1#!/usr/bin/env python3 2# 3# Copyright (c) 2016, The OpenThread Authors. 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions are met: 8# 1. Redistributions of source code must retain the above copyright 9# notice, this list of conditions and the following disclaimer. 10# 2. Redistributions in binary form must reproduce the above copyright 11# notice, this list of conditions and the following disclaimer in the 12# documentation and/or other materials provided with the distribution. 13# 3. Neither the name of the copyright holder nor the 14# names of its contributors may be used to endorse or promote products 15# derived from this software without specific prior written permission. 16# 17# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27# POSSIBILITY OF SUCH DAMAGE. 28# 29 30import unittest 31 32import config 33import thread_cert 34from pktverify.consts import MLE_ADVERTISEMENT, MLE_CHILD_ID_RESPONSE 35from pktverify.packet_verifier import PacketVerifier 36 37LEADER = 1 38ROUTER = 2 39 40 41class Cert_5_8_3_KeyIncrementRollOver(thread_cert.TestCase): 42 TOPOLOGY = { 43 LEADER: { 44 'name': 'LEADER', 45 'key_sequence_counter': 127, 46 'key_switch_guardtime': 0, 47 'mode': 'rdn', 48 'allowlist': [ROUTER] 49 }, 50 ROUTER: { 51 'name': 'ROUTER', 52 'key_switch_guardtime': 0, 53 'mode': 'rdn', 54 'allowlist': [LEADER] 55 }, 56 } 57 58 def test(self): 59 self.nodes[LEADER].start() 60 self.simulator.go(config.LEADER_STARTUP_DELAY) 61 self.assertEqual(self.nodes[LEADER].get_state(), 'leader') 62 63 self.nodes[ROUTER].start() 64 self.simulator.go(config.ROUTER_STARTUP_DELAY) 65 self.assertEqual(self.nodes[ROUTER].get_state(), 'router') 66 67 self.collect_ipaddrs() 68 addrs = self.nodes[ROUTER].get_addrs() 69 for addr in addrs: 70 if addr[0:4] != 'fe80': 71 self.assertTrue(self.nodes[LEADER].ping(addr)) 72 73 key_sequence_counter = self.nodes[LEADER].get_key_sequence_counter() 74 self.nodes[LEADER].set_key_sequence_counter(key_sequence_counter + 1) 75 76 addrs = self.nodes[ROUTER].get_addrs() 77 for addr in addrs: 78 if addr[0:4] != 'fe80': 79 self.assertTrue(self.nodes[LEADER].ping(addr)) 80 81 def verify(self, pv): 82 pkts = pv.pkts 83 pv.summary.show() 84 85 LEADER = pv.vars['LEADER'] 86 ROUTER = pv.vars['ROUTER'] 87 leader_pkts = pkts.filter_wpan_src64(LEADER) 88 router_pkts = pkts.filter_wpan_src64(ROUTER) 89 90 # Step 1: The DUT must start the network using 91 # thrKeySequenceCounter = 127 92 _lpkts = leader_pkts.filter_mle_cmd(MLE_ADVERTISEMENT).must_next() 93 self.assertTrue(_lpkts.wpan.aux_sec.key_source == 127) 94 95 # Step 2: Verify that the topology described above is created. 96 # MLE Auxiliary security header shall contain Key Source = 127, 97 # KeyIndex = 128, KeyID Mode = 2 98 leader_pkts.filter_mle_cmd(MLE_CHILD_ID_RESPONSE).must_next() 99 _lpkts = leader_pkts.copy() 100 _rpkts = router_pkts.range(leader_pkts.index) 101 102 _rpkts.filter_mle_cmd( 103 MLE_ADVERTISEMENT).must_next().must_verify(lambda p: p.wpan.aux_sec.key_index == 128 and p.wpan.aux_sec. 104 key_id_mode == 2 and p.wpan.aux_sec.key_source == 127) 105 106 # Step 3: Leader send an ICMPv6 Echo Request to Router_1. 107 # The MAC Auxiliary security header must contain 108 # KeyIndex = 128, KeyID Mode = 1 109 leader_mleid = pv.vars['LEADER_MLEID'] 110 router_mleid = pv.vars['ROUTER_MLEID'] 111 _lpkts.filter(lambda p: p.ipv6.dst == router_mleid).filter_ping_request().must_next().must_verify( 112 lambda p: p.wpan.aux_sec.key_index == 128 and p.wpan.aux_sec.key_id_mode == 1) 113 114 # Step 4: Router_1 send an ICMPv6 Echo Reply to Leader. 115 # The MAC Auxiliary security header must contain 116 # KeyIndex = 128, KeyID Mode = 1 117 _rpkts.filter(lambda p: p.ipv6.dst == leader_mleid).filter_ping_reply().must_next().must_verify( 118 lambda p: p.wpan.aux_sec.key_index == 128 and p.wpan.aux_sec.key_id_mode == 1) 119 120 # Step 5: The DUT MUST implementation specific means increment 121 # thrKeySequenceCounter by 1 to force a key switch 122 # Step 6: Leader Send an ICMPv6 Echo Request to Router_1. 123 # The MAC Auxiliary security header must contain 124 # KeyIndex = 1, KeyID Mode = 1 125 _lpkts.filter(lambda p: p.ipv6.dst == router_mleid).filter_ping_request().must_next().must_verify( 126 lambda p: p.wpan.aux_sec.key_index == 1 and p.wpan.aux_sec.key_id_mode == 1) 127 128 # Step 7: Router_1 send an ICMPv6 Echo Reply to Leader. 129 # The MAC Auxiliary security header must contain 130 # KeyIndex = 1, KeyID Mode = 1 131 _rpkts.filter(lambda p: p.ipv6.dst == leader_mleid).filter_ping_reply().must_next().must_verify( 132 lambda p: p.wpan.aux_sec.key_index == 1 and p.wpan.aux_sec.key_id_mode == 1) 133 134 135if __name__ == '__main__': 136 unittest.main() 137