]>
Commit | Line | Data |
---|---|---|
6fc6879b JM |
1 | /* |
2 | * WPA Supplicant - test code | |
3 | * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of the GNU General Public License version 2 as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * Alternatively, this software may be distributed under the terms of BSD | |
10 | * license. | |
11 | * | |
12 | * See README and COPYING for more details. | |
13 | * | |
14 | * IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c. | |
15 | * Not used in production version. | |
16 | */ | |
17 | ||
18 | #include "includes.h" | |
19 | #include <assert.h> | |
20 | ||
21 | #include "common.h" | |
22 | #include "config.h" | |
23 | #include "eapol_supp/eapol_supp_sm.h" | |
24 | #include "eap_peer/eap.h" | |
25 | #include "eloop.h" | |
3acb5005 | 26 | #include "rsn_supp/wpa.h" |
6fc6879b JM |
27 | #include "eap_peer/eap_i.h" |
28 | #include "wpa_supplicant_i.h" | |
29 | #include "radius/radius.h" | |
30 | #include "radius/radius_client.h" | |
31 | #include "ctrl_iface.h" | |
32 | #include "pcsc_funcs.h" | |
33 | ||
34 | ||
35 | extern int wpa_debug_level; | |
36 | extern int wpa_debug_show_keys; | |
37 | ||
c5121837 | 38 | struct wpa_driver_ops *wpa_drivers[] = { NULL }; |
6fc6879b JM |
39 | |
40 | ||
db803a36 TW |
41 | struct extra_radius_attr { |
42 | u8 type; | |
43 | char syntax; | |
44 | char *data; | |
45 | struct extra_radius_attr *next; | |
46 | }; | |
47 | ||
6fc6879b JM |
48 | struct eapol_test_data { |
49 | struct wpa_supplicant *wpa_s; | |
50 | ||
51 | int eapol_test_num_reauths; | |
52 | int no_mppe_keys; | |
53 | int num_mppe_ok, num_mppe_mismatch; | |
54 | ||
55 | u8 radius_identifier; | |
56 | struct radius_msg *last_recv_radius; | |
57 | struct in_addr own_ip_addr; | |
58 | struct radius_client_data *radius; | |
59 | struct hostapd_radius_servers *radius_conf; | |
60 | ||
61 | u8 *last_eap_radius; /* last received EAP Response from Authentication | |
62 | * Server */ | |
63 | size_t last_eap_radius_len; | |
64 | ||
65 | u8 authenticator_pmk[PMK_LEN]; | |
66 | size_t authenticator_pmk_len; | |
67 | int radius_access_accept_received; | |
68 | int radius_access_reject_received; | |
69 | int auth_timed_out; | |
70 | ||
71 | u8 *eap_identity; | |
72 | size_t eap_identity_len; | |
73 | ||
74 | char *connect_info; | |
75 | u8 own_addr[ETH_ALEN]; | |
db803a36 | 76 | struct extra_radius_attr *extra_attrs; |
6fc6879b JM |
77 | }; |
78 | ||
79 | static struct eapol_test_data eapol_test; | |
80 | ||
81 | ||
82 | static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx); | |
83 | ||
84 | ||
85 | static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module, | |
86 | int level, const char *txt, size_t len) | |
87 | { | |
88 | if (addr) | |
89 | wpa_printf(MSG_DEBUG, "STA " MACSTR ": %s\n", | |
90 | MAC2STR(addr), txt); | |
91 | else | |
92 | wpa_printf(MSG_DEBUG, "%s", txt); | |
93 | } | |
94 | ||
95 | ||
db803a36 TW |
96 | static int add_extra_attr(struct radius_msg *msg, |
97 | struct extra_radius_attr *attr) | |
98 | { | |
99 | size_t len; | |
100 | char *pos; | |
101 | u32 val; | |
102 | char buf[128]; | |
103 | ||
104 | switch (attr->syntax) { | |
105 | case 's': | |
106 | os_snprintf(buf, sizeof(buf), "%s", attr->data); | |
107 | len = os_strlen(buf); | |
108 | break; | |
109 | case 'n': | |
110 | buf[0] = '\0'; | |
111 | len = 1; | |
112 | break; | |
113 | case 'x': | |
114 | pos = attr->data; | |
115 | if (pos[0] == '0' && pos[1] == 'x') | |
116 | pos += 2; | |
117 | len = os_strlen(pos); | |
118 | if ((len & 1) || (len / 2) > sizeof(buf)) { | |
119 | printf("Invalid extra attribute hexstring\n"); | |
120 | return -1; | |
121 | } | |
122 | len /= 2; | |
123 | if (hexstr2bin(pos, (u8 *) buf, len) < 0) { | |
124 | printf("Invalid extra attribute hexstring\n"); | |
125 | return -1; | |
126 | } | |
127 | break; | |
128 | case 'd': | |
129 | val = htonl(atoi(attr->data)); | |
130 | os_memcpy(buf, &val, 4); | |
131 | len = 4; | |
132 | break; | |
133 | default: | |
134 | printf("Incorrect extra attribute syntax specification\n"); | |
135 | return -1; | |
136 | } | |
137 | ||
138 | if (!radius_msg_add_attr(msg, attr->type, (u8 *) buf, len)) { | |
139 | printf("Could not add attribute %d\n", attr->type); | |
140 | return -1; | |
141 | } | |
142 | ||
143 | return 0; | |
144 | } | |
145 | ||
146 | ||
147 | static int add_extra_attrs(struct radius_msg *msg, | |
148 | struct extra_radius_attr *attrs) | |
149 | { | |
150 | struct extra_radius_attr *p; | |
151 | for (p = attrs; p; p = p->next) { | |
152 | if (add_extra_attr(msg, p) < 0) | |
153 | return -1; | |
154 | } | |
155 | return 0; | |
156 | } | |
157 | ||
158 | ||
676ea341 JM |
159 | static struct extra_radius_attr * |
160 | find_extra_attr(struct extra_radius_attr *attrs, u8 type) | |
161 | { | |
162 | struct extra_radius_attr *p; | |
163 | for (p = attrs; p; p = p->next) { | |
164 | if (p->type == type) | |
165 | return p; | |
166 | } | |
167 | return NULL; | |
168 | } | |
169 | ||
170 | ||
6fc6879b JM |
171 | static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e, |
172 | const u8 *eap, size_t len) | |
173 | { | |
174 | struct radius_msg *msg; | |
175 | char buf[128]; | |
176 | const struct eap_hdr *hdr; | |
177 | const u8 *pos; | |
178 | ||
179 | wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS " | |
180 | "packet"); | |
181 | ||
182 | e->radius_identifier = radius_client_get_id(e->radius); | |
183 | msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, | |
184 | e->radius_identifier); | |
185 | if (msg == NULL) { | |
186 | printf("Could not create net RADIUS packet\n"); | |
187 | return; | |
188 | } | |
189 | ||
190 | radius_msg_make_authenticator(msg, (u8 *) e, sizeof(*e)); | |
191 | ||
192 | hdr = (const struct eap_hdr *) eap; | |
193 | pos = (const u8 *) (hdr + 1); | |
194 | if (len > sizeof(*hdr) && hdr->code == EAP_CODE_RESPONSE && | |
195 | pos[0] == EAP_TYPE_IDENTITY) { | |
196 | pos++; | |
197 | os_free(e->eap_identity); | |
198 | e->eap_identity_len = len - sizeof(*hdr) - 1; | |
199 | e->eap_identity = os_malloc(e->eap_identity_len); | |
200 | if (e->eap_identity) { | |
201 | os_memcpy(e->eap_identity, pos, e->eap_identity_len); | |
202 | wpa_hexdump(MSG_DEBUG, "Learned identity from " | |
203 | "EAP-Response-Identity", | |
204 | e->eap_identity, e->eap_identity_len); | |
205 | } | |
206 | } | |
207 | ||
208 | if (e->eap_identity && | |
209 | !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, | |
210 | e->eap_identity, e->eap_identity_len)) { | |
211 | printf("Could not add User-Name\n"); | |
212 | goto fail; | |
213 | } | |
214 | ||
676ea341 JM |
215 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_IP_ADDRESS) && |
216 | !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS, | |
6fc6879b JM |
217 | (u8 *) &e->own_ip_addr, 4)) { |
218 | printf("Could not add NAS-IP-Address\n"); | |
219 | goto fail; | |
220 | } | |
221 | ||
222 | os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT, | |
223 | MAC2STR(e->wpa_s->own_addr)); | |
676ea341 JM |
224 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CALLING_STATION_ID) |
225 | && | |
226 | !radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID, | |
6fc6879b JM |
227 | (u8 *) buf, os_strlen(buf))) { |
228 | printf("Could not add Calling-Station-Id\n"); | |
229 | goto fail; | |
230 | } | |
231 | ||
232 | /* TODO: should probably check MTU from driver config; 2304 is max for | |
233 | * IEEE 802.11, but use 1400 to avoid problems with too large packets | |
234 | */ | |
676ea341 JM |
235 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_FRAMED_MTU) && |
236 | !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) { | |
6fc6879b JM |
237 | printf("Could not add Framed-MTU\n"); |
238 | goto fail; | |
239 | } | |
240 | ||
676ea341 JM |
241 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_PORT_TYPE) && |
242 | !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE, | |
6fc6879b JM |
243 | RADIUS_NAS_PORT_TYPE_IEEE_802_11)) { |
244 | printf("Could not add NAS-Port-Type\n"); | |
245 | goto fail; | |
246 | } | |
247 | ||
248 | os_snprintf(buf, sizeof(buf), "%s", e->connect_info); | |
676ea341 JM |
249 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CONNECT_INFO) && |
250 | !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO, | |
6fc6879b JM |
251 | (u8 *) buf, os_strlen(buf))) { |
252 | printf("Could not add Connect-Info\n"); | |
253 | goto fail; | |
254 | } | |
255 | ||
db803a36 TW |
256 | if (add_extra_attrs(msg, e->extra_attrs) < 0) |
257 | goto fail; | |
1e4b9da1 | 258 | |
6fc6879b JM |
259 | if (eap && !radius_msg_add_eap(msg, eap, len)) { |
260 | printf("Could not add EAP-Message\n"); | |
261 | goto fail; | |
262 | } | |
263 | ||
264 | /* State attribute must be copied if and only if this packet is | |
265 | * Access-Request reply to the previous Access-Challenge */ | |
266 | if (e->last_recv_radius && e->last_recv_radius->hdr->code == | |
267 | RADIUS_CODE_ACCESS_CHALLENGE) { | |
268 | int res = radius_msg_copy_attr(msg, e->last_recv_radius, | |
269 | RADIUS_ATTR_STATE); | |
270 | if (res < 0) { | |
271 | printf("Could not copy State attribute from previous " | |
272 | "Access-Challenge\n"); | |
273 | goto fail; | |
274 | } | |
275 | if (res > 0) { | |
276 | wpa_printf(MSG_DEBUG, " Copied RADIUS State " | |
277 | "Attribute"); | |
278 | } | |
279 | } | |
280 | ||
281 | radius_client_send(e->radius, msg, RADIUS_AUTH, e->wpa_s->own_addr); | |
282 | return; | |
283 | ||
284 | fail: | |
285 | radius_msg_free(msg); | |
286 | os_free(msg); | |
287 | } | |
288 | ||
289 | ||
290 | static int eapol_test_eapol_send(void *ctx, int type, const u8 *buf, | |
291 | size_t len) | |
292 | { | |
293 | /* struct wpa_supplicant *wpa_s = ctx; */ | |
294 | printf("WPA: eapol_test_eapol_send(type=%d len=%lu)\n", | |
295 | type, (unsigned long) len); | |
296 | if (type == IEEE802_1X_TYPE_EAP_PACKET) { | |
297 | wpa_hexdump(MSG_DEBUG, "TX EAP -> RADIUS", buf, len); | |
298 | ieee802_1x_encapsulate_radius(&eapol_test, buf, len); | |
299 | } | |
300 | return 0; | |
301 | } | |
302 | ||
303 | ||
304 | static void eapol_test_set_config_blob(void *ctx, | |
305 | struct wpa_config_blob *blob) | |
306 | { | |
307 | struct wpa_supplicant *wpa_s = ctx; | |
308 | wpa_config_set_blob(wpa_s->conf, blob); | |
309 | } | |
310 | ||
311 | ||
312 | static const struct wpa_config_blob * | |
313 | eapol_test_get_config_blob(void *ctx, const char *name) | |
314 | { | |
315 | struct wpa_supplicant *wpa_s = ctx; | |
316 | return wpa_config_get_blob(wpa_s->conf, name); | |
317 | } | |
318 | ||
319 | ||
320 | static void eapol_test_eapol_done_cb(void *ctx) | |
321 | { | |
322 | printf("WPA: EAPOL processing complete\n"); | |
323 | } | |
324 | ||
325 | ||
326 | static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx) | |
327 | { | |
328 | struct eapol_test_data *e = eloop_ctx; | |
329 | printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n"); | |
330 | e->radius_access_accept_received = 0; | |
331 | send_eap_request_identity(e->wpa_s, NULL); | |
332 | } | |
333 | ||
334 | ||
335 | static int eapol_test_compare_pmk(struct eapol_test_data *e) | |
336 | { | |
337 | u8 pmk[PMK_LEN]; | |
338 | int ret = 1; | |
339 | ||
340 | if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) { | |
341 | wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN); | |
342 | if (os_memcmp(pmk, e->authenticator_pmk, PMK_LEN) != 0) { | |
343 | printf("WARNING: PMK mismatch\n"); | |
344 | wpa_hexdump(MSG_DEBUG, "PMK from AS", | |
345 | e->authenticator_pmk, PMK_LEN); | |
346 | } else if (e->radius_access_accept_received) | |
347 | ret = 0; | |
348 | } else if (e->authenticator_pmk_len == 16 && | |
349 | eapol_sm_get_key(e->wpa_s->eapol, pmk, 16) == 0) { | |
350 | wpa_hexdump(MSG_DEBUG, "LEAP PMK from EAPOL", pmk, 16); | |
351 | if (os_memcmp(pmk, e->authenticator_pmk, 16) != 0) { | |
352 | printf("WARNING: PMK mismatch\n"); | |
353 | wpa_hexdump(MSG_DEBUG, "PMK from AS", | |
354 | e->authenticator_pmk, 16); | |
355 | } else if (e->radius_access_accept_received) | |
356 | ret = 0; | |
357 | } else if (e->radius_access_accept_received && e->no_mppe_keys) { | |
358 | /* No keying material expected */ | |
359 | ret = 0; | |
360 | } | |
361 | ||
362 | if (ret && !e->no_mppe_keys) | |
363 | e->num_mppe_mismatch++; | |
364 | else if (!e->no_mppe_keys) | |
365 | e->num_mppe_ok++; | |
366 | ||
367 | return ret; | |
368 | } | |
369 | ||
370 | ||
371 | static void eapol_sm_cb(struct eapol_sm *eapol, int success, void *ctx) | |
372 | { | |
373 | struct eapol_test_data *e = ctx; | |
374 | printf("eapol_sm_cb: success=%d\n", success); | |
375 | e->eapol_test_num_reauths--; | |
376 | if (e->eapol_test_num_reauths < 0) | |
377 | eloop_terminate(); | |
378 | else { | |
379 | eapol_test_compare_pmk(e); | |
380 | eloop_register_timeout(0, 100000, eapol_sm_reauth, e, NULL); | |
381 | } | |
382 | } | |
383 | ||
384 | ||
385 | static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s, | |
386 | struct wpa_ssid *ssid) | |
387 | { | |
388 | struct eapol_config eapol_conf; | |
389 | struct eapol_ctx *ctx; | |
390 | ||
391 | ctx = os_zalloc(sizeof(*ctx)); | |
392 | if (ctx == NULL) { | |
393 | printf("Failed to allocate EAPOL context.\n"); | |
394 | return -1; | |
395 | } | |
396 | ctx->ctx = wpa_s; | |
397 | ctx->msg_ctx = wpa_s; | |
398 | ctx->scard_ctx = wpa_s->scard; | |
399 | ctx->cb = eapol_sm_cb; | |
400 | ctx->cb_ctx = e; | |
401 | ctx->eapol_send_ctx = wpa_s; | |
402 | ctx->preauth = 0; | |
403 | ctx->eapol_done_cb = eapol_test_eapol_done_cb; | |
404 | ctx->eapol_send = eapol_test_eapol_send; | |
405 | ctx->set_config_blob = eapol_test_set_config_blob; | |
406 | ctx->get_config_blob = eapol_test_get_config_blob; | |
6fc6879b JM |
407 | ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; |
408 | ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; | |
409 | ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; | |
6fc6879b JM |
410 | |
411 | wpa_s->eapol = eapol_sm_init(ctx); | |
412 | if (wpa_s->eapol == NULL) { | |
413 | os_free(ctx); | |
414 | printf("Failed to initialize EAPOL state machines.\n"); | |
415 | return -1; | |
416 | } | |
417 | ||
418 | wpa_s->current_ssid = ssid; | |
419 | os_memset(&eapol_conf, 0, sizeof(eapol_conf)); | |
420 | eapol_conf.accept_802_1x_keys = 1; | |
421 | eapol_conf.required_keys = 0; | |
422 | eapol_conf.fast_reauth = wpa_s->conf->fast_reauth; | |
423 | eapol_conf.workaround = ssid->eap_workaround; | |
424 | eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf); | |
425 | eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); | |
426 | ||
427 | ||
428 | eapol_sm_notify_portValid(wpa_s->eapol, FALSE); | |
429 | /* 802.1X::portControl = Auto */ | |
430 | eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); | |
431 | ||
432 | return 0; | |
433 | } | |
434 | ||
435 | ||
436 | static void test_eapol_clean(struct eapol_test_data *e, | |
437 | struct wpa_supplicant *wpa_s) | |
438 | { | |
db803a36 TW |
439 | struct extra_radius_attr *p, *prev; |
440 | ||
6fc6879b JM |
441 | radius_client_deinit(e->radius); |
442 | os_free(e->last_eap_radius); | |
443 | if (e->last_recv_radius) { | |
444 | radius_msg_free(e->last_recv_radius); | |
445 | os_free(e->last_recv_radius); | |
446 | } | |
447 | os_free(e->eap_identity); | |
448 | e->eap_identity = NULL; | |
449 | eapol_sm_deinit(wpa_s->eapol); | |
450 | wpa_s->eapol = NULL; | |
451 | if (e->radius_conf && e->radius_conf->auth_server) { | |
452 | os_free(e->radius_conf->auth_server->shared_secret); | |
453 | os_free(e->radius_conf->auth_server); | |
454 | } | |
455 | os_free(e->radius_conf); | |
456 | e->radius_conf = NULL; | |
457 | scard_deinit(wpa_s->scard); | |
458 | if (wpa_s->ctrl_iface) { | |
459 | wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); | |
460 | wpa_s->ctrl_iface = NULL; | |
461 | } | |
462 | wpa_config_free(wpa_s->conf); | |
db803a36 TW |
463 | |
464 | p = e->extra_attrs; | |
465 | while (p) { | |
466 | prev = p; | |
467 | p = p->next; | |
468 | os_free(prev); | |
469 | } | |
6fc6879b JM |
470 | } |
471 | ||
472 | ||
473 | static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx) | |
474 | { | |
475 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
476 | u8 buf[100], *pos; | |
477 | struct ieee802_1x_hdr *hdr; | |
478 | struct eap_hdr *eap; | |
479 | ||
480 | hdr = (struct ieee802_1x_hdr *) buf; | |
481 | hdr->version = EAPOL_VERSION; | |
482 | hdr->type = IEEE802_1X_TYPE_EAP_PACKET; | |
483 | hdr->length = htons(5); | |
484 | ||
485 | eap = (struct eap_hdr *) (hdr + 1); | |
486 | eap->code = EAP_CODE_REQUEST; | |
487 | eap->identifier = 0; | |
488 | eap->length = htons(5); | |
489 | pos = (u8 *) (eap + 1); | |
490 | *pos = EAP_TYPE_IDENTITY; | |
491 | ||
492 | printf("Sending fake EAP-Request-Identity\n"); | |
493 | eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf, | |
494 | sizeof(*hdr) + 5); | |
495 | } | |
496 | ||
497 | ||
498 | static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx) | |
499 | { | |
500 | struct eapol_test_data *e = eloop_ctx; | |
501 | printf("EAPOL test timed out\n"); | |
502 | e->auth_timed_out = 1; | |
503 | eloop_terminate(); | |
504 | } | |
505 | ||
506 | ||
507 | static char *eap_type_text(u8 type) | |
508 | { | |
509 | switch (type) { | |
510 | case EAP_TYPE_IDENTITY: return "Identity"; | |
511 | case EAP_TYPE_NOTIFICATION: return "Notification"; | |
512 | case EAP_TYPE_NAK: return "Nak"; | |
513 | case EAP_TYPE_TLS: return "TLS"; | |
514 | case EAP_TYPE_TTLS: return "TTLS"; | |
515 | case EAP_TYPE_PEAP: return "PEAP"; | |
516 | case EAP_TYPE_SIM: return "SIM"; | |
517 | case EAP_TYPE_GTC: return "GTC"; | |
518 | case EAP_TYPE_MD5: return "MD5"; | |
519 | case EAP_TYPE_OTP: return "OTP"; | |
520 | case EAP_TYPE_FAST: return "FAST"; | |
521 | case EAP_TYPE_SAKE: return "SAKE"; | |
522 | case EAP_TYPE_PSK: return "PSK"; | |
523 | default: return "Unknown"; | |
524 | } | |
525 | } | |
526 | ||
527 | ||
528 | static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e) | |
529 | { | |
530 | u8 *eap; | |
531 | size_t len; | |
532 | struct eap_hdr *hdr; | |
533 | int eap_type = -1; | |
534 | char buf[64]; | |
535 | struct radius_msg *msg; | |
536 | ||
537 | if (e->last_recv_radius == NULL) | |
538 | return; | |
539 | ||
540 | msg = e->last_recv_radius; | |
541 | ||
542 | eap = radius_msg_get_eap(msg, &len); | |
543 | if (eap == NULL) { | |
544 | /* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3: | |
545 | * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message | |
546 | * attribute */ | |
547 | wpa_printf(MSG_DEBUG, "could not extract " | |
548 | "EAP-Message from RADIUS message"); | |
549 | os_free(e->last_eap_radius); | |
550 | e->last_eap_radius = NULL; | |
551 | e->last_eap_radius_len = 0; | |
552 | return; | |
553 | } | |
554 | ||
555 | if (len < sizeof(*hdr)) { | |
556 | wpa_printf(MSG_DEBUG, "too short EAP packet " | |
557 | "received from authentication server"); | |
558 | os_free(eap); | |
559 | return; | |
560 | } | |
561 | ||
562 | if (len > sizeof(*hdr)) | |
563 | eap_type = eap[sizeof(*hdr)]; | |
564 | ||
565 | hdr = (struct eap_hdr *) eap; | |
566 | switch (hdr->code) { | |
567 | case EAP_CODE_REQUEST: | |
568 | os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)", | |
569 | eap_type >= 0 ? eap_type_text(eap_type) : "??", | |
570 | eap_type); | |
571 | break; | |
572 | case EAP_CODE_RESPONSE: | |
573 | os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)", | |
574 | eap_type >= 0 ? eap_type_text(eap_type) : "??", | |
575 | eap_type); | |
576 | break; | |
577 | case EAP_CODE_SUCCESS: | |
578 | os_strlcpy(buf, "EAP Success", sizeof(buf)); | |
579 | /* LEAP uses EAP Success within an authentication, so must not | |
580 | * stop here with eloop_terminate(); */ | |
581 | break; | |
582 | case EAP_CODE_FAILURE: | |
583 | os_strlcpy(buf, "EAP Failure", sizeof(buf)); | |
584 | eloop_terminate(); | |
585 | break; | |
586 | default: | |
587 | os_strlcpy(buf, "unknown EAP code", sizeof(buf)); | |
588 | wpa_hexdump(MSG_DEBUG, "Decapsulated EAP packet", eap, len); | |
589 | break; | |
590 | } | |
591 | wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d " | |
592 | "id=%d len=%d) from RADIUS server: %s", | |
593 | hdr->code, hdr->identifier, ntohs(hdr->length), buf); | |
594 | ||
595 | /* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */ | |
596 | ||
597 | os_free(e->last_eap_radius); | |
598 | e->last_eap_radius = eap; | |
599 | e->last_eap_radius_len = len; | |
600 | ||
601 | { | |
602 | struct ieee802_1x_hdr *dot1x; | |
603 | dot1x = os_malloc(sizeof(*dot1x) + len); | |
604 | assert(dot1x != NULL); | |
605 | dot1x->version = EAPOL_VERSION; | |
606 | dot1x->type = IEEE802_1X_TYPE_EAP_PACKET; | |
607 | dot1x->length = htons(len); | |
608 | os_memcpy((u8 *) (dot1x + 1), eap, len); | |
609 | eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid, | |
610 | (u8 *) dot1x, sizeof(*dot1x) + len); | |
611 | os_free(dot1x); | |
612 | } | |
613 | } | |
614 | ||
615 | ||
616 | static void ieee802_1x_get_keys(struct eapol_test_data *e, | |
617 | struct radius_msg *msg, struct radius_msg *req, | |
8383da80 JM |
618 | const u8 *shared_secret, |
619 | size_t shared_secret_len) | |
6fc6879b JM |
620 | { |
621 | struct radius_ms_mppe_keys *keys; | |
622 | ||
623 | keys = radius_msg_get_ms_keys(msg, req, shared_secret, | |
624 | shared_secret_len); | |
625 | if (keys && keys->send == NULL && keys->recv == NULL) { | |
626 | os_free(keys); | |
627 | keys = radius_msg_get_cisco_keys(msg, req, shared_secret, | |
628 | shared_secret_len); | |
629 | } | |
630 | ||
631 | if (keys) { | |
632 | if (keys->send) { | |
633 | wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)", | |
634 | keys->send, keys->send_len); | |
635 | } | |
636 | if (keys->recv) { | |
637 | wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)", | |
638 | keys->recv, keys->recv_len); | |
639 | e->authenticator_pmk_len = | |
640 | keys->recv_len > PMK_LEN ? PMK_LEN : | |
641 | keys->recv_len; | |
642 | os_memcpy(e->authenticator_pmk, keys->recv, | |
643 | e->authenticator_pmk_len); | |
000a1de7 JM |
644 | if (e->authenticator_pmk_len == 16 && keys->send && |
645 | keys->send_len == 16) { | |
646 | /* MS-CHAP-v2 derives 16 octet keys */ | |
647 | wpa_printf(MSG_DEBUG, "Use MS-MPPE-Send-Key " | |
648 | "to extend PMK to 32 octets"); | |
649 | os_memcpy(e->authenticator_pmk + | |
650 | e->authenticator_pmk_len, | |
651 | keys->send, keys->send_len); | |
652 | e->authenticator_pmk_len += keys->send_len; | |
653 | } | |
6fc6879b JM |
654 | } |
655 | ||
656 | os_free(keys->send); | |
657 | os_free(keys->recv); | |
658 | os_free(keys); | |
659 | } | |
660 | } | |
661 | ||
662 | ||
663 | /* Process the RADIUS frames from Authentication Server */ | |
664 | static RadiusRxResult | |
665 | ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req, | |
8383da80 | 666 | const u8 *shared_secret, size_t shared_secret_len, |
6fc6879b JM |
667 | void *data) |
668 | { | |
669 | struct eapol_test_data *e = data; | |
670 | ||
671 | /* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be | |
672 | * present when packet contains an EAP-Message attribute */ | |
673 | if (msg->hdr->code == RADIUS_CODE_ACCESS_REJECT && | |
674 | radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL, | |
675 | 0) < 0 && | |
676 | radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) { | |
677 | wpa_printf(MSG_DEBUG, "Allowing RADIUS " | |
678 | "Access-Reject without Message-Authenticator " | |
679 | "since it does not include EAP-Message\n"); | |
680 | } else if (radius_msg_verify(msg, shared_secret, shared_secret_len, | |
681 | req, 1)) { | |
682 | printf("Incoming RADIUS packet did not have correct " | |
683 | "Message-Authenticator - dropped\n"); | |
684 | return RADIUS_RX_UNKNOWN; | |
685 | } | |
686 | ||
687 | if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT && | |
688 | msg->hdr->code != RADIUS_CODE_ACCESS_REJECT && | |
689 | msg->hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) { | |
690 | printf("Unknown RADIUS message code\n"); | |
691 | return RADIUS_RX_UNKNOWN; | |
692 | } | |
693 | ||
694 | e->radius_identifier = -1; | |
695 | wpa_printf(MSG_DEBUG, "RADIUS packet matching with station"); | |
696 | ||
697 | if (e->last_recv_radius) { | |
698 | radius_msg_free(e->last_recv_radius); | |
699 | os_free(e->last_recv_radius); | |
700 | } | |
701 | ||
702 | e->last_recv_radius = msg; | |
703 | ||
704 | switch (msg->hdr->code) { | |
705 | case RADIUS_CODE_ACCESS_ACCEPT: | |
706 | e->radius_access_accept_received = 1; | |
707 | ieee802_1x_get_keys(e, msg, req, shared_secret, | |
708 | shared_secret_len); | |
709 | break; | |
710 | case RADIUS_CODE_ACCESS_REJECT: | |
711 | e->radius_access_reject_received = 1; | |
712 | break; | |
713 | } | |
714 | ||
715 | ieee802_1x_decapsulate_radius(e); | |
716 | ||
717 | if ((msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT && | |
718 | e->eapol_test_num_reauths < 0) || | |
719 | msg->hdr->code == RADIUS_CODE_ACCESS_REJECT) { | |
720 | eloop_terminate(); | |
721 | } | |
722 | ||
723 | return RADIUS_RX_QUEUED; | |
724 | } | |
725 | ||
726 | ||
727 | static void wpa_init_conf(struct eapol_test_data *e, | |
728 | struct wpa_supplicant *wpa_s, const char *authsrv, | |
c454f573 TW |
729 | int port, const char *secret, |
730 | const char *cli_addr) | |
6fc6879b JM |
731 | { |
732 | struct hostapd_radius_server *as; | |
733 | int res; | |
734 | ||
735 | wpa_s->bssid[5] = 1; | |
736 | os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN); | |
737 | e->own_ip_addr.s_addr = htonl((127 << 24) | 1); | |
738 | os_strlcpy(wpa_s->ifname, "test", sizeof(wpa_s->ifname)); | |
739 | ||
740 | e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers)); | |
741 | assert(e->radius_conf != NULL); | |
742 | e->radius_conf->num_auth_servers = 1; | |
743 | as = os_zalloc(sizeof(struct hostapd_radius_server)); | |
744 | assert(as != NULL); | |
745 | #if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA) | |
746 | { | |
747 | int a[4]; | |
748 | u8 *pos; | |
749 | sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]); | |
750 | pos = (u8 *) &as->addr.u.v4; | |
751 | *pos++ = a[0]; | |
752 | *pos++ = a[1]; | |
753 | *pos++ = a[2]; | |
754 | *pos++ = a[3]; | |
755 | } | |
756 | #else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */ | |
757 | inet_aton(authsrv, &as->addr.u.v4); | |
758 | #endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */ | |
759 | as->addr.af = AF_INET; | |
760 | as->port = port; | |
761 | as->shared_secret = (u8 *) os_strdup(secret); | |
762 | as->shared_secret_len = os_strlen(secret); | |
763 | e->radius_conf->auth_server = as; | |
764 | e->radius_conf->auth_servers = as; | |
765 | e->radius_conf->msg_dumps = 1; | |
c454f573 TW |
766 | if (cli_addr) { |
767 | if (hostapd_parse_ip_addr(cli_addr, | |
768 | &e->radius_conf->client_addr) == 0) | |
769 | e->radius_conf->force_client_addr = 1; | |
770 | else { | |
771 | wpa_printf(MSG_ERROR, "Invalid IP address '%s'", | |
772 | cli_addr); | |
773 | assert(0); | |
774 | } | |
775 | } | |
6fc6879b JM |
776 | |
777 | e->radius = radius_client_init(wpa_s, e->radius_conf); | |
778 | assert(e->radius != NULL); | |
779 | ||
780 | res = radius_client_register(e->radius, RADIUS_AUTH, | |
781 | ieee802_1x_receive_auth, e); | |
782 | assert(res == 0); | |
783 | } | |
784 | ||
785 | ||
786 | static int scard_test(void) | |
787 | { | |
788 | struct scard_data *scard; | |
789 | size_t len; | |
790 | char imsi[20]; | |
791 | unsigned char _rand[16]; | |
792 | #ifdef PCSC_FUNCS | |
793 | unsigned char sres[4]; | |
794 | unsigned char kc[8]; | |
795 | #endif /* PCSC_FUNCS */ | |
796 | #define num_triplets 5 | |
797 | unsigned char rand_[num_triplets][16]; | |
798 | unsigned char sres_[num_triplets][4]; | |
799 | unsigned char kc_[num_triplets][8]; | |
800 | int i, res; | |
801 | size_t j; | |
802 | ||
803 | #define AKA_RAND_LEN 16 | |
804 | #define AKA_AUTN_LEN 16 | |
805 | #define AKA_AUTS_LEN 14 | |
806 | #define RES_MAX_LEN 16 | |
807 | #define IK_LEN 16 | |
808 | #define CK_LEN 16 | |
809 | unsigned char aka_rand[AKA_RAND_LEN]; | |
810 | unsigned char aka_autn[AKA_AUTN_LEN]; | |
811 | unsigned char aka_auts[AKA_AUTS_LEN]; | |
812 | unsigned char aka_res[RES_MAX_LEN]; | |
813 | size_t aka_res_len; | |
814 | unsigned char aka_ik[IK_LEN]; | |
815 | unsigned char aka_ck[CK_LEN]; | |
816 | ||
817 | scard = scard_init(SCARD_TRY_BOTH); | |
818 | if (scard == NULL) | |
819 | return -1; | |
820 | if (scard_set_pin(scard, "1234")) { | |
821 | wpa_printf(MSG_WARNING, "PIN validation failed"); | |
822 | scard_deinit(scard); | |
823 | return -1; | |
824 | } | |
825 | ||
826 | len = sizeof(imsi); | |
827 | if (scard_get_imsi(scard, imsi, &len)) | |
828 | goto failed; | |
829 | wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len); | |
830 | /* NOTE: Permanent Username: 1 | IMSI */ | |
831 | ||
832 | os_memset(_rand, 0, sizeof(_rand)); | |
833 | if (scard_gsm_auth(scard, _rand, sres, kc)) | |
834 | goto failed; | |
835 | ||
836 | os_memset(_rand, 0xff, sizeof(_rand)); | |
837 | if (scard_gsm_auth(scard, _rand, sres, kc)) | |
838 | goto failed; | |
839 | ||
840 | for (i = 0; i < num_triplets; i++) { | |
841 | os_memset(rand_[i], i, sizeof(rand_[i])); | |
842 | if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i])) | |
843 | goto failed; | |
844 | } | |
845 | ||
846 | for (i = 0; i < num_triplets; i++) { | |
847 | printf("1"); | |
848 | for (j = 0; j < len; j++) | |
849 | printf("%c", imsi[j]); | |
850 | printf(","); | |
851 | for (j = 0; j < 16; j++) | |
852 | printf("%02X", rand_[i][j]); | |
853 | printf(","); | |
854 | for (j = 0; j < 4; j++) | |
855 | printf("%02X", sres_[i][j]); | |
856 | printf(","); | |
857 | for (j = 0; j < 8; j++) | |
858 | printf("%02X", kc_[i][j]); | |
859 | printf("\n"); | |
860 | } | |
861 | ||
862 | wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication"); | |
863 | ||
864 | /* seq 39 (0x28) */ | |
865 | os_memset(aka_rand, 0xaa, 16); | |
866 | os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf" | |
867 | "\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16); | |
868 | ||
869 | res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len, | |
870 | aka_ik, aka_ck, aka_auts); | |
871 | if (res == 0) { | |
872 | wpa_printf(MSG_DEBUG, "UMTS auth completed successfully"); | |
873 | wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len); | |
874 | wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN); | |
875 | wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN); | |
876 | } else if (res == -2) { | |
877 | wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization " | |
878 | "failure"); | |
879 | wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN); | |
880 | } else { | |
881 | wpa_printf(MSG_DEBUG, "UMTS auth failed"); | |
882 | } | |
883 | ||
884 | failed: | |
885 | scard_deinit(scard); | |
886 | ||
887 | return 0; | |
888 | #undef num_triplets | |
889 | } | |
890 | ||
891 | ||
892 | static int scard_get_triplets(int argc, char *argv[]) | |
893 | { | |
894 | struct scard_data *scard; | |
895 | size_t len; | |
896 | char imsi[20]; | |
897 | unsigned char _rand[16]; | |
898 | unsigned char sres[4]; | |
899 | unsigned char kc[8]; | |
900 | int num_triplets; | |
901 | int i; | |
902 | size_t j; | |
903 | ||
904 | if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) { | |
905 | printf("invalid parameters for sim command\n"); | |
906 | return -1; | |
907 | } | |
908 | ||
909 | if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) { | |
910 | /* disable debug output */ | |
911 | wpa_debug_level = 99; | |
912 | } | |
913 | ||
914 | scard = scard_init(SCARD_GSM_SIM_ONLY); | |
915 | if (scard == NULL) { | |
916 | printf("Failed to open smartcard connection\n"); | |
917 | return -1; | |
918 | } | |
919 | if (scard_set_pin(scard, argv[0])) { | |
920 | wpa_printf(MSG_WARNING, "PIN validation failed"); | |
921 | scard_deinit(scard); | |
922 | return -1; | |
923 | } | |
924 | ||
925 | len = sizeof(imsi); | |
926 | if (scard_get_imsi(scard, imsi, &len)) { | |
927 | scard_deinit(scard); | |
928 | return -1; | |
929 | } | |
930 | ||
931 | for (i = 0; i < num_triplets; i++) { | |
932 | os_memset(_rand, i, sizeof(_rand)); | |
933 | if (scard_gsm_auth(scard, _rand, sres, kc)) | |
934 | break; | |
935 | ||
936 | /* IMSI:Kc:SRES:RAND */ | |
937 | for (j = 0; j < len; j++) | |
938 | printf("%c", imsi[j]); | |
939 | printf(":"); | |
940 | for (j = 0; j < 8; j++) | |
941 | printf("%02X", kc[j]); | |
942 | printf(":"); | |
943 | for (j = 0; j < 4; j++) | |
944 | printf("%02X", sres[j]); | |
945 | printf(":"); | |
946 | for (j = 0; j < 16; j++) | |
947 | printf("%02X", _rand[j]); | |
948 | printf("\n"); | |
949 | } | |
950 | ||
951 | scard_deinit(scard); | |
952 | ||
953 | return 0; | |
954 | } | |
955 | ||
956 | ||
957 | static void eapol_test_terminate(int sig, void *eloop_ctx, | |
958 | void *signal_ctx) | |
959 | { | |
960 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
961 | wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig); | |
962 | eloop_terminate(); | |
963 | } | |
964 | ||
965 | ||
966 | static void usage(void) | |
967 | { | |
968 | printf("usage:\n" | |
969 | "eapol_test [-nWS] -c<conf> [-a<AS IP>] [-p<AS port>] " | |
c454f573 | 970 | "[-s<AS secret>]\\\n" |
6fc6879b | 971 | " [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n" |
1e4b9da1 | 972 | " [-M<client MAC address>] \\\n" |
db803a36 TW |
973 | " [-N<attr spec>] \\\n" |
974 | " [-A<client IP>]\n" | |
6fc6879b JM |
975 | "eapol_test scard\n" |
976 | "eapol_test sim <PIN> <num triplets> [debug]\n" | |
977 | "\n"); | |
978 | printf("options:\n" | |
979 | " -c<conf> = configuration file\n" | |
980 | " -a<AS IP> = IP address of the authentication server, " | |
981 | "default 127.0.0.1\n" | |
982 | " -p<AS port> = UDP port of the authentication server, " | |
983 | "default 1812\n" | |
984 | " -s<AS secret> = shared secret with the authentication " | |
985 | "server, default 'radius'\n" | |
c454f573 TW |
986 | " -A<client IP> = IP address of the client, default: select " |
987 | "automatically\n" | |
6fc6879b JM |
988 | " -r<count> = number of re-authentications\n" |
989 | " -W = wait for a control interface monitor before starting\n" | |
2c04820d | 990 | " -S = save configuration after authentication\n" |
6fc6879b JM |
991 | " -n = no MPPE keys expected\n" |
992 | " -t<timeout> = sets timeout in seconds (default: 30 s)\n" | |
993 | " -C<Connect-Info> = RADIUS Connect-Info (default: " | |
994 | "CONNECT 11Mbps 802.11b)\n" | |
995 | " -M<client MAC address> = Set own MAC address " | |
996 | "(Calling-Station-Id,\n" | |
1e4b9da1 | 997 | " default: 02:00:00:00:00:01)\n" |
db803a36 TW |
998 | " -N<attr spec> = send arbitrary attribute specified by:\n" |
999 | " attr_id:syntax:value or attr_id\n" | |
1000 | " attr_id - number id of the attribute\n" | |
1001 | " syntax - one of: s, d, x\n" | |
1002 | " s = string\n" | |
1003 | " d = integer\n" | |
1004 | " x = octet string\n" | |
1005 | " value - attribute value.\n" | |
1006 | " When only attr_id is specified, NULL will be used as " | |
1007 | "value.\n" | |
1008 | " Multiple attributes can be specified by using the " | |
1009 | "option several times.\n"); | |
6fc6879b JM |
1010 | } |
1011 | ||
1012 | ||
1013 | int main(int argc, char *argv[]) | |
1014 | { | |
1015 | struct wpa_supplicant wpa_s; | |
1016 | int c, ret = 1, wait_for_monitor = 0, save_config = 0; | |
1017 | char *as_addr = "127.0.0.1"; | |
1018 | int as_port = 1812; | |
1019 | char *as_secret = "radius"; | |
c454f573 | 1020 | char *cli_addr = NULL; |
6fc6879b JM |
1021 | char *conf = NULL; |
1022 | int timeout = 30; | |
db803a36 TW |
1023 | char *pos; |
1024 | struct extra_radius_attr *p = NULL, *p1; | |
6fc6879b JM |
1025 | |
1026 | if (os_program_init()) | |
1027 | return -1; | |
1028 | ||
1029 | hostapd_logger_register_cb(hostapd_logger_cb); | |
1030 | ||
1031 | os_memset(&eapol_test, 0, sizeof(eapol_test)); | |
1032 | eapol_test.connect_info = "CONNECT 11Mbps 802.11b"; | |
1033 | os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN); | |
1034 | ||
1035 | wpa_debug_level = 0; | |
1036 | wpa_debug_show_keys = 1; | |
1037 | ||
1038 | for (;;) { | |
db803a36 | 1039 | c = getopt(argc, argv, "a:A:c:C:M:nN:p:r:s:St:W"); |
6fc6879b JM |
1040 | if (c < 0) |
1041 | break; | |
1042 | switch (c) { | |
1043 | case 'a': | |
1044 | as_addr = optarg; | |
1045 | break; | |
c454f573 TW |
1046 | case 'A': |
1047 | cli_addr = optarg; | |
1048 | break; | |
6fc6879b JM |
1049 | case 'c': |
1050 | conf = optarg; | |
1051 | break; | |
1052 | case 'C': | |
1053 | eapol_test.connect_info = optarg; | |
1054 | break; | |
1055 | case 'M': | |
1056 | if (hwaddr_aton(optarg, eapol_test.own_addr)) { | |
1057 | usage(); | |
1058 | return -1; | |
1059 | } | |
1060 | break; | |
1061 | case 'n': | |
1062 | eapol_test.no_mppe_keys++; | |
1063 | break; | |
1064 | case 'p': | |
1065 | as_port = atoi(optarg); | |
1066 | break; | |
1067 | case 'r': | |
1068 | eapol_test.eapol_test_num_reauths = atoi(optarg); | |
1069 | break; | |
1070 | case 's': | |
1071 | as_secret = optarg; | |
1072 | break; | |
1073 | case 'S': | |
1074 | save_config++; | |
1075 | break; | |
1076 | case 't': | |
1077 | timeout = atoi(optarg); | |
1078 | break; | |
1079 | case 'W': | |
1080 | wait_for_monitor++; | |
1081 | break; | |
db803a36 TW |
1082 | case 'N': |
1083 | p1 = os_zalloc(sizeof(p1)); | |
1084 | if (p1 == NULL) | |
1085 | break; | |
1086 | if (!p) | |
1087 | eapol_test.extra_attrs = p1; | |
1088 | else | |
1089 | p->next = p1; | |
1090 | p = p1; | |
1091 | ||
1092 | p->type = atoi(optarg); | |
1093 | pos = os_strchr(optarg, ':'); | |
1094 | if (pos == NULL) { | |
1095 | p->syntax = 'n'; | |
1096 | p->data = NULL; | |
1097 | break; | |
1098 | } | |
1099 | ||
1100 | pos++; | |
1101 | if (pos[0] == '\0' || pos[1] != ':') { | |
1102 | printf("Incorrect format of attribute " | |
1103 | "specification\n"); | |
1104 | break; | |
1105 | } | |
1106 | ||
1107 | p->syntax = pos[0]; | |
1108 | p->data = pos + 2; | |
1109 | break; | |
6fc6879b JM |
1110 | default: |
1111 | usage(); | |
1112 | return -1; | |
1113 | } | |
1114 | } | |
1115 | ||
1116 | if (argc > optind && os_strcmp(argv[optind], "scard") == 0) { | |
1117 | return scard_test(); | |
1118 | } | |
1119 | ||
1120 | if (argc > optind && os_strcmp(argv[optind], "sim") == 0) { | |
1121 | return scard_get_triplets(argc - optind - 1, | |
1122 | &argv[optind + 1]); | |
1123 | } | |
1124 | ||
1125 | if (conf == NULL) { | |
1126 | usage(); | |
1127 | printf("Configuration file is required.\n"); | |
1128 | return -1; | |
1129 | } | |
1130 | ||
12760815 | 1131 | if (eap_register_methods()) { |
6fc6879b JM |
1132 | wpa_printf(MSG_ERROR, "Failed to register EAP methods"); |
1133 | return -1; | |
1134 | } | |
1135 | ||
1136 | if (eloop_init(&wpa_s)) { | |
1137 | wpa_printf(MSG_ERROR, "Failed to initialize event loop"); | |
1138 | return -1; | |
1139 | } | |
1140 | ||
1141 | os_memset(&wpa_s, 0, sizeof(wpa_s)); | |
1142 | eapol_test.wpa_s = &wpa_s; | |
1143 | wpa_s.conf = wpa_config_read(conf); | |
1144 | if (wpa_s.conf == NULL) { | |
1145 | printf("Failed to parse configuration file '%s'.\n", conf); | |
1146 | return -1; | |
1147 | } | |
1148 | if (wpa_s.conf->ssid == NULL) { | |
1149 | printf("No networks defined.\n"); | |
1150 | return -1; | |
1151 | } | |
1152 | ||
c454f573 TW |
1153 | wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret, |
1154 | cli_addr); | |
6fc6879b JM |
1155 | wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s); |
1156 | if (wpa_s.ctrl_iface == NULL) { | |
1157 | printf("Failed to initialize control interface '%s'.\n" | |
1158 | "You may have another eapol_test process already " | |
1159 | "running or the file was\n" | |
1160 | "left by an unclean termination of eapol_test in " | |
1161 | "which case you will need\n" | |
1162 | "to manually remove this file before starting " | |
1163 | "eapol_test again.\n", | |
1164 | wpa_s.conf->ctrl_interface); | |
1165 | return -1; | |
1166 | } | |
1167 | if (wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid)) | |
1168 | return -1; | |
1169 | ||
1170 | if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid)) | |
1171 | return -1; | |
1172 | ||
1173 | if (wait_for_monitor) | |
1174 | wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface); | |
1175 | ||
1176 | eloop_register_timeout(timeout, 0, eapol_test_timeout, &eapol_test, | |
1177 | NULL); | |
1178 | eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, NULL); | |
1179 | eloop_register_signal_terminate(eapol_test_terminate, NULL); | |
1180 | eloop_register_signal_reconfig(eapol_test_terminate, NULL); | |
1181 | eloop_run(); | |
1182 | ||
1183 | eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL); | |
1184 | eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL); | |
1185 | ||
1186 | if (eapol_test_compare_pmk(&eapol_test) == 0 || | |
1187 | eapol_test.no_mppe_keys) | |
1188 | ret = 0; | |
1189 | if (eapol_test.auth_timed_out) | |
1190 | ret = -2; | |
1191 | if (eapol_test.radius_access_reject_received) | |
1192 | ret = -3; | |
1193 | ||
1194 | if (save_config) | |
1195 | wpa_config_write(conf, wpa_s.conf); | |
1196 | ||
1197 | test_eapol_clean(&eapol_test, &wpa_s); | |
1198 | ||
1199 | eap_peer_unregister_methods(); | |
1200 | ||
1201 | eloop_destroy(); | |
1202 | ||
1203 | printf("MPPE keys OK: %d mismatch: %d\n", | |
1204 | eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch); | |
1205 | if (eapol_test.num_mppe_mismatch) | |
1206 | ret = -4; | |
1207 | if (ret) | |
1208 | printf("FAILURE\n"); | |
1209 | else | |
1210 | printf("SUCCESS\n"); | |
1211 | ||
1212 | os_program_deinit(); | |
1213 | ||
1214 | return ret; | |
1215 | } |