krackattacks/tests/hwsim/test_nfc_wps.py

# WPS+NFC tests
# Copyright (c) 2013, Jouni Malinen <j@w1.fi>
#
# This software may be distributed under the terms of the BSD license.
# See README for more details.

import time
import subprocess
import logging
logger = logging.getLogger()

import hwsim_utils
import hostapd

def check_wpa2_connection(sta, ap, hapd, ssid, mixed=False):
    status = sta.get_status()
    if status['wpa_state'] != 'COMPLETED':
        raise Exception("Not fully connected")
    if status['bssid'] != ap['bssid']:
        raise Exception("Unexpected BSSID")
    if status['ssid'] != ssid:
        raise Exception("Unexpected SSID")
    if status['pairwise_cipher'] != 'CCMP':
        raise Exception("Unexpected encryption configuration")
    if status['group_cipher'] != 'CCMP' and not mixed:
        raise Exception("Unexpected encryption configuration")
    if status['key_mgmt'] != 'WPA2-PSK':
        raise Exception("Unexpected key_mgmt")
    hwsim_utils.test_connectivity(sta, hapd)

def ap_wps_params(ssid):
    return { "ssid": ssid, "eap_server": "1", "wps_state": "2",
             "wpa_passphrase": "12345678", "wpa": "2",
             "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP"}

def test_nfc_wps_password_token_sta(dev, apdev):
    """NFC tag with password token on the station/Enrollee"""
    ssid = "test-wps-nfc-pw-token-conf"
    params = ap_wps_params(ssid)
    hostapd.add_ap(apdev[0]['ifname'], params)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("WPS provisioning step using password token from station")
    wps = dev[0].request("WPS_NFC_TOKEN WPS").rstrip()
    if "FAIL" in wps:
        raise Exception("Failed to generate password token (WPS only)")
    pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip()
    if "FAIL" in pw:
        raise Exception("Failed to generate password token")
    res = hapd.request("WPS_NFC_TAG_READ " + pw)
    if "FAIL" in res:
        raise Exception("Failed to provide NFC tag contents to hostapd")
    dev[0].dump_monitor()
    res = dev[0].request("WPS_NFC")
    if "FAIL" in res:
        raise Exception("Failed to start Enrollee using NFC password token")
    dev[0].wait_connected(timeout=30)
    check_wpa2_connection(dev[0], apdev[0], hapd, ssid)

def test_nfc_wps_config_token(dev, apdev):
    """NFC tag with configuration token from AP"""
    ssid = "test-wps-nfc-conf-token"
    params = ap_wps_params(ssid)
    hostapd.add_ap(apdev[0]['ifname'], params)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("NFC configuration token from AP to station")
    conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
    if "FAIL" in conf:
        raise Exception("Failed to generate configuration token")
    dev[0].dump_monitor()
    res = dev[0].request("WPS_NFC_TAG_READ " + conf)
    if "FAIL" in res:
        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
    dev[0].wait_connected(timeout=15)
    check_wpa2_connection(dev[0], apdev[0], hapd, ssid)

def test_nfc_wps_config_token_init(dev, apdev):
    """NFC tag with configuration token from AP with auto configuration"""
    ssid = "test-wps-nfc-conf-token-init"
    hostapd.add_ap(apdev[0]['ifname'],
                   { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("NFC configuration token from AP to station")
    conf = hapd.request("WPS_NFC_CONFIG_TOKEN NDEF").rstrip()
    if "FAIL" in conf:
        raise Exception("Failed to generate configuration token")
    dev[0].dump_monitor()
    res = dev[0].request("WPS_NFC_TAG_READ " + conf)
    if "FAIL" in res:
        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
    dev[0].wait_connected(timeout=15)
    check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True)

def test_nfc_wps_password_token_sta_init(dev, apdev):
    """Initial AP configuration with first WPS NFC Enrollee"""
    ssid = "test-wps-nfc-pw-token-init"
    hostapd.add_ap(apdev[0]['ifname'],
                   { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("WPS provisioning step using password token from station")
    pw = dev[0].request("WPS_NFC_TOKEN NDEF").rstrip()
    if "FAIL" in pw:
        raise Exception("Failed to generate password token")
    res = hapd.request("WPS_NFC_TAG_READ " + pw)
    if "FAIL" in res:
        raise Exception("Failed to provide NFC tag contents to hostapd")
    dev[0].dump_monitor()
    res = dev[0].request("WPS_NFC")
    if "FAIL" in res:
        raise Exception("Failed to start Enrollee using NFC password token")
    dev[0].wait_connected(timeout=30)
    check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True)

def test_nfc_wps_password_token_ap(dev, apdev):
    """WPS registrar configuring an AP using AP password token"""
    ssid = "test-wps-nfc-pw-token-init"
    hostapd.add_ap(apdev[0]['ifname'],
                   { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("WPS configuration step")
    pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip()
    if "FAIL" in pw:
        raise Exception("Failed to generate password token")
    res = hapd.request("WPS_NFC_TOKEN enable")
    if "FAIL" in pw:
        raise Exception("Failed to enable AP password token")
    res = dev[0].request("WPS_NFC_TAG_READ " + pw)
    if "FAIL" in res:
        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
    dev[0].dump_monitor()
    new_ssid = "test-wps-nfc-pw-token-new-ssid"
    new_passphrase = "1234567890"
    res = dev[0].request("WPS_REG " + apdev[0]['bssid'] + " nfc-pw " + new_ssid.encode("hex") + " WPA2PSK CCMP " + new_passphrase.encode("hex"))
    if "FAIL" in res:
        raise Exception("Failed to start Registrar using NFC password token")
    dev[0].wait_connected(timeout=30)
    check_wpa2_connection(dev[0], apdev[0], hapd, new_ssid, mixed=True)
    if "FAIL" in hapd.request("WPS_NFC_TOKEN disable"):
        raise Exception("Failed to disable AP password token")
    if "FAIL" in hapd.request("WPS_NFC_TOKEN WPS"):
        raise Exception("Unexpected WPS_NFC_TOKEN WPS failure")

def test_nfc_wps_handover_init(dev, apdev):
    """Connect to WPS AP with NFC connection handover and move to configured state"""
    dev[0].request("SET ignore_old_scan_res 1")
    ssid = "test-wps-nfc-handover-init"
    hostapd.add_ap(apdev[0]['ifname'],
                   { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("NFC connection handover")
    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
    if "FAIL" in req:
        raise Exception("Failed to generate NFC connection handover request")
    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
    if "FAIL" in sel:
        raise Exception("Failed to generate NFC connection handover select")
    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to hostapd")
    dev[0].dump_monitor()
    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
    dev[0].wait_connected(timeout=15)
    check_wpa2_connection(dev[0], apdev[0], hapd, ssid, mixed=True)

def test_nfc_wps_handover_errors(dev, apdev):
    """WPS AP NFC handover report error cases"""
    ssid = "test-wps-nfc-handover"
    hostapd.add_ap(apdev[0]['ifname'],
                   { "ssid": ssid, "eap_server": "1", "wps_state": "1" })
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
    if "FAIL" in sel:
        raise Exception("Failed to generate NFC connection handover select")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER "):
        raise Exception("Unexpected handover report success")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP"):
        raise Exception("Unexpected handover report success")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS"):
        raise Exception("Unexpected handover report success")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122"):
        raise Exception("Unexpected handover report success")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 00"):
        raise Exception("Unexpected handover report success")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 0 00"):
        raise Exception("Unexpected handover report success")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 0"):
        raise Exception("Unexpected handover report success")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 00q122 001122"):
        raise Exception("Unexpected handover report success")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP WPS 001122 001q22"):
        raise Exception("Unexpected handover report success")
    if "FAIL" not in hapd.request("NFC_REPORT_HANDOVER RESP FOO 001122 00"):
        raise Exception("Unexpected handover report success")

def test_nfc_wps_handover(dev, apdev):
    """Connect to WPS AP with NFC connection handover"""
    ssid = "test-wps-nfc-handover"
    params = ap_wps_params(ssid)
    hostapd.add_ap(apdev[0]['ifname'], params)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("NFC connection handover")
    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
    if "FAIL" in req:
        raise Exception("Failed to generate NFC connection handover request")
    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
    if "FAIL" in sel:
        raise Exception("Failed to generate NFC connection handover select")
    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to hostapd")
    dev[0].dump_monitor()
    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
    dev[0].wait_connected(timeout=30)
    check_wpa2_connection(dev[0], apdev[0], hapd, ssid)

def test_nfc_wps_handover_5ghz(dev, apdev):
    """Connect to WPS AP with NFC connection handover on 5 GHz band"""
    try:
        ssid = "test-wps-nfc-handover"
        params = ap_wps_params(ssid)
        params["country_code"] = "FI"
        params["hw_mode"] = "a"
        params["channel"] = "36"
        hapd = hostapd.add_ap(apdev[0]['ifname'], params)
        logger.info("NFC connection handover")
        req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
        if "FAIL" in req:
            raise Exception("Failed to generate NFC connection handover request")
        sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
        if "FAIL" in sel:
            raise Exception("Failed to generate NFC connection handover select")
        res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
        if "FAIL" in res:
            raise Exception("Failed to report NFC connection handover to to hostapd")
        dev[0].dump_monitor()
        res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
        if "FAIL" in res:
            raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
        dev[0].wait_connected(timeout=30)
        check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
    finally:
        dev[0].request("DISCONNECT")
        if hapd:
            hapd.request("DISABLE")
        subprocess.call(['iw', 'reg', 'set', '00'])
        dev[0].flush_scan_cache()

def test_nfc_wps_handover_chan14(dev, apdev):
    """Connect to WPS AP with NFC connection handover on channel 14"""
    try:
        ssid = "test-wps-nfc-handover"
        params = ap_wps_params(ssid)
        params["country_code"] = "JP"
        params["hw_mode"] = "b"
        params["channel"] = "14"
        hapd = hostapd.add_ap(apdev[0]['ifname'], params)
        logger.info("NFC connection handover")
        req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
        if "FAIL" in req:
            raise Exception("Failed to generate NFC connection handover request")
        sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
        if "FAIL" in sel:
            raise Exception("Failed to generate NFC connection handover select")
        res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
        if "FAIL" in res:
            raise Exception("Failed to report NFC connection handover to to hostapd")
        dev[0].dump_monitor()
        res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
        if "FAIL" in res:
            raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
        dev[0].wait_connected(timeout=30)
        check_wpa2_connection(dev[0], apdev[0], hapd, ssid)
    finally:
        dev[0].request("DISCONNECT")
        if hapd:
            hapd.request("DISABLE")
        subprocess.call(['iw', 'reg', 'set', '00'])
        dev[0].flush_scan_cache()

def test_nfc_wps_handover_with_pw_token_set(dev, apdev):
    """Connect to WPS AP with NFC connection handover (wps_nfc_* set)"""
    ssid = "test-wps-nfc-handover2"
    params = ap_wps_params(ssid)
    hostapd.add_ap(apdev[0]['ifname'], params)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    # enable a password token (which won't be used in this test case)
    pw = hapd.request("WPS_NFC_TOKEN NDEF").rstrip()
    if "FAIL" in pw:
        raise Exception("Failed to generate password token")
    res = hapd.request("WPS_NFC_TOKEN enable")
    if "FAIL" in pw:
        raise Exception("Failed to enable AP password token")
    logger.info("NFC connection handover")
    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
    if "FAIL" in req:
        raise Exception("Failed to generate NFC connection handover request")
    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
    if "FAIL" in sel:
        raise Exception("Failed to generate NFC connection handover select")
    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to hostapd")
    dev[0].dump_monitor()
    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
    dev[0].wait_connected(timeout=15)
    check_wpa2_connection(dev[0], apdev[0], hapd, ssid)

def test_nfc_wps_handover_pk_hash_mismatch_sta(dev, apdev):
    """WPS NFC connection handover with invalid pkhash from station (negative)"""
    ssid = "wps-nfc-handover-pkhash-sta"
    if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"):
        raise Exception("Could not enable wps_corrupt_pkhash")
    params = ap_wps_params(ssid)
    hostapd.add_ap(apdev[0]['ifname'], params)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("NFC connection handover")
    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
    if "FAIL" in req:
        raise Exception("Failed to generate NFC connection handover request")
    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
    if "FAIL" in sel:
        raise Exception("Failed to generate NFC connection handover select")
    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to hostapd")
    dev[0].dump_monitor()
    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
    if ev is None:
        raise Exception("Timed out")
    if "WPS-FAIL" not in ev:
        raise Exception("Public key hash mismatch not detected")

def test_nfc_wps_handover_pk_hash_mismatch_ap(dev, apdev):
    """WPS NFC connection handover with invalid pkhash from AP (negative)"""
    ssid = "wps-nfc-handover-pkhash-ap"
    params = ap_wps_params(ssid)
    hostapd.add_ap(apdev[0]['ifname'], params)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    if "FAIL" in hapd.request("SET wps_corrupt_pkhash 1"):
        raise Exception("Could not enable wps_corrupt_pkhash")
    logger.info("NFC connection handover")
    req = dev[0].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
    if "FAIL" in req:
        raise Exception("Failed to generate NFC connection handover request")
    sel = hapd.request("NFC_GET_HANDOVER_SEL NDEF WPS-CR").rstrip()
    if "FAIL" in sel:
        raise Exception("Failed to generate NFC connection handover select")
    res = hapd.request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to hostapd")
    dev[0].dump_monitor()
    res = dev[0].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
    ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
    if ev is None:
        raise Exception("Timed out")
    if "WPS-FAIL" not in ev:
        raise Exception("Public key hash mismatch not detected")

def start_ap_er(er, ap, ssid):
    ap_pin = "12345670"
    ap_uuid = "27ea801a-9e5c-4e73-bd82-f89cbcd10d7e"
    hostapd.add_ap(ap['ifname'],
                   { "ssid": ssid, "eap_server": "1", "wps_state": "2",
                     "wpa_passphrase": "12345678", "wpa": "2",
                     "wpa_key_mgmt": "WPA-PSK", "rsn_pairwise": "CCMP",
                     "device_name": "Wireless AP", "manufacturer": "Company",
                     "model_name": "WAP", "model_number": "123",
                     "serial_number": "12345", "device_type": "6-0050F204-1",
                     "os_version": "01020300",
                     "config_methods": "label push_button",
                     "ap_pin": ap_pin, "uuid": ap_uuid, "upnp_iface": "lo"})
    logger.info("Learn AP configuration")
    er.dump_monitor()
    er.request("SET ignore_old_scan_res 1")
    er.wps_reg(ap['bssid'], ap_pin)

    logger.info("Start ER")
    er.request("WPS_ER_STOP")
    time.sleep(1)
    er.request("WPS_ER_START ifname=lo")
    ev = er.wait_event(["WPS-ER-AP-ADD"], timeout=15)
    if ev is None:
        raise Exception("AP discovery timed out")
    if ap_uuid not in ev:
        raise Exception("Expected AP UUID not found")

    logger.info("Use learned network configuration on ER")
    er.request("WPS_ER_SET_CONFIG " + ap_uuid + " 0")

def test_nfc_wps_er_pw_token(dev, apdev):
    """WPS NFC password token from Enrollee to ER"""
    try:
        _test_nfc_wps_er_pw_token(dev, apdev)
    finally:
        dev[0].request("WPS_ER_STOP")

def _test_nfc_wps_er_pw_token(dev, apdev):
    ssid = "wps-nfc-er-pw-token"
    start_ap_er(dev[0], apdev[0], ssid)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("WPS provisioning step using password token from station")
    dev[1].request("SET ignore_old_scan_res 1")
    pw = dev[1].request("WPS_NFC_TOKEN NDEF").rstrip()
    if "FAIL" in pw:
        raise Exception("Failed to generate password token")
    res = dev[0].request("WPS_NFC_TAG_READ " + pw)
    if "FAIL" in res:
        raise Exception("Failed to provide NFC tag contents to WPS ER")
    dev[0].dump_monitor()
    res = dev[1].request("WPS_NFC")
    if "FAIL" in res:
        raise Exception("Failed to start Enrollee using NFC password token")
    ev = dev[0].wait_event(["WPS-SUCCESS"], timeout=15)
    if ev is None:
        raise Exception("WPS ER did not report success")
    dev[1].wait_connected(timeout=15)
    check_wpa2_connection(dev[1], apdev[0], hapd, ssid)

def test_nfc_wps_er_config_token(dev, apdev):
    """WPS NFC configuration token from ER to Enrollee"""
    try:
        _test_nfc_wps_er_config_token(dev, apdev)
    finally:
        dev[0].request("WPS_ER_STOP")

def _test_nfc_wps_er_config_token(dev, apdev):
    ssid = "wps-nfc-er-config-token"
    start_ap_er(dev[0], apdev[0], ssid)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("WPS provisioning step using configuration token from ER")
    wps = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN WPS " + apdev[0]['bssid']).rstrip()
    if "FAIL" in wps:
        raise Exception("Failed to generate configuration token (WPS format)")
    conf = dev[0].request("WPS_ER_NFC_CONFIG_TOKEN NDEF " + apdev[0]['bssid']).rstrip()
    if "FAIL" in conf:
        raise Exception("Failed to generate configuration token")
    dev[1].request("SET ignore_old_scan_res 1")
    res = dev[1].request("WPS_NFC_TAG_READ " + conf)
    if "FAIL" in res:
        raise Exception("Failed to provide NFC tag contents to wpa_supplicant")
    dev[1].wait_connected(timeout=15)
    check_wpa2_connection(dev[1], apdev[0], hapd, ssid)

def test_nfc_wps_er_handover(dev, apdev):
    """WPS NFC connection handover between Enrollee and ER"""
    try:
        _test_nfc_wps_er_handover(dev, apdev)
    finally:
        dev[0].request("WPS_ER_STOP")

def _test_nfc_wps_er_handover(dev, apdev):
    ssid = "wps-nfc-er-handover"
    start_ap_er(dev[0], apdev[0], ssid)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("WPS provisioning step using connection handover")
    req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
    if "FAIL" in req:
        raise Exception("Failed to generate NFC connection handover request")
    sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip()
    if "FAIL" in sel:
        raise Exception("Failed to generate NFC connection handover select")
    res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to hostapd")
    dev[1].dump_monitor()
    res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
    dev[1].wait_connected(timeout=15)
    check_wpa2_connection(dev[1], apdev[0], hapd, ssid)

def test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev):
    """WPS NFC connection handover with invalid pkhash from station to ER (negative)"""
    try:
        _test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev)
    finally:
        dev[0].request("WPS_ER_STOP")

def _test_nfc_wps_er_handover_pk_hash_mismatch_sta(dev, apdev):
    ssid = "wps-nfc-er-handover-pkhash-sta"
    start_ap_er(dev[0], apdev[0], ssid)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("WPS provisioning step using connection handover")
    if "FAIL" in dev[1].request("SET wps_corrupt_pkhash 1"):
        raise Exception("Could not enable wps_corrupt_pkhash")
    dev[1].request("SET ignore_old_scan_res 1")
    req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
    if "FAIL" in req:
        raise Exception("Failed to generate NFC connection handover request")
    sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip()
    if "FAIL" in sel:
        raise Exception("Failed to generate NFC connection handover select")
    res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to hostapd")
    dev[1].dump_monitor()
    res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
    if ev is None:
        raise Exception("Timed out")
    if "WPS-FAIL" not in ev:
        raise Exception("Public key hash mismatch not detected")

def test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev):
    """WPS NFC connection handover with invalid pkhash from ER to station (negative)"""
    try:
        _test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev)
    finally:
        dev[0].request("WPS_ER_STOP")

def _test_nfc_wps_er_handover_pk_hash_mismatch_er(dev, apdev):
    ssid = "wps-nfc-er-handover-pkhash-er"
    start_ap_er(dev[0], apdev[0], ssid)
    hapd = hostapd.Hostapd(apdev[0]['ifname'])
    logger.info("WPS provisioning step using connection handover")
    if "FAIL" in dev[0].request("SET wps_corrupt_pkhash 1"):
        raise Exception("Could not enable wps_corrupt_pkhash")
    dev[1].request("SET ignore_old_scan_res 1")
    req = dev[1].request("NFC_GET_HANDOVER_REQ NDEF WPS-CR").rstrip()
    if "FAIL" in req:
        raise Exception("Failed to generate NFC connection handover request")
    sel = dev[0].request("NFC_GET_HANDOVER_SEL NDEF WPS-CR " + apdev[0]['bssid']).rstrip()
    if "FAIL" in sel:
        raise Exception("Failed to generate NFC connection handover select")
    res = dev[0].request("NFC_REPORT_HANDOVER RESP WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to hostapd")
    dev[1].dump_monitor()
    res = dev[1].request("NFC_REPORT_HANDOVER INIT WPS " + req + " " + sel)
    if "FAIL" in res:
        raise Exception("Failed to report NFC connection handover to to wpa_supplicant")
    ev = dev[1].wait_event(["CTRL-EVENT-CONNECTED", "WPS-FAIL"], timeout=15)
    if ev is None:
        raise Exception("Timed out")
    if "WPS-FAIL" not in ev:
        raise Exception("Public key hash mismatch not detected")

def test_nfc_invalid_ndef_record(dev, apdev):
    """Invalid NFC NDEF record handling"""
    tests = [ "11223344",
              "00112233",
              "0000112233445566",
              "0800112233445566",
              "080011223344",
              "18000000",
              "18010000",
              "90000050",
              "9000005000",
              "9001013344",
              "98010101334455" ]
    for test in tests:
        if "FAIL" not in dev[0].request("WPS_NFC_TAG_READ " + test):
            raise Exception("Invalid tag accepted: " + test)