Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 50acc38469
Branches Tags
krackattacks
/
tests
/
hwsim
/
test_nfc_wps.py

test_nfc_wps.py 7.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174 
  1. #!/usr/bin/python
    2. 

  2. #
    3. 

  3. # WPS+NFC tests
    4. 

  4. # Copyright (c) 2013, Jouni Malinen <j@w1.fi>
    5. 

  5. #
    6. 

  6. # This software may be distributed under the terms of the BSD license.
    7. 

  7. # See README for more details.
    8. 

  8. 

  9. import time
    10. 

  10. import subprocess
    11. 

  11. import logging
    12. 

  12. logger = logging.getLogger()
    13. 

  13. 

  14. import hwsim_utils
    15. 

  15. import hostapd
    16. 

  16. 

  17. def check_wpa2_connection(sta, ap, ssid, mixed=False):
    18. 

  18.     status = sta.get_status()
    19. 

  19.     if status['wpa_state'] != 'COMPLETED':
    20. 

  20.         raise Exception("Not fully connected")
    21. 

  21.     if status['bssid'] != ap['bssid']:
    22. 

  22.         raise Exception("Unexpected BSSID")
    23. 

  23.     if status['ssid'] != ssid:
    24. 

  24.         raise Exception("Unexpected SSID")
    25. 

  25.     if status['pairwise_cipher'] != 'CCMP':
    26. 

  26.         raise Exception("Unexpected encryption configuration")
    27. 

  27.     if status['group_cipher'] != 'CCMP' and not mixed:
    28. 

  28.         raise Exception("Unexpected encryption configuration")
    29. 

  29.     if status['key_mgmt'] != 'WPA2-PSK':
    30. 

  30.         raise Exception("Unexpected key_mgmt")
    31. 

  31.     hwsim_utils.test_connectivity(sta.ifname, ap['ifname'])
    32. 

  32. 

  33. def ap_wps_params(ssid):
    34. 

  34.     return { "ssid": ssid, "eap_server": "1", "wps_state": "2",
    35. 

  35.              "wpa_passphrase": "12345678", "wpa": "2",
    36. 

  36.              "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}
    37. 

  37. 

  38. def test_nfc_wps_password_token_sta(dev, apdev):
    39. 

  39.     """NFC tag with password token on the station/Enrollee"""
    40. 

  40.     dev[0].request("SET ignore_old_scan_res 1")
    41. 

  41.     ssid = "test-wps-nfc-pw-token-conf"
    42. 

  42.     params = ap_wps_params(ssid)
    43. 

  43.     hostapd.add_ap(apdev[0]['ifname'], params)
    44. 

  44.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    45. 

  45.     logger.info("WPS provisioning step using password token from station")
    46. 

  46.     pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip()
    47. 

  47.     if "FAIL" in pw:
    48. 

  48.         raise Exception("Failed to generate password token")
    49. 

  49.     res = hapd.request("WPS_NFC_TAG_READ " + pw)
    50. 

  50.     if "FAIL" in res:
    51. 

  51.         raise Exception("Failed to provide NFC tag contents to hostapd")
    52. 

  52.     dev[0].dump_monitor()
    53. 

  53.     res = dev[0].request("WPS_NFC")
    54. 

  54.     if "FAIL" in res:
    55. 

  55.         raise Exception("Failed to start Enrollee using NFC password token")
    56. 

  56.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
    57. 

  57.     if ev is None:
    58. 

  58.         raise Exception("Association with the AP timed out")
    59. 

  59.     check_wpa2_connection(dev[0], apdev[0], ssid)
    60. 

  60. 

  61. def test_nfc_wps_config_token(dev, apdev):
    62. 

  62.     """NFC tag with configuration token from AP"""
    63. 

  63.     ssid = "test-wps-nfc-conf-token"
    64. 

  64.     params = ap_wps_params(ssid)
    65. 

  65.     hostapd.add_ap(apdev[0]['ifname'], params)
    66. 

  66.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    67. 

  67.     logger.info("NFC configuration token from AP to station")
    68. 

  68.     conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
    69. 

  69.     if "FAIL" in conf:
    70. 

  70.         raise Exception("Failed to generate configuration token")
    71. 

  71.     dev[0].dump_monitor()
    72. 

  72.     res = dev[0].request("WPS_NFC_TAG_READ " + conf)
    73. 

  73.     if "FAIL" in res:
    74. 

  74.         raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
    75. 

  75.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
    76. 

  76.     if ev is None:
    77. 

  77.         raise Exception("Association with the AP timed out")
    78. 

  78.     check_wpa2_connection(dev[0], apdev[0], ssid)
    79. 

  79. 

  80. def test_nfc_wps_config_token_init(dev, apdev):
    81. 

  81.     """NFC tag with configuration token from AP with auto configuration"""
    82. 

  82.     dev[0].request("SET ignore_old_scan_res 1")
    83. 

  83.     ssid = "test-wps-nfc-conf-token-init"
    84. 

  84.     hostapd.add_ap(apdev[0]['ifname'],
    85. 

  85.                    { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
    86. 

  86.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    87. 

  87.     logger.info("NFC configuration token from AP to station")
    88. 

  88.     conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
    89. 

  89.     if "FAIL" in conf:
    90. 

  90.         raise Exception("Failed to generate configuration token")
    91. 

  91.     dev[0].dump_monitor()
    92. 

  92.     res = dev[0].request("WPS_NFC_TAG_READ " + conf)
    93. 

  93.     if "FAIL" in res:
    94. 

  94.         raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
    95. 

  95.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=15)
    96. 

  96.     if ev is None:
    97. 

  97.         raise Exception("Association with the AP timed out")
    98. 

  98.     check_wpa2_connection(dev[0], apdev[0], ssid, mixed=True)
    99. 

  99. 

  100. def test_nfc_wps_password_token_sta_init(dev, apdev):
    101. 

  101.     """Initial AP configuration with first WPS NFC Enrollee"""
    102. 

  102.     dev[0].request("SET ignore_old_scan_res 1")
    103. 

  103.     ssid = "test-wps-nfc-pw-token-init"
    104. 

  104.     hostapd.add_ap(apdev[0]['ifname'],
    105. 

  105.                    { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
    106. 

  106.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    107. 

  107.     logger.info("WPS provisioning step using password token from station")
    108. 

  108.     pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip()
    109. 

  109.     if "FAIL" in pw:
    110. 

  110.         raise Exception("Failed to generate password token")
    111. 

  111.     res = hapd.request("WPS_NFC_TAG_READ " + pw)
    112. 

  112.     if "FAIL" in res:
    113. 

  113.         raise Exception("Failed to provide NFC tag contents to hostapd")
    114. 

  114.     dev[0].dump_monitor()
    115. 

  115.     res = dev[0].request("WPS_NFC")
    116. 

  116.     if "FAIL" in res:
    117. 

  117.         raise Exception("Failed to start Enrollee using NFC password token")
    118. 

  118.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
    119. 

  119.     if ev is None:
    120. 

  120.         raise Exception("Association with the AP timed out")
    121. 

  121.     check_wpa2_connection(dev[0], apdev[0], ssid, mixed=True)
    122. 

  122. 

  123. def test_nfc_wps_password_token_ap(dev, apdev):
    124. 

  124.     """WPS registrar configuring an AP using AP password token"""
    125. 

  125.     dev[0].request("SET ignore_old_scan_res 1")
    126. 

  126.     ssid = "test-wps-nfc-pw-token-init"
    127. 

  127.     hostapd.add_ap(apdev[0]['ifname'],
    128. 

  128.                    { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
    129. 

  129.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    130. 

  130.     logger.info("WPS configuration step")
    131. 

  131.     pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip()
    132. 

  132.     if "FAIL" in pw:
    133. 

  133.         raise Exception("Failed to generate password token")
    134. 

  134.     res = hapd.request("WPS_NFC_TOKEN enable")
    135. 

  135.     if "FAIL" in pw:
    136. 

  136.         raise Exception("Failed to enable AP password token")
    137. 

  137.     res = dev[0].request("WPS_NFC_TAG_READ " + pw)
    138. 

  138.     if "FAIL" in res:
    139. 

  139.         raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
    140. 

  140.     dev[0].dump_monitor()
    141. 

  141.     new_ssid = "test-wps-nfc-pw-token-new-ssid"
    142. 

  142.     new_passphrase = "1234567890"
    143. 

  143.     res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex"))
    144. 

  144.     if "FAIL" in res:
    145. 

  145.         raise Exception("Failed to start Registrar using NFC password token")
    146. 

  146.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
    147. 

  147.     if ev is None:
    148. 

  148.         raise Exception("Association with the AP timed out")
    149. 

  149.     check_wpa2_connection(dev[0], apdev[0], new_ssid, mixed=True)
    150. 

  150. 

  151. def test_nfc_wps_handover(dev, apdev):
    152. 

  152.     """Connect to WPS AP with NFC connection handover"""
    153. 

  153.     ssid = "test-wps-nfc-handover"
    154. 

  154.     params = ap_wps_params(ssid)
    155. 

  155.     hostapd.add_ap(apdev[0]['ifname'], params)
    156. 

  156.     hapd = hostapd.Hostapd(apdev[0]['ifname'])
    157. 

  157.     logger.info("NFC connection handover")
    158. 

  158.     req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
    159. 

  159.     if "FAIL" in req:
    160. 

  160.         raise Exception("Failed to generate NFC connection handover request")
    161. 

  161.     sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
    162. 

  162.     if "FAIL" in sel:
    163. 

  163.         raise Exception("Failed to generate NFC connection handover select")
    164. 

  164.     res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
    165. 

  165.     if "FAIL" in res:
    166. 

  166.         raise Exception("Failed to report NFC connection handover to to hostapd")
    167. 

  167.     dev[0].dump_monitor()
    168. 

  168.     res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
    169. 

  169.     if "FAIL" in res:
    170. 

  170.         raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
    171. 

  171.     ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED"], timeout=30)
    172. 

  172.     if ev is None:
    173. 

  173.         raise Exception("Association with the AP timed out")
    174. 

  174.     check_wpa2_connection(dev[0], apdev[0], ssid)
    175.