]>
Commit | Line | Data |
---|---|---|
20e5c283 | 1 | # IEEE 802.1X tests |
7ab74770 | 2 | # Copyright (c) 2013-2019, Jouni Malinen <j@w1.fi> |
20e5c283 JM |
3 | # |
4 | # This software may be distributed under the terms of the BSD license. | |
5 | # See README for more details. | |
6 | ||
9fd6804d | 7 | from remotehost import remote_compatible |
348bc4e0 JM |
8 | import binascii |
9 | import hmac | |
20e5c283 | 10 | import logging |
26820b4f | 11 | import os |
20e5c283 JM |
12 | import time |
13 | ||
14 | import hostapd | |
15 | import hwsim_utils | |
24072e17 | 16 | from utils import skip_with_fips |
26820b4f | 17 | from tshark import run_tshark |
20e5c283 JM |
18 | |
19 | logger = logging.getLogger() | |
20 | ||
21 | def test_ieee8021x_wep104(dev, apdev): | |
22 | """IEEE 802.1X connection using dynamic WEP104""" | |
24072e17 | 23 | skip_with_fips(dev[0]) |
20e5c283 JM |
24 | params = hostapd.radius_params() |
25 | params["ssid"] = "ieee8021x-wep" | |
26 | params["ieee8021x"] = "1" | |
27 | params["wep_key_len_broadcast"] = "13" | |
28 | params["wep_key_len_unicast"] = "13" | |
8b8a1864 | 29 | hapd = hostapd.add_ap(apdev[0], params) |
20e5c283 JM |
30 | |
31 | dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK", | |
32 | identity="psk.user@example.com", | |
a08fdb17 JM |
33 | password_hex="0123456789abcdef0123456789abcdef", |
34 | scan_freq="2412") | |
a8375c94 | 35 | hwsim_utils.test_connectivity(dev[0], hapd) |
20e5c283 JM |
36 | |
37 | def test_ieee8021x_wep40(dev, apdev): | |
38 | """IEEE 802.1X connection using dynamic WEP40""" | |
24072e17 | 39 | skip_with_fips(dev[0]) |
20e5c283 JM |
40 | params = hostapd.radius_params() |
41 | params["ssid"] = "ieee8021x-wep" | |
42 | params["ieee8021x"] = "1" | |
43 | params["wep_key_len_broadcast"] = "5" | |
44 | params["wep_key_len_unicast"] = "5" | |
8b8a1864 | 45 | hapd = hostapd.add_ap(apdev[0], params) |
20e5c283 JM |
46 | |
47 | dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK", | |
48 | identity="psk.user@example.com", | |
a08fdb17 JM |
49 | password_hex="0123456789abcdef0123456789abcdef", |
50 | scan_freq="2412") | |
a8375c94 | 51 | hwsim_utils.test_connectivity(dev[0], hapd) |
20e5c283 | 52 | |
4814a136 JM |
53 | def test_ieee8021x_wep_index_workaround(dev, apdev): |
54 | """IEEE 802.1X and EAPOL-Key index workaround""" | |
55 | skip_with_fips(dev[0]) | |
56 | params = hostapd.radius_params() | |
57 | params["ssid"] = "ieee8021x-wep" | |
58 | params["ieee8021x"] = "1" | |
59 | params["wep_key_len_broadcast"] = "5" | |
60 | params["eapol_key_index_workaround"] = "1" | |
61 | hapd = hostapd.add_ap(apdev[0], params) | |
62 | ||
63 | dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eapol_flags="1", | |
64 | eap="PSK", | |
65 | identity="psk.user@example.com", | |
66 | password_hex="0123456789abcdef0123456789abcdef", | |
67 | scan_freq="2412") | |
68 | ||
20e5c283 JM |
69 | def test_ieee8021x_open(dev, apdev): |
70 | """IEEE 802.1X connection using open network""" | |
71 | params = hostapd.radius_params() | |
72 | params["ssid"] = "ieee8021x-open" | |
73 | params["ieee8021x"] = "1" | |
8b8a1864 | 74 | hapd = hostapd.add_ap(apdev[0], params) |
20e5c283 JM |
75 | |
76 | id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
77 | eap="PSK", identity="psk.user@example.com", | |
a08fdb17 JM |
78 | password_hex="0123456789abcdef0123456789abcdef", |
79 | scan_freq="2412") | |
a8375c94 | 80 | hwsim_utils.test_connectivity(dev[0], hapd) |
20e5c283 JM |
81 | |
82 | logger.info("Test EAPOL-Logoff") | |
83 | dev[0].request("LOGOFF") | |
84 | ev = dev[0].wait_event(["CTRL-EVENT-DISCONNECTED"]) | |
85 | if ev is None: | |
86 | raise Exception("Did not get disconnected") | |
87 | if "reason=23" not in ev: | |
88 | raise Exception("Unexpected disconnection reason") | |
89 | ||
90 | dev[0].request("LOGON") | |
91 | dev[0].connect_network(id) | |
a8375c94 | 92 | hwsim_utils.test_connectivity(dev[0], hapd) |
598555c7 JM |
93 | |
94 | def test_ieee8021x_static_wep40(dev, apdev): | |
95 | """IEEE 802.1X connection using static WEP40""" | |
8f497878 JM |
96 | run_static_wep(dev, apdev, '"hello"') |
97 | ||
98 | def test_ieee8021x_static_wep104(dev, apdev): | |
99 | """IEEE 802.1X connection using static WEP104""" | |
100 | run_static_wep(dev, apdev, '"hello-there-/"') | |
101 | ||
102 | def run_static_wep(dev, apdev, key): | |
598555c7 JM |
103 | params = hostapd.radius_params() |
104 | params["ssid"] = "ieee8021x-wep" | |
105 | params["ieee8021x"] = "1" | |
8f497878 | 106 | params["wep_key0"] = key |
8b8a1864 | 107 | hapd = hostapd.add_ap(apdev[0], params) |
598555c7 JM |
108 | |
109 | dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="PSK", | |
110 | identity="psk.user@example.com", | |
111 | password_hex="0123456789abcdef0123456789abcdef", | |
8f497878 | 112 | wep_key0=key, eapol_flags="0", |
a08fdb17 | 113 | scan_freq="2412") |
598555c7 | 114 | hwsim_utils.test_connectivity(dev[0], hapd) |
a08fdb17 JM |
115 | |
116 | def test_ieee8021x_proto(dev, apdev): | |
117 | """IEEE 802.1X and EAPOL supplicant protocol testing""" | |
118 | params = hostapd.radius_params() | |
119 | params["ssid"] = "ieee8021x-open" | |
120 | params["ieee8021x"] = "1" | |
8b8a1864 | 121 | hapd = hostapd.add_ap(apdev[0], params) |
a08fdb17 JM |
122 | bssid = apdev[0]['bssid'] |
123 | ||
124 | dev[1].request("SET ext_eapol_frame_io 1") | |
125 | dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
126 | eap="PSK", identity="psk.user@example.com", | |
127 | password_hex="0123456789abcdef0123456789abcdef", | |
128 | scan_freq="2412", wait_connect=False) | |
129 | id = dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
130 | eap="PSK", identity="psk.user@example.com", | |
131 | password_hex="0123456789abcdef0123456789abcdef", | |
132 | scan_freq="2412") | |
133 | ev = dev[1].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) | |
134 | ||
135 | start = dev[0].get_mib() | |
136 | ||
fab49f61 JM |
137 | tests = ["11", |
138 | "11223344", | |
139 | "020000050a93000501", | |
140 | "020300050a93000501", | |
141 | "0203002c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000", | |
142 | "0203002c0100000000000000000000000000000000000000000000000000000000000000000000000000000000000000", | |
143 | "0203002c0100050000000000000000000000000000000000000000000000000000000000000000000000000000000000", | |
144 | "02aa00050a93000501"] | |
a08fdb17 JM |
145 | for frame in tests: |
146 | res = dev[0].request("EAPOL_RX " + bssid + " " + frame) | |
147 | if "OK" not in res: | |
148 | raise Exception("EAPOL_RX to wpa_supplicant failed") | |
149 | dev[1].request("EAPOL_RX " + bssid + " " + frame) | |
150 | ||
151 | stop = dev[0].get_mib() | |
152 | ||
153 | logger.info("MIB before test frames: " + str(start)) | |
154 | logger.info("MIB after test frames: " + str(stop)) | |
155 | ||
fab49f61 JM |
156 | vals = ['dot1xSuppInvalidEapolFramesRx', |
157 | 'dot1xSuppEapLengthErrorFramesRx'] | |
a08fdb17 JM |
158 | for val in vals: |
159 | if int(stop[val]) <= int(start[val]): | |
160 | raise Exception(val + " did not increase") | |
2ff49289 | 161 | |
9fd6804d | 162 | @remote_compatible |
2ff49289 JM |
163 | def test_ieee8021x_eapol_start(dev, apdev): |
164 | """IEEE 802.1X and EAPOL-Start retransmissions""" | |
165 | params = hostapd.radius_params() | |
166 | params["ssid"] = "ieee8021x-open" | |
167 | params["ieee8021x"] = "1" | |
8b8a1864 | 168 | hapd = hostapd.add_ap(apdev[0], params) |
2ff49289 | 169 | bssid = apdev[0]['bssid'] |
77832550 | 170 | addr0 = dev[0].own_addr() |
2ff49289 JM |
171 | |
172 | hapd.set("ext_eapol_frame_io", "1") | |
173 | try: | |
174 | dev[0].request("SET EAPOL::startPeriod 1") | |
175 | dev[0].request("SET EAPOL::maxStart 1") | |
176 | dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
177 | eap="PSK", identity="psk.user@example.com", | |
178 | password_hex="0123456789abcdef0123456789abcdef", | |
179 | scan_freq="2412", wait_connect=False) | |
180 | held = False | |
181 | for i in range(30): | |
182 | pae = dev[0].get_status_field('Supplicant PAE state') | |
183 | if pae == "HELD": | |
77832550 JM |
184 | mib = hapd.get_sta(addr0, info="eapol") |
185 | if mib['auth_pae_state'] != 'AUTHENTICATING': | |
186 | raise Exception("Unexpected Auth PAE state: " + mib['auth_pae_state']) | |
2ff49289 JM |
187 | held = True |
188 | break | |
189 | time.sleep(0.25) | |
190 | if not held: | |
191 | raise Exception("PAE state HELD not reached") | |
192 | dev[0].wait_disconnected() | |
193 | finally: | |
194 | dev[0].request("SET EAPOL::startPeriod 30") | |
195 | dev[0].request("SET EAPOL::maxStart 3") | |
348bc4e0 | 196 | |
e0236b15 JM |
197 | def test_ieee8021x_held(dev, apdev): |
198 | """IEEE 802.1X and HELD state""" | |
199 | params = hostapd.radius_params() | |
200 | params["ssid"] = "ieee8021x-open" | |
201 | params["ieee8021x"] = "1" | |
8b8a1864 | 202 | hapd = hostapd.add_ap(apdev[0], params) |
e0236b15 JM |
203 | bssid = apdev[0]['bssid'] |
204 | ||
205 | hapd.set("ext_eapol_frame_io", "1") | |
206 | try: | |
207 | dev[0].request("SET EAPOL::startPeriod 1") | |
208 | dev[0].request("SET EAPOL::maxStart 0") | |
209 | dev[0].request("SET EAPOL::heldPeriod 1") | |
210 | dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
211 | eap="PSK", identity="psk.user@example.com", | |
212 | password_hex="0123456789abcdef0123456789abcdef", | |
213 | scan_freq="2412", wait_connect=False) | |
214 | held = False | |
215 | for i in range(30): | |
216 | pae = dev[0].get_status_field('Supplicant PAE state') | |
217 | if pae == "HELD": | |
218 | held = True | |
219 | break | |
220 | time.sleep(0.25) | |
221 | if not held: | |
222 | raise Exception("PAE state HELD not reached") | |
223 | ||
224 | hapd.set("ext_eapol_frame_io", "0") | |
225 | for i in range(30): | |
226 | pae = dev[0].get_status_field('Supplicant PAE state') | |
227 | if pae != "HELD": | |
228 | held = False | |
229 | break | |
230 | time.sleep(0.25) | |
231 | if held: | |
232 | raise Exception("PAE state HELD not left") | |
fab49f61 JM |
233 | ev = dev[0].wait_event(["CTRL-EVENT-CONNECTED", |
234 | "CTRL-EVENT-DISCONNECTED"], timeout=10) | |
e0236b15 JM |
235 | if ev is None: |
236 | raise Exception("Connection timed out") | |
237 | if "CTRL-EVENT-DISCONNECTED" in ev: | |
238 | raise Exception("Unexpected disconnection") | |
239 | finally: | |
240 | dev[0].request("SET EAPOL::startPeriod 30") | |
241 | dev[0].request("SET EAPOL::maxStart 3") | |
242 | dev[0].request("SET EAPOL::heldPeriod 60") | |
243 | ||
348bc4e0 JM |
244 | def send_eapol_key(dev, bssid, signkey, frame_start, frame_end): |
245 | zero_sign = "00000000000000000000000000000000" | |
246 | frame = frame_start + zero_sign + frame_end | |
247 | hmac_obj = hmac.new(binascii.unhexlify(signkey)) | |
248 | hmac_obj.update(binascii.unhexlify(frame)) | |
249 | sign = hmac_obj.digest() | |
7ab74770 | 250 | frame = frame_start + binascii.hexlify(sign).decode() + frame_end |
348bc4e0 JM |
251 | dev.request("EAPOL_RX " + bssid + " " + frame) |
252 | ||
253 | def test_ieee8021x_eapol_key(dev, apdev): | |
254 | """IEEE 802.1X connection and EAPOL-Key protocol tests""" | |
24072e17 | 255 | skip_with_fips(dev[0]) |
348bc4e0 JM |
256 | params = hostapd.radius_params() |
257 | params["ssid"] = "ieee8021x-wep" | |
258 | params["ieee8021x"] = "1" | |
259 | params["wep_key_len_broadcast"] = "5" | |
260 | params["wep_key_len_unicast"] = "5" | |
8b8a1864 | 261 | hapd = hostapd.add_ap(apdev[0], params) |
348bc4e0 JM |
262 | bssid = apdev[0]['bssid'] |
263 | ||
264 | dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X", eap="VENDOR-TEST", | |
265 | identity="vendor-test", scan_freq="2412") | |
266 | ||
267 | # Hardcoded MSK from VENDOR-TEST | |
268 | encrkey = "1111111111111111111111111111111111111111111111111111111111111111" | |
269 | signkey = "2222222222222222222222222222222222222222222222222222222222222222" | |
270 | ||
271 | # EAPOL-Key replay counter does not increase | |
272 | send_eapol_key(dev[0], bssid, signkey, | |
273 | "02030031" + "010005" + "0000000000000000" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", | |
274 | "1c636a30a4") | |
275 | ||
276 | # EAPOL-Key too large Key Length field value | |
277 | send_eapol_key(dev[0], bssid, signkey, | |
278 | "02030031" + "010021" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", | |
279 | "1c636a30a4") | |
280 | ||
281 | # EAPOL-Key too much key data | |
282 | send_eapol_key(dev[0], bssid, signkey, | |
283 | "0203004d" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", | |
284 | 33*"ff") | |
285 | ||
286 | # EAPOL-Key too little key data | |
287 | send_eapol_key(dev[0], bssid, signkey, | |
288 | "02030030" + "010005" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", | |
289 | "1c636a30") | |
290 | ||
291 | # EAPOL-Key with no key data and too long WEP key length | |
292 | send_eapol_key(dev[0], bssid, signkey, | |
293 | "0203002c" + "010020" + "ffffffffffffffff" + "056c22d109f29d4d9fb9b9ccbad33283" + "02", | |
294 | "") | |
a32a6d2c JM |
295 | |
296 | def test_ieee8021x_reauth(dev, apdev): | |
297 | """IEEE 802.1X and EAPOL_REAUTH request""" | |
298 | params = hostapd.radius_params() | |
299 | params["ssid"] = "ieee8021x-open" | |
300 | params["ieee8021x"] = "1" | |
8b8a1864 | 301 | hapd = hostapd.add_ap(apdev[0], params) |
a32a6d2c JM |
302 | |
303 | dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
304 | eap="PSK", identity="psk.user@example.com", | |
305 | password_hex="0123456789abcdef0123456789abcdef", | |
306 | scan_freq="2412") | |
307 | ||
308 | hapd.request("EAPOL_REAUTH " + dev[0].own_addr()) | |
309 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) | |
310 | if ev is None: | |
311 | raise Exception("EAP authentication did not start") | |
312 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) | |
313 | if ev is None: | |
314 | raise Exception("EAP authentication did not succeed") | |
315 | time.sleep(0.1) | |
316 | hwsim_utils.test_connectivity(dev[0], hapd) | |
b7bdfb68 | 317 | |
26820b4f JM |
318 | def test_ieee8021x_reauth_wep(dev, apdev, params): |
319 | """IEEE 802.1X and EAPOL_REAUTH request with WEP""" | |
320 | logdir = params['logdir'] | |
321 | ||
322 | params = hostapd.radius_params() | |
323 | params["ssid"] = "ieee8021x-open" | |
324 | params["ieee8021x"] = "1" | |
325 | params["wep_key_len_broadcast"] = "13" | |
326 | params["wep_key_len_unicast"] = "13" | |
327 | hapd = hostapd.add_ap(apdev[0], params) | |
328 | ||
329 | dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", | |
330 | eap="PSK", identity="psk.user@example.com", | |
331 | password_hex="0123456789abcdef0123456789abcdef", | |
332 | scan_freq="2412") | |
333 | hwsim_utils.test_connectivity(dev[0], hapd) | |
334 | ||
335 | hapd.request("EAPOL_REAUTH " + dev[0].own_addr()) | |
336 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) | |
337 | if ev is None: | |
338 | raise Exception("EAP authentication did not start") | |
339 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) | |
340 | if ev is None: | |
341 | raise Exception("EAP authentication did not succeed") | |
342 | time.sleep(0.1) | |
343 | hwsim_utils.test_connectivity(dev[0], hapd) | |
344 | ||
345 | out = run_tshark(os.path.join(logdir, "hwsim0.pcapng"), | |
346 | "llc.type == 0x888e", ["eapol.type", "eap.code"]) | |
347 | if out is None: | |
348 | raise Exception("Could not find EAPOL frames in capture") | |
349 | num_eapol_key = 0 | |
350 | num_eap_req = 0 | |
351 | num_eap_resp = 0 | |
352 | for line in out.splitlines(): | |
353 | vals = line.split() | |
354 | if vals[0] == '3': | |
355 | num_eapol_key += 1 | |
356 | if vals[0] == '0' and len(vals) == 2: | |
357 | if vals[1] == '1': | |
358 | num_eap_req += 1 | |
359 | elif vals[1] == '2': | |
360 | num_eap_resp += 1 | |
361 | logger.info("num_eapol_key: %d" % num_eapol_key) | |
362 | logger.info("num_eap_req: %d" % num_eap_req) | |
363 | logger.info("num_eap_resp: %d" % num_eap_resp) | |
364 | if num_eapol_key < 4: | |
365 | raise Exception("Did not see four unencrypted EAPOL-Key frames") | |
366 | if num_eap_req < 6: | |
367 | raise Exception("Did not see six unencrypted EAP-Request frames") | |
368 | if num_eap_resp < 6: | |
369 | raise Exception("Did not see six unencrypted EAP-Response frames") | |
370 | ||
b7bdfb68 JM |
371 | def test_ieee8021x_set_conf(dev, apdev): |
372 | """IEEE 802.1X and EAPOL_SET command""" | |
373 | params = hostapd.radius_params() | |
374 | params["ssid"] = "ieee8021x-open" | |
375 | params["ieee8021x"] = "1" | |
8b8a1864 | 376 | hapd = hostapd.add_ap(apdev[0], params) |
b7bdfb68 JM |
377 | |
378 | dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
379 | eap="PSK", identity="psk.user@example.com", | |
380 | password_hex="0123456789abcdef0123456789abcdef", | |
381 | scan_freq="2412") | |
382 | ||
383 | addr0 = dev[0].own_addr() | |
fab49f61 JM |
384 | tests = ["EAPOL_SET 1", |
385 | "EAPOL_SET %sfoo bar" % addr0, | |
386 | "EAPOL_SET %s foo" % addr0, | |
387 | "EAPOL_SET %s foo bar" % addr0, | |
388 | "EAPOL_SET %s AdminControlledDirections bar" % addr0, | |
389 | "EAPOL_SET %s AdminControlledPortControl bar" % addr0, | |
390 | "EAPOL_SET %s reAuthEnabled bar" % addr0, | |
391 | "EAPOL_SET %s KeyTransmissionEnabled bar" % addr0, | |
392 | "EAPOL_SET 11:22:33:44:55:66 AdminControlledDirections Both"] | |
b7bdfb68 JM |
393 | for t in tests: |
394 | if "FAIL" not in hapd.request(t): | |
395 | raise Exception("Invalid EAPOL_SET command accepted: " + t) | |
396 | ||
fab49f61 JM |
397 | tests = [("AdminControlledDirections", "adminControlledDirections", "In"), |
398 | ("AdminControlledDirections", "adminControlledDirections", | |
399 | "Both"), | |
400 | ("quietPeriod", "quietPeriod", "13"), | |
401 | ("serverTimeout", "serverTimeout", "7"), | |
402 | ("reAuthPeriod", "reAuthPeriod", "1234"), | |
403 | ("reAuthEnabled", "reAuthEnabled", "FALSE"), | |
404 | ("reAuthEnabled", "reAuthEnabled", "TRUE"), | |
405 | ("KeyTransmissionEnabled", "keyTxEnabled", "TRUE"), | |
406 | ("KeyTransmissionEnabled", "keyTxEnabled", "FALSE"), | |
407 | ("AdminControlledPortControl", "portControl", "ForceAuthorized"), | |
408 | ("AdminControlledPortControl", "portControl", | |
409 | "ForceUnauthorized"), | |
410 | ("AdminControlledPortControl", "portControl", "Auto")] | |
411 | for param, mibparam, val in tests: | |
b7bdfb68 JM |
412 | if "OK" not in hapd.request("EAPOL_SET %s %s %s" % (addr0, param, val)): |
413 | raise Exception("Failed to set %s %s" % (param, val)) | |
414 | mib = hapd.get_sta(addr0, info="eapol") | |
415 | if mib[mibparam] != val: | |
416 | raise Exception("Unexpected %s value: %s (expected %s)" % (param, mib[mibparam], val)) | |
417 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-SUCCESS"], timeout=5) | |
418 | if ev is None: | |
419 | raise Exception("EAP authentication did not succeed") | |
420 | time.sleep(0.1) | |
421 | hwsim_utils.test_connectivity(dev[0], hapd) | |
2496adf0 JM |
422 | |
423 | def test_ieee8021x_auth_awhile(dev, apdev): | |
424 | """IEEE 802.1X and EAPOL Authenticator aWhile handling""" | |
425 | params = hostapd.radius_params() | |
426 | params["ssid"] = "ieee8021x-open" | |
427 | params["ieee8021x"] = "1" | |
428 | params['auth_server_port'] = "18129" | |
8b8a1864 | 429 | hapd = hostapd.add_ap(apdev[0], params) |
2496adf0 JM |
430 | bssid = apdev[0]['bssid'] |
431 | addr0 = dev[0].own_addr() | |
432 | ||
433 | params = {} | |
434 | params['ssid'] = 'as' | |
435 | params['beacon_int'] = '2000' | |
436 | params['radius_server_clients'] = 'auth_serv/radius_clients.conf' | |
437 | params['radius_server_auth_port'] = '18129' | |
438 | params['eap_server'] = '1' | |
439 | params['eap_user_file'] = 'auth_serv/eap_user.conf' | |
440 | params['ca_cert'] = 'auth_serv/ca.pem' | |
441 | params['server_cert'] = 'auth_serv/server.pem' | |
442 | params['private_key'] = 'auth_serv/server.key' | |
8b8a1864 | 443 | hapd1 = hostapd.add_ap(apdev[1], params) |
2496adf0 JM |
444 | |
445 | dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
446 | eap="PSK", identity="psk.user@example.com", | |
447 | password_hex="0123456789abcdef0123456789abcdef", | |
448 | scan_freq="2412") | |
449 | hapd1.disable() | |
450 | if "OK" not in hapd.request("EAPOL_SET %s serverTimeout 1" % addr0): | |
451 | raise Exception("Failed to set serverTimeout") | |
452 | hapd.request("EAPOL_REAUTH " + dev[0].own_addr()) | |
453 | ev = dev[0].wait_event(["CTRL-EVENT-EAP-STARTED"], timeout=5) | |
454 | ||
455 | for i in range(40): | |
456 | mib = hapd.get_sta(addr0, info="eapol") | |
457 | val = int(mib['aWhile']) | |
458 | if val > 0: | |
459 | break | |
460 | time.sleep(1) | |
461 | if val == 0: | |
462 | raise Exception("aWhile did not increase") | |
463 | ||
464 | hapd.dump_monitor() | |
465 | for i in range(40): | |
466 | mib = hapd.get_sta(addr0, info="eapol") | |
467 | val = int(mib['aWhile']) | |
468 | if val < 5: | |
469 | break | |
470 | time.sleep(1) | |
471 | ev = hapd.wait_event(["CTRL-EVENT-EAP-PROPOSED"], timeout=10) | |
472 | if ev is None: | |
473 | raise Exception("Authentication restart not seen") | |
d1150e56 JM |
474 | |
475 | def test_ieee8021x_open_leap(dev, apdev): | |
476 | """IEEE 802.1X connection with LEAP included in configuration""" | |
477 | params = hostapd.radius_params() | |
478 | params["ssid"] = "ieee8021x-open" | |
479 | params["ieee8021x"] = "1" | |
480 | hapd = hostapd.add_ap(apdev[0], params) | |
481 | ||
482 | dev[1].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
483 | eap="LEAP", identity="psk.user@example.com", | |
484 | password_hex="0123456789abcdef0123456789abcdef", | |
485 | scan_freq="2412", wait_connect=False) | |
486 | dev[0].connect("ieee8021x-open", key_mgmt="IEEE8021X", eapol_flags="0", | |
487 | eap="PSK LEAP", identity="psk.user@example.com", | |
488 | password_hex="0123456789abcdef0123456789abcdef", | |
489 | scan_freq="2412") | |
490 | ev = dev[1].wait_event(["CTRL-EVENT-AUTH-REJECT"], timeout=5) | |
491 | dev[1].request("DISCONNECT") | |
dcd54211 JM |
492 | |
493 | def test_ieee8021x_and_wpa_enabled(dev, apdev): | |
494 | """IEEE 802.1X connection using dynamic WEP104 when WPA enabled""" | |
495 | skip_with_fips(dev[0]) | |
496 | params = hostapd.radius_params() | |
497 | params["ssid"] = "ieee8021x-wep" | |
498 | params["ieee8021x"] = "1" | |
499 | params["wep_key_len_broadcast"] = "13" | |
500 | params["wep_key_len_unicast"] = "13" | |
501 | hapd = hostapd.add_ap(apdev[0], params) | |
502 | ||
503 | dev[0].connect("ieee8021x-wep", key_mgmt="IEEE8021X WPA-EAP", eap="PSK", | |
504 | identity="psk.user@example.com", | |
505 | password_hex="0123456789abcdef0123456789abcdef", | |
506 | scan_freq="2412") | |
507 | hwsim_utils.test_connectivity(dev[0], hapd) |