1#!/usr/bin/env python3 2# 3# Copyright (c) 2016, The OpenThread Authors. 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions are met: 8# 1. Redistributions of source code must retain the above copyright 9# notice, this list of conditions and the following disclaimer. 10# 2. Redistributions in binary form must reproduce the above copyright 11# notice, this list of conditions and the following disclaimer in the 12# documentation and/or other materials provided with the distribution. 13# 3. Neither the name of the copyright holder nor the 14# names of its contributors may be used to endorse or promote products 15# derived from this software without specific prior written permission. 16# 17# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27# POSSIBILITY OF SUCH DAMAGE. 28# 29 30import unittest 31 32import config 33import thread_cert 34from pktverify.consts import MLE_CHILD_ID_RESPONSE, MLE_CHILD_UPDATE_REQUEST, MLE_DATA_RESPONSE, MLE_DATA_REQUEST, MGMT_ACTIVE_SET_URI, MGMT_PENDING_SET_URI, LINK_LOCAL_ALL_NODES_MULTICAST_ADDRESS, TLV_REQUEST_TLV, SOURCE_ADDRESS_TLV, LEADER_DATA_TLV, NETWORK_DATA_TLV, ACTIVE_TIMESTAMP_TLV, PENDING_TIMESTAMP_TLV, PENDING_OPERATION_DATASET_TLV, NM_COMMISSIONER_SESSION_ID_TLV, NM_BORDER_AGENT_LOCATOR_TLV, NM_ACTIVE_TIMESTAMP_TLV, NM_NETWORK_NAME_TLV, NM_NETWORK_KEY_TLV, NM_CHANNEL_TLV, NM_CHANNEL_MASK_TLV, NM_EXTENDED_PAN_ID_TLV, NM_NETWORK_MESH_LOCAL_PREFIX_TLV, NM_PAN_ID_TLV, NM_PSKC_TLV, NM_SECURITY_POLICY_TLV, NM_DELAY_TIMER_TLV 35from pktverify.packet_verifier import PacketVerifier 36from pktverify.addrs import Ipv6Addr 37 38KEY1 = '00112233445566778899aabbccddeeff' 39KEY2 = 'ffeeddccbbaa99887766554433221100' 40 41CHANNEL_INIT = 19 42PANID_INIT = 0xface 43 44COMMISSIONER = 1 45LEADER = 2 46ROUTER1 = 3 47ED1 = 4 48SED1 = 5 49 50MTDS = [ED1, SED1] 51 52 53class Cert_9_2_18_RollBackActiveTimestamp(thread_cert.TestCase): 54 SUPPORT_NCP = False 55 56 TOPOLOGY = { 57 COMMISSIONER: { 58 'name': 'COMMISSIONER', 59 'active_dataset': { 60 'timestamp': 1, 61 'panid': PANID_INIT, 62 'channel': CHANNEL_INIT, 63 'network_key': KEY1 64 }, 65 'mode': 'rdn', 66 'allowlist': [LEADER] 67 }, 68 LEADER: { 69 'name': 'LEADER', 70 'active_dataset': { 71 'timestamp': 1, 72 'panid': PANID_INIT, 73 'channel': CHANNEL_INIT, 74 'network_key': KEY1 75 }, 76 'mode': 'rdn', 77 'partition_id': 0xffffffff, 78 'allowlist': [COMMISSIONER, ROUTER1] 79 }, 80 ROUTER1: { 81 'name': 'ROUTER_1', 82 'active_dataset': { 83 'timestamp': 1, 84 'panid': PANID_INIT, 85 'channel': CHANNEL_INIT, 86 'network_key': KEY1 87 }, 88 'mode': 'rdn', 89 'allowlist': [LEADER, ED1, SED1] 90 }, 91 ED1: { 92 'name': 'ED', 93 'channel': CHANNEL_INIT, 94 'is_mtd': True, 95 'networkkey': KEY1, 96 'mode': 'rn', 97 'panid': PANID_INIT, 98 'allowlist': [ROUTER1] 99 }, 100 SED1: { 101 'name': 'SED', 102 'channel': CHANNEL_INIT, 103 'is_mtd': True, 104 'networkkey': KEY1, 105 'mode': '-', 106 'panid': PANID_INIT, 107 'timeout': config.DEFAULT_CHILD_TIMEOUT, 108 'allowlist': [ROUTER1] 109 }, 110 } 111 112 def test(self): 113 self.nodes[LEADER].start() 114 self.simulator.go(config.LEADER_STARTUP_DELAY) 115 self.assertEqual(self.nodes[LEADER].get_state(), 'leader') 116 117 self.nodes[COMMISSIONER].start() 118 self.simulator.go(config.ROUTER_STARTUP_DELAY) 119 self.assertEqual(self.nodes[COMMISSIONER].get_state(), 'router') 120 self.nodes[COMMISSIONER].commissioner_start() 121 self.simulator.go(3) 122 123 self.nodes[ROUTER1].start() 124 self.simulator.go(config.ROUTER_STARTUP_DELAY) 125 self.assertEqual(self.nodes[ROUTER1].get_state(), 'router') 126 127 self.nodes[ED1].start() 128 self.simulator.go(5) 129 self.assertEqual(self.nodes[ED1].get_state(), 'child') 130 131 self.nodes[SED1].start() 132 self.simulator.go(5) 133 self.assertEqual(self.nodes[SED1].get_state(), 'child') 134 135 self.nodes[COMMISSIONER].send_mgmt_active_set(active_timestamp=20000, network_name='GRL') 136 self.simulator.go(5) 137 138 self.nodes[COMMISSIONER].send_mgmt_pending_set( 139 pending_timestamp=20, 140 active_timestamp=20, 141 delay_timer=20, 142 network_name='Shouldnotbe', 143 ) 144 self.simulator.go(30) 145 146 self.nodes[COMMISSIONER].send_mgmt_pending_set( 147 pending_timestamp=20, 148 active_timestamp=20, 149 delay_timer=300, 150 network_name='MyHouse', 151 network_key=KEY2, 152 ) 153 self.simulator.go(310) 154 155 self.assertEqual(self.nodes[COMMISSIONER].get_networkkey(), KEY2) 156 self.assertEqual(self.nodes[LEADER].get_networkkey(), KEY2) 157 self.assertEqual(self.nodes[ROUTER1].get_networkkey(), KEY2) 158 self.assertEqual(self.nodes[ED1].get_networkkey(), KEY2) 159 self.assertEqual(self.nodes[SED1].get_networkkey(), KEY2) 160 161 self.collect_rlocs() 162 ed_rloc = self.nodes[ED1].get_rloc() 163 sed_rloc = self.nodes[SED1].get_rloc() 164 self.assertTrue(self.nodes[COMMISSIONER].ping(ed_rloc)) 165 self.assertTrue(self.nodes[COMMISSIONER].ping(sed_rloc)) 166 167 def verify(self, pv): 168 pkts = pv.pkts 169 pv.summary.show() 170 171 LEADER = pv.vars['LEADER'] 172 COMMISSIONER = pv.vars['COMMISSIONER'] 173 ROUTER_1 = pv.vars['ROUTER_1'] 174 SED = pv.vars['SED'] 175 COMMISSIONER_RLOC = pv.vars['COMMISSIONER_RLOC'] 176 ED_RLOC = pv.vars['ED_RLOC'] 177 SED_RLOC = pv.vars['SED_RLOC'] 178 179 # Step 1: Ensure the topology is formed correctly 180 pkts.filter_wpan_src64(ROUTER_1).filter_wpan_dst64(SED).filter_mle_cmd(MLE_CHILD_ID_RESPONSE).must_next() 181 182 # Step 3: Leader MUST send MGMT_ACTIVE_SET.rsp (Accept) to the Commissioner 183 pkts.filter_wpan_src64(LEADER).filter_ipv6_dst(COMMISSIONER_RLOC).filter_coap_ack( 184 MGMT_ACTIVE_SET_URI).must_next().must_verify(lambda p: p.thread_meshcop.tlv.state == 1) 185 186 # Step 5: Leader MUST send MGMT_PENDING_SET.rsp (Reject) to the Commissioner 187 pkts.filter_wpan_src64(LEADER).filter_ipv6_dst(COMMISSIONER_RLOC).filter_coap_ack( 188 MGMT_PENDING_SET_URI).must_next().must_verify(lambda p: p.thread_meshcop.tlv.state == -1) 189 190 # Step 7: Leader MUST send MGMT_PENDING_SET.rsp (Accept) to Commissioner 191 pkts.filter_wpan_src64(LEADER).filter_ipv6_dst(COMMISSIONER_RLOC).filter_coap_ack( 192 MGMT_PENDING_SET_URI).must_next().must_verify(lambda p: p.thread_meshcop.tlv.state == 1) 193 194 # Step 8: Leader MUST multicast a MLE Data Response to the Link-Local All Nodes multicast address 195 _pkt = pkts.filter_wpan_src64(LEADER).filter_ipv6_dst(LINK_LOCAL_ALL_NODES_MULTICAST_ADDRESS).filter_mle_cmd( 196 MLE_DATA_RESPONSE).must_next() 197 _pkt.must_verify(lambda p: { 198 SOURCE_ADDRESS_TLV, LEADER_DATA_TLV, NETWORK_DATA_TLV, ACTIVE_TIMESTAMP_TLV, PENDING_TIMESTAMP_TLV 199 } == set(p.mle.tlv.type) and {NM_COMMISSIONER_SESSION_ID_TLV, NM_BORDER_AGENT_LOCATOR_TLV} <= set( 200 p.thread_meshcop.tlv.type) and p.thread_nwd.tlv.stable == [0]) 201 202 # Step 9: Router MUST send a unicast MLE Data Request to the Leader 203 pkts.filter_wpan_src64(ROUTER_1).filter_wpan_dst64(LEADER).filter_mle_cmd(MLE_DATA_REQUEST).must_next( 204 ).must_verify(lambda p: {TLV_REQUEST_TLV, NETWORK_DATA_TLV, ACTIVE_TIMESTAMP_TLV} <= set(p.mle.tlv.type)) 205 206 # Step 10: Leader MUST send a unicast MLE Data Response to Router_1 207 pkts.filter_wpan_src64(LEADER).filter_wpan_dst64(ROUTER_1).filter_mle_cmd( 208 MLE_DATA_RESPONSE).must_next().must_verify( 209 lambda p: { 210 SOURCE_ADDRESS_TLV, LEADER_DATA_TLV, NETWORK_DATA_TLV, ACTIVE_TIMESTAMP_TLV, PENDING_TIMESTAMP_TLV, 211 PENDING_OPERATION_DATASET_TLV 212 } == set(p.mle.tlv.type) and { 213 NM_COMMISSIONER_SESSION_ID_TLV, NM_BORDER_AGENT_LOCATOR_TLV, NM_ACTIVE_TIMESTAMP_TLV, 214 NM_NETWORK_NAME_TLV, NM_NETWORK_KEY_TLV 215 } <= set(p.thread_meshcop.tlv.type) and p.thread_nwd.tlv.stable == [0]) 216 217 # Copy a pv.pkts here to filter SED related packets for potential sequence packets disorder 218 _pkts_sed = pkts.copy() 219 220 # Step 11: Router MUST multicast a MLE Data Response with the new information 221 pkts.filter_wpan_src64(ROUTER_1).filter_ipv6_dst(LINK_LOCAL_ALL_NODES_MULTICAST_ADDRESS).filter_mle_cmd( 222 MLE_DATA_RESPONSE).must_next().must_verify( 223 lambda p: { 224 SOURCE_ADDRESS_TLV, LEADER_DATA_TLV, NETWORK_DATA_TLV, ACTIVE_TIMESTAMP_TLV, PENDING_TIMESTAMP_TLV 225 } == set(p.mle.tlv.type) and p.mle.tlv.leader_data.data_version == _pkt.mle.tlv.leader_data. 226 data_version and p.mle.tlv.leader_data.stable_data_version == _pkt.mle.tlv.leader_data. 227 stable_data_version and {NM_COMMISSIONER_SESSION_ID_TLV, NM_BORDER_AGENT_LOCATOR_TLV} <= set( 228 p.thread_meshcop.tlv.type) and p.thread_nwd.tlv.stable == [0]) 229 230 # Step 12: Router MUST send MLE Child Update Request to SED_1 231 pkts.filter_wpan_src64(ROUTER_1).filter_wpan_dst64(SED).filter_mle_cmd( 232 MLE_CHILD_UPDATE_REQUEST).must_next().must_verify(lambda p: { 233 SOURCE_ADDRESS_TLV, LEADER_DATA_TLV, NETWORK_DATA_TLV, ACTIVE_TIMESTAMP_TLV, PENDING_TIMESTAMP_TLV 234 } == set(p.mle.tlv.type) and p.mle.tlv.leader_data.data_version == _pkt.mle.tlv.leader_data.data_version) 235 236 # Step 13: SED MUST send a unicast MLE Data Request to Router_1 237 _pkts_sed.filter_wpan_src64(SED).filter_wpan_dst64(ROUTER_1).filter_mle_cmd(MLE_DATA_REQUEST).must_next( 238 ).must_verify(lambda p: {TLV_REQUEST_TLV, NETWORK_DATA_TLV, ACTIVE_TIMESTAMP_TLV} <= set(p.mle.tlv.type)) 239 240 # Step 14: Router MUST send a unicast MLE Data Response to SED_1 241 _pkts_sed.filter_wpan_src64(ROUTER_1).filter_wpan_dst64(SED).filter_mle_cmd( 242 MLE_DATA_RESPONSE).must_next().must_verify( 243 lambda p: { 244 SOURCE_ADDRESS_TLV, NETWORK_DATA_TLV, ACTIVE_TIMESTAMP_TLV, PENDING_TIMESTAMP_TLV, 245 PENDING_OPERATION_DATASET_TLV 246 } <= set(p.mle.tlv.type) and { 247 NM_CHANNEL_TLV, NM_NETWORK_MESH_LOCAL_PREFIX_TLV, NM_PAN_ID_TLV, NM_DELAY_TIMER_TLV, 248 NM_ACTIVE_TIMESTAMP_TLV, NM_NETWORK_NAME_TLV, NM_NETWORK_KEY_TLV 249 } <= set(p.thread_meshcop.tlv.type) and p.thread_meshcop.tlv.net_name == ["MyHouse"] and p. 250 thread_meshcop.tlv.master_key == KEY2) 251 252 # Step 17: MED and SED MUST respond with an ICMPv6 Echo Reply 253 pkts.filter_ipv6_src_dst(ED_RLOC, COMMISSIONER_RLOC).filter_ping_reply().must_next() 254 pkts.filter_ipv6_src_dst(SED_RLOC, COMMISSIONER_RLOC).filter_ping_reply().must_next() 255 256 257if __name__ == '__main__': 258 unittest.main() 259