1#!/usr/bin/env python3 2# 3# Copyright (c) 2020, The OpenThread Authors. 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions are met: 8# 1. Redistributions of source code must retain the above copyright 9# notice, this list of conditions and the following disclaimer. 10# 2. Redistributions in binary form must reproduce the above copyright 11# notice, this list of conditions and the following disclaimer in the 12# documentation and/or other materials provided with the distribution. 13# 3. Neither the name of the copyright holder nor the 14# names of its contributors may be used to endorse or promote products 15# derived from this software without specific prior written permission. 16# 17# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 18# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 21# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27# POSSIBILITY OF SUCH DAMAGE. 28# 29 30import unittest 31 32import command 33import config 34from mesh_cop import MeshCopState 35import thread_cert 36from pktverify.consts import MLE_DISCOVERY_REQUEST, MLE_DISCOVERY_RESPONSE, HANDSHAKE_CLIENT_HELLO, HANDSHAKE_SERVER_HELLO, HANDSHAKE_SERVER_KEY_EXCHANGE, HANDSHAKE_SERVER_HELLO_DONE, HANDSHAKE_CLIENT_KEY_EXCHANGE, HANDSHAKE_HELLO_VERIFY_REQUEST, CONTENT_APPLICATION_DATA, NM_EXTENDED_PAN_ID_TLV, NM_NETWORK_NAME_TLV, NM_STEERING_DATA_TLV, NM_COMMISSIONER_UDP_PORT_TLV, NM_JOINER_UDP_PORT_TLV, NM_DISCOVERY_REQUEST_TLV, NM_DISCOVERY_RESPONSE_TLV, THREAD_DISCOVERY_TLV, CONTENT_CHANGE_CIPHER_SPEC, CONTENT_HANDSHAKE, CONTENT_ALERT 37from pktverify.packet_verifier import PacketVerifier 38 39COMMISSIONER = 1 40JOINER = 2 41PSKD = 'PSKD01' 42URL_1 = 'www.openthread.org' 43URL_2 = 'www.wrongurl.org' 44 45# Test Purpose and Description: 46# ----------------------------- 47# The purpose of this test case is to verify the DTLS session between an on-mesh 48# Commissioner and a Joiner and ensure that the session does not stay open. 49# 50# Test Topology: 51# ------------- 52# Commissioner 53# | 54# Joiner 55# 56# DUT Types: 57# ---------- 58# Commissioner 59# Joiner 60 61 62class Cert_8_1_06_Commissioning(thread_cert.TestCase): 63 SUPPORT_NCP = False 64 65 TOPOLOGY = { 66 COMMISSIONER: { 67 'name': 'COMMISSIONER', 68 'networkkey': '00112233445566778899aabbccddeeff', 69 'mode': 'rdn', 70 }, 71 JOINER: { 72 'networkkey': 'deadbeefdeadbeefdeadbeefdeadbeef', 73 'mode': 'rdn', 74 }, 75 } 76 77 def test(self): 78 self.nodes[COMMISSIONER].interface_up() 79 self.nodes[COMMISSIONER].thread_start() 80 self.simulator.go(config.LEADER_STARTUP_DELAY) 81 self.assertEqual(self.nodes[COMMISSIONER].get_state(), 'leader') 82 self.nodes[COMMISSIONER].commissioner_set_provisioning_url(URL_1) 83 self.nodes[COMMISSIONER].commissioner_start() 84 self.simulator.go(3) 85 self.nodes[COMMISSIONER].commissioner_add_joiner(self.nodes[JOINER].get_eui64(), PSKD) 86 87 self.nodes[JOINER].interface_up() 88 self.nodes[JOINER].joiner_start(PSKD, URL_2) 89 self.simulator.go(10) 90 self.simulator.read_cert_messages_in_commissioning_log([COMMISSIONER, JOINER]) 91 self.assertEqual( 92 self.nodes[JOINER].get_networkkey(), 93 self.nodes[COMMISSIONER].get_networkkey(), 94 ) 95 joiner_messages = self.simulator.get_messages_sent_by(JOINER) 96 commissioner_messages = self.simulator.get_messages_sent_by(COMMISSIONER) 97 98 # 3.7, 8, 9, 10 99 # - Joiner 100 command.check_joiner_commissioning_messages(joiner_messages.commissioning_messages, URL_2) 101 # - Commissioner 102 command.check_commissioner_commissioning_messages(commissioner_messages.commissioning_messages, 103 MeshCopState.REJECT) 104 # As commissioner is also joiner router 105 command.check_joiner_router_commissioning_messages(commissioner_messages.commissioning_messages) 106 self.nodes[JOINER].thread_start() 107 self.simulator.go(5) 108 self.assertEqual(self.nodes[JOINER].get_state(), 'router') 109 110 def verify(self, pv): 111 pkts = pv.pkts 112 pv.summary.show() 113 114 COMMISSIONER = pv.vars['COMMISSIONER'] 115 COMMISSIONER_VERSION = pv.vars['COMMISSIONER_VERSION'] 116 117 _rs_pkt = pkts.filter_wpan_src64(COMMISSIONER).\ 118 filter_mle_cmd(MLE_DISCOVERY_RESPONSE).\ 119 filter(lambda p: { 120 NM_EXTENDED_PAN_ID_TLV, 121 NM_NETWORK_NAME_TLV, 122 NM_STEERING_DATA_TLV, 123 NM_COMMISSIONER_UDP_PORT_TLV, 124 NM_JOINER_UDP_PORT_TLV, 125 NM_DISCOVERY_RESPONSE_TLV 126 } <= set(p.thread_meshcop.tlv.type) and\ 127 p.thread_meshcop.tlv.discovery_rsp_ver == 128 COMMISSIONER_VERSION 129 ).\ 130 must_next() 131 132 # Step 3: Verify the following details occur in the exchange between 133 # Joiner and the Commissioner 134 # 1. UDP port (Specified by the Commissioner: in Discovery Response) 135 # is used as destination port for UDP datagrams from Joiner to 136 # the Commissioner. 137 138 # 2. Joiner_1 sends an initial DTLS-ClientHello handshake record to the 139 # Commissioner 140 pkts.filter_wpan_dst64(COMMISSIONER).\ 141 filter(lambda p: 142 p.dtls.handshake.type == [HANDSHAKE_CLIENT_HELLO] and\ 143 p.udp.srcport in _rs_pkt.thread_meshcop.tlv.udp_port and\ 144 p.udp.dstport in _rs_pkt.thread_meshcop.tlv.udp_port 145 ).\ 146 must_next() 147 148 # 3. The Commissioner receives the initial DTLS-ClientHello handshake 149 # record and sends a DTLS-HelloVerifyRequest handshake record Joiner 150 _pkt = pkts.filter_wpan_src64(COMMISSIONER).\ 151 filter(lambda p: p.dtls.handshake.type == [HANDSHAKE_HELLO_VERIFY_REQUEST]).\ 152 must_next() 153 _pkt.must_verify(lambda p: p.dtls.handshake.cookie is not None) 154 155 # 4. Joiner receives the DTLS-HelloVerifyRequest handshake record and sends 156 # a subsequent DTLS-ClientHello handshake record in one UDP datagram to the 157 # Commissioner 158 # Verify that both DTLS-HelloVerifyRequest and subsequent DTLS-ClientHello 159 # contain the same cookie 160 pkts.filter_wpan_dst64(COMMISSIONER).\ 161 filter(lambda p: 162 p.dtls.handshake.type == [HANDSHAKE_CLIENT_HELLO] and\ 163 p.dtls.handshake.cookie == _pkt.dtls.handshake.cookie 164 ).\ 165 must_next() 166 167 # 5. Commissioner receives the subsequent DTLSClientHello handshake record 168 # and then send, in order, DTLSServerHello, DTLS-ServerKeyExchange and 169 # DTLSServerHelloDone handshake records to Joiner 170 pkts.filter_wpan_src64(COMMISSIONER).\ 171 filter(lambda p: 172 p.dtls.handshake.type == [HANDSHAKE_SERVER_HELLO, 173 HANDSHAKE_SERVER_KEY_EXCHANGE, 174 HANDSHAKE_SERVER_HELLO_DONE] 175 ).\ 176 must_next() 177 178 # 6. Joiner receives the DTLS-ServerHello, DTLSServerKeyExchange and 179 # DTLS-ServerHelloDone handshake records and sends, in order, 180 # a DTLS-ClientKeyExchange handshake record, 181 # a DTLS-ChangeCipherSpec record and 182 # an encrypted DTLS-Finished handshake record to the Commissioner. 183 pkts.filter_wpan_dst64(COMMISSIONER).\ 184 filter(lambda p: 185 p.dtls.handshake.type == [HANDSHAKE_CLIENT_KEY_EXCHANGE] and\ 186 { 187 CONTENT_CHANGE_CIPHER_SPEC, 188 CONTENT_HANDSHAKE 189 } == set(p.dtls.record.content_type) 190 ).\ 191 must_next() 192 193 # 7. Commissioner receives the DTLS-ClientKeyExchange handshake record, the 194 # DTLS-ChangeCipherSpec record and the encrypted DTLS-Finished handshake record, 195 # and sends a DTLS-ChangeCipherSpec record and an encrypted DTLSFinished handshake 196 # record in that order to Joiner 197 pkts.filter_wpan_src64(COMMISSIONER).\ 198 filter(lambda p: { 199 CONTENT_CHANGE_CIPHER_SPEC, 200 CONTENT_HANDSHAKE 201 } == set(p.dtls.record.content_type) 202 ).\ 203 must_next() 204 205 # 8. Joiner receives the DTLS-ChangeCipherSpec record and the encrypted DTLS-Finished 206 # handshake record and sends a JOIN_FIN.req message in an encrypted DTLS-ApplicationData 207 # record in a single UDP datagram to Commissioner. 208 pkts.filter_wpan_dst64(COMMISSIONER).\ 209 filter(lambda p: 210 [CONTENT_APPLICATION_DATA] == p.dtls.record.content_type 211 ).\ 212 must_next() 213 214 # 9. Commissioner receives the encrypted DTLS-ApplicationData record and sends a 215 # JOIN_FIN.rsp message in an encrypted DTLS-ApplicationData record in a single 216 # UDP datagram to Joiner 217 # The JOIN_FIN.req message must contain a Provisioning URL TLV which the 218 # Commissioner will not recognize. 219 pkts.filter_wpan_src64(COMMISSIONER).\ 220 filter(lambda p: 221 [CONTENT_APPLICATION_DATA] == p.dtls.record.content_type 222 ).\ 223 must_next() 224 225 # 10. Joiner receives the encrypted JOIN_ENT.ntf message and sends an encrypted 226 # JOIN_ENT.ntf with Reject state to Commissioner 227 228 # Verify Step 7 - 10 in test() 229 230 # 11. Joiner sends an encrypted DTLS-Alert record with a code of 0 (close_notify) 231 # to Commissioner 232 pkts.filter_wpan_dst64(COMMISSIONER).\ 233 filter(lambda p: 234 [CONTENT_ALERT] == p.dtls.record.content_type 235 ).\ 236 must_next() 237 238 239if __name__ == '__main__': 240 unittest.main() 241