| # WPS+NFC tests |
| # Copyright (c) 2013, Jouni Malinen <j@w1.fi> |
| # |
| # This software may be distributed under the terms of the BSD license. |
| # See README for more details. |
| |
| import time |
| import subprocess |
| import logging |
| logger = logging.getLogger() |
| |
| import hwsim_utils |
| import hostapd |
| |
| def check_wpa2_connection(sta, ap, hapd, ssid, mixed=False): |
| status = sta.get_status() |
| if status['wpa_state'] != 'COMPLETED': |
| raise Exception("Not fully connected") |
| if status['bssid'] != ap['bssid']: |
| raise Exception("Unexpected BSSID") |
| if status['ssid'] != ssid: |
| raise Exception("Unexpected SSID") |
| if status['pairwise_cipher'] != 'CCMP': |
| raise Exception("Unexpected encryption configuration") |
| if status['group_cipher'] != 'CCMP' and not mixed: |
| raise Exception("Unexpected encryption configuration") |
| if status['key_mgmt'] != 'WPA2-PSK': |
| raise Exception("Unexpected key_mgmt") |
| hwsim_utils.test_connectivity(sta, hapd) |
| |
| def ap_wps_params(ssid): |
| return { "ssid": ssid, "eap_server": "1", "wps_state": "2", |
| "wpa_passphrase": "12345678", "wpa": "2", |
| "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"} |
| |
| def test_nfc_wps_password_token_sta(dev, apdev): |
| """NFC tag with password token on the station/Enrollee""" |
| ssid = "test-wps-nfc-pw-token-conf" |
| params = ap_wps_params(ssid) |
| hostapd.add_ap(apdev[0]['ifname'], params) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("WPS provisioning step using password token from station") |
| wps = dev[0].request("WPS_NFC_TOKEN WPS").rstrip() |
| if "FAIL" in wps: |
| raise Exception("Failed to generate password token (WPS only)") |
| pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip() |
| if "FAIL" in pw: |
| raise Exception("Failed to generate password token") |
| res = hapd.request("WPS_NFC_TAG_READ " + pw) |
| if "FAIL" in res: |
| raise Exception("Failed to provide NFC tag contents to hostapd") |
| dev[0].dump_monitor() |
| res = dev[0].request("WPS_NFC") |
| if "FAIL" in res: |
| raise Exception("Failed to start Enrollee using NFC password token") |
| dev[0].wait_connected(timeout=30) |
| check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
| |
| def test_nfc_wps_config_token(dev, apdev): |
| """NFC tag with configuration token from AP""" |
| ssid = "test-wps-nfc-conf-token" |
| params = ap_wps_params(ssid) |
| hostapd.add_ap(apdev[0]['ifname'], params) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("NFC configuration token from AP to station") |
| conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() |
| if "FAIL" in conf: |
| raise Exception("Failed to generate configuration token") |
| dev[0].dump_monitor() |
| res = dev[0].request("WPS_NFC_TAG_READ " + conf) |
| if "FAIL" in res: |
| raise Exception("Failed to provide NFC tag contents to wpa_supplicant") |
| dev[0].wait_connected(timeout=15) |
| check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
| |
| def test_nfc_wps_config_token_init(dev, apdev): |
| """NFC tag with configuration token from AP with auto configuration""" |
| ssid = "test-wps-nfc-conf-token-init" |
| hostapd.add_ap(apdev[0]['ifname'], |
| { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("NFC configuration token from AP to station") |
| conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() |
| if "FAIL" in conf: |
| raise Exception("Failed to generate configuration token") |
| dev[0].dump_monitor() |
| res = dev[0].request("WPS_NFC_TAG_READ " + conf) |
| if "FAIL" in res: |
| raise Exception("Failed to provide NFC tag contents to wpa_supplicant") |
| dev[0].wait_connected(timeout=15) |
| check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True) |
| |
| def test_nfc_wps_password_token_sta_init(dev, apdev): |
| """Initial AP configuration with first WPS NFC Enrollee""" |
| ssid = "test-wps-nfc-pw-token-init" |
| hostapd.add_ap(apdev[0]['ifname'], |
| { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("WPS provisioning step using password token from station") |
| pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip() |
| if "FAIL" in pw: |
| raise Exception("Failed to generate password token") |
| res = hapd.request("WPS_NFC_TAG_READ " + pw) |
| if "FAIL" in res: |
| raise Exception("Failed to provide NFC tag contents to hostapd") |
| dev[0].dump_monitor() |
| res = dev[0].request("WPS_NFC") |
| if "FAIL" in res: |
| raise Exception("Failed to start Enrollee using NFC password token") |
| dev[0].wait_connected(timeout=30) |
| check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True) |
| |
| def test_nfc_wps_password_token_ap(dev, apdev): |
| """WPS registrar configuring an AP using AP password token""" |
| ssid = "test-wps-nfc-pw-token-init" |
| hostapd.add_ap(apdev[0]['ifname'], |
| { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("WPS configuration step") |
| pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip() |
| if "FAIL" in pw: |
| raise Exception("Failed to generate password token") |
| res = hapd.request("WPS_NFC_TOKEN enable") |
| if "FAIL" in pw: |
| raise Exception("Failed to enable AP password token") |
| res = dev[0].request("WPS_NFC_TAG_READ " + pw) |
| if "FAIL" in res: |
| raise Exception("Failed to provide NFC tag contents to wpa_supplicant") |
| dev[0].dump_monitor() |
| new_ssid = "test-wps-nfc-pw-token-new-ssid" |
| new_passphrase = "1234567890" |
| res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex")) |
| if "FAIL" in res: |
| raise Exception("Failed to start Registrar using NFC password token") |
| dev[0].wait_connected(timeout=30) |
| check_wpa2_connection(dev[0], apdev[0], hapd, new_ssid, mixed=True) |
| if "FAIL" in hapd.request("WPS_NFC_TOKEN disable"): |
| raise Exception("Failed to disable AP password token") |
| if "FAIL" in hapd.request("WPS_NFC_TOKEN WPS"): |
| raise Exception("Unexpected WPS_NFC_TOKEN WPS failure") |
| |
| def test_nfc_wps_handover_init(dev, apdev): |
| """Connect to WPS AP with NFC connection handover and move to configured state""" |
| dev[0].request("SET ignore_old_scan_res 1") |
| ssid = "test-wps-nfc-handover-init" |
| hostapd.add_ap(apdev[0]['ifname'], |
| { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("NFC connection handover") |
| req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[0].dump_monitor() |
| res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| dev[0].wait_connected(timeout=15) |
| check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True) |
| |
| def test_nfc_wps_handover_errors(dev, apdev): |
| """WPS AP NFC handover report error cases""" |
| ssid = "test-wps-nfc-handover" |
| hostapd.add_ap(apdev[0]['ifname'], |
| { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER "): |
| raise Exception("Unexpected handover report success") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP"): |
| raise Exception("Unexpected handover report success") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS"): |
| raise Exception("Unexpected handover report success") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122"): |
| raise Exception("Unexpected handover report success") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 00"): |
| raise Exception("Unexpected handover report success") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 0 00"): |
| raise Exception("Unexpected handover report success") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 0"): |
| raise Exception("Unexpected handover report success") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 00q122 001122"): |
| raise Exception("Unexpected handover report success") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001q22"): |
| raise Exception("Unexpected handover report success") |
| if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP FOO 001122 00"): |
| raise Exception("Unexpected handover report success") |
| |
| def test_nfc_wps_handover(dev, apdev): |
| """Connect to WPS AP with NFC connection handover""" |
| ssid = "test-wps-nfc-handover" |
| params = ap_wps_params(ssid) |
| hostapd.add_ap(apdev[0]['ifname'], params) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("NFC connection handover") |
| req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[0].dump_monitor() |
| res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| dev[0].wait_connected(timeout=30) |
| check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
| |
| def test_nfc_wps_handover_5ghz(dev, apdev): |
| """Connect to WPS AP with NFC connection handover on 5 GHz band""" |
| try: |
| ssid = "test-wps-nfc-handover" |
| params = ap_wps_params(ssid) |
| params["country_code"] = "FI" |
| params["hw_mode"] = "a" |
| params["channel"] = "36" |
| hapd = hostapd.add_ap(apdev[0]['ifname'], params) |
| logger.info("NFC connection handover") |
| req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[0].dump_monitor() |
| res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| dev[0].wait_connected(timeout=30) |
| check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
| finally: |
| dev[0].request("DISCONNECT") |
| if hapd: |
| hapd.request("DISABLE") |
| subprocess.call(['iw', 'reg', 'set', '00']) |
| dev[0].flush_scan_cache() |
| |
| def test_nfc_wps_handover_chan14(dev, apdev): |
| """Connect to WPS AP with NFC connection handover on channel 14""" |
| try: |
| ssid = "test-wps-nfc-handover" |
| params = ap_wps_params(ssid) |
| params["country_code"] = "JP" |
| params["hw_mode"] = "b" |
| params["channel"] = "14" |
| hapd = hostapd.add_ap(apdev[0]['ifname'], params) |
| logger.info("NFC connection handover") |
| req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[0].dump_monitor() |
| res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| dev[0].wait_connected(timeout=30) |
| check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
| finally: |
| dev[0].request("DISCONNECT") |
| if hapd: |
| hapd.request("DISABLE") |
| subprocess.call(['iw', 'reg', 'set', '00']) |
| dev[0].flush_scan_cache() |
| |
| def test_nfc_wps_handover_with_pw_token_set(dev, apdev): |
| """Connect to WPS AP with NFC connection handover (wps_nfc_* set)""" |
| ssid = "test-wps-nfc-handover2" |
| params = ap_wps_params(ssid) |
| hostapd.add_ap(apdev[0]['ifname'], params) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| # enable a password token (which won't be used in this test case) |
| pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip() |
| if "FAIL" in pw: |
| raise Exception("Failed to generate password token") |
| res = hapd.request("WPS_NFC_TOKEN enable") |
| if "FAIL" in pw: |
| raise Exception("Failed to enable AP password token") |
| logger.info("NFC connection handover") |
| req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[0].dump_monitor() |
| res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| dev[0].wait_connected(timeout=15) |
| check_wpa2_connection(dev[0], apdev[0], hapd, ssid) |
| |
| def test_nfc_wps_handover_pk_hash_mismatch_sta(dev, apdev): |
| """WPS NFC connection handover with invalid pkhash from station (negative)""" |
| ssid = "wps-nfc-handover-pkhash-sta" |
| if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"): |
| raise Exception("Could not enable wps_corrupt_pkhash") |
| params = ap_wps_params(ssid) |
| hostapd.add_ap(apdev[0]['ifname'], params) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("NFC connection handover") |
| req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[0].dump_monitor() |
| res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) |
| if ev is None: |
| raise Exception("Timed out") |
| if "WPS-FAIL" not in ev: |
| raise Exception("Public key hash mismatch not detected") |
| |
| def test_nfc_wps_handover_pk_hash_mismatch_ap(dev, apdev): |
| """WPS NFC connection handover with invalid pkhash from AP (negative)""" |
| ssid = "wps-nfc-handover-pkhash-ap" |
| params = ap_wps_params(ssid) |
| hostapd.add_ap(apdev[0]['ifname'], params) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| if "FAIL" in hapd.request("SET wps_corrupt_pkhash 1"): |
| raise Exception("Could not enable wps_corrupt_pkhash") |
| logger.info("NFC connection handover") |
| req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[0].dump_monitor() |
| res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) |
| if ev is None: |
| raise Exception("Timed out") |
| if "WPS-FAIL" not in ev: |
| raise Exception("Public key hash mismatch not detected") |
| |
| def start_ap_er(er, ap, ssid): |
| ap_pin = "12345670" |
| ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e" |
| hostapd.add_ap(ap['ifname'], |
| { "ssid": ssid, "eap_server": "1", "wps_state": "2", |
| "wpa_passphrase": "12345678", "wpa": "2", |
| "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP", |
| "device_name": "Wireless AP", "manufacturer": "Company", |
| "model_name": "WAP", "model_number": "123", |
| "serial_number": "12345", "device_type": "6-0050F204-1", |
| "os_version": "01020300", |
| "config_methods": "label push_button", |
| "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"}) |
| logger.info("Learn AP configuration") |
| er.dump_monitor() |
| er.request("SET ignore_old_scan_res 1") |
| er.wps_reg(ap['bssid'], ap_pin) |
| |
| logger.info("Start ER") |
| er.request("WPS_ER_STOP") |
| time.sleep(1) |
| er.request("WPS_ER_START ifname=lo") |
| ev = er.wait_event(["WPS-ER-AP-ADD"], timeout=15) |
| if ev is None: |
| raise Exception("AP discovery timed out") |
| if ap_uuid not in ev: |
| raise Exception("Expected AP UUID not found") |
| |
| logger.info("Use learned network configuration on ER") |
| er.request("WPS_ER_SET_CONFIG " + ap_uuid + " 0") |
| |
| def test_nfc_wps_er_pw_token(dev, apdev): |
| """WPS NFC password token from Enrollee to ER""" |
| try: |
| _test_nfc_wps_er_pw_token(dev, apdev) |
| finally: |
| dev[0].request("WPS_ER_STOP") |
| |
| def _test_nfc_wps_er_pw_token(dev, apdev): |
| ssid = "wps-nfc-er-pw-token" |
| start_ap_er(dev[0], apdev[0], ssid) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("WPS provisioning step using password token from station") |
| dev[1].request("SET ignore_old_scan_res 1") |
| pw = dev[1].request("WPS_NFC_TOKEN NDEF").rstrip() |
| if "FAIL" in pw: |
| raise Exception("Failed to generate password token") |
| res = dev[0].request("WPS_NFC_TAG_READ " + pw) |
| if "FAIL" in res: |
| raise Exception("Failed to provide NFC tag contents to WPS ER") |
| dev[0].dump_monitor() |
| res = dev[1].request("WPS_NFC") |
| if "FAIL" in res: |
| raise Exception("Failed to start Enrollee using NFC password token") |
| ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15) |
| if ev is None: |
| raise Exception("WPS ER did not report success") |
| dev[1].wait_connected(timeout=15) |
| check_wpa2_connection(dev[1], apdev[0], hapd, ssid) |
| |
| def test_nfc_wps_er_config_token(dev, apdev): |
| """WPS NFC configuration token from ER to Enrollee""" |
| try: |
| _test_nfc_wps_er_config_token(dev, apdev) |
| finally: |
| dev[0].request("WPS_ER_STOP") |
| |
| def _test_nfc_wps_er_config_token(dev, apdev): |
| ssid = "wps-nfc-er-config-token" |
| start_ap_er(dev[0], apdev[0], ssid) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("WPS provisioning step using configuration token from ER") |
| wps = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN WPS " + apdev[0]['bssid']).rstrip() |
| if "FAIL" in wps: |
| raise Exception("Failed to generate configuration token (WPS format)") |
| conf = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN NDEF " + apdev[0]['bssid']).rstrip() |
| if "FAIL" in conf: |
| raise Exception("Failed to generate configuration token") |
| dev[1].request("SET ignore_old_scan_res 1") |
| res = dev[1].request("WPS_NFC_TAG_READ " + conf) |
| if "FAIL" in res: |
| raise Exception("Failed to provide NFC tag contents to wpa_supplicant") |
| dev[1].wait_connected(timeout=15) |
| check_wpa2_connection(dev[1], apdev[0], hapd, ssid) |
| |
| def test_nfc_wps_er_handover(dev, apdev): |
| """WPS NFC connection handover between Enrollee and ER""" |
| try: |
| _test_nfc_wps_er_handover(dev, apdev) |
| finally: |
| dev[0].request("WPS_ER_STOP") |
| |
| def _test_nfc_wps_er_handover(dev, apdev): |
| ssid = "wps-nfc-er-handover" |
| start_ap_er(dev[0], apdev[0], ssid) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("WPS provisioning step using connection handover") |
| req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[1].dump_monitor() |
| res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| dev[1].wait_connected(timeout=15) |
| check_wpa2_connection(dev[1], apdev[0], hapd, ssid) |
| |
| def test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev): |
| """WPS NFC connection handover with invalid pkhash from station to ER (negative)""" |
| try: |
| _test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev) |
| finally: |
| dev[0].request("WPS_ER_STOP") |
| |
| def _test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev): |
| ssid = "wps-nfc-er-handover-pkhash-sta" |
| start_ap_er(dev[0], apdev[0], ssid) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("WPS provisioning step using connection handover") |
| if "FAIL" in dev[1].request("SET wps_corrupt_pkhash 1"): |
| raise Exception("Could not enable wps_corrupt_pkhash") |
| dev[1].request("SET ignore_old_scan_res 1") |
| req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[1].dump_monitor() |
| res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) |
| if ev is None: |
| raise Exception("Timed out") |
| if "WPS-FAIL" not in ev: |
| raise Exception("Public key hash mismatch not detected") |
| |
| def test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev): |
| """WPS NFC connection handover with invalid pkhash from ER to station (negative)""" |
| try: |
| _test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev) |
| finally: |
| dev[0].request("WPS_ER_STOP") |
| |
| def _test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev): |
| ssid = "wps-nfc-er-handover-pkhash-er" |
| start_ap_er(dev[0], apdev[0], ssid) |
| hapd = hostapd.Hostapd(apdev[0]['ifname']) |
| logger.info("WPS provisioning step using connection handover") |
| if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"): |
| raise Exception("Could not enable wps_corrupt_pkhash") |
| dev[1].request("SET ignore_old_scan_res 1") |
| req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() |
| if "FAIL" in req: |
| raise Exception("Failed to generate NFC connection handover request") |
| sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip() |
| if "FAIL" in sel: |
| raise Exception("Failed to generate NFC connection handover select") |
| res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to hostapd") |
| dev[1].dump_monitor() |
| res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) |
| if "FAIL" in res: |
| raise Exception("Failed to report NFC connection handover to to wpa_supplicant") |
| ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15) |
| if ev is None: |
| raise Exception("Timed out") |
| if "WPS-FAIL" not in ev: |
| raise Exception("Public key hash mismatch not detected") |
| |
| def test_nfc_invalid_ndef_record(dev, apdev): |
| """Invalid NFC NDEF record handling""" |
| tests = [ "11223344", |
| "00112233", |
| "0000112233445566", |
| "0800112233445566", |
| "080011223344", |
| "18000000", |
| "18010000", |
| "90000050", |
| "9000005000", |
| "9001013344", |
| "98010101334455" ] |
| for test in tests: |
| if "FAIL" not in dev[0].request("WPS_NFC_TAG_READ " + test): |
| raise Exception("Invalid tag accepted: " + test) |