tests: DPP P-256 test vectors

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2017-12-07 13:35:19 +02:00 committed by Jouni Malinen
parent f55269753c
commit 055cd39788
4 changed files with 165 additions and 0 deletions

View file

@ -36,6 +36,8 @@ u8 dpp_pkex_ephemeral_key_override[600];
size_t dpp_pkex_ephemeral_key_override_len = 0; size_t dpp_pkex_ephemeral_key_override_len = 0;
u8 dpp_protocol_key_override[600]; u8 dpp_protocol_key_override[600];
size_t dpp_protocol_key_override_len = 0; size_t dpp_protocol_key_override_len = 0;
u8 dpp_nonce_override[DPP_MAX_NONCE_LEN];
size_t dpp_nonce_override_len = 0;
static int dpp_test_gen_invalid_key(struct wpabuf *msg, static int dpp_test_gen_invalid_key(struct wpabuf *msg,
const struct dpp_curve_params *curve); const struct dpp_curve_params *curve);
@ -2086,11 +2088,26 @@ struct dpp_authentication * dpp_auth_init(void *msg_ctx,
dpp_prepare_channel_list(auth, own_modes, num_modes) < 0) dpp_prepare_channel_list(auth, own_modes, num_modes) < 0)
goto fail; goto fail;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_nonce_override_len > 0) {
wpa_printf(MSG_INFO, "DPP: TESTING - override I-nonce");
nonce_len = dpp_nonce_override_len;
os_memcpy(auth->i_nonce, dpp_nonce_override, nonce_len);
} else {
nonce_len = auth->curve->nonce_len;
if (random_get_bytes(auth->i_nonce, nonce_len)) {
wpa_printf(MSG_ERROR,
"DPP: Failed to generate I-nonce");
goto fail;
}
}
#else /* CONFIG_TESTING_OPTIONS */
nonce_len = auth->curve->nonce_len; nonce_len = auth->curve->nonce_len;
if (random_get_bytes(auth->i_nonce, nonce_len)) { if (random_get_bytes(auth->i_nonce, nonce_len)) {
wpa_printf(MSG_ERROR, "DPP: Failed to generate I-nonce"); wpa_printf(MSG_ERROR, "DPP: Failed to generate I-nonce");
goto fail; goto fail;
} }
#endif /* CONFIG_TESTING_OPTIONS */
wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len); wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len);
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
@ -2616,11 +2633,26 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
if (!auth->own_bi) if (!auth->own_bi)
return -1; return -1;
#ifdef CONFIG_TESTING_OPTIONS
if (dpp_nonce_override_len > 0) {
wpa_printf(MSG_INFO, "DPP: TESTING - override R-nonce");
nonce_len = dpp_nonce_override_len;
os_memcpy(auth->r_nonce, dpp_nonce_override, nonce_len);
} else {
nonce_len = auth->curve->nonce_len;
if (random_get_bytes(auth->r_nonce, nonce_len)) {
wpa_printf(MSG_ERROR,
"DPP: Failed to generate R-nonce");
goto fail;
}
}
#else /* CONFIG_TESTING_OPTIONS */
nonce_len = auth->curve->nonce_len; nonce_len = auth->curve->nonce_len;
if (random_get_bytes(auth->r_nonce, nonce_len)) { if (random_get_bytes(auth->r_nonce, nonce_len)) {
wpa_printf(MSG_ERROR, "DPP: Failed to generate R-nonce"); wpa_printf(MSG_ERROR, "DPP: Failed to generate R-nonce");
goto fail; goto fail;
} }
#endif /* CONFIG_TESTING_OPTIONS */
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len); wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS

View file

@ -341,6 +341,8 @@ extern u8 dpp_pkex_ephemeral_key_override[600];
extern size_t dpp_pkex_ephemeral_key_override_len; extern size_t dpp_pkex_ephemeral_key_override_len;
extern u8 dpp_protocol_key_override[600]; extern u8 dpp_protocol_key_override[600];
extern size_t dpp_protocol_key_override_len; extern size_t dpp_protocol_key_override_len;
extern u8 dpp_nonce_override[DPP_MAX_NONCE_LEN];
extern size_t dpp_nonce_override_len;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info); void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);

View file

@ -1766,6 +1766,127 @@ def test_dpp_qr_code_hostapd_init(dev, apdev):
dev[0].request("DPP_STOP_LISTEN") dev[0].request("DPP_STOP_LISTEN")
dev[0].dump_monitor() dev[0].dump_monitor()
def test_dpp_test_vector_p_256(dev, apdev):
"""DPP P-256 test vector (mutual auth)"""
check_dpp_capab(dev[0])
check_dpp_capab(dev[1])
# Responder bootstrapping key
priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
addr = dev[0].own_addr().replace(':', '')
cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=30310201010420" + priv + "a00a06082a8648ce3d030107"
res = dev[0].request(cmd)
if "FAIL" in res:
raise Exception("Failed to generate bootstrapping info")
id0 = int(res)
uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
# Responder protocol keypair override
priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
dev[0].set("dpp_protocol_key_override",
"30310201010420" + priv + "a00a06082a8648ce3d030107")
dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
# Initiator bootstrapping key
priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
cmd = "DPP_BOOTSTRAP_GEN type=qrcode key=30310201010420" + priv + "a00a06082a8648ce3d030107"
res = dev[1].request(cmd)
if "FAIL" in res:
raise Exception("Failed to generate bootstrapping info")
id1 = int(res)
uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
# Initiator protocol keypair override
priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
dev[1].set("dpp_protocol_key_override",
"30310201010420" + priv + "a00a06082a8648ce3d030107")
dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
res = dev[1].request("DPP_QR_CODE " + uri0)
if "FAIL" in res:
raise Exception("Failed to parse QR Code URI")
id1peer = int(res)
res = dev[0].request("DPP_QR_CODE " + uri1)
if "FAIL" in res:
raise Exception("Failed to parse QR Code URI")
id0peer = int(res)
cmd = "DPP_LISTEN 2462 qr=mutual"
if "OK" not in dev[0].request(cmd):
raise Exception("Failed to start listen operation")
cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
if "OK" not in dev[1].request(cmd):
raise Exception("Failed to initiate operation")
ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
if ev is None:
raise Exception("DPP authentication did not succeed (Initiator)")
ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
if ev is None:
raise Exception("DPP authentication did not succeed (Responder)")
def test_dpp_test_vector_p_256_b(dev, apdev):
"""DPP P-256 test vector (Responder-only auth)"""
check_dpp_capab(dev[0])
check_dpp_capab(dev[1])
# Responder bootstrapping key
priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
addr = dev[0].own_addr().replace(':', '')
cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=30310201010420" + priv + "a00a06082a8648ce3d030107"
res = dev[0].request(cmd)
if "FAIL" in res:
raise Exception("Failed to generate bootstrapping info")
id0 = int(res)
uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
# Responder protocol keypair override
priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
dev[0].set("dpp_protocol_key_override",
"30310201010420" + priv + "a00a06082a8648ce3d030107")
dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
# Initiator bootstrapping key
priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
cmd = "DPP_BOOTSTRAP_GEN type=qrcode key=30310201010420" + priv + "a00a06082a8648ce3d030107"
res = dev[1].request(cmd)
if "FAIL" in res:
raise Exception("Failed to generate bootstrapping info")
id1 = int(res)
uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
# Initiator protocol keypair override
priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
dev[1].set("dpp_protocol_key_override",
"30310201010420" + priv + "a00a06082a8648ce3d030107")
dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
res = dev[1].request("DPP_QR_CODE " + uri0)
if "FAIL" in res:
raise Exception("Failed to parse QR Code URI")
id1peer = int(res)
cmd = "DPP_LISTEN 2462"
if "OK" not in dev[0].request(cmd):
raise Exception("Failed to start listen operation")
cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
if "OK" not in dev[1].request(cmd):
raise Exception("Failed to initiate operation")
ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
if ev is None:
raise Exception("DPP authentication did not succeed (Initiator)")
ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
if ev is None:
raise Exception("DPP authentication did not succeed (Responder)")
def test_dpp_pkex(dev, apdev): def test_dpp_pkex(dev, apdev):
"""DPP and PKEX""" """DPP and PKEX"""
run_dpp_pkex(dev, apdev) run_dpp_pkex(dev, apdev)

View file

@ -643,6 +643,15 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
ret = -1; ret = -1;
else else
dpp_protocol_key_override_len = hex_len / 2; dpp_protocol_key_override_len = hex_len / 2;
} else if (os_strcasecmp(cmd, "dpp_nonce_override") == 0) {
size_t hex_len = os_strlen(value);
if (hex_len > 2 * sizeof(dpp_nonce_override))
ret = -1;
else if (hexstr2bin(value, dpp_nonce_override, hex_len / 2))
ret = -1;
else
dpp_nonce_override_len = hex_len / 2;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_DPP */ #endif /* CONFIG_DPP */
#ifdef CONFIG_TESTING_OPTIONS #ifdef CONFIG_TESTING_OPTIONS
@ -7795,6 +7804,7 @@ static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s)
os_memset(dpp_pkex_peer_mac_override, 0, ETH_ALEN); os_memset(dpp_pkex_peer_mac_override, 0, ETH_ALEN);
dpp_pkex_ephemeral_key_override_len = 0; dpp_pkex_ephemeral_key_override_len = 0;
dpp_protocol_key_override_len = 0; dpp_protocol_key_override_len = 0;
dpp_nonce_override_len = 0;
#endif /* CONFIG_TESTING_OPTIONS */ #endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_DPP */ #endif /* CONFIG_DPP */