tests: DPP P-256 test vectors
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
f55269753c
commit
055cd39788
4 changed files with 165 additions and 0 deletions
|
@ -36,6 +36,8 @@ u8 dpp_pkex_ephemeral_key_override[600];
|
||||||
size_t dpp_pkex_ephemeral_key_override_len = 0;
|
size_t dpp_pkex_ephemeral_key_override_len = 0;
|
||||||
u8 dpp_protocol_key_override[600];
|
u8 dpp_protocol_key_override[600];
|
||||||
size_t dpp_protocol_key_override_len = 0;
|
size_t dpp_protocol_key_override_len = 0;
|
||||||
|
u8 dpp_nonce_override[DPP_MAX_NONCE_LEN];
|
||||||
|
size_t dpp_nonce_override_len = 0;
|
||||||
|
|
||||||
static int dpp_test_gen_invalid_key(struct wpabuf *msg,
|
static int dpp_test_gen_invalid_key(struct wpabuf *msg,
|
||||||
const struct dpp_curve_params *curve);
|
const struct dpp_curve_params *curve);
|
||||||
|
@ -2086,11 +2088,26 @@ struct dpp_authentication * dpp_auth_init(void *msg_ctx,
|
||||||
dpp_prepare_channel_list(auth, own_modes, num_modes) < 0)
|
dpp_prepare_channel_list(auth, own_modes, num_modes) < 0)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
if (dpp_nonce_override_len > 0) {
|
||||||
|
wpa_printf(MSG_INFO, "DPP: TESTING - override I-nonce");
|
||||||
|
nonce_len = dpp_nonce_override_len;
|
||||||
|
os_memcpy(auth->i_nonce, dpp_nonce_override, nonce_len);
|
||||||
|
} else {
|
||||||
|
nonce_len = auth->curve->nonce_len;
|
||||||
|
if (random_get_bytes(auth->i_nonce, nonce_len)) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"DPP: Failed to generate I-nonce");
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#else /* CONFIG_TESTING_OPTIONS */
|
||||||
nonce_len = auth->curve->nonce_len;
|
nonce_len = auth->curve->nonce_len;
|
||||||
if (random_get_bytes(auth->i_nonce, nonce_len)) {
|
if (random_get_bytes(auth->i_nonce, nonce_len)) {
|
||||||
wpa_printf(MSG_ERROR, "DPP: Failed to generate I-nonce");
|
wpa_printf(MSG_ERROR, "DPP: Failed to generate I-nonce");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len);
|
wpa_hexdump(MSG_DEBUG, "DPP: I-nonce", auth->i_nonce, nonce_len);
|
||||||
|
|
||||||
#ifdef CONFIG_TESTING_OPTIONS
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
@ -2616,11 +2633,26 @@ static int dpp_auth_build_resp_ok(struct dpp_authentication *auth)
|
||||||
if (!auth->own_bi)
|
if (!auth->own_bi)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
if (dpp_nonce_override_len > 0) {
|
||||||
|
wpa_printf(MSG_INFO, "DPP: TESTING - override R-nonce");
|
||||||
|
nonce_len = dpp_nonce_override_len;
|
||||||
|
os_memcpy(auth->r_nonce, dpp_nonce_override, nonce_len);
|
||||||
|
} else {
|
||||||
|
nonce_len = auth->curve->nonce_len;
|
||||||
|
if (random_get_bytes(auth->r_nonce, nonce_len)) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"DPP: Failed to generate R-nonce");
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#else /* CONFIG_TESTING_OPTIONS */
|
||||||
nonce_len = auth->curve->nonce_len;
|
nonce_len = auth->curve->nonce_len;
|
||||||
if (random_get_bytes(auth->r_nonce, nonce_len)) {
|
if (random_get_bytes(auth->r_nonce, nonce_len)) {
|
||||||
wpa_printf(MSG_ERROR, "DPP: Failed to generate R-nonce");
|
wpa_printf(MSG_ERROR, "DPP: Failed to generate R-nonce");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
|
wpa_hexdump(MSG_DEBUG, "DPP: R-nonce", auth->r_nonce, nonce_len);
|
||||||
|
|
||||||
#ifdef CONFIG_TESTING_OPTIONS
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
|
|
@ -341,6 +341,8 @@ extern u8 dpp_pkex_ephemeral_key_override[600];
|
||||||
extern size_t dpp_pkex_ephemeral_key_override_len;
|
extern size_t dpp_pkex_ephemeral_key_override_len;
|
||||||
extern u8 dpp_protocol_key_override[600];
|
extern u8 dpp_protocol_key_override[600];
|
||||||
extern size_t dpp_protocol_key_override_len;
|
extern size_t dpp_protocol_key_override_len;
|
||||||
|
extern u8 dpp_nonce_override[DPP_MAX_NONCE_LEN];
|
||||||
|
extern size_t dpp_nonce_override_len;
|
||||||
#endif /* CONFIG_TESTING_OPTIONS */
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
|
||||||
void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);
|
void dpp_bootstrap_info_free(struct dpp_bootstrap_info *info);
|
||||||
|
|
|
@ -1766,6 +1766,127 @@ def test_dpp_qr_code_hostapd_init(dev, apdev):
|
||||||
dev[0].request("DPP_STOP_LISTEN")
|
dev[0].request("DPP_STOP_LISTEN")
|
||||||
dev[0].dump_monitor()
|
dev[0].dump_monitor()
|
||||||
|
|
||||||
|
def test_dpp_test_vector_p_256(dev, apdev):
|
||||||
|
"""DPP P-256 test vector (mutual auth)"""
|
||||||
|
check_dpp_capab(dev[0])
|
||||||
|
check_dpp_capab(dev[1])
|
||||||
|
|
||||||
|
# Responder bootstrapping key
|
||||||
|
priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
|
||||||
|
addr = dev[0].own_addr().replace(':', '')
|
||||||
|
cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=30310201010420" + priv + "a00a06082a8648ce3d030107"
|
||||||
|
res = dev[0].request(cmd)
|
||||||
|
if "FAIL" in res:
|
||||||
|
raise Exception("Failed to generate bootstrapping info")
|
||||||
|
id0 = int(res)
|
||||||
|
uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
|
||||||
|
|
||||||
|
# Responder protocol keypair override
|
||||||
|
priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
|
||||||
|
dev[0].set("dpp_protocol_key_override",
|
||||||
|
"30310201010420" + priv + "a00a06082a8648ce3d030107")
|
||||||
|
|
||||||
|
dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
|
||||||
|
|
||||||
|
# Initiator bootstrapping key
|
||||||
|
priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
|
||||||
|
cmd = "DPP_BOOTSTRAP_GEN type=qrcode key=30310201010420" + priv + "a00a06082a8648ce3d030107"
|
||||||
|
res = dev[1].request(cmd)
|
||||||
|
if "FAIL" in res:
|
||||||
|
raise Exception("Failed to generate bootstrapping info")
|
||||||
|
id1 = int(res)
|
||||||
|
uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
|
||||||
|
|
||||||
|
# Initiator protocol keypair override
|
||||||
|
priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
|
||||||
|
dev[1].set("dpp_protocol_key_override",
|
||||||
|
"30310201010420" + priv + "a00a06082a8648ce3d030107")
|
||||||
|
|
||||||
|
dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
|
||||||
|
|
||||||
|
res = dev[1].request("DPP_QR_CODE " + uri0)
|
||||||
|
if "FAIL" in res:
|
||||||
|
raise Exception("Failed to parse QR Code URI")
|
||||||
|
id1peer = int(res)
|
||||||
|
|
||||||
|
res = dev[0].request("DPP_QR_CODE " + uri1)
|
||||||
|
if "FAIL" in res:
|
||||||
|
raise Exception("Failed to parse QR Code URI")
|
||||||
|
id0peer = int(res)
|
||||||
|
|
||||||
|
cmd = "DPP_LISTEN 2462 qr=mutual"
|
||||||
|
if "OK" not in dev[0].request(cmd):
|
||||||
|
raise Exception("Failed to start listen operation")
|
||||||
|
|
||||||
|
cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
|
||||||
|
if "OK" not in dev[1].request(cmd):
|
||||||
|
raise Exception("Failed to initiate operation")
|
||||||
|
|
||||||
|
ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("DPP authentication did not succeed (Initiator)")
|
||||||
|
ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("DPP authentication did not succeed (Responder)")
|
||||||
|
|
||||||
|
def test_dpp_test_vector_p_256_b(dev, apdev):
|
||||||
|
"""DPP P-256 test vector (Responder-only auth)"""
|
||||||
|
check_dpp_capab(dev[0])
|
||||||
|
check_dpp_capab(dev[1])
|
||||||
|
|
||||||
|
# Responder bootstrapping key
|
||||||
|
priv = "54ce181a98525f217216f59b245f60e9df30ac7f6b26c939418cfc3c42d1afa0"
|
||||||
|
addr = dev[0].own_addr().replace(':', '')
|
||||||
|
cmd = "DPP_BOOTSTRAP_GEN type=qrcode chan=81/11 mac=" + addr + " key=30310201010420" + priv + "a00a06082a8648ce3d030107"
|
||||||
|
res = dev[0].request(cmd)
|
||||||
|
if "FAIL" in res:
|
||||||
|
raise Exception("Failed to generate bootstrapping info")
|
||||||
|
id0 = int(res)
|
||||||
|
uri0 = dev[0].request("DPP_BOOTSTRAP_GET_URI %d" % id0)
|
||||||
|
|
||||||
|
# Responder protocol keypair override
|
||||||
|
priv = "f798ed2e19286f6a6efe210b1863badb99af2a14b497634dbfd2a97394fb5aa5"
|
||||||
|
dev[0].set("dpp_protocol_key_override",
|
||||||
|
"30310201010420" + priv + "a00a06082a8648ce3d030107")
|
||||||
|
|
||||||
|
dev[0].set("dpp_nonce_override", "3d0cfb011ca916d796f7029ff0b43393")
|
||||||
|
|
||||||
|
# Initiator bootstrapping key
|
||||||
|
priv = "15b2a83c5a0a38b61f2aa8200ee4994b8afdc01c58507d10d0a38f7eedf051bb"
|
||||||
|
cmd = "DPP_BOOTSTRAP_GEN type=qrcode key=30310201010420" + priv + "a00a06082a8648ce3d030107"
|
||||||
|
res = dev[1].request(cmd)
|
||||||
|
if "FAIL" in res:
|
||||||
|
raise Exception("Failed to generate bootstrapping info")
|
||||||
|
id1 = int(res)
|
||||||
|
uri1 = dev[1].request("DPP_BOOTSTRAP_GET_URI %d" % id1)
|
||||||
|
|
||||||
|
# Initiator protocol keypair override
|
||||||
|
priv = "a87de9afbb406c96e5f79a3df895ecac3ad406f95da66314c8cb3165e0c61783"
|
||||||
|
dev[1].set("dpp_protocol_key_override",
|
||||||
|
"30310201010420" + priv + "a00a06082a8648ce3d030107")
|
||||||
|
|
||||||
|
dev[1].set("dpp_nonce_override", "13f4602a16daeb69712263b9c46cba31")
|
||||||
|
|
||||||
|
res = dev[1].request("DPP_QR_CODE " + uri0)
|
||||||
|
if "FAIL" in res:
|
||||||
|
raise Exception("Failed to parse QR Code URI")
|
||||||
|
id1peer = int(res)
|
||||||
|
|
||||||
|
cmd = "DPP_LISTEN 2462"
|
||||||
|
if "OK" not in dev[0].request(cmd):
|
||||||
|
raise Exception("Failed to start listen operation")
|
||||||
|
|
||||||
|
cmd = "DPP_AUTH_INIT peer=%d own=%d neg_freq=2412" % (id1peer, id1)
|
||||||
|
if "OK" not in dev[1].request(cmd):
|
||||||
|
raise Exception("Failed to initiate operation")
|
||||||
|
|
||||||
|
ev = dev[1].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("DPP authentication did not succeed (Initiator)")
|
||||||
|
ev = dev[0].wait_event(["DPP-AUTH-SUCCESS"], timeout=5)
|
||||||
|
if ev is None:
|
||||||
|
raise Exception("DPP authentication did not succeed (Responder)")
|
||||||
|
|
||||||
def test_dpp_pkex(dev, apdev):
|
def test_dpp_pkex(dev, apdev):
|
||||||
"""DPP and PKEX"""
|
"""DPP and PKEX"""
|
||||||
run_dpp_pkex(dev, apdev)
|
run_dpp_pkex(dev, apdev)
|
||||||
|
|
|
@ -643,6 +643,15 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
|
||||||
ret = -1;
|
ret = -1;
|
||||||
else
|
else
|
||||||
dpp_protocol_key_override_len = hex_len / 2;
|
dpp_protocol_key_override_len = hex_len / 2;
|
||||||
|
} else if (os_strcasecmp(cmd, "dpp_nonce_override") == 0) {
|
||||||
|
size_t hex_len = os_strlen(value);
|
||||||
|
|
||||||
|
if (hex_len > 2 * sizeof(dpp_nonce_override))
|
||||||
|
ret = -1;
|
||||||
|
else if (hexstr2bin(value, dpp_nonce_override, hex_len / 2))
|
||||||
|
ret = -1;
|
||||||
|
else
|
||||||
|
dpp_nonce_override_len = hex_len / 2;
|
||||||
#endif /* CONFIG_TESTING_OPTIONS */
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
#ifdef CONFIG_TESTING_OPTIONS
|
#ifdef CONFIG_TESTING_OPTIONS
|
||||||
|
@ -7795,6 +7804,7 @@ static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s)
|
||||||
os_memset(dpp_pkex_peer_mac_override, 0, ETH_ALEN);
|
os_memset(dpp_pkex_peer_mac_override, 0, ETH_ALEN);
|
||||||
dpp_pkex_ephemeral_key_override_len = 0;
|
dpp_pkex_ephemeral_key_override_len = 0;
|
||||||
dpp_protocol_key_override_len = 0;
|
dpp_protocol_key_override_len = 0;
|
||||||
|
dpp_nonce_override_len = 0;
|
||||||
#endif /* CONFIG_TESTING_OPTIONS */
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue