
|
|
req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[0].dump_monitor()
|
|
res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Timed out")
|
|
if "WPS-FAIL" not in ev:
|
|
raise Exception("Public key hash mismatch not detected")
|
|
|
|
def start_ap_er(er, ap, ssid):
|
|
ap_pin = "12345670"
|
|
ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
|
|
hostapd.add_ap(ap['ifname'],
|
|
{ "ssid": ssid, "eap_server": "1", "wps_state": "2",
|
|
"wpa_passphrase": "12345678", "wpa": "2",
|
|
"wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
|
|
"device_name": "Wireless AP", "manufacturer": "Company",
|
|
"model_name": "WAP", "model_number": "123",
|
|
"serial_number": "12345", "device_type": "6-0050F204-1",
|
|
"os_version": "01020300",
|
|
"config_methods": "label push_button",
|
|
"ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
|
|
logger.info("Learn AP configuration")
|
|
er.dump_monitor()
|
|
er.request("SET ignore_old_scan_res 1")
|
|
er.wps_reg(ap['bssid'], ap_pin)
|
|
|
|
logger.info("Start ER")
|
|
er.request("WPS_ER_STOP")
|
|
time.sleep(1)
|
|
er.request("WPS_ER_START ifname=lo")
|
|
ev = er.wait_event(["WPS-ER-AP-ADD"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("AP discovery timed out")
|
|
if ap_uuid not in ev:
|
|
raise Exception("Expected AP UUID not found")
|
|
|
|
logger.info("Use learned network configuration on ER")
|
|
er.request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")
|
|
|
|
def test_nfc_wps_er_pw_token(dev, apdev):
|
|
"""WPS NFC password token from Enrollee to ER"""
|
|
try:
|
|
_test_nfc_wps_er_pw_token(dev, apdev)
|
|
finally:
|
|
dev[0].request("WPS_ER_STOP")
|
|
|
|
def _test_nfc_wps_er_pw_token(dev, apdev):
|
|
ssid = "wps-nfc-er-pw-token"
|
|
start_ap_er(dev[0], apdev[0], ssid)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("WPS provisioning step using password token from station")
|
|
dev[1].request("SET ignore_old_scan_res 1")
|
|
pw = dev[1].request("WPS_NFC_TOKEN NDEF").rstrip()
|
|
if "FAIL" in pw:
|
|
raise Exception("Failed to generate password token")
|
|
res = dev[0].request("WPS_NFC_TAG_READ " + pw)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to provide NFC tag contents to WPS ER")
|
|
dev[0].dump_monitor()
|
|
res = dev[1].request("WPS_NFC")
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to start Enrollee using NFC password token")
|
|
ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("WPS ER did not report success")
|
|
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[1], apdev[0], hapd, ssid)
|
|
|
|
def test_nfc_wps_er_config_token(dev, apdev):
|
|
"""WPS NFC configuration token from ER to Enrollee"""
|
|
try:
|
|
_test_nfc_wps_er_config_token(dev, apdev)
|
|
finally:
|
|
dev[0].request("WPS_ER_STOP")
|
|
|
|
def _test_nfc_wps_er_config_token(dev, apdev):
|
|
ssid = "wps-nfc-er-config-token"
|
|
start_ap_er(dev[0], apdev[0], ssid)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("WPS provisioning step using configuration token from ER")
|
|
wps = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN WPS " + apdev[0]['bssid']).rstrip()
|
|
if "FAIL" in wps:
|
|
raise Exception("Failed to generate configuration token (WPS format)")
|
|
conf = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN NDEF " + apdev[0]['bssid']).rstrip()
|
|
if "FAIL" in conf:
|
|
raise Exception("Failed to generate configuration token")
|
|
dev[1].request("SET ignore_old_scan_res 1")
|
|
res = dev[1].request("WPS_NFC_TAG_READ " + conf)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
|
|
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[1], apdev[0], hapd, ssid)
|
|
|
|
def test_nfc_wps_er_handover(dev, apdev):
|
|
"""WPS NFC connection handover between Enrollee and ER"""
|
|
try:
|
|
_test_nfc_wps_er_handover(dev, apdev)
|
|
finally:
|
|
dev[0].request("WPS_ER_STOP")
|
|
|
|
def _test_nfc_wps_er_handover(dev, apdev):
|
|
ssid = "wps-nfc-er-handover"
|
|
start_ap_er(dev[0], apdev[0], ssid)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("WPS provisioning step using connection handover")
|
|
req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[1].dump_monitor()
|
|
res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Association with the AP timed out")
|
|
check_wpa2_connection(dev[1], apdev[0], hapd, ssid)
|
|
|
|
def test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev):
|
|
"""WPS NFC connection handover with invalid pkhash from station to ER (negative)"""
|
|
try:
|
|
_test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev)
|
|
finally:
|
|
dev[0].request("WPS_ER_STOP")
|
|
|
|
def _test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev):
|
|
ssid = "wps-nfc-er-handover-pkhash-sta"
|
|
start_ap_er(dev[0], apdev[0], ssid)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("WPS provisioning step using connection handover")
|
|
if "FAIL" in dev[1].request("SET wps_corrupt_pkhash 1"):
|
|
raise Exception("Could not enable wps_corrupt_pkhash")
|
|
dev[1].request("SET ignore_old_scan_res 1")
|
|
req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[1].dump_monitor()
|
|
res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Timed out")
|
|
if "WPS-FAIL" not in ev:
|
|
raise Exception("Public key hash mismatch not detected")
|
|
|
|
def test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev):
|
|
"""WPS NFC connection handover with invalid pkhash from ER to station (negative)"""
|
|
try:
|
|
_test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev)
|
|
finally:
|
|
dev[0].request("WPS_ER_STOP")
|
|
|
|
def _test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev):
|
|
ssid = "wps-nfc-er-handover-pkhash-er"
|
|
start_ap_er(dev[0], apdev[0], ssid)
|
|
hapd = hostapd.Hostapd(apdev[0]['ifname'])
|
|
logger.info("WPS provisioning step using connection handover")
|
|
if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"):
|
|
raise Exception("Could not enable wps_corrupt_pkhash")
|
|
dev[1].request("SET ignore_old_scan_res 1")
|
|
req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
|
|
if "FAIL" in req:
|
|
raise Exception("Failed to generate NFC connection handover request")
|
|
sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip()
|
|
if "FAIL" in sel:
|
|
raise Exception("Failed to generate NFC connection handover select")
|
|
res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to hostapd")
|
|
dev[1].dump_monitor()
|
|
res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
|
|
if "FAIL" in res:
|
|
raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
|
|
ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
|
|
if ev is None:
|
|
raise Exception("Timed out")
|
|
if "WPS-FAIL" not in ev:
|
|
raise Exception("Public key hash mismatch not detected")
|