1#!/usr/bin/env python3 2# 3# Copyright (c) 2016, The OpenThread Authors. 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions are met: 8# 1. Redistributions of source code must retain the above copyright 9# notice, this list of conditions and the following disclaimer. 10# 2. Redistributions in binary form must reproduce the above copyright 11# notice, this list of conditions and the following disclaimer in the 12# documentation and/or other materials provided with the distribution. 13# 3. Neither the name of the copyright holder nor the 14# names of its contributors may be used to endorse or promote products 15# derived from this software without specific prior written permission. 16# 17# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27# POSSIBILITY OF SUCH DAMAGE. 28# 29 30import unittest 31 32import config 33import thread_cert 34from pktverify.consts import MLE_DISCOVERY_RESPONSE, HANDSHAKE_CLIENT_HELLO, HANDSHAKE_SERVER_HELLO, HANDSHAKE_SERVER_KEY_EXCHANGE, HANDSHAKE_SERVER_HELLO_DONE, HANDSHAKE_CLIENT_KEY_EXCHANGE, HANDSHAKE_HELLO_VERIFY_REQUEST, NM_EXTENDED_PAN_ID_TLV, NM_NETWORK_NAME_TLV, NM_STEERING_DATA_TLV, NM_COMMISSIONER_UDP_PORT_TLV, NM_JOINER_UDP_PORT_TLV, NM_DISCOVERY_RESPONSE_TLV, CONTENT_CHANGE_CIPHER_SPEC, CONTENT_ALERT, CONTENT_HANDSHAKE 35from pktverify.packet_verifier import PacketVerifier 36 37COMMISSIONER = 1 38JOINER = 2 39 40 41class Cert_8_1_02_Commissioning(thread_cert.TestCase): 42 SUPPORT_NCP = False 43 44 TOPOLOGY = { 45 COMMISSIONER: { 46 'name': 'COMMISSIONER', 47 'networkkey': '00112233445566778899aabbccddeeff', 48 'mode': 'rdn', 49 }, 50 JOINER: { 51 'name': 'JOINER', 52 'networkkey': 'deadbeefdeadbeefdeadbeefdeadbeef', 53 'mode': 'rdn', 54 }, 55 } 56 57 def test(self): 58 self.nodes[COMMISSIONER].interface_up() 59 self.nodes[COMMISSIONER].thread_start() 60 self.simulator.go(config.LEADER_STARTUP_DELAY) 61 self.assertEqual(self.nodes[COMMISSIONER].get_state(), 'leader') 62 self.nodes[COMMISSIONER].commissioner_start() 63 self.simulator.go(3) 64 self.nodes[COMMISSIONER].commissioner_add_joiner(self.nodes[JOINER].get_eui64(), 'PSKD01') 65 66 self.nodes[JOINER].interface_up() 67 self.nodes[JOINER].joiner_start('10DKSP') 68 self.simulator.go(10) 69 70 def verify(self, pv): 71 pkts = pv.pkts 72 pv.summary.show() 73 74 COMMISSIONER = pv.vars['COMMISSIONER'] 75 _cpkts = pkts.filter_wpan_src64(COMMISSIONER) 76 _cpkts2 = pkts.filter_wpan_dst64(COMMISSIONER) 77 78 # Step 3: Verify the following details occur in the exchange between 79 # Joiner_1 and the Commissioner 80 # 1. UDP port (Specified by the Commissioner: in Discovery Response) is used as destination port for UDP datagrams from Joiner_1 to the Commissioner. 81 _cpkts.filter_mle_cmd(MLE_DISCOVERY_RESPONSE).must_next().must_verify( 82 lambda p: { 83 NM_EXTENDED_PAN_ID_TLV, NM_NETWORK_NAME_TLV, NM_STEERING_DATA_TLV, NM_COMMISSIONER_UDP_PORT_TLV, 84 NM_JOINER_UDP_PORT_TLV, NM_DISCOVERY_RESPONSE_TLV 85 } <= set(p.thread_meshcop.tlv.type)) 86 87 # 2. Joiner_1 sends an initial DTLS-ClientHello handshake record to the Commissioner 88 _cpkts2.range(_cpkts.index).filter(lambda p: p.dtls.handshake.type == [HANDSHAKE_CLIENT_HELLO]).must_next() 89 90 # 3. The Commissioner must correctly receive the initial DTLS-ClientHello handshake record and send a DTLS-HelloVerifyRequest handshake record to Joiner_1 91 _pkt = _cpkts.range( 92 _cpkts2.index).filter(lambda p: p.dtls.handshake.type == [HANDSHAKE_HELLO_VERIFY_REQUEST]).must_next() 93 _pkt.must_verify(lambda p: p.dtls.handshake.cookie is not None) 94 95 # 4. Joiner_1 receives the DTLS-HelloVerifyRequest handshake record and sends a subsequent DTLS-ClientHello handshake record in one UDP datagram to the Commissioner 96 # 5. Verify that both DTLS-HelloVerifyRequest and subsequent DTLS-ClientHello contain the same cookie 97 _cpkts2.filter(lambda p: p.dtls.handshake.type == [HANDSHAKE_CLIENT_HELLO]).must_next().must_verify( 98 lambda p: p.dtls.handshake.cookie == _pkt.dtls.handshake.cookie) 99 100 # 6. The Commissioner must correctly receive the subsequent DTLSClientHello handshake record and then send, in order, DTLSServerHello, DTLS-ServerKeyExchange and DTLSServerHelloDone handshake records to Joiner_1 101 _cpkts.filter( 102 lambda p: p.dtls.handshake.type == 103 [HANDSHAKE_SERVER_HELLO, HANDSHAKE_SERVER_KEY_EXCHANGE, HANDSHAKE_SERVER_HELLO_DONE]).must_next() 104 105 # 7. Joiner_1 receives the DTLS-ServerHello, DTLSServerKeyExchange and DTLS-ServerHelloDone handshake records and sends, in order, a DTLS-ClientKeyExchange handshake record, a DTLS-ChangeCipherSpec record and an encrypted DTLS-Finished handshake record to the Commissioner. 106 _cpkts2.filter(lambda p: p.dtls.handshake.type == [HANDSHAKE_CLIENT_KEY_EXCHANGE]).must_next().must_verify( 107 lambda p: p.dtls.handshake.type == [HANDSHAKE_CLIENT_KEY_EXCHANGE] and set( 108 p.dtls.record.content_type) == {CONTENT_CHANGE_CIPHER_SPEC, CONTENT_HANDSHAKE}) 109 110 # 8. The Commissioner must receive the DTLS-ClientKeyExchange handshake record, the DTLS-ChangeCipherSpec and the encrypted DTLS-Finished handshake record, and then send a DTLS-Alert record with error code 20 (bad record MAC) - in one UDP datagram - to Joiner_1 111 _cpkts.filter( 112 lambda p: p.dtls.record.content_type == [CONTENT_ALERT] and p.dtls.alert_message.desc == 20).must_next() 113 114 115if __name__ == '__main__': 116 unittest.main() 117