1#!/usr/bin/env python3
2#
3#  Copyright (c) 2016, The OpenThread Authors.
4#  All rights reserved.
5#
6#  Redistribution and use in source and binary forms, with or without
7#  modification, are permitted provided that the following conditions are met:
8#  1. Redistributions of source code must retain the above copyright
9#     notice, this list of conditions and the following disclaimer.
10#  2. Redistributions in binary form must reproduce the above copyright
11#     notice, this list of conditions and the following disclaimer in the
12#     documentation and/or other materials provided with the distribution.
13#  3. Neither the name of the copyright holder nor the
14#     names of its contributors may be used to endorse or promote products
15#     derived from this software without specific prior written permission.
16#
17#  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
18#  AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19#  IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20#  ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
21#  LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
22#  CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
23#  SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24#  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
25#  CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
26#  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27#  POSSIBILITY OF SUCH DAMAGE.
28#
29
30import unittest
31
32import command
33import config
34import dtls
35import thread_cert
36from pktverify.consts import MLE_DISCOVERY_REQUEST, MLE_DISCOVERY_RESPONSE, HANDSHAKE_CLIENT_HELLO, HANDSHAKE_SERVER_HELLO, HANDSHAKE_SERVER_KEY_EXCHANGE, HANDSHAKE_SERVER_HELLO_DONE, HANDSHAKE_CLIENT_KEY_EXCHANGE, HANDSHAKE_HELLO_VERIFY_REQUEST, CONTENT_APPLICATION_DATA, NM_EXTENDED_PAN_ID_TLV, NM_NETWORK_NAME_TLV, NM_STEERING_DATA_TLV, NM_COMMISSIONER_UDP_PORT_TLV, NM_JOINER_UDP_PORT_TLV, NM_DISCOVERY_REQUEST_TLV, NM_DISCOVERY_RESPONSE_TLV, THREAD_DISCOVERY_TLV, CONTENT_CHANGE_CIPHER_SPEC, CONTENT_HANDSHAKE, CONTENT_ALERT
37from pktverify.packet_verifier import PacketVerifier
38
39COMMISSIONER = 1
40JOINER = 2
41
42# Test Purpose and Description:
43# -----------------------------
44# The purpose of this test case is to verify the DTLS sessions between the
45# on-mesh Commissioner and a Joiner when the correct PSKd is used
46#
47# Note that many of the messages/records exchanged are encrypted
48# and cannot be observe
49#
50# Test Topology:
51# -------------
52# Commissioner
53#    |
54# Joiner
55#
56# DUT Types:
57# ----------
58#  Commissioner
59#  Joiner
60
61
62class Cert_8_1_01_Commissioning(thread_cert.TestCase):
63    SUPPORT_NCP = False
64
65    TOPOLOGY = {
66        COMMISSIONER: {
67            'name': 'COMMISSIONER',
68            'networkkey': '00112233445566778899aabbccddeeff',
69            'mode': 'rdn',
70        },
71        JOINER: {
72            'name': 'JOINER',
73            'networkkey': 'deadbeefdeadbeefdeadbeefdeadbeef',
74            'mode': 'rdn',
75        },
76    }
77
78    def test(self):
79        self.nodes[COMMISSIONER].interface_up()
80        self.nodes[COMMISSIONER].thread_start()
81        self.simulator.go(config.LEADER_STARTUP_DELAY)
82        self.assertEqual(self.nodes[COMMISSIONER].get_state(), 'leader')
83        self.nodes[COMMISSIONER].commissioner_start()
84        self.simulator.go(3)
85        self.nodes[COMMISSIONER].commissioner_add_joiner(self.nodes[JOINER].get_eui64(), 'PSKD01')
86
87        self.nodes[JOINER].interface_up()
88        self.nodes[JOINER].joiner_start('PSKD01')
89        self.simulator.go(10)
90        self.simulator.read_cert_messages_in_commissioning_log([COMMISSIONER, JOINER])
91        self.assertEqual(
92            self.nodes[JOINER].get_networkkey(),
93            self.nodes[COMMISSIONER].get_networkkey(),
94        )
95        joiner_messages = self.simulator.get_messages_sent_by(JOINER)
96        commissioner_messages = self.simulator.get_messages_sent_by(COMMISSIONER)
97
98        # 5.8,9,10,11
99        # - Joiner
100        command.check_joiner_commissioning_messages(joiner_messages.commissioning_messages)
101        # - Commissioner
102        command.check_commissioner_commissioning_messages(commissioner_messages.commissioning_messages)
103        # As commissioner is also joiner router
104        command.check_joiner_router_commissioning_messages(commissioner_messages.commissioning_messages)
105        self.nodes[JOINER].thread_start()
106        self.simulator.go(5)
107        self.assertEqual(self.nodes[JOINER].get_state(), 'router')
108
109    def verify(self, pv):
110        pkts = pv.pkts
111        pv.summary.show()
112
113        COMMISSIONER = pv.vars['COMMISSIONER']
114        COMMISSIONER_VERSION = pv.vars['COMMISSIONER_VERSION']
115        JOINER_VERSION = pv.vars['JOINER_VERSION']
116
117        # Step 3: Joiner sends MLE Discovery Request
118        #         MLE Discovery Request message MUST have these values:
119        #             - MLE Security Suite: 255 (No MLE Security)
120        #             - Thread Discovery TLV
121        #               Sub-TLVs:
122        #                   - Discovery Request TLV
123        #                       - Protocol Version: 2 or 3
124        #                       (depends on the Thread stack version in testing)
125        pkts.filter_mle_cmd(MLE_DISCOVERY_REQUEST).\
126            filter_LLARMA().\
127            filter(lambda p:
128                   [THREAD_DISCOVERY_TLV] == p.mle.tlv.type and\
129                   [NM_DISCOVERY_REQUEST_TLV] == p.thread_meshcop.tlv.type and\
130                   p.thread_meshcop.tlv.discovery_req_ver == JOINER_VERSION
131            ).\
132        must_next()
133
134        # Step 4: Commissioner sends MLE Discovery Response
135        #         MLE Discovery Response message MUST have these values:
136        #             - MLE Security Suite: 255 (No MLE Security)
137        #             - Source Address in IEEE 802.15.4 header MUST be set to
138        #               the MAC Extended Address (64-bit)
139        #             - Destination Address in IEEE 802.15.4 header MUST be
140        #               set to Discovery Request Source Address
141        #             - Thread Discovery TLV
142        #               Sub-TLVs:
143        #                   - Discovery Request TLV
144        #                       - Protocol Version: 2 or 3
145        #                       (depends on the Thread stack version in testing)
146        #                   - Extended PAN ID TLV
147        #                   - Joiner UDP Port TLV
148        #                   - Network Name TLV
149        #                   - Steering Data TLV
150        #                   - Commissioner UDP Port TLV (optional)
151        _rs_pkt = pkts.filter_wpan_src64(COMMISSIONER).\
152            filter_mle_cmd(MLE_DISCOVERY_RESPONSE).\
153            filter(lambda p: {
154                              NM_EXTENDED_PAN_ID_TLV,
155                              NM_NETWORK_NAME_TLV,
156                              NM_STEERING_DATA_TLV,
157                              NM_JOINER_UDP_PORT_TLV,
158                              NM_DISCOVERY_RESPONSE_TLV
159                            } <= set(p.thread_meshcop.tlv.type) and\
160                   p.thread_meshcop.tlv.discovery_rsp_ver == COMMISSIONER_VERSION
161                  ).\
162            must_next()
163
164        # Step 5: Verify the following details occur in the exchange between
165        #         Joiner and the Commissioner
166        # 1. UDP port (Specified by the Commissioner: in Discovery Response)
167        #    is used as destination port for UDP datagrams from Joiner to
168        #    the Commissioner.
169
170        # 2. Joiner sends an initial DTLS-ClientHello handshake record to the
171        #    Commissioner
172        pkts.filter_wpan_dst64(COMMISSIONER).\
173            filter(lambda p:
174                   p.dtls.handshake.type == [HANDSHAKE_CLIENT_HELLO] and\
175                   p.udp.srcport in _rs_pkt.thread_meshcop.tlv.udp_port and\
176                   p.udp.dstport in _rs_pkt.thread_meshcop.tlv.udp_port
177                   ).\
178            must_next()
179
180        # 3. The Commissioner receives the initial DTLS-ClientHello handshake
181        #    record and sends a DTLS-HelloVerifyRequest handshake record Joiner
182        _pkt = pkts.filter_wpan_src64(COMMISSIONER).\
183            filter(lambda p: p.dtls.handshake.type == [HANDSHAKE_HELLO_VERIFY_REQUEST]).\
184            must_next()
185        _pkt.must_verify(lambda p: p.dtls.handshake.cookie is not None)
186
187        # 4. Joiner receives the DTLS-HelloVerifyRequest handshake record and sends
188        #    a subsequent DTLS-ClientHello handshake record in one UDP datagram to the
189        #    Commissioner
190        #      Verify that both DTLS-HelloVerifyRequest and subsequent DTLS-ClientHello
191        #      contain the same cookie
192        pkts.filter_wpan_dst64(COMMISSIONER).\
193            filter(lambda p:
194                       p.dtls.handshake.type == [HANDSHAKE_CLIENT_HELLO] and\
195                       p.dtls.handshake.cookie == _pkt.dtls.handshake.cookie
196                       ).\
197            must_next()
198
199        # 5. Commissioner must correctly receive the subsequent DTLSClientHello
200        #    handshake record and then send, in order, DTLSServerHello,
201        #    DTLS-ServerKeyExchange and DTLSServerHelloDone handshake records to Joiner
202        pkts.filter_wpan_src64(COMMISSIONER).\
203            filter(lambda p:
204                      p.dtls.handshake.type == [HANDSHAKE_SERVER_HELLO,
205                                                HANDSHAKE_SERVER_KEY_EXCHANGE,
206                                                HANDSHAKE_SERVER_HELLO_DONE]
207                      ).\
208               must_next()
209
210        # 6. Joiner receives the DTLS-ServerHello, DTLSServerKeyExchange and
211        #    DTLS-ServerHelloDone handshake records and sends, in order,
212        #    a DTLS-ClientKeyExchange handshake record,
213        #    a DTLS-ChangeCipherSpec record and
214        #    an encrypted DTLS-Finished handshake record to the Commissioner.
215        pkts.filter_wpan_dst64(COMMISSIONER).\
216            filter(lambda p:
217                       p.dtls.handshake.type == [HANDSHAKE_CLIENT_KEY_EXCHANGE] and\
218                       {
219                        CONTENT_CHANGE_CIPHER_SPEC,
220                        CONTENT_HANDSHAKE
221                       } == set(p.dtls.record.content_type)
222                       ).\
223               must_next()
224
225        # 7. Commissioner receives the DTLS-ClientKeyExchange handshake record, the
226        #    DTLS-ChangeCipherSpec record and the encrypted DTLS-Finished handshake record,
227        #    and sends a DTLS-ChangeCipherSpec record and an encrypted DTLSFinished handshake
228        #    record in that order to Joiner
229        pkts.filter_wpan_src64(COMMISSIONER).\
230            filter(lambda p: {
231                              CONTENT_CHANGE_CIPHER_SPEC,
232                              CONTENT_HANDSHAKE
233                             } == set(p.dtls.record.content_type)
234                      ).\
235              must_next()
236
237        # 8. Joiner receives the DTLS-ChangeCipherSpec record and the encrypted DTLS-Finished
238        #    handshake record and sends a JOIN_FIN.req message in an encrypted DTLS-ApplicationData
239        #    record in a single UDP datagram to Commissioner.
240        pkts.filter_wpan_dst64(COMMISSIONER).\
241            filter(lambda p:
242                   [CONTENT_APPLICATION_DATA] == p.dtls.record.content_type
243                  ).\
244               must_next()
245
246        # 9. Commissioner receives the encrypted DTLS-ApplicationData record and sends a
247        #    JOIN_FIN.rsp message in an encrypted DTLS-ApplicationData record in a single
248        #    UDP datagram to Joiner
249        pkts.filter_wpan_src64(COMMISSIONER).\
250            filter(lambda p:
251                   [CONTENT_APPLICATION_DATA] == p.dtls.record.content_type
252                  ).\
253               must_next()
254
255        # 10. Commissioner sends an encrypted JOIN_ENT.ntf message to Joiner
256
257        # 11. Joiner receives the encrypted JOIN_ENT.ntf message and sends an encrypted
258        #     JOIN_ENT.ntf dummy response to Commissioner
259
260        # Check Step 8 ~ 11 in test()
261
262        # 12. Joiner sends an encrypted DTLS-Alert record with a code of 0 (close_notify)
263        #     to Commissioner
264        pkts.filter_wpan_dst64(COMMISSIONER).\
265            filter(lambda p:
266                   [CONTENT_ALERT] == p.dtls.record.content_type
267                  ).\
268               must_next()
269
270
271if __name__ == '__main__':
272    unittest.main()
273