diff --git a/tests/hwsim/test_nfc_wps.py b/tests/hwsim/test_nfc_wps.py new file mode 100644 index 000000000..a7081e3d4 --- /dev/null +++ b/tests/hwsim/test_nfc_wps.py @@ -0,0 +1,152 @@ +#!/usr/bin/python +# +# WPS+NFC tests +# Copyright (c) 2013, Jouni Malinen +# +# This software may be distributed under the terms of the BSD license. +# See README for more details. + +import time +import subprocess +import logging +logger = logging.getLogger(__name__) + +import hwsim_utils +import hostapd + +def check_wpa2_connection(sta, ap, ssid, mixed=False): + status = sta.get_status() + if status['wpa_state'] != 'COMPLETED': + raise Exception("Not fully connected") + if status['bssid'] != ap['bssid']: + raise Exception("Unexpected BSSID") + if status['ssid'] != ssid: + raise Exception("Unexpected SSID") + if status['pairwise_cipher'] != 'CCMP': + raise Exception("Unexpected encryption configuration") + if status['group_cipher'] != 'CCMP' and not mixed: + raise Exception("Unexpected encryption configuration") + if status['key_mgmt'] != 'WPA2-PSK': + raise Exception("Unexpected key_mgmt") + hwsim_utils.test_connectivity(sta.ifname, ap['ifname']) + +def ap_wps_params(ssid): + return { "ssid": ssid, "eap_server": "1", "wps_state": "2", + "wpa_passphrase": "12345678", "wpa": "2", + "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"} + +def test_nfc_wps_password_token_sta(dev, apdev): + """NFC tag with password token on the station/Enrollee""" + ssid = "test-wps-nfc-pw-token-conf" + params = ap_wps_params(ssid) + hostapd.add_ap(apdev[0]['ifname'], params) + hapd = hostapd.Hostapd(apdev[0]['ifname']) + logger.info("WPS provisioning step using password token from station") + pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip() + if "FAIL" in pw: + raise Exception("Failed to generate password token") + res = hapd.request("WPS_NFC_TAG_READ " + pw) + if "FAIL" in res: + raise Exception("Failed to provide NFC tag contents to hostapd") + dev[0].dump_monitor() + res = dev[0].request("WPS_NFC") + if "FAIL" in res: + raise Exception("Failed to start Enrollee using NFC password token") + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) + if ev is None: + raise Exception("Association with the AP timed out") + check_wpa2_connection(dev[0], apdev[0], ssid) + +def test_nfc_wps_config_token(dev, apdev): + """NFC tag with configuration token from AP""" + ssid = "test-wps-nfc-conf-token" + params = ap_wps_params(ssid) + hostapd.add_ap(apdev[0]['ifname'], params) + hapd = hostapd.Hostapd(apdev[0]['ifname']) + logger.info("NFC configuration token from AP to station") + conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip() + if "FAIL" in conf: + raise Exception("Failed to generate configuration token") + dev[0].dump_monitor() + res = dev[0].request("WPS_NFC_TAG_READ " + conf) + if "FAIL" in res: + raise Exception("Failed to provide NFC tag contents to wpa_supplicant") + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) + if ev is None: + raise Exception("Association with the AP timed out") + check_wpa2_connection(dev[0], apdev[0], ssid) + +def test_nfc_wps_password_token_sta_init(dev, apdev): + """Initial AP configuration with first WPS NFC Enrollee""" + ssid = "test-wps-nfc-pw-token-init" + hostapd.add_ap(apdev[0]['ifname'], + { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) + hapd = hostapd.Hostapd(apdev[0]['ifname']) + logger.info("WPS provisioning step using password token from station") + pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip() + if "FAIL" in pw: + raise Exception("Failed to generate password token") + res = hapd.request("WPS_NFC_TAG_READ " + pw) + if "FAIL" in res: + raise Exception("Failed to provide NFC tag contents to hostapd") + dev[0].dump_monitor() + res = dev[0].request("WPS_NFC") + if "FAIL" in res: + raise Exception("Failed to start Enrollee using NFC password token") + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) + if ev is None: + raise Exception("Association with the AP timed out") + check_wpa2_connection(dev[0], apdev[0], ssid, mixed=True) + +def test_nfc_wps_password_token_ap(dev, apdev): + """WPS registrar configuring an AP using AP password token""" + dev[0].request("SET ignore_old_scan_res 1") + ssid = "test-wps-nfc-pw-token-init" + hostapd.add_ap(apdev[0]['ifname'], + { "ssid": ssid, "eap_server": "1", "wps_state": "1" }) + hapd = hostapd.Hostapd(apdev[0]['ifname']) + logger.info("WPS configuration step") + pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip() + if "FAIL" in pw: + raise Exception("Failed to generate password token") + res = hapd.request("WPS_NFC_TOKEN enable") + if "FAIL" in pw: + raise Exception("Failed to enable AP password token") + res = dev[0].request("WPS_NFC_TAG_READ " + pw) + if "FAIL" in res: + raise Exception("Failed to provide NFC tag contents to wpa_supplicant") + dev[0].dump_monitor() + new_ssid = "test-wps-nfc-pw-token-new-ssid" + new_passphrase = "1234567890" + res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex")) + if "FAIL" in res: + raise Exception("Failed to start Registrar using NFC password token") + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) + if ev is None: + raise Exception("Association with the AP timed out") + check_wpa2_connection(dev[0], apdev[0], new_ssid, mixed=True) + +def test_nfc_wps_handover(dev, apdev): + """Connect to WPS AP with NFC connection handover""" + ssid = "test-wps-nfc-handover" + params = ap_wps_params(ssid) + hostapd.add_ap(apdev[0]['ifname'], params) + hapd = hostapd.Hostapd(apdev[0]['ifname']) + logger.info("NFC connection handover") + req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip() + if "FAIL" in req: + raise Exception("Failed to generate NFC connection handover request") + sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip() + if "FAIL" in sel: + raise Exception("Failed to generate NFC connection handover select") + res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel) + if "FAIL" in res: + raise Exception("Failed to report NFC connection handover to to hostapd") + dev[0].dump_monitor() + res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel) + if "FAIL" in res: + raise Exception("Failed to report NFC connection handover to to wpa_supplicant") + ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15) + if ev is None: + raise Exception("Association with the AP timed out") + check_wpa2_connection(dev[0], apdev[0], ssid)