]>
Commit | Line | Data |
---|---|---|
6fc6879b JM |
1 | /* |
2 | * WPA Supplicant - test code | |
b6077964 | 3 | * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> |
6fc6879b | 4 | * |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
6fc6879b JM |
7 | * |
8 | * IEEE 802.1X Supplicant test code (to be used in place of wpa_supplicant.c. | |
9 | * Not used in production version. | |
10 | */ | |
11 | ||
12 | #include "includes.h" | |
13 | #include <assert.h> | |
14 | ||
15 | #include "common.h" | |
306ae225 | 16 | #include "utils/ext_password.h" |
4363c0d6 | 17 | #include "common/version.h" |
bc0634da | 18 | #include "crypto/tls.h" |
6fc6879b JM |
19 | #include "config.h" |
20 | #include "eapol_supp/eapol_supp_sm.h" | |
21 | #include "eap_peer/eap.h" | |
eacc12bf | 22 | #include "eap_server/eap_methods.h" |
6fc6879b | 23 | #include "eloop.h" |
1b414f59 | 24 | #include "utils/base64.h" |
3acb5005 | 25 | #include "rsn_supp/wpa.h" |
6fc6879b JM |
26 | #include "wpa_supplicant_i.h" |
27 | #include "radius/radius.h" | |
28 | #include "radius/radius_client.h" | |
4f525d8e | 29 | #include "common/wpa_ctrl.h" |
6fc6879b JM |
30 | #include "ctrl_iface.h" |
31 | #include "pcsc_funcs.h" | |
b6077964 | 32 | #include "wpas_glue.h" |
6fc6879b JM |
33 | |
34 | ||
8b423edb | 35 | const struct wpa_driver_ops *const wpa_drivers[] = { NULL }; |
6fc6879b JM |
36 | |
37 | ||
db803a36 TW |
38 | struct extra_radius_attr { |
39 | u8 type; | |
40 | char syntax; | |
41 | char *data; | |
42 | struct extra_radius_attr *next; | |
43 | }; | |
44 | ||
6fc6879b JM |
45 | struct eapol_test_data { |
46 | struct wpa_supplicant *wpa_s; | |
47 | ||
48 | int eapol_test_num_reauths; | |
49 | int no_mppe_keys; | |
50 | int num_mppe_ok, num_mppe_mismatch; | |
cfdb32e8 | 51 | int req_eap_key_name; |
6fc6879b JM |
52 | |
53 | u8 radius_identifier; | |
54 | struct radius_msg *last_recv_radius; | |
55 | struct in_addr own_ip_addr; | |
56 | struct radius_client_data *radius; | |
57 | struct hostapd_radius_servers *radius_conf; | |
58 | ||
e100828b JM |
59 | /* last received EAP Response from Authentication Server */ |
60 | struct wpabuf *last_eap_radius; | |
6fc6879b JM |
61 | |
62 | u8 authenticator_pmk[PMK_LEN]; | |
63 | size_t authenticator_pmk_len; | |
cfdb32e8 JM |
64 | u8 authenticator_eap_key_name[256]; |
65 | size_t authenticator_eap_key_name_len; | |
6fc6879b JM |
66 | int radius_access_accept_received; |
67 | int radius_access_reject_received; | |
68 | int auth_timed_out; | |
69 | ||
70 | u8 *eap_identity; | |
71 | size_t eap_identity_len; | |
72 | ||
73 | char *connect_info; | |
74 | u8 own_addr[ETH_ALEN]; | |
db803a36 | 75 | struct extra_radius_attr *extra_attrs; |
1b414f59 JM |
76 | |
77 | FILE *server_cert_file; | |
e9852462 JM |
78 | |
79 | const char *pcsc_reader; | |
80 | const char *pcsc_pin; | |
048d084d JM |
81 | |
82 | unsigned int ctrl_iface:1; | |
83 | unsigned int id_req_sent:1; | |
6fc6879b JM |
84 | }; |
85 | ||
86 | static struct eapol_test_data eapol_test; | |
87 | ||
88 | ||
89 | static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx); | |
90 | ||
91 | ||
92 | static void hostapd_logger_cb(void *ctx, const u8 *addr, unsigned int module, | |
93 | int level, const char *txt, size_t len) | |
94 | { | |
95 | if (addr) | |
96 | wpa_printf(MSG_DEBUG, "STA " MACSTR ": %s\n", | |
97 | MAC2STR(addr), txt); | |
98 | else | |
99 | wpa_printf(MSG_DEBUG, "%s", txt); | |
100 | } | |
101 | ||
102 | ||
db803a36 TW |
103 | static int add_extra_attr(struct radius_msg *msg, |
104 | struct extra_radius_attr *attr) | |
105 | { | |
106 | size_t len; | |
107 | char *pos; | |
108 | u32 val; | |
d03f1e5d | 109 | char buf[RADIUS_MAX_ATTR_LEN + 1]; |
db803a36 TW |
110 | |
111 | switch (attr->syntax) { | |
112 | case 's': | |
113 | os_snprintf(buf, sizeof(buf), "%s", attr->data); | |
114 | len = os_strlen(buf); | |
115 | break; | |
116 | case 'n': | |
117 | buf[0] = '\0'; | |
118 | len = 1; | |
119 | break; | |
120 | case 'x': | |
121 | pos = attr->data; | |
122 | if (pos[0] == '0' && pos[1] == 'x') | |
123 | pos += 2; | |
124 | len = os_strlen(pos); | |
d03f1e5d | 125 | if ((len & 1) || (len / 2) > RADIUS_MAX_ATTR_LEN) { |
db803a36 TW |
126 | printf("Invalid extra attribute hexstring\n"); |
127 | return -1; | |
128 | } | |
129 | len /= 2; | |
130 | if (hexstr2bin(pos, (u8 *) buf, len) < 0) { | |
131 | printf("Invalid extra attribute hexstring\n"); | |
132 | return -1; | |
133 | } | |
134 | break; | |
135 | case 'd': | |
136 | val = htonl(atoi(attr->data)); | |
137 | os_memcpy(buf, &val, 4); | |
138 | len = 4; | |
139 | break; | |
140 | default: | |
141 | printf("Incorrect extra attribute syntax specification\n"); | |
142 | return -1; | |
143 | } | |
144 | ||
145 | if (!radius_msg_add_attr(msg, attr->type, (u8 *) buf, len)) { | |
146 | printf("Could not add attribute %d\n", attr->type); | |
147 | return -1; | |
148 | } | |
149 | ||
150 | return 0; | |
151 | } | |
152 | ||
153 | ||
154 | static int add_extra_attrs(struct radius_msg *msg, | |
155 | struct extra_radius_attr *attrs) | |
156 | { | |
157 | struct extra_radius_attr *p; | |
158 | for (p = attrs; p; p = p->next) { | |
159 | if (add_extra_attr(msg, p) < 0) | |
160 | return -1; | |
161 | } | |
162 | return 0; | |
163 | } | |
164 | ||
165 | ||
676ea341 JM |
166 | static struct extra_radius_attr * |
167 | find_extra_attr(struct extra_radius_attr *attrs, u8 type) | |
168 | { | |
169 | struct extra_radius_attr *p; | |
170 | for (p = attrs; p; p = p->next) { | |
171 | if (p->type == type) | |
172 | return p; | |
173 | } | |
174 | return NULL; | |
175 | } | |
176 | ||
177 | ||
6fc6879b JM |
178 | static void ieee802_1x_encapsulate_radius(struct eapol_test_data *e, |
179 | const u8 *eap, size_t len) | |
180 | { | |
181 | struct radius_msg *msg; | |
d03f1e5d | 182 | char buf[RADIUS_MAX_ATTR_LEN + 1]; |
6fc6879b JM |
183 | const struct eap_hdr *hdr; |
184 | const u8 *pos; | |
185 | ||
186 | wpa_printf(MSG_DEBUG, "Encapsulating EAP message into a RADIUS " | |
187 | "packet"); | |
188 | ||
189 | e->radius_identifier = radius_client_get_id(e->radius); | |
190 | msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, | |
191 | e->radius_identifier); | |
192 | if (msg == NULL) { | |
193 | printf("Could not create net RADIUS packet\n"); | |
194 | return; | |
195 | } | |
196 | ||
2cbc6ffb | 197 | radius_msg_make_authenticator(msg); |
6fc6879b JM |
198 | |
199 | hdr = (const struct eap_hdr *) eap; | |
200 | pos = (const u8 *) (hdr + 1); | |
201 | if (len > sizeof(*hdr) && hdr->code == EAP_CODE_RESPONSE && | |
202 | pos[0] == EAP_TYPE_IDENTITY) { | |
203 | pos++; | |
204 | os_free(e->eap_identity); | |
205 | e->eap_identity_len = len - sizeof(*hdr) - 1; | |
206 | e->eap_identity = os_malloc(e->eap_identity_len); | |
207 | if (e->eap_identity) { | |
208 | os_memcpy(e->eap_identity, pos, e->eap_identity_len); | |
209 | wpa_hexdump(MSG_DEBUG, "Learned identity from " | |
210 | "EAP-Response-Identity", | |
211 | e->eap_identity, e->eap_identity_len); | |
212 | } | |
213 | } | |
214 | ||
215 | if (e->eap_identity && | |
216 | !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, | |
217 | e->eap_identity, e->eap_identity_len)) { | |
218 | printf("Could not add User-Name\n"); | |
219 | goto fail; | |
220 | } | |
221 | ||
cfdb32e8 JM |
222 | if (e->req_eap_key_name && |
223 | !radius_msg_add_attr(msg, RADIUS_ATTR_EAP_KEY_NAME, (u8 *) "\0", | |
224 | 1)) { | |
225 | printf("Could not add EAP-Key-Name\n"); | |
226 | goto fail; | |
227 | } | |
228 | ||
676ea341 JM |
229 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_IP_ADDRESS) && |
230 | !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS, | |
6fc6879b JM |
231 | (u8 *) &e->own_ip_addr, 4)) { |
232 | printf("Could not add NAS-IP-Address\n"); | |
233 | goto fail; | |
234 | } | |
235 | ||
236 | os_snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT, | |
237 | MAC2STR(e->wpa_s->own_addr)); | |
676ea341 JM |
238 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CALLING_STATION_ID) |
239 | && | |
240 | !radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID, | |
6fc6879b JM |
241 | (u8 *) buf, os_strlen(buf))) { |
242 | printf("Could not add Calling-Station-Id\n"); | |
243 | goto fail; | |
244 | } | |
245 | ||
246 | /* TODO: should probably check MTU from driver config; 2304 is max for | |
247 | * IEEE 802.11, but use 1400 to avoid problems with too large packets | |
248 | */ | |
676ea341 JM |
249 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_FRAMED_MTU) && |
250 | !radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) { | |
6fc6879b JM |
251 | printf("Could not add Framed-MTU\n"); |
252 | goto fail; | |
253 | } | |
254 | ||
676ea341 JM |
255 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_NAS_PORT_TYPE) && |
256 | !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE, | |
6fc6879b JM |
257 | RADIUS_NAS_PORT_TYPE_IEEE_802_11)) { |
258 | printf("Could not add NAS-Port-Type\n"); | |
259 | goto fail; | |
260 | } | |
261 | ||
8c676b50 NL |
262 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_SERVICE_TYPE) && |
263 | !radius_msg_add_attr_int32(msg, RADIUS_ATTR_SERVICE_TYPE, | |
264 | RADIUS_SERVICE_TYPE_FRAMED)) { | |
265 | printf("Could not add Service-Type\n"); | |
266 | goto fail; | |
267 | } | |
268 | ||
6fc6879b | 269 | os_snprintf(buf, sizeof(buf), "%s", e->connect_info); |
676ea341 JM |
270 | if (!find_extra_attr(e->extra_attrs, RADIUS_ATTR_CONNECT_INFO) && |
271 | !radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO, | |
6fc6879b JM |
272 | (u8 *) buf, os_strlen(buf))) { |
273 | printf("Could not add Connect-Info\n"); | |
274 | goto fail; | |
275 | } | |
276 | ||
db803a36 TW |
277 | if (add_extra_attrs(msg, e->extra_attrs) < 0) |
278 | goto fail; | |
1e4b9da1 | 279 | |
6fc6879b JM |
280 | if (eap && !radius_msg_add_eap(msg, eap, len)) { |
281 | printf("Could not add EAP-Message\n"); | |
282 | goto fail; | |
283 | } | |
284 | ||
285 | /* State attribute must be copied if and only if this packet is | |
286 | * Access-Request reply to the previous Access-Challenge */ | |
f5d4a8ea JM |
287 | if (e->last_recv_radius && |
288 | radius_msg_get_hdr(e->last_recv_radius)->code == | |
6fc6879b JM |
289 | RADIUS_CODE_ACCESS_CHALLENGE) { |
290 | int res = radius_msg_copy_attr(msg, e->last_recv_radius, | |
291 | RADIUS_ATTR_STATE); | |
292 | if (res < 0) { | |
293 | printf("Could not copy State attribute from previous " | |
294 | "Access-Challenge\n"); | |
295 | goto fail; | |
296 | } | |
297 | if (res > 0) { | |
298 | wpa_printf(MSG_DEBUG, " Copied RADIUS State " | |
299 | "Attribute"); | |
300 | } | |
301 | } | |
302 | ||
ca8e039f JM |
303 | if (radius_client_send(e->radius, msg, RADIUS_AUTH, e->wpa_s->own_addr) |
304 | < 0) | |
305 | goto fail; | |
6fc6879b JM |
306 | return; |
307 | ||
308 | fail: | |
309 | radius_msg_free(msg); | |
6fc6879b JM |
310 | } |
311 | ||
312 | ||
313 | static int eapol_test_eapol_send(void *ctx, int type, const u8 *buf, | |
314 | size_t len) | |
315 | { | |
6fc6879b JM |
316 | printf("WPA: eapol_test_eapol_send(type=%d len=%lu)\n", |
317 | type, (unsigned long) len); | |
318 | if (type == IEEE802_1X_TYPE_EAP_PACKET) { | |
319 | wpa_hexdump(MSG_DEBUG, "TX EAP -> RADIUS", buf, len); | |
320 | ieee802_1x_encapsulate_radius(&eapol_test, buf, len); | |
321 | } | |
322 | return 0; | |
323 | } | |
324 | ||
325 | ||
326 | static void eapol_test_set_config_blob(void *ctx, | |
327 | struct wpa_config_blob *blob) | |
328 | { | |
1b414f59 JM |
329 | struct eapol_test_data *e = ctx; |
330 | wpa_config_set_blob(e->wpa_s->conf, blob); | |
6fc6879b JM |
331 | } |
332 | ||
333 | ||
334 | static const struct wpa_config_blob * | |
335 | eapol_test_get_config_blob(void *ctx, const char *name) | |
336 | { | |
1b414f59 JM |
337 | struct eapol_test_data *e = ctx; |
338 | return wpa_config_get_blob(e->wpa_s->conf, name); | |
6fc6879b JM |
339 | } |
340 | ||
341 | ||
342 | static void eapol_test_eapol_done_cb(void *ctx) | |
343 | { | |
048d084d JM |
344 | struct eapol_test_data *e = ctx; |
345 | ||
6fc6879b | 346 | printf("WPA: EAPOL processing complete\n"); |
048d084d JM |
347 | wpa_supplicant_cancel_auth_timeout(e->wpa_s); |
348 | wpa_supplicant_set_state(e->wpa_s, WPA_COMPLETED); | |
6fc6879b JM |
349 | } |
350 | ||
351 | ||
352 | static void eapol_sm_reauth(void *eloop_ctx, void *timeout_ctx) | |
353 | { | |
354 | struct eapol_test_data *e = eloop_ctx; | |
355 | printf("\n\n\n\n\neapol_test: Triggering EAP reauthentication\n\n"); | |
356 | e->radius_access_accept_received = 0; | |
357 | send_eap_request_identity(e->wpa_s, NULL); | |
358 | } | |
359 | ||
360 | ||
361 | static int eapol_test_compare_pmk(struct eapol_test_data *e) | |
362 | { | |
363 | u8 pmk[PMK_LEN]; | |
364 | int ret = 1; | |
cfdb32e8 JM |
365 | const u8 *sess_id; |
366 | size_t sess_id_len; | |
6fc6879b JM |
367 | |
368 | if (eapol_sm_get_key(e->wpa_s->eapol, pmk, PMK_LEN) == 0) { | |
369 | wpa_hexdump(MSG_DEBUG, "PMK from EAPOL", pmk, PMK_LEN); | |
370 | if (os_memcmp(pmk, e->authenticator_pmk, PMK_LEN) != 0) { | |
371 | printf("WARNING: PMK mismatch\n"); | |
372 | wpa_hexdump(MSG_DEBUG, "PMK from AS", | |
373 | e->authenticator_pmk, PMK_LEN); | |
374 | } else if (e->radius_access_accept_received) | |
375 | ret = 0; | |
376 | } else if (e->authenticator_pmk_len == 16 && | |
377 | eapol_sm_get_key(e->wpa_s->eapol, pmk, 16) == 0) { | |
378 | wpa_hexdump(MSG_DEBUG, "LEAP PMK from EAPOL", pmk, 16); | |
379 | if (os_memcmp(pmk, e->authenticator_pmk, 16) != 0) { | |
380 | printf("WARNING: PMK mismatch\n"); | |
381 | wpa_hexdump(MSG_DEBUG, "PMK from AS", | |
382 | e->authenticator_pmk, 16); | |
383 | } else if (e->radius_access_accept_received) | |
384 | ret = 0; | |
385 | } else if (e->radius_access_accept_received && e->no_mppe_keys) { | |
386 | /* No keying material expected */ | |
387 | ret = 0; | |
388 | } | |
389 | ||
390 | if (ret && !e->no_mppe_keys) | |
391 | e->num_mppe_mismatch++; | |
392 | else if (!e->no_mppe_keys) | |
393 | e->num_mppe_ok++; | |
394 | ||
cfdb32e8 JM |
395 | sess_id = eapol_sm_get_session_id(e->wpa_s->eapol, &sess_id_len); |
396 | if (!sess_id) | |
397 | return ret; | |
398 | if (e->authenticator_eap_key_name_len == 0) { | |
399 | wpa_printf(MSG_INFO, "No EAP-Key-Name received from server"); | |
400 | return ret; | |
401 | } | |
402 | ||
403 | if (e->authenticator_eap_key_name_len != sess_id_len || | |
404 | os_memcmp(e->authenticator_eap_key_name, sess_id, sess_id_len) != 0) | |
405 | { | |
406 | wpa_printf(MSG_INFO, | |
407 | "Locally derived EAP Session-Id does not match EAP-Key-Name from server"); | |
408 | wpa_hexdump(MSG_DEBUG, "EAP Session-Id", sess_id, sess_id_len); | |
409 | wpa_hexdump(MSG_DEBUG, "EAP-Key-Name from server", | |
410 | e->authenticator_eap_key_name, | |
411 | e->authenticator_eap_key_name_len); | |
412 | } else { | |
413 | wpa_printf(MSG_INFO, | |
414 | "Locally derived EAP Session-Id matches EAP-Key-Name from server"); | |
415 | } | |
416 | ||
6fc6879b JM |
417 | return ret; |
418 | } | |
419 | ||
420 | ||
c60ba9f7 JM |
421 | static void eapol_sm_cb(struct eapol_sm *eapol, enum eapol_supp_result result, |
422 | void *ctx) | |
6fc6879b JM |
423 | { |
424 | struct eapol_test_data *e = ctx; | |
c60ba9f7 | 425 | printf("eapol_sm_cb: result=%d\n", result); |
048d084d JM |
426 | e->id_req_sent = 0; |
427 | if (e->ctrl_iface) | |
428 | return; | |
6fc6879b JM |
429 | e->eapol_test_num_reauths--; |
430 | if (e->eapol_test_num_reauths < 0) | |
431 | eloop_terminate(); | |
432 | else { | |
433 | eapol_test_compare_pmk(e); | |
434 | eloop_register_timeout(0, 100000, eapol_sm_reauth, e, NULL); | |
435 | } | |
436 | } | |
437 | ||
438 | ||
1b414f59 JM |
439 | static void eapol_test_write_cert(FILE *f, const char *subject, |
440 | const struct wpabuf *cert) | |
441 | { | |
8e5e36a1 | 442 | char *encoded; |
1b414f59 JM |
443 | |
444 | encoded = base64_encode(wpabuf_head(cert), wpabuf_len(cert), NULL); | |
445 | if (encoded == NULL) | |
446 | return; | |
447 | fprintf(f, "%s\n-----BEGIN CERTIFICATE-----\n%s" | |
448 | "-----END CERTIFICATE-----\n\n", subject, encoded); | |
449 | os_free(encoded); | |
450 | } | |
451 | ||
452 | ||
b6077964 JM |
453 | #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) |
454 | static void eapol_test_eap_param_needed(void *ctx, enum wpa_ctrl_req_type field, | |
455 | const char *default_txt) | |
456 | { | |
457 | struct eapol_test_data *e = ctx; | |
458 | struct wpa_supplicant *wpa_s = e->wpa_s; | |
459 | struct wpa_ssid *ssid = wpa_s->current_ssid; | |
460 | const char *field_name, *txt = NULL; | |
461 | char *buf; | |
462 | size_t buflen; | |
463 | int len; | |
464 | ||
465 | if (ssid == NULL) | |
466 | return; | |
467 | ||
468 | field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt, | |
469 | &txt); | |
470 | if (field_name == NULL) { | |
471 | wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed", | |
472 | field); | |
473 | return; | |
474 | } | |
475 | ||
476 | buflen = 100 + os_strlen(txt) + ssid->ssid_len; | |
477 | buf = os_malloc(buflen); | |
478 | if (buf == NULL) | |
479 | return; | |
480 | len = os_snprintf(buf, buflen, | |
481 | WPA_CTRL_REQ "%s-%d:%s needed for SSID ", | |
482 | field_name, ssid->id, txt); | |
d85e1fc8 | 483 | if (os_snprintf_error(buflen, len)) { |
b6077964 JM |
484 | os_free(buf); |
485 | return; | |
486 | } | |
487 | if (ssid->ssid && buflen > len + ssid->ssid_len) { | |
488 | os_memcpy(buf + len, ssid->ssid, ssid->ssid_len); | |
489 | len += ssid->ssid_len; | |
490 | buf[len] = '\0'; | |
491 | } | |
492 | buf[buflen - 1] = '\0'; | |
493 | wpa_msg(wpa_s, MSG_INFO, "%s", buf); | |
494 | os_free(buf); | |
495 | } | |
496 | #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ | |
497 | #define eapol_test_eap_param_needed NULL | |
498 | #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ | |
499 | ||
500 | ||
bc0634da JM |
501 | static void eapol_test_cert_cb(void *ctx, struct tls_cert_data *cert, |
502 | const char *cert_hash) | |
4f525d8e JM |
503 | { |
504 | struct eapol_test_data *e = ctx; | |
d3a03516 | 505 | int i; |
4f525d8e JM |
506 | |
507 | wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_CERT | |
508 | "depth=%d subject='%s'%s%s", | |
bc0634da | 509 | cert->depth, cert->subject, |
4f525d8e JM |
510 | cert_hash ? " hash=" : "", |
511 | cert_hash ? cert_hash : ""); | |
512 | ||
bc0634da | 513 | if (cert->cert) { |
4f525d8e | 514 | char *cert_hex; |
bc0634da | 515 | size_t len = wpabuf_len(cert->cert) * 2 + 1; |
4f525d8e JM |
516 | cert_hex = os_malloc(len); |
517 | if (cert_hex) { | |
bc0634da JM |
518 | wpa_snprintf_hex(cert_hex, len, wpabuf_head(cert->cert), |
519 | wpabuf_len(cert->cert)); | |
4f525d8e JM |
520 | wpa_msg_ctrl(e->wpa_s, MSG_INFO, |
521 | WPA_EVENT_EAP_PEER_CERT | |
522 | "depth=%d subject='%s' cert=%s", | |
bc0634da | 523 | cert->depth, cert->subject, cert_hex); |
4f525d8e JM |
524 | os_free(cert_hex); |
525 | } | |
1b414f59 JM |
526 | |
527 | if (e->server_cert_file) | |
528 | eapol_test_write_cert(e->server_cert_file, | |
bc0634da | 529 | cert->subject, cert->cert); |
4f525d8e | 530 | } |
242b83a3 | 531 | |
d3a03516 JM |
532 | for (i = 0; i < cert->num_altsubject; i++) |
533 | wpa_msg(e->wpa_s, MSG_INFO, WPA_EVENT_EAP_PEER_ALT | |
534 | "depth=%d %s", cert->depth, cert->altsubject[i]); | |
4f525d8e JM |
535 | } |
536 | ||
537 | ||
e026159a JM |
538 | static void eapol_test_set_anon_id(void *ctx, const u8 *id, size_t len) |
539 | { | |
540 | struct eapol_test_data *e = ctx; | |
541 | struct wpa_supplicant *wpa_s = e->wpa_s; | |
542 | char *str; | |
543 | int res; | |
544 | ||
545 | wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity", | |
546 | id, len); | |
547 | ||
548 | if (wpa_s->current_ssid == NULL) | |
549 | return; | |
550 | ||
551 | if (id == NULL) { | |
552 | if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity", | |
553 | "NULL", 0) < 0) | |
554 | return; | |
555 | } else { | |
556 | str = os_malloc(len * 2 + 1); | |
557 | if (str == NULL) | |
558 | return; | |
559 | wpa_snprintf_hex(str, len * 2 + 1, id, len); | |
560 | res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity", | |
561 | str, 0); | |
562 | os_free(str); | |
563 | if (res < 0) | |
564 | return; | |
565 | } | |
566 | } | |
567 | ||
568 | ||
048d084d JM |
569 | static enum wpa_states eapol_test_get_state(void *ctx) |
570 | { | |
571 | struct eapol_test_data *e = ctx; | |
572 | struct wpa_supplicant *wpa_s = e->wpa_s; | |
573 | ||
574 | return wpa_s->wpa_state; | |
575 | } | |
576 | ||
577 | ||
6fc6879b JM |
578 | static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s, |
579 | struct wpa_ssid *ssid) | |
580 | { | |
581 | struct eapol_config eapol_conf; | |
582 | struct eapol_ctx *ctx; | |
048d084d | 583 | struct wpa_sm_ctx *wctx; |
6fc6879b JM |
584 | |
585 | ctx = os_zalloc(sizeof(*ctx)); | |
586 | if (ctx == NULL) { | |
587 | printf("Failed to allocate EAPOL context.\n"); | |
588 | return -1; | |
589 | } | |
1b414f59 | 590 | ctx->ctx = e; |
6fc6879b JM |
591 | ctx->msg_ctx = wpa_s; |
592 | ctx->scard_ctx = wpa_s->scard; | |
593 | ctx->cb = eapol_sm_cb; | |
594 | ctx->cb_ctx = e; | |
595 | ctx->eapol_send_ctx = wpa_s; | |
596 | ctx->preauth = 0; | |
597 | ctx->eapol_done_cb = eapol_test_eapol_done_cb; | |
598 | ctx->eapol_send = eapol_test_eapol_send; | |
599 | ctx->set_config_blob = eapol_test_set_config_blob; | |
600 | ctx->get_config_blob = eapol_test_get_config_blob; | |
6fc6879b JM |
601 | ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; |
602 | ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; | |
603 | ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; | |
07e2de31 | 604 | ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers; |
b6077964 | 605 | ctx->eap_param_needed = eapol_test_eap_param_needed; |
4f525d8e | 606 | ctx->cert_cb = eapol_test_cert_cb; |
1b414f59 | 607 | ctx->cert_in_cb = 1; |
e026159a | 608 | ctx->set_anon_id = eapol_test_set_anon_id; |
6fc6879b JM |
609 | |
610 | wpa_s->eapol = eapol_sm_init(ctx); | |
611 | if (wpa_s->eapol == NULL) { | |
612 | os_free(ctx); | |
613 | printf("Failed to initialize EAPOL state machines.\n"); | |
614 | return -1; | |
615 | } | |
616 | ||
048d084d JM |
617 | wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA; |
618 | wctx = os_zalloc(sizeof(*wctx)); | |
619 | if (wctx == NULL) { | |
620 | os_free(ctx); | |
621 | return -1; | |
622 | } | |
623 | wctx->ctx = e; | |
624 | wctx->msg_ctx = wpa_s; | |
625 | wctx->get_state = eapol_test_get_state; | |
626 | wpa_s->wpa = wpa_sm_init(wctx); | |
627 | if (!wpa_s->wpa) { | |
628 | os_free(ctx); | |
629 | os_free(wctx); | |
630 | return -1; | |
631 | } | |
632 | ||
633 | if (!ssid) | |
634 | return 0; | |
635 | ||
6fc6879b JM |
636 | wpa_s->current_ssid = ssid; |
637 | os_memset(&eapol_conf, 0, sizeof(eapol_conf)); | |
638 | eapol_conf.accept_802_1x_keys = 1; | |
639 | eapol_conf.required_keys = 0; | |
640 | eapol_conf.fast_reauth = wpa_s->conf->fast_reauth; | |
641 | eapol_conf.workaround = ssid->eap_workaround; | |
a5d44ac0 | 642 | eapol_conf.external_sim = wpa_s->conf->external_sim; |
6fc6879b JM |
643 | eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf); |
644 | eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); | |
645 | ||
646 | ||
647 | eapol_sm_notify_portValid(wpa_s->eapol, FALSE); | |
648 | /* 802.1X::portControl = Auto */ | |
649 | eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); | |
650 | ||
651 | return 0; | |
652 | } | |
653 | ||
654 | ||
655 | static void test_eapol_clean(struct eapol_test_data *e, | |
656 | struct wpa_supplicant *wpa_s) | |
657 | { | |
db803a36 TW |
658 | struct extra_radius_attr *p, *prev; |
659 | ||
048d084d JM |
660 | wpa_sm_deinit(wpa_s->wpa); |
661 | wpa_s->wpa = NULL; | |
6fc6879b | 662 | radius_client_deinit(e->radius); |
e100828b | 663 | wpabuf_free(e->last_eap_radius); |
9e7245bd JM |
664 | radius_msg_free(e->last_recv_radius); |
665 | e->last_recv_radius = NULL; | |
6fc6879b JM |
666 | os_free(e->eap_identity); |
667 | e->eap_identity = NULL; | |
668 | eapol_sm_deinit(wpa_s->eapol); | |
669 | wpa_s->eapol = NULL; | |
670 | if (e->radius_conf && e->radius_conf->auth_server) { | |
671 | os_free(e->radius_conf->auth_server->shared_secret); | |
672 | os_free(e->radius_conf->auth_server); | |
673 | } | |
674 | os_free(e->radius_conf); | |
675 | e->radius_conf = NULL; | |
676 | scard_deinit(wpa_s->scard); | |
677 | if (wpa_s->ctrl_iface) { | |
678 | wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); | |
679 | wpa_s->ctrl_iface = NULL; | |
680 | } | |
306ae225 JM |
681 | |
682 | ext_password_deinit(wpa_s->ext_pw); | |
683 | wpa_s->ext_pw = NULL; | |
684 | ||
6fc6879b | 685 | wpa_config_free(wpa_s->conf); |
db803a36 TW |
686 | |
687 | p = e->extra_attrs; | |
688 | while (p) { | |
689 | prev = p; | |
690 | p = p->next; | |
691 | os_free(prev); | |
692 | } | |
6fc6879b JM |
693 | } |
694 | ||
695 | ||
696 | static void send_eap_request_identity(void *eloop_ctx, void *timeout_ctx) | |
697 | { | |
698 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
699 | u8 buf[100], *pos; | |
700 | struct ieee802_1x_hdr *hdr; | |
701 | struct eap_hdr *eap; | |
702 | ||
703 | hdr = (struct ieee802_1x_hdr *) buf; | |
704 | hdr->version = EAPOL_VERSION; | |
705 | hdr->type = IEEE802_1X_TYPE_EAP_PACKET; | |
706 | hdr->length = htons(5); | |
707 | ||
708 | eap = (struct eap_hdr *) (hdr + 1); | |
709 | eap->code = EAP_CODE_REQUEST; | |
cfb01f58 MS |
710 | if (os_get_random((u8 *) &eap->identifier, sizeof(eap->identifier)) < 0) |
711 | eap->identifier = os_random() & 0xff; | |
6fc6879b JM |
712 | eap->length = htons(5); |
713 | pos = (u8 *) (eap + 1); | |
714 | *pos = EAP_TYPE_IDENTITY; | |
715 | ||
716 | printf("Sending fake EAP-Request-Identity\n"); | |
717 | eapol_sm_rx_eapol(wpa_s->eapol, wpa_s->bssid, buf, | |
718 | sizeof(*hdr) + 5); | |
719 | } | |
720 | ||
721 | ||
722 | static void eapol_test_timeout(void *eloop_ctx, void *timeout_ctx) | |
723 | { | |
724 | struct eapol_test_data *e = eloop_ctx; | |
725 | printf("EAPOL test timed out\n"); | |
726 | e->auth_timed_out = 1; | |
727 | eloop_terminate(); | |
728 | } | |
729 | ||
730 | ||
731 | static char *eap_type_text(u8 type) | |
732 | { | |
733 | switch (type) { | |
734 | case EAP_TYPE_IDENTITY: return "Identity"; | |
735 | case EAP_TYPE_NOTIFICATION: return "Notification"; | |
736 | case EAP_TYPE_NAK: return "Nak"; | |
737 | case EAP_TYPE_TLS: return "TLS"; | |
738 | case EAP_TYPE_TTLS: return "TTLS"; | |
739 | case EAP_TYPE_PEAP: return "PEAP"; | |
740 | case EAP_TYPE_SIM: return "SIM"; | |
741 | case EAP_TYPE_GTC: return "GTC"; | |
742 | case EAP_TYPE_MD5: return "MD5"; | |
743 | case EAP_TYPE_OTP: return "OTP"; | |
744 | case EAP_TYPE_FAST: return "FAST"; | |
745 | case EAP_TYPE_SAKE: return "SAKE"; | |
746 | case EAP_TYPE_PSK: return "PSK"; | |
747 | default: return "Unknown"; | |
748 | } | |
749 | } | |
750 | ||
751 | ||
752 | static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e) | |
753 | { | |
e100828b JM |
754 | struct wpabuf *eap; |
755 | const struct eap_hdr *hdr; | |
6fc6879b JM |
756 | int eap_type = -1; |
757 | char buf[64]; | |
758 | struct radius_msg *msg; | |
759 | ||
760 | if (e->last_recv_radius == NULL) | |
761 | return; | |
762 | ||
763 | msg = e->last_recv_radius; | |
764 | ||
e100828b | 765 | eap = radius_msg_get_eap(msg); |
6fc6879b JM |
766 | if (eap == NULL) { |
767 | /* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3: | |
768 | * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message | |
769 | * attribute */ | |
770 | wpa_printf(MSG_DEBUG, "could not extract " | |
771 | "EAP-Message from RADIUS message"); | |
e100828b | 772 | wpabuf_free(e->last_eap_radius); |
6fc6879b | 773 | e->last_eap_radius = NULL; |
6fc6879b JM |
774 | return; |
775 | } | |
776 | ||
e100828b | 777 | if (wpabuf_len(eap) < sizeof(*hdr)) { |
6fc6879b JM |
778 | wpa_printf(MSG_DEBUG, "too short EAP packet " |
779 | "received from authentication server"); | |
e100828b | 780 | wpabuf_free(eap); |
6fc6879b JM |
781 | return; |
782 | } | |
783 | ||
e100828b JM |
784 | if (wpabuf_len(eap) > sizeof(*hdr)) |
785 | eap_type = (wpabuf_head_u8(eap))[sizeof(*hdr)]; | |
6fc6879b | 786 | |
e100828b | 787 | hdr = wpabuf_head(eap); |
6fc6879b JM |
788 | switch (hdr->code) { |
789 | case EAP_CODE_REQUEST: | |
790 | os_snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)", | |
791 | eap_type >= 0 ? eap_type_text(eap_type) : "??", | |
792 | eap_type); | |
793 | break; | |
794 | case EAP_CODE_RESPONSE: | |
795 | os_snprintf(buf, sizeof(buf), "EAP Response-%s (%d)", | |
796 | eap_type >= 0 ? eap_type_text(eap_type) : "??", | |
797 | eap_type); | |
798 | break; | |
799 | case EAP_CODE_SUCCESS: | |
800 | os_strlcpy(buf, "EAP Success", sizeof(buf)); | |
801 | /* LEAP uses EAP Success within an authentication, so must not | |
802 | * stop here with eloop_terminate(); */ | |
803 | break; | |
804 | case EAP_CODE_FAILURE: | |
805 | os_strlcpy(buf, "EAP Failure", sizeof(buf)); | |
048d084d JM |
806 | if (e->ctrl_iface) |
807 | break; | |
6fc6879b JM |
808 | eloop_terminate(); |
809 | break; | |
810 | default: | |
811 | os_strlcpy(buf, "unknown EAP code", sizeof(buf)); | |
e100828b | 812 | wpa_hexdump_buf(MSG_DEBUG, "Decapsulated EAP packet", eap); |
6fc6879b JM |
813 | break; |
814 | } | |
815 | wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d " | |
816 | "id=%d len=%d) from RADIUS server: %s", | |
817 | hdr->code, hdr->identifier, ntohs(hdr->length), buf); | |
818 | ||
819 | /* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */ | |
820 | ||
e100828b | 821 | wpabuf_free(e->last_eap_radius); |
6fc6879b | 822 | e->last_eap_radius = eap; |
6fc6879b JM |
823 | |
824 | { | |
825 | struct ieee802_1x_hdr *dot1x; | |
e100828b | 826 | dot1x = os_malloc(sizeof(*dot1x) + wpabuf_len(eap)); |
6fc6879b JM |
827 | assert(dot1x != NULL); |
828 | dot1x->version = EAPOL_VERSION; | |
829 | dot1x->type = IEEE802_1X_TYPE_EAP_PACKET; | |
e100828b JM |
830 | dot1x->length = htons(wpabuf_len(eap)); |
831 | os_memcpy((u8 *) (dot1x + 1), wpabuf_head(eap), | |
832 | wpabuf_len(eap)); | |
6fc6879b | 833 | eapol_sm_rx_eapol(e->wpa_s->eapol, e->wpa_s->bssid, |
e100828b JM |
834 | (u8 *) dot1x, |
835 | sizeof(*dot1x) + wpabuf_len(eap)); | |
6fc6879b JM |
836 | os_free(dot1x); |
837 | } | |
838 | } | |
839 | ||
840 | ||
841 | static void ieee802_1x_get_keys(struct eapol_test_data *e, | |
842 | struct radius_msg *msg, struct radius_msg *req, | |
8383da80 JM |
843 | const u8 *shared_secret, |
844 | size_t shared_secret_len) | |
6fc6879b JM |
845 | { |
846 | struct radius_ms_mppe_keys *keys; | |
cfdb32e8 JM |
847 | u8 *buf; |
848 | size_t len; | |
6fc6879b JM |
849 | |
850 | keys = radius_msg_get_ms_keys(msg, req, shared_secret, | |
851 | shared_secret_len); | |
852 | if (keys && keys->send == NULL && keys->recv == NULL) { | |
853 | os_free(keys); | |
854 | keys = radius_msg_get_cisco_keys(msg, req, shared_secret, | |
855 | shared_secret_len); | |
856 | } | |
857 | ||
858 | if (keys) { | |
859 | if (keys->send) { | |
860 | wpa_hexdump(MSG_DEBUG, "MS-MPPE-Send-Key (sign)", | |
861 | keys->send, keys->send_len); | |
862 | } | |
863 | if (keys->recv) { | |
864 | wpa_hexdump(MSG_DEBUG, "MS-MPPE-Recv-Key (crypt)", | |
865 | keys->recv, keys->recv_len); | |
866 | e->authenticator_pmk_len = | |
867 | keys->recv_len > PMK_LEN ? PMK_LEN : | |
868 | keys->recv_len; | |
869 | os_memcpy(e->authenticator_pmk, keys->recv, | |
870 | e->authenticator_pmk_len); | |
000a1de7 JM |
871 | if (e->authenticator_pmk_len == 16 && keys->send && |
872 | keys->send_len == 16) { | |
873 | /* MS-CHAP-v2 derives 16 octet keys */ | |
874 | wpa_printf(MSG_DEBUG, "Use MS-MPPE-Send-Key " | |
875 | "to extend PMK to 32 octets"); | |
876 | os_memcpy(e->authenticator_pmk + | |
877 | e->authenticator_pmk_len, | |
878 | keys->send, keys->send_len); | |
879 | e->authenticator_pmk_len += keys->send_len; | |
880 | } | |
6fc6879b JM |
881 | } |
882 | ||
883 | os_free(keys->send); | |
884 | os_free(keys->recv); | |
885 | os_free(keys); | |
886 | } | |
cfdb32e8 JM |
887 | |
888 | if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_EAP_KEY_NAME, &buf, &len, | |
889 | NULL) == 0) { | |
890 | os_memcpy(e->authenticator_eap_key_name, buf, len); | |
891 | e->authenticator_eap_key_name_len = len; | |
892 | } else { | |
893 | e->authenticator_eap_key_name_len = 0; | |
894 | } | |
6fc6879b JM |
895 | } |
896 | ||
897 | ||
898 | /* Process the RADIUS frames from Authentication Server */ | |
899 | static RadiusRxResult | |
900 | ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req, | |
8383da80 | 901 | const u8 *shared_secret, size_t shared_secret_len, |
6fc6879b JM |
902 | void *data) |
903 | { | |
904 | struct eapol_test_data *e = data; | |
f5d4a8ea | 905 | struct radius_hdr *hdr = radius_msg_get_hdr(msg); |
6fc6879b JM |
906 | |
907 | /* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be | |
908 | * present when packet contains an EAP-Message attribute */ | |
f5d4a8ea | 909 | if (hdr->code == RADIUS_CODE_ACCESS_REJECT && |
6fc6879b JM |
910 | radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL, |
911 | 0) < 0 && | |
912 | radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) { | |
913 | wpa_printf(MSG_DEBUG, "Allowing RADIUS " | |
914 | "Access-Reject without Message-Authenticator " | |
915 | "since it does not include EAP-Message\n"); | |
916 | } else if (radius_msg_verify(msg, shared_secret, shared_secret_len, | |
917 | req, 1)) { | |
918 | printf("Incoming RADIUS packet did not have correct " | |
919 | "Message-Authenticator - dropped\n"); | |
920 | return RADIUS_RX_UNKNOWN; | |
921 | } | |
922 | ||
f5d4a8ea JM |
923 | if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT && |
924 | hdr->code != RADIUS_CODE_ACCESS_REJECT && | |
925 | hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) { | |
6fc6879b JM |
926 | printf("Unknown RADIUS message code\n"); |
927 | return RADIUS_RX_UNKNOWN; | |
928 | } | |
929 | ||
930 | e->radius_identifier = -1; | |
931 | wpa_printf(MSG_DEBUG, "RADIUS packet matching with station"); | |
932 | ||
9e7245bd | 933 | radius_msg_free(e->last_recv_radius); |
6fc6879b JM |
934 | e->last_recv_radius = msg; |
935 | ||
f5d4a8ea | 936 | switch (hdr->code) { |
6fc6879b JM |
937 | case RADIUS_CODE_ACCESS_ACCEPT: |
938 | e->radius_access_accept_received = 1; | |
939 | ieee802_1x_get_keys(e, msg, req, shared_secret, | |
940 | shared_secret_len); | |
941 | break; | |
942 | case RADIUS_CODE_ACCESS_REJECT: | |
943 | e->radius_access_reject_received = 1; | |
944 | break; | |
945 | } | |
946 | ||
947 | ieee802_1x_decapsulate_radius(e); | |
948 | ||
f5d4a8ea | 949 | if ((hdr->code == RADIUS_CODE_ACCESS_ACCEPT && |
6fc6879b | 950 | e->eapol_test_num_reauths < 0) || |
f5d4a8ea | 951 | hdr->code == RADIUS_CODE_ACCESS_REJECT) { |
048d084d JM |
952 | if (!e->ctrl_iface) |
953 | eloop_terminate(); | |
6fc6879b JM |
954 | } |
955 | ||
956 | return RADIUS_RX_QUEUED; | |
957 | } | |
958 | ||
959 | ||
048d084d JM |
960 | static int driver_get_ssid(void *priv, u8 *ssid) |
961 | { | |
962 | ssid[0] = 0; | |
963 | return 0; | |
964 | } | |
965 | ||
966 | ||
967 | static int driver_get_bssid(void *priv, u8 *bssid) | |
968 | { | |
969 | struct eapol_test_data *e = priv; | |
970 | ||
971 | if (e->ctrl_iface && !e->id_req_sent) { | |
972 | eloop_register_timeout(0, 0, send_eap_request_identity, | |
973 | e->wpa_s, NULL); | |
974 | e->id_req_sent = 1; | |
975 | } | |
976 | ||
977 | os_memset(bssid, 0, ETH_ALEN); | |
978 | bssid[5] = 1; | |
979 | return 0; | |
980 | } | |
981 | ||
982 | ||
983 | static int driver_get_capa(void *priv, struct wpa_driver_capa *capa) | |
984 | { | |
985 | os_memset(capa, 0, sizeof(*capa)); | |
986 | capa->flags = WPA_DRIVER_FLAGS_WIRED; | |
987 | return 0; | |
988 | } | |
989 | ||
990 | ||
991 | struct wpa_driver_ops eapol_test_drv_ops = { | |
992 | .name = "test", | |
993 | .get_ssid = driver_get_ssid, | |
994 | .get_bssid = driver_get_bssid, | |
995 | .get_capa = driver_get_capa, | |
996 | }; | |
997 | ||
6fc6879b JM |
998 | static void wpa_init_conf(struct eapol_test_data *e, |
999 | struct wpa_supplicant *wpa_s, const char *authsrv, | |
c454f573 | 1000 | int port, const char *secret, |
3b3677b3 | 1001 | const char *cli_addr, const char *ifname) |
6fc6879b JM |
1002 | { |
1003 | struct hostapd_radius_server *as; | |
1004 | int res; | |
1005 | ||
048d084d JM |
1006 | wpa_s->driver = &eapol_test_drv_ops; |
1007 | wpa_s->drv_priv = e; | |
6fc6879b JM |
1008 | wpa_s->bssid[5] = 1; |
1009 | os_memcpy(wpa_s->own_addr, e->own_addr, ETH_ALEN); | |
1010 | e->own_ip_addr.s_addr = htonl((127 << 24) | 1); | |
3b3677b3 | 1011 | os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname)); |
6fc6879b JM |
1012 | |
1013 | e->radius_conf = os_zalloc(sizeof(struct hostapd_radius_servers)); | |
1014 | assert(e->radius_conf != NULL); | |
1015 | e->radius_conf->num_auth_servers = 1; | |
1016 | as = os_zalloc(sizeof(struct hostapd_radius_server)); | |
1017 | assert(as != NULL); | |
1018 | #if defined(CONFIG_NATIVE_WINDOWS) || defined(CONFIG_ANSI_C_EXTRA) | |
1019 | { | |
1020 | int a[4]; | |
1021 | u8 *pos; | |
1022 | sscanf(authsrv, "%d.%d.%d.%d", &a[0], &a[1], &a[2], &a[3]); | |
1023 | pos = (u8 *) &as->addr.u.v4; | |
1024 | *pos++ = a[0]; | |
1025 | *pos++ = a[1]; | |
1026 | *pos++ = a[2]; | |
1027 | *pos++ = a[3]; | |
1028 | } | |
1029 | #else /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */ | |
e1ede80d | 1030 | if (hostapd_parse_ip_addr(authsrv, &as->addr) < 0) { |
e3a45111 JM |
1031 | wpa_printf(MSG_ERROR, "Invalid IP address '%s'", |
1032 | authsrv); | |
1033 | assert(0); | |
1034 | } | |
6fc6879b | 1035 | #endif /* CONFIG_NATIVE_WINDOWS or CONFIG_ANSI_C_EXTRA */ |
6fc6879b JM |
1036 | as->port = port; |
1037 | as->shared_secret = (u8 *) os_strdup(secret); | |
1038 | as->shared_secret_len = os_strlen(secret); | |
1039 | e->radius_conf->auth_server = as; | |
1040 | e->radius_conf->auth_servers = as; | |
1041 | e->radius_conf->msg_dumps = 1; | |
c454f573 TW |
1042 | if (cli_addr) { |
1043 | if (hostapd_parse_ip_addr(cli_addr, | |
1044 | &e->radius_conf->client_addr) == 0) | |
1045 | e->radius_conf->force_client_addr = 1; | |
1046 | else { | |
1047 | wpa_printf(MSG_ERROR, "Invalid IP address '%s'", | |
1048 | cli_addr); | |
1049 | assert(0); | |
1050 | } | |
1051 | } | |
6fc6879b JM |
1052 | |
1053 | e->radius = radius_client_init(wpa_s, e->radius_conf); | |
1054 | assert(e->radius != NULL); | |
1055 | ||
1056 | res = radius_client_register(e->radius, RADIUS_AUTH, | |
1057 | ieee802_1x_receive_auth, e); | |
1058 | assert(res == 0); | |
1059 | } | |
1060 | ||
1061 | ||
e9852462 | 1062 | static int scard_test(struct eapol_test_data *e) |
6fc6879b JM |
1063 | { |
1064 | struct scard_data *scard; | |
1065 | size_t len; | |
1066 | char imsi[20]; | |
1067 | unsigned char _rand[16]; | |
1068 | #ifdef PCSC_FUNCS | |
1069 | unsigned char sres[4]; | |
1070 | unsigned char kc[8]; | |
1071 | #endif /* PCSC_FUNCS */ | |
1072 | #define num_triplets 5 | |
1073 | unsigned char rand_[num_triplets][16]; | |
1074 | unsigned char sres_[num_triplets][4]; | |
1075 | unsigned char kc_[num_triplets][8]; | |
1076 | int i, res; | |
1077 | size_t j; | |
1078 | ||
1079 | #define AKA_RAND_LEN 16 | |
1080 | #define AKA_AUTN_LEN 16 | |
1081 | #define AKA_AUTS_LEN 14 | |
1082 | #define RES_MAX_LEN 16 | |
1083 | #define IK_LEN 16 | |
1084 | #define CK_LEN 16 | |
1085 | unsigned char aka_rand[AKA_RAND_LEN]; | |
1086 | unsigned char aka_autn[AKA_AUTN_LEN]; | |
1087 | unsigned char aka_auts[AKA_AUTS_LEN]; | |
1088 | unsigned char aka_res[RES_MAX_LEN]; | |
1089 | size_t aka_res_len; | |
1090 | unsigned char aka_ik[IK_LEN]; | |
1091 | unsigned char aka_ck[CK_LEN]; | |
1092 | ||
e9852462 | 1093 | scard = scard_init(e->pcsc_reader); |
6fc6879b JM |
1094 | if (scard == NULL) |
1095 | return -1; | |
e9852462 | 1096 | if (scard_set_pin(scard, e->pcsc_pin)) { |
6fc6879b JM |
1097 | wpa_printf(MSG_WARNING, "PIN validation failed"); |
1098 | scard_deinit(scard); | |
1099 | return -1; | |
1100 | } | |
1101 | ||
1102 | len = sizeof(imsi); | |
1103 | if (scard_get_imsi(scard, imsi, &len)) | |
1104 | goto failed; | |
1105 | wpa_hexdump_ascii(MSG_DEBUG, "SCARD: IMSI", (u8 *) imsi, len); | |
1106 | /* NOTE: Permanent Username: 1 | IMSI */ | |
1107 | ||
beec9c3a JM |
1108 | wpa_printf(MSG_DEBUG, "SCARD: MNC length %d", |
1109 | scard_get_mnc_len(scard)); | |
1110 | ||
6fc6879b JM |
1111 | os_memset(_rand, 0, sizeof(_rand)); |
1112 | if (scard_gsm_auth(scard, _rand, sres, kc)) | |
1113 | goto failed; | |
1114 | ||
1115 | os_memset(_rand, 0xff, sizeof(_rand)); | |
1116 | if (scard_gsm_auth(scard, _rand, sres, kc)) | |
1117 | goto failed; | |
1118 | ||
1119 | for (i = 0; i < num_triplets; i++) { | |
1120 | os_memset(rand_[i], i, sizeof(rand_[i])); | |
1121 | if (scard_gsm_auth(scard, rand_[i], sres_[i], kc_[i])) | |
1122 | goto failed; | |
1123 | } | |
1124 | ||
1125 | for (i = 0; i < num_triplets; i++) { | |
1126 | printf("1"); | |
1127 | for (j = 0; j < len; j++) | |
1128 | printf("%c", imsi[j]); | |
1129 | printf(","); | |
1130 | for (j = 0; j < 16; j++) | |
1131 | printf("%02X", rand_[i][j]); | |
1132 | printf(","); | |
1133 | for (j = 0; j < 4; j++) | |
1134 | printf("%02X", sres_[i][j]); | |
1135 | printf(","); | |
1136 | for (j = 0; j < 8; j++) | |
1137 | printf("%02X", kc_[i][j]); | |
1138 | printf("\n"); | |
1139 | } | |
1140 | ||
1141 | wpa_printf(MSG_DEBUG, "Trying to use UMTS authentication"); | |
1142 | ||
1143 | /* seq 39 (0x28) */ | |
1144 | os_memset(aka_rand, 0xaa, 16); | |
1145 | os_memcpy(aka_autn, "\x86\x71\x31\xcb\xa2\xfc\x61\xdf" | |
1146 | "\xa3\xb3\x97\x9d\x07\x32\xa2\x12", 16); | |
1147 | ||
1148 | res = scard_umts_auth(scard, aka_rand, aka_autn, aka_res, &aka_res_len, | |
1149 | aka_ik, aka_ck, aka_auts); | |
1150 | if (res == 0) { | |
1151 | wpa_printf(MSG_DEBUG, "UMTS auth completed successfully"); | |
1152 | wpa_hexdump(MSG_DEBUG, "RES", aka_res, aka_res_len); | |
1153 | wpa_hexdump(MSG_DEBUG, "IK", aka_ik, IK_LEN); | |
1154 | wpa_hexdump(MSG_DEBUG, "CK", aka_ck, CK_LEN); | |
1155 | } else if (res == -2) { | |
1156 | wpa_printf(MSG_DEBUG, "UMTS auth resulted in synchronization " | |
1157 | "failure"); | |
1158 | wpa_hexdump(MSG_DEBUG, "AUTS", aka_auts, AKA_AUTS_LEN); | |
1159 | } else { | |
1160 | wpa_printf(MSG_DEBUG, "UMTS auth failed"); | |
1161 | } | |
1162 | ||
1163 | failed: | |
1164 | scard_deinit(scard); | |
1165 | ||
1166 | return 0; | |
1167 | #undef num_triplets | |
1168 | } | |
1169 | ||
1170 | ||
e9852462 | 1171 | static int scard_get_triplets(struct eapol_test_data *e, int argc, char *argv[]) |
6fc6879b JM |
1172 | { |
1173 | struct scard_data *scard; | |
1174 | size_t len; | |
1175 | char imsi[20]; | |
1176 | unsigned char _rand[16]; | |
1177 | unsigned char sres[4]; | |
1178 | unsigned char kc[8]; | |
1179 | int num_triplets; | |
1180 | int i; | |
1181 | size_t j; | |
1182 | ||
1183 | if (argc < 2 || ((num_triplets = atoi(argv[1])) <= 0)) { | |
1184 | printf("invalid parameters for sim command\n"); | |
1185 | return -1; | |
1186 | } | |
1187 | ||
1188 | if (argc <= 2 || os_strcmp(argv[2], "debug") != 0) { | |
1189 | /* disable debug output */ | |
1190 | wpa_debug_level = 99; | |
1191 | } | |
1192 | ||
e9852462 | 1193 | scard = scard_init(e->pcsc_reader); |
6fc6879b JM |
1194 | if (scard == NULL) { |
1195 | printf("Failed to open smartcard connection\n"); | |
1196 | return -1; | |
1197 | } | |
1198 | if (scard_set_pin(scard, argv[0])) { | |
1199 | wpa_printf(MSG_WARNING, "PIN validation failed"); | |
1200 | scard_deinit(scard); | |
1201 | return -1; | |
1202 | } | |
1203 | ||
1204 | len = sizeof(imsi); | |
1205 | if (scard_get_imsi(scard, imsi, &len)) { | |
1206 | scard_deinit(scard); | |
1207 | return -1; | |
1208 | } | |
1209 | ||
1210 | for (i = 0; i < num_triplets; i++) { | |
1211 | os_memset(_rand, i, sizeof(_rand)); | |
1212 | if (scard_gsm_auth(scard, _rand, sres, kc)) | |
1213 | break; | |
1214 | ||
1215 | /* IMSI:Kc:SRES:RAND */ | |
1216 | for (j = 0; j < len; j++) | |
1217 | printf("%c", imsi[j]); | |
1218 | printf(":"); | |
1219 | for (j = 0; j < 8; j++) | |
1220 | printf("%02X", kc[j]); | |
1221 | printf(":"); | |
1222 | for (j = 0; j < 4; j++) | |
1223 | printf("%02X", sres[j]); | |
1224 | printf(":"); | |
1225 | for (j = 0; j < 16; j++) | |
1226 | printf("%02X", _rand[j]); | |
1227 | printf("\n"); | |
1228 | } | |
1229 | ||
1230 | scard_deinit(scard); | |
1231 | ||
1232 | return 0; | |
1233 | } | |
1234 | ||
1235 | ||
0456ea16 | 1236 | static void eapol_test_terminate(int sig, void *signal_ctx) |
6fc6879b | 1237 | { |
0456ea16 | 1238 | struct wpa_supplicant *wpa_s = signal_ctx; |
6fc6879b JM |
1239 | wpa_msg(wpa_s, MSG_INFO, "Signal %d received - terminating", sig); |
1240 | eloop_terminate(); | |
1241 | } | |
1242 | ||
1243 | ||
1244 | static void usage(void) | |
1245 | { | |
1246 | printf("usage:\n" | |
4363c0d6 | 1247 | "eapol_test [-enWSv] -c<conf> [-a<AS IP>] [-p<AS port>] " |
c454f573 | 1248 | "[-s<AS secret>]\\\n" |
6fc6879b | 1249 | " [-r<count>] [-t<timeout>] [-C<Connect-Info>] \\\n" |
1b414f59 | 1250 | " [-M<client MAC address>] [-o<server cert file] \\\n" |
e9852462 JM |
1251 | " [-N<attr spec>] [-R<PC/SC reader>] " |
1252 | "[-P<PC/SC PIN>] \\\n" | |
048d084d | 1253 | " [-A<client IP>] [-i<ifname>] [-T<ctrl_iface>]\n" |
6fc6879b JM |
1254 | "eapol_test scard\n" |
1255 | "eapol_test sim <PIN> <num triplets> [debug]\n" | |
1256 | "\n"); | |
1257 | printf("options:\n" | |
1258 | " -c<conf> = configuration file\n" | |
1259 | " -a<AS IP> = IP address of the authentication server, " | |
1260 | "default 127.0.0.1\n" | |
1261 | " -p<AS port> = UDP port of the authentication server, " | |
1262 | "default 1812\n" | |
1263 | " -s<AS secret> = shared secret with the authentication " | |
1264 | "server, default 'radius'\n" | |
c454f573 TW |
1265 | " -A<client IP> = IP address of the client, default: select " |
1266 | "automatically\n" | |
6fc6879b | 1267 | " -r<count> = number of re-authentications\n" |
cfdb32e8 | 1268 | " -e = Request EAP-Key-Name\n" |
6fc6879b | 1269 | " -W = wait for a control interface monitor before starting\n" |
2c04820d | 1270 | " -S = save configuration after authentication\n" |
6fc6879b | 1271 | " -n = no MPPE keys expected\n" |
4363c0d6 | 1272 | " -v = show version\n" |
6fc6879b JM |
1273 | " -t<timeout> = sets timeout in seconds (default: 30 s)\n" |
1274 | " -C<Connect-Info> = RADIUS Connect-Info (default: " | |
1275 | "CONNECT 11Mbps 802.11b)\n" | |
1276 | " -M<client MAC address> = Set own MAC address " | |
1277 | "(Calling-Station-Id,\n" | |
1e4b9da1 | 1278 | " default: 02:00:00:00:00:01)\n" |
1b414f59 JM |
1279 | " -o<server cert file> = Write received server certificate\n" |
1280 | " chain to the specified file\n" | |
db803a36 TW |
1281 | " -N<attr spec> = send arbitrary attribute specified by:\n" |
1282 | " attr_id:syntax:value or attr_id\n" | |
1283 | " attr_id - number id of the attribute\n" | |
1284 | " syntax - one of: s, d, x\n" | |
1285 | " s = string\n" | |
1286 | " d = integer\n" | |
1287 | " x = octet string\n" | |
1288 | " value - attribute value.\n" | |
1289 | " When only attr_id is specified, NULL will be used as " | |
1290 | "value.\n" | |
1291 | " Multiple attributes can be specified by using the " | |
1292 | "option several times.\n"); | |
6fc6879b JM |
1293 | } |
1294 | ||
1295 | ||
1296 | int main(int argc, char *argv[]) | |
1297 | { | |
94de082b | 1298 | struct wpa_global global; |
6fc6879b JM |
1299 | struct wpa_supplicant wpa_s; |
1300 | int c, ret = 1, wait_for_monitor = 0, save_config = 0; | |
1301 | char *as_addr = "127.0.0.1"; | |
1302 | int as_port = 1812; | |
1303 | char *as_secret = "radius"; | |
c454f573 | 1304 | char *cli_addr = NULL; |
6fc6879b JM |
1305 | char *conf = NULL; |
1306 | int timeout = 30; | |
db803a36 TW |
1307 | char *pos; |
1308 | struct extra_radius_attr *p = NULL, *p1; | |
3b3677b3 | 1309 | const char *ifname = "test"; |
048d084d | 1310 | const char *ctrl_iface = NULL; |
6fc6879b JM |
1311 | |
1312 | if (os_program_init()) | |
1313 | return -1; | |
1314 | ||
1315 | hostapd_logger_register_cb(hostapd_logger_cb); | |
1316 | ||
1317 | os_memset(&eapol_test, 0, sizeof(eapol_test)); | |
1318 | eapol_test.connect_info = "CONNECT 11Mbps 802.11b"; | |
1319 | os_memcpy(eapol_test.own_addr, "\x02\x00\x00\x00\x00\x01", ETH_ALEN); | |
e9852462 | 1320 | eapol_test.pcsc_pin = "1234"; |
6fc6879b JM |
1321 | |
1322 | wpa_debug_level = 0; | |
1323 | wpa_debug_show_keys = 1; | |
1324 | ||
1325 | for (;;) { | |
4363c0d6 | 1326 | c = getopt(argc, argv, "a:A:c:C:ei:M:nN:o:p:P:r:R:s:St:T:vW"); |
6fc6879b JM |
1327 | if (c < 0) |
1328 | break; | |
1329 | switch (c) { | |
1330 | case 'a': | |
1331 | as_addr = optarg; | |
1332 | break; | |
c454f573 TW |
1333 | case 'A': |
1334 | cli_addr = optarg; | |
1335 | break; | |
6fc6879b JM |
1336 | case 'c': |
1337 | conf = optarg; | |
1338 | break; | |
1339 | case 'C': | |
1340 | eapol_test.connect_info = optarg; | |
1341 | break; | |
cfdb32e8 JM |
1342 | case 'e': |
1343 | eapol_test.req_eap_key_name = 1; | |
1344 | break; | |
3b3677b3 JM |
1345 | case 'i': |
1346 | ifname = optarg; | |
1347 | break; | |
6fc6879b JM |
1348 | case 'M': |
1349 | if (hwaddr_aton(optarg, eapol_test.own_addr)) { | |
1350 | usage(); | |
1351 | return -1; | |
1352 | } | |
1353 | break; | |
1354 | case 'n': | |
1355 | eapol_test.no_mppe_keys++; | |
1356 | break; | |
1b414f59 JM |
1357 | case 'o': |
1358 | if (eapol_test.server_cert_file) | |
1359 | fclose(eapol_test.server_cert_file); | |
1360 | eapol_test.server_cert_file = fopen(optarg, "w"); | |
1361 | if (eapol_test.server_cert_file == NULL) { | |
1362 | printf("Could not open '%s' for writing\n", | |
1363 | optarg); | |
1364 | return -1; | |
1365 | } | |
1366 | break; | |
6fc6879b JM |
1367 | case 'p': |
1368 | as_port = atoi(optarg); | |
1369 | break; | |
e9852462 JM |
1370 | case 'P': |
1371 | eapol_test.pcsc_pin = optarg; | |
1372 | break; | |
6fc6879b JM |
1373 | case 'r': |
1374 | eapol_test.eapol_test_num_reauths = atoi(optarg); | |
1375 | break; | |
e9852462 JM |
1376 | case 'R': |
1377 | eapol_test.pcsc_reader = optarg; | |
1de809e1 | 1378 | break; |
6fc6879b JM |
1379 | case 's': |
1380 | as_secret = optarg; | |
1381 | break; | |
1382 | case 'S': | |
1383 | save_config++; | |
1384 | break; | |
1385 | case 't': | |
1386 | timeout = atoi(optarg); | |
1387 | break; | |
048d084d JM |
1388 | case 'T': |
1389 | ctrl_iface = optarg; | |
1390 | eapol_test.ctrl_iface = 1; | |
1391 | break; | |
4363c0d6 | 1392 | case 'v': |
8155b36f | 1393 | printf("eapol_test v%s\n", VERSION_STR); |
4363c0d6 | 1394 | return 0; |
6fc6879b JM |
1395 | case 'W': |
1396 | wait_for_monitor++; | |
1397 | break; | |
db803a36 | 1398 | case 'N': |
42ad7202 | 1399 | p1 = os_zalloc(sizeof(*p1)); |
db803a36 TW |
1400 | if (p1 == NULL) |
1401 | break; | |
1402 | if (!p) | |
1403 | eapol_test.extra_attrs = p1; | |
1404 | else | |
1405 | p->next = p1; | |
1406 | p = p1; | |
1407 | ||
1408 | p->type = atoi(optarg); | |
1409 | pos = os_strchr(optarg, ':'); | |
1410 | if (pos == NULL) { | |
1411 | p->syntax = 'n'; | |
1412 | p->data = NULL; | |
1413 | break; | |
1414 | } | |
1415 | ||
1416 | pos++; | |
1417 | if (pos[0] == '\0' || pos[1] != ':') { | |
1418 | printf("Incorrect format of attribute " | |
1419 | "specification\n"); | |
1420 | break; | |
1421 | } | |
1422 | ||
1423 | p->syntax = pos[0]; | |
1424 | p->data = pos + 2; | |
1425 | break; | |
6fc6879b JM |
1426 | default: |
1427 | usage(); | |
1428 | return -1; | |
1429 | } | |
1430 | } | |
1431 | ||
1432 | if (argc > optind && os_strcmp(argv[optind], "scard") == 0) { | |
e9852462 | 1433 | return scard_test(&eapol_test); |
6fc6879b JM |
1434 | } |
1435 | ||
1436 | if (argc > optind && os_strcmp(argv[optind], "sim") == 0) { | |
e9852462 | 1437 | return scard_get_triplets(&eapol_test, argc - optind - 1, |
6fc6879b JM |
1438 | &argv[optind + 1]); |
1439 | } | |
1440 | ||
048d084d | 1441 | if (conf == NULL && !ctrl_iface) { |
6fc6879b JM |
1442 | usage(); |
1443 | printf("Configuration file is required.\n"); | |
1444 | return -1; | |
1445 | } | |
1446 | ||
12760815 | 1447 | if (eap_register_methods()) { |
6fc6879b JM |
1448 | wpa_printf(MSG_ERROR, "Failed to register EAP methods"); |
1449 | return -1; | |
1450 | } | |
1451 | ||
0456ea16 | 1452 | if (eloop_init()) { |
6fc6879b JM |
1453 | wpa_printf(MSG_ERROR, "Failed to initialize event loop"); |
1454 | return -1; | |
1455 | } | |
1456 | ||
94de082b | 1457 | os_memset(&global, 0, sizeof(global)); |
6fc6879b | 1458 | os_memset(&wpa_s, 0, sizeof(wpa_s)); |
94de082b | 1459 | wpa_s.global = &global; |
6fc6879b | 1460 | eapol_test.wpa_s = &wpa_s; |
7e8bc7d6 JM |
1461 | dl_list_init(&wpa_s.bss); |
1462 | dl_list_init(&wpa_s.bss_id); | |
048d084d JM |
1463 | if (conf) |
1464 | wpa_s.conf = wpa_config_read(conf, NULL); | |
1465 | else | |
1466 | wpa_s.conf = wpa_config_alloc_empty(ctrl_iface, NULL); | |
6fc6879b JM |
1467 | if (wpa_s.conf == NULL) { |
1468 | printf("Failed to parse configuration file '%s'.\n", conf); | |
1469 | return -1; | |
1470 | } | |
048d084d | 1471 | if (!ctrl_iface && wpa_s.conf->ssid == NULL) { |
6fc6879b JM |
1472 | printf("No networks defined.\n"); |
1473 | return -1; | |
1474 | } | |
1475 | ||
e9852462 JM |
1476 | if (eapol_test.pcsc_reader) { |
1477 | os_free(wpa_s.conf->pcsc_reader); | |
1478 | wpa_s.conf->pcsc_reader = os_strdup(eapol_test.pcsc_reader); | |
1479 | } | |
1480 | ||
c454f573 | 1481 | wpa_init_conf(&eapol_test, &wpa_s, as_addr, as_port, as_secret, |
3b3677b3 | 1482 | cli_addr, ifname); |
6fc6879b JM |
1483 | wpa_s.ctrl_iface = wpa_supplicant_ctrl_iface_init(&wpa_s); |
1484 | if (wpa_s.ctrl_iface == NULL) { | |
1485 | printf("Failed to initialize control interface '%s'.\n" | |
1486 | "You may have another eapol_test process already " | |
1487 | "running or the file was\n" | |
1488 | "left by an unclean termination of eapol_test in " | |
1489 | "which case you will need\n" | |
1490 | "to manually remove this file before starting " | |
1491 | "eapol_test again.\n", | |
1492 | wpa_s.conf->ctrl_interface); | |
1493 | return -1; | |
1494 | } | |
048d084d JM |
1495 | if (wpa_s.conf->ssid && |
1496 | wpa_supplicant_scard_init(&wpa_s, wpa_s.conf->ssid)) | |
6fc6879b JM |
1497 | return -1; |
1498 | ||
1499 | if (test_eapol(&eapol_test, &wpa_s, wpa_s.conf->ssid)) | |
1500 | return -1; | |
1501 | ||
306ae225 JM |
1502 | if (wpas_init_ext_pw(&wpa_s) < 0) |
1503 | return -1; | |
1504 | ||
6fc6879b JM |
1505 | if (wait_for_monitor) |
1506 | wpa_supplicant_ctrl_iface_wait(wpa_s.ctrl_iface); | |
1507 | ||
048d084d JM |
1508 | if (!ctrl_iface) { |
1509 | eloop_register_timeout(timeout, 0, eapol_test_timeout, | |
1510 | &eapol_test, NULL); | |
1511 | eloop_register_timeout(0, 0, send_eap_request_identity, &wpa_s, | |
1512 | NULL); | |
1513 | } | |
0456ea16 JM |
1514 | eloop_register_signal_terminate(eapol_test_terminate, &wpa_s); |
1515 | eloop_register_signal_reconfig(eapol_test_terminate, &wpa_s); | |
6fc6879b JM |
1516 | eloop_run(); |
1517 | ||
1518 | eloop_cancel_timeout(eapol_test_timeout, &eapol_test, NULL); | |
1519 | eloop_cancel_timeout(eapol_sm_reauth, &eapol_test, NULL); | |
1520 | ||
1521 | if (eapol_test_compare_pmk(&eapol_test) == 0 || | |
1522 | eapol_test.no_mppe_keys) | |
1523 | ret = 0; | |
1524 | if (eapol_test.auth_timed_out) | |
1525 | ret = -2; | |
1526 | if (eapol_test.radius_access_reject_received) | |
1527 | ret = -3; | |
1528 | ||
1529 | if (save_config) | |
1530 | wpa_config_write(conf, wpa_s.conf); | |
1531 | ||
1532 | test_eapol_clean(&eapol_test, &wpa_s); | |
1533 | ||
1534 | eap_peer_unregister_methods(); | |
eacc12bf JM |
1535 | #ifdef CONFIG_AP |
1536 | eap_server_unregister_methods(); | |
1537 | #endif /* CONFIG_AP */ | |
6fc6879b JM |
1538 | |
1539 | eloop_destroy(); | |
1540 | ||
1b414f59 JM |
1541 | if (eapol_test.server_cert_file) |
1542 | fclose(eapol_test.server_cert_file); | |
1543 | ||
6fc6879b JM |
1544 | printf("MPPE keys OK: %d mismatch: %d\n", |
1545 | eapol_test.num_mppe_ok, eapol_test.num_mppe_mismatch); | |
1546 | if (eapol_test.num_mppe_mismatch) | |
1547 | ret = -4; | |
1548 | if (ret) | |
1549 | printf("FAILURE\n"); | |
1550 | else | |
1551 | printf("SUCCESS\n"); | |
1552 | ||
1553 | os_program_deinit(); | |
1554 | ||
1555 | return ret; | |
1556 | } |